Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing DefaultDllImportSearchPaths attribute in WindowsAppRuntime_EnsureIsLoaded when WindowsAppSDKSelfContained is turned on #4857

Open
aries-zhang opened this issue Nov 3, 2024 · 1 comment
Open

Missing DefaultDllImportSearchPaths attribute in WindowsAppRuntime_EnsureIsLoaded when WindowsAppSDKSelfContained is turned on #4857

aries-zhang opened this issue Nov 3, 2024 · 1 comment
Labels
bug Something isn't working needs-triage

Comments

@aries-zhang
Copy link

aries-zhang commented Nov 3, 2024
edited
Loading

Describe the bug

When both WindowsAppSDKSelfContained and code analysis are turned on for a WinUI 3 project, it fails to build due to
CA5392: Use DefaultDllImportSearchPaths attribute for P/Invokes in Microsoft.Windows.Foundation.UndockedRegFreeWinRTCS.WindowsAppRuntime_EnsureIsLoaded.

Image

Steps to reproduce the bug

  1. Create a WinUI 3 project (either packaged with single project or with WAP).
  2. Add <WindowsAppSDKSelfContained>true</WindowsAppSDKSelfContained> in the project file.
  3. Turn on code analysis with the following project properties: 
    <AnalysisMode>all</AnalysisMode>
<AnalysisLevel>latest</AnalysisLevel>
<CodeAnalysisTreatWarningsAsErrors>true</CodeAnalysisTreatWarningsAsErrors>
<TreatWarningsAsErrors>true</TreatWarningsAsErrors>
  4. Build the project.

See example code repo here: https://github.com/[aries-zhang/WinUI3-Publish-SelfContained](https://github.com/aries-zhang/WinUI3-Publish-SelfContained)

Expected behavior

  1. Build should be successful.
  2. No potential DLL hijacking risks should present.

Screenshots

Image

NuGet package version

WinUI 3 - Windows App SDK 1.6.1: 1.6.240923002

Windows version

Windows 11 (24H2): Build 22621

Additional context

Since this is generated code (or included from Nuget?), it makes it hard to suppress the error individually if not a global suppression rule.
@aries-zhang aries-zhang added the bug Something isn't working label Nov 3, 2024
@karkarl karkarl transferred this issue from microsoft/microsoft-ui-xaml Nov 7, 2024
@DrusTheAxe
Copy link
Member

This warning comes from dev\UndockedRegFreeWinRT\UndockedRegFreeWinRT-AutoInitializer.cs

[DllImport("Microsoft.WindowsAppRuntime.dll", CharSet = CharSet.Unicode, ExactSpelling = true)]
internal static extern int WindowsAppRuntime_EnsureIsLoaded();

@Scottj1s is there a value that could work in all cases? If <WindowsAppSdkUndockedRegFreeWinRTInitialize>true</> is Microsoft.WindowsAppRuntime.dll always colocated with the process' exe? Is WindowsAppSdkUndockedRegFreeWinRTInitialize=true only usable by EXEs or can be used in other cases e.g. class libraries? Would adding this attribute achieve the goal in all cases:

[DefaultDllImportSearchPaths(DllImportSearchPath.ApplicationDirectory)]

Here's the full list of possible values (bitfield, combine as desired): https://learn.microsoft.com/dotnet/api/system.runtime.interopservices.dllimportsearchpath?view=net-8.0#fields

  • LegacyBehavior -- is this accurate and better than not specified?
  • AssemblyDirectory
  • UseDllDirectoryForDependencies
  • ApplicationDirectory -- is this right in all cases?
  • UserDirectories
  • System32 -- shudder. Just say no
  • SafeDirectories -- multiple including System32 so, no

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working needs-triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DrusTheAxe @aries-zhang