File: Attributes\AttributeTests_Security.cs
Web Access
Project: src\src\Compilers\CSharp\Test\Emit3\Microsoft.CodeAnalysis.CSharp.Emit3.UnitTests.csproj (Microsoft.CodeAnalysis.CSharp.Emit3.UnitTests)
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
// See the LICENSE file in the project root for more information.
 
#nullable disable
 
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Reflection;
using System.Text;
using Microsoft.CodeAnalysis.CodeGen;
using Microsoft.CodeAnalysis.CSharp.Symbols;
using Microsoft.CodeAnalysis.CSharp.Test.Utilities;
using Microsoft.CodeAnalysis.Emit;
using Microsoft.CodeAnalysis.Test.Utilities;
using Roslyn.Test.Utilities;
using Xunit;
 
namespace Microsoft.CodeAnalysis.CSharp.UnitTests
{
    public class AttributeTests_Security : WellKnownAttributesTestBase
    {
        #region Functional Tests
 
        [WorkItem(544918, "http://vstfdevdiv:8080/DevDiv2/DevDiv/_workitems/edit/544918")]
        [Fact]
        public void HostProtectionSecurityAttribute()
        {
            string source = @"
[System.Security.Permissions.HostProtection(MayLeakOnAbort = true)]
public struct EventDescriptor
{
}";
            Func<bool, Action<ModuleSymbol>> attributeValidator = isFromSource => (ModuleSymbol module) =>
            {
                var assembly = module.ContainingAssembly;
                var type = (Cci.ITypeDefinition)module.GlobalNamespace.GetMember("EventDescriptor").GetCciAdapter();
 
                if (isFromSource)
                {
                    var sourceAssembly = (SourceAssemblySymbol)assembly;
                    var compilation = sourceAssembly.DeclaringCompilation;
 
                    Assert.True(type.HasDeclarativeSecurity);
                    IEnumerable<Cci.SecurityAttribute> typeSecurityAttributes = type.SecurityAttributes;
 
                    // Get System.Security.Permissions.HostProtection
                    var emittedName = MetadataTypeName.FromNamespaceAndTypeName("System.Security.Permissions", "HostProtectionAttribute");
                    NamedTypeSymbol hostProtectionAttr = sourceAssembly.CorLibrary.LookupDeclaredTopLevelMetadataType(ref emittedName);
                    Assert.NotNull(hostProtectionAttr);
 
                    // Verify type security attributes
                    Assert.Equal(1, typeSecurityAttributes.Count());
 
                    // Verify [System.Security.Permissions.HostProtection(MayLeakOnAbort = true)]
                    var securityAttribute = typeSecurityAttributes.First();
                    Assert.Equal(DeclarativeSecurityAction.LinkDemand, securityAttribute.Action);
                    var typeAttribute = (CSharpAttributeData)securityAttribute.Attribute;
                    Assert.Equal(hostProtectionAttr, typeAttribute.AttributeClass);
                    Assert.Equal(0, typeAttribute.CommonConstructorArguments.Length);
                    typeAttribute.VerifyNamedArgumentValue(0, "MayLeakOnAbort", TypedConstantKind.Primitive, true);
                }
            };
 
            CompileAndVerifyWithMscorlib40(source, symbolValidator: attributeValidator(false), sourceSymbolValidator: attributeValidator(true));
        }
 
        [Fact, WorkItem(544956, "http://vstfdevdiv:8080/DevDiv2/DevDiv/_workitems/edit/544956")]
        public void SuppressUnmanagedCodeSecurityAttribute()
        {
            string source = @"
[System.Security.SuppressUnmanagedCodeSecurityAttribute]
class Goo
{
    [System.Security.SuppressUnmanagedCodeSecurityAttribute]
    public static void Main() {}
}";
            CompileAndVerify(source);
        }
 
        [WorkItem(544929, "http://vstfdevdiv:8080/DevDiv2/DevDiv/_workitems/edit/544929")]
        [Fact]
        public void PrincipalPermissionAttribute()
        {
            string source = @"
using System.Security.Permissions;
 
class Program
{
    [PrincipalPermission((SecurityAction)1)]        // Native compiler allows this security action value for type/method security attributes, but not for assembly.
    [PrincipalPermission(SecurityAction.Assert)]
    [PrincipalPermission(SecurityAction.Demand)]
    [PrincipalPermission(SecurityAction.Deny)]
    [PrincipalPermission(SecurityAction.InheritanceDemand)]     // CS7052
    [PrincipalPermission(SecurityAction.LinkDemand)]            // CS7052
    [PrincipalPermission(SecurityAction.PermitOnly)]
    static void Main(string[] args)
    {
    }
}";
            CreateCompilationWithMscorlib40(source).VerifyDiagnostics(
                // (9,26): warning CS0618: 'System.Security.Permissions.SecurityAction.Deny' is obsolete: 'Deny is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.'
                //     [PrincipalPermission(SecurityAction.Deny)]
                Diagnostic(ErrorCode.WRN_DeprecatedSymbolStr, "SecurityAction.Deny").WithArguments("System.Security.Permissions.SecurityAction.Deny", "Deny is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information."),
                // (10,26): error CS7052: SecurityAction value 'SecurityAction.InheritanceDemand' is invalid for PrincipalPermission attribute
                //     [PrincipalPermission(SecurityAction.InheritanceDemand)]     // CS7052
                Diagnostic(ErrorCode.ERR_PrincipalPermissionInvalidAction, "SecurityAction.InheritanceDemand").WithArguments("SecurityAction.InheritanceDemand"),
                // (11,26): error CS7052: SecurityAction value 'SecurityAction.LinkDemand' is invalid for PrincipalPermission attribute
                //     [PrincipalPermission(SecurityAction.LinkDemand)]            // CS7052
                Diagnostic(ErrorCode.ERR_PrincipalPermissionInvalidAction, "SecurityAction.LinkDemand").WithArguments("SecurityAction.LinkDemand"));
        }
 
        [WorkItem(544918, "http://vstfdevdiv:8080/DevDiv2/DevDiv/_workitems/edit/544918")]
        [Fact]
        public void CS7048ERR_SecurityAttributeMissingAction()
        {
            string source = @"
using System.Security;
using System.Security.Permissions;
 
class MySecurityAttribute : CodeAccessSecurityAttribute
{
    public bool Field;
    public bool Prop { get; set; }
    public override IPermission CreatePermission() { return null; }
 
    public MySecurityAttribute() : base(SecurityAction.Assert) { }
    public MySecurityAttribute(int x, SecurityAction a1) : base(a1) { }
}
 
[MySecurityAttribute()]
[MySecurityAttribute(Field = true)]
[MySecurityAttribute(Field = true, Prop = true)]
[MySecurityAttribute(Prop = true)]
[MySecurityAttribute(Prop = true, Field = true)]
[MySecurityAttribute(x: 0, a1: SecurityAction.Assert)]
[MySecurityAttribute(a1: SecurityAction.Assert, x: 0)]
public class C {}
";
            CreateCompilationWithMscorlib40(source).VerifyDiagnostics(
                // (15,2): error CS7048: First argument to a security attribute must be a valid SecurityAction
                // [MySecurityAttribute()]
                Diagnostic(ErrorCode.ERR_SecurityAttributeMissingAction, "MySecurityAttribute"),
                // (16,2): error CS7048: First argument to a security attribute must be a valid SecurityAction
                // [MySecurityAttribute(Field = true)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeMissingAction, "MySecurityAttribute"),
                // (17,2): error CS7048: First argument to a security attribute must be a valid SecurityAction
                // [MySecurityAttribute(Field = true, Prop = true)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeMissingAction, "MySecurityAttribute"),
                // (18,2): error CS7048: First argument to a security attribute must be a valid SecurityAction
                // [MySecurityAttribute(Prop = true)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeMissingAction, "MySecurityAttribute"),
                // (19,2): error CS7048: First argument to a security attribute must be a valid SecurityAction
                // [MySecurityAttribute(Prop = true, Field = true)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeMissingAction, "MySecurityAttribute"),
                // (20,2): error CS7048: First argument to a security attribute must be a valid SecurityAction
                // [MySecurityAttribute(x: 0, a1: SecurityAction.Assert)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeMissingAction, "MySecurityAttribute"),
                // (21,2): error CS7048: First argument to a security attribute must be a valid SecurityAction
                // [MySecurityAttribute(a1: SecurityAction.Assert, x: 0)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeMissingAction, "MySecurityAttribute"));
        }
 
        [WorkItem(544918, "http://vstfdevdiv:8080/DevDiv2/DevDiv/_workitems/edit/544918")]
        [Fact]
        public void CS7049ERR_SecurityAttributeInvalidAction()
        {
            string source = @"
using System.Security.Permissions;
 
namespace N
{
    [PrincipalPermission((SecurityAction)0)]        // Invalid attribute argument
    [PrincipalPermission((SecurityAction)11)]       // Invalid attribute argument
    [PrincipalPermission((SecurityAction)(-1))]     // Invalid attribute argument
    [PrincipalPermission()]                         // Invalid attribute constructor
    public class C
	{
        [PrincipalPermission(SecurityAction.Demand)]   // Invalid attribute target
        public int x;
    }
}";
            var compilation = CreateCompilationWithMscorlib40(source);
            compilation.VerifyDiagnostics(
                // (9,6): error CS7036: There is no argument given that corresponds to the required parameter 'action' of 'System.Security.Permissions.PrincipalPermissionAttribute.PrincipalPermissionAttribute(System.Security.Permissions.SecurityAction)'
                //     [PrincipalPermission()]                         // Invalid attribute constructor
                Diagnostic(ErrorCode.ERR_NoCorrespondingArgument, "PrincipalPermission()").WithArguments("action", "System.Security.Permissions.PrincipalPermissionAttribute.PrincipalPermissionAttribute(System.Security.Permissions.SecurityAction)").WithLocation(9, 6),
                // (6,26): error CS7049: Security attribute 'PrincipalPermission' has an invalid SecurityAction value '(SecurityAction)0'
                //     [PrincipalPermission((SecurityAction)0)]        // Invalid attribute argument
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidAction, "(SecurityAction)0").WithArguments("PrincipalPermission", "(SecurityAction)0").WithLocation(6, 26),
                // (7,26): error CS7049: Security attribute 'PrincipalPermission' has an invalid SecurityAction value '(SecurityAction)11'
                //     [PrincipalPermission((SecurityAction)11)]       // Invalid attribute argument
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidAction, "(SecurityAction)11").WithArguments("PrincipalPermission", "(SecurityAction)11").WithLocation(7, 26),
                // (8,26): error CS7049: Security attribute 'PrincipalPermission' has an invalid SecurityAction value '(SecurityAction)(-1)'
                //     [PrincipalPermission((SecurityAction)(-1))]     // Invalid attribute argument
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidAction, "(SecurityAction)(-1)").WithArguments("PrincipalPermission", "(SecurityAction)(-1)").WithLocation(8, 26),
                // (12,10): error CS0592: Attribute 'PrincipalPermission' is not valid on this declaration type. It is only valid on 'class, method' declarations.
                //         [PrincipalPermission(SecurityAction.Demand)]   // Invalid attribute target
                Diagnostic(ErrorCode.ERR_AttributeOnBadSymbolType, "PrincipalPermission").WithArguments("PrincipalPermission", "class, method").WithLocation(12, 10));
        }
 
        [WorkItem(544918, "http://vstfdevdiv:8080/DevDiv2/DevDiv/_workitems/edit/544918")]
        [Fact]
        public void CS7049ERR_SecurityAttributeInvalidAction_02()
        {
            string source = @"
using System.Security.Permissions;
 
public class MySecurityAttribute : SecurityAttribute
{
    public MySecurityAttribute(SecurityAction action): base(action) {}
    public override System.Security.IPermission CreatePermission() { return null; }
}
 
namespace N
{
    [MySecurityAttribute((SecurityAction)0)]        // Invalid attribute argument
    [MySecurityAttribute((SecurityAction)11)]       // Invalid attribute argument
    [MySecurityAttribute((SecurityAction)(-1))]     // Invalid attribute argument
    [MySecurityAttribute()]                         // Invalid attribute constructor
    public class C
	{
        [MySecurityAttribute(SecurityAction.Demand)]   // Invalid attribute target
        public int x;
    }
}";
            var compilation = CreateCompilationWithMscorlib40(source);
            compilation.VerifyDiagnostics(
                // (12,26): error CS7049: Security attribute 'MySecurityAttribute' has an invalid SecurityAction value '(SecurityAction)0'
                //     [MySecurityAttribute((SecurityAction)0)]        // Invalid attribute argument
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidAction, "(SecurityAction)0").WithArguments("MySecurityAttribute", "(SecurityAction)0").WithLocation(12, 26),
                // (13,26): error CS7049: Security attribute 'MySecurityAttribute' has an invalid SecurityAction value '(SecurityAction)11'
                //     [MySecurityAttribute((SecurityAction)11)]       // Invalid attribute argument
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidAction, "(SecurityAction)11").WithArguments("MySecurityAttribute", "(SecurityAction)11").WithLocation(13, 26),
                // (14,26): error CS7049: Security attribute 'MySecurityAttribute' has an invalid SecurityAction value '(SecurityAction)(-1)'
                //     [MySecurityAttribute((SecurityAction)(-1))]     // Invalid attribute argument
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidAction, "(SecurityAction)(-1)").WithArguments("MySecurityAttribute", "(SecurityAction)(-1)").WithLocation(14, 26),
                // (15,6): error CS7036: There is no argument given that corresponds to the required parameter 'action' of 'MySecurityAttribute.MySecurityAttribute(System.Security.Permissions.SecurityAction)'
                //     [MySecurityAttribute()]                         // Invalid attribute constructor
                Diagnostic(ErrorCode.ERR_NoCorrespondingArgument, "MySecurityAttribute()").WithArguments("action", "MySecurityAttribute.MySecurityAttribute(System.Security.Permissions.SecurityAction)").WithLocation(15, 6),
                // (18,10): error CS0592: Attribute 'MySecurityAttribute' is not valid on this declaration type. It is only valid on 'assembly, class, struct, constructor, method' declarations.
                //         [MySecurityAttribute(SecurityAction.Demand)]   // Invalid attribute target
                Diagnostic(ErrorCode.ERR_AttributeOnBadSymbolType, "MySecurityAttribute").WithArguments("MySecurityAttribute", "assembly, class, struct, constructor, method").WithLocation(18, 10));
        }
 
        [WorkItem(544918, "http://vstfdevdiv:8080/DevDiv2/DevDiv/_workitems/edit/544918")]
        [Fact]
        public void ValidSecurityAttributeActionsForAssembly()
        {
            string source = @"
using System;
using System.Security;
using System.Security.Permissions;
 
[assembly: MySecurityAttribute(SecurityAction.RequestMinimum)]
[assembly: MySecurityAttribute(SecurityAction.RequestOptional)]
[assembly: MySecurityAttribute(SecurityAction.RequestRefuse)]
 
[assembly: MyCodeAccessSecurityAttribute(SecurityAction.RequestMinimum)]
[assembly: MyCodeAccessSecurityAttribute(SecurityAction.RequestOptional)]
[assembly: MyCodeAccessSecurityAttribute(SecurityAction.RequestRefuse)]
 
 
class MySecurityAttribute : SecurityAttribute
{
    public MySecurityAttribute(SecurityAction a) : base(a) { }
    public override IPermission CreatePermission() { return null; }
}
 
class MyCodeAccessSecurityAttribute : CodeAccessSecurityAttribute
{
    public MyCodeAccessSecurityAttribute(SecurityAction a) : base(a) { }
    public override IPermission CreatePermission() { return null; }
    public static void Main() {}
}
";
            CompileAndVerify(source);
        }
 
        [WorkItem(544918, "http://vstfdevdiv:8080/DevDiv2/DevDiv/_workitems/edit/544918")]
        [Fact]
        public void CS7050ERR_SecurityAttributeInvalidActionAssembly()
        {
            string source = @"
using System.Security;
using System.Security.Permissions;
 
[assembly: MySecurityAttribute((SecurityAction)1)]        // Native compiler allows this security action value for type/method security attributes, but not for assembly.
[assembly: MySecurityAttribute(SecurityAction.Assert)]
[assembly: MySecurityAttribute(SecurityAction.Demand)]
[assembly: MySecurityAttribute(SecurityAction.Deny)]
[assembly: MySecurityAttribute(SecurityAction.InheritanceDemand)]
[assembly: MySecurityAttribute(SecurityAction.LinkDemand)]
[assembly: MySecurityAttribute(SecurityAction.PermitOnly)]
 
[assembly: MyCodeAccessSecurityAttribute((SecurityAction)1)]        // Native compiler allows this security action value for type/method security attributes, but not for assembly.
[assembly: MyCodeAccessSecurityAttribute(SecurityAction.Assert)]
[assembly: MyCodeAccessSecurityAttribute(SecurityAction.Demand)]
[assembly: MyCodeAccessSecurityAttribute(SecurityAction.Deny)]
[assembly: MyCodeAccessSecurityAttribute(SecurityAction.InheritanceDemand)]
[assembly: MyCodeAccessSecurityAttribute(SecurityAction.LinkDemand)]
[assembly: MyCodeAccessSecurityAttribute(SecurityAction.PermitOnly)]
 
 
class MySecurityAttribute : SecurityAttribute
{
    public MySecurityAttribute(SecurityAction a) : base(a) { }
    public override IPermission CreatePermission() { return null; }
}
 
class MyCodeAccessSecurityAttribute : CodeAccessSecurityAttribute
{
    public MyCodeAccessSecurityAttribute(SecurityAction a) : base(a) { }
    public override IPermission CreatePermission() { return null; }
    public static void Main() {}
}";
            CreateCompilationWithMscorlib40(source).VerifyDiagnostics(
                // (8,32): warning CS0618: 'System.Security.Permissions.SecurityAction.Deny' is obsolete: 'Deny is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.'
                // [assembly: MySecurityAttribute(SecurityAction.Deny)]
                Diagnostic(ErrorCode.WRN_DeprecatedSymbolStr, "SecurityAction.Deny").WithArguments("System.Security.Permissions.SecurityAction.Deny", "Deny is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information."),
                // (16,42): warning CS0618: 'System.Security.Permissions.SecurityAction.Deny' is obsolete: 'Deny is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.'
                // [assembly: MyCodeAccessSecurityAttribute(SecurityAction.Deny)]
                Diagnostic(ErrorCode.WRN_DeprecatedSymbolStr, "SecurityAction.Deny").WithArguments("System.Security.Permissions.SecurityAction.Deny", "Deny is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information."),
                // (5,32): error CS7050: SecurityAction value '(SecurityAction)1' is invalid for security attributes applied to an assembly
                // [assembly: MySecurityAttribute((SecurityAction)1)]        // Native compiler allows this security action value for type/method security attributes, but not for assembly.
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionAssembly, "(SecurityAction)1").WithArguments("(SecurityAction)1"),
                // (6,32): error CS7050: SecurityAction value 'SecurityAction.Assert' is invalid for security attributes applied to an assembly
                // [assembly: MySecurityAttribute(SecurityAction.Assert)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionAssembly, "SecurityAction.Assert").WithArguments("SecurityAction.Assert"),
                // (7,32): error CS7050: SecurityAction value 'SecurityAction.Demand' is invalid for security attributes applied to an assembly
                // [assembly: MySecurityAttribute(SecurityAction.Demand)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionAssembly, "SecurityAction.Demand").WithArguments("SecurityAction.Demand"),
                // (8,32): error CS7050: SecurityAction value 'SecurityAction.Deny' is invalid for security attributes applied to an assembly
                // [assembly: MySecurityAttribute(SecurityAction.Deny)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionAssembly, "SecurityAction.Deny").WithArguments("SecurityAction.Deny"),
                // (9,32): error CS7050: SecurityAction value 'SecurityAction.InheritanceDemand' is invalid for security attributes applied to an assembly
                // [assembly: MySecurityAttribute(SecurityAction.InheritanceDemand)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionAssembly, "SecurityAction.InheritanceDemand").WithArguments("SecurityAction.InheritanceDemand"),
                // (10,32): error CS7050: SecurityAction value 'SecurityAction.LinkDemand' is invalid for security attributes applied to an assembly
                // [assembly: MySecurityAttribute(SecurityAction.LinkDemand)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionAssembly, "SecurityAction.LinkDemand").WithArguments("SecurityAction.LinkDemand"),
                // (11,32): error CS7050: SecurityAction value 'SecurityAction.PermitOnly' is invalid for security attributes applied to an assembly
                // [assembly: MySecurityAttribute(SecurityAction.PermitOnly)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionAssembly, "SecurityAction.PermitOnly").WithArguments("SecurityAction.PermitOnly"),
                // (13,42): error CS7050: SecurityAction value '(SecurityAction)1' is invalid for security attributes applied to an assembly
                // [assembly: MyCodeAccessSecurityAttribute((SecurityAction)1)]        // Native compiler allows this security action value for type/method security attributes, but not for assembly.
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionAssembly, "(SecurityAction)1").WithArguments("(SecurityAction)1"),
                // (14,42): error CS7050: SecurityAction value 'SecurityAction.Assert' is invalid for security attributes applied to an assembly
                // [assembly: MyCodeAccessSecurityAttribute(SecurityAction.Assert)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionAssembly, "SecurityAction.Assert").WithArguments("SecurityAction.Assert"),
                // (15,42): error CS7050: SecurityAction value 'SecurityAction.Demand' is invalid for security attributes applied to an assembly
                // [assembly: MyCodeAccessSecurityAttribute(SecurityAction.Demand)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionAssembly, "SecurityAction.Demand").WithArguments("SecurityAction.Demand"),
                // (16,42): error CS7050: SecurityAction value 'SecurityAction.Deny' is invalid for security attributes applied to an assembly
                // [assembly: MyCodeAccessSecurityAttribute(SecurityAction.Deny)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionAssembly, "SecurityAction.Deny").WithArguments("SecurityAction.Deny"),
                // (17,42): error CS7050: SecurityAction value 'SecurityAction.InheritanceDemand' is invalid for security attributes applied to an assembly
                // [assembly: MyCodeAccessSecurityAttribute(SecurityAction.InheritanceDemand)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionAssembly, "SecurityAction.InheritanceDemand").WithArguments("SecurityAction.InheritanceDemand"),
                // (18,42): error CS7050: SecurityAction value 'SecurityAction.LinkDemand' is invalid for security attributes applied to an assembly
                // [assembly: MyCodeAccessSecurityAttribute(SecurityAction.LinkDemand)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionAssembly, "SecurityAction.LinkDemand").WithArguments("SecurityAction.LinkDemand"),
                // (19,42): error CS7050: SecurityAction value 'SecurityAction.PermitOnly' is invalid for security attributes applied to an assembly
                // [assembly: MyCodeAccessSecurityAttribute(SecurityAction.PermitOnly)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionAssembly, "SecurityAction.PermitOnly").WithArguments("SecurityAction.PermitOnly"));
        }
 
        [WorkItem(544918, "http://vstfdevdiv:8080/DevDiv2/DevDiv/_workitems/edit/544918")]
        [Fact]
        public void ValidSecurityAttributeActionsForTypeOrMethod()
        {
            string source = @"
using System;
using System.Security;
using System.Security.Permissions;
 
class MySecurityAttribute : SecurityAttribute
{
    public MySecurityAttribute(SecurityAction a) : base(a) { }
    public override IPermission CreatePermission() { return null; }
}
 
class MyCodeAccessSecurityAttribute : CodeAccessSecurityAttribute
{
    public MyCodeAccessSecurityAttribute(SecurityAction a) : base(a) { }
    public override IPermission CreatePermission() { return null; }
}
 
[MySecurityAttribute((SecurityAction)1)]        // Native compiler allows this security action value for type/method security attributes, but not for assembly.
[MySecurityAttribute(SecurityAction.Assert)]
[MySecurityAttribute(SecurityAction.Demand)]
[MySecurityAttribute(SecurityAction.Deny)]
[MySecurityAttribute(SecurityAction.InheritanceDemand)]
[MySecurityAttribute(SecurityAction.LinkDemand)]
[MySecurityAttribute(SecurityAction.PermitOnly)]
[MyCodeAccessSecurityAttribute((SecurityAction)1)]        // Native compiler allows this security action value for type/method security attributes, but not for assembly.
[MyCodeAccessSecurityAttribute(SecurityAction.Assert)]
[MyCodeAccessSecurityAttribute(SecurityAction.Demand)]
[MyCodeAccessSecurityAttribute(SecurityAction.Deny)]
[MyCodeAccessSecurityAttribute(SecurityAction.InheritanceDemand)]
[MyCodeAccessSecurityAttribute(SecurityAction.LinkDemand)]
[MyCodeAccessSecurityAttribute(SecurityAction.PermitOnly)]
class Test
{
    [MySecurityAttribute((SecurityAction)1)]        // Native compiler allows this security action value for type/method security attributes, but not for assembly.
    [MySecurityAttribute(SecurityAction.Assert)]
    [MySecurityAttribute(SecurityAction.Demand)]
    [MySecurityAttribute(SecurityAction.Deny)]
    [MySecurityAttribute(SecurityAction.InheritanceDemand)]
    [MySecurityAttribute(SecurityAction.LinkDemand)]
    [MySecurityAttribute(SecurityAction.PermitOnly)]
    [MyCodeAccessSecurityAttribute((SecurityAction)1)]        // Native compiler allows this security action value for type/method security attributes, but not for assembly.
    [MyCodeAccessSecurityAttribute(SecurityAction.Assert)]
    [MyCodeAccessSecurityAttribute(SecurityAction.Demand)]
    [MyCodeAccessSecurityAttribute(SecurityAction.Deny)]
    [MyCodeAccessSecurityAttribute(SecurityAction.InheritanceDemand)]
    [MyCodeAccessSecurityAttribute(SecurityAction.LinkDemand)]
    [MyCodeAccessSecurityAttribute(SecurityAction.PermitOnly)]
    public static void Main() {}
}
";
            CompileAndVerify(source);
        }
 
        [WorkItem(544918, "http://vstfdevdiv:8080/DevDiv2/DevDiv/_workitems/edit/544918")]
        [Fact]
        public void CS7051ERR_SecurityAttributeInvalidActionTypeOrMethod()
        {
            string source = @"
using System.Security;
using System.Security.Permissions;
 
class MySecurityAttribute : SecurityAttribute
{
    public MySecurityAttribute(SecurityAction a) : base(a) { }
    public override IPermission CreatePermission() { return null; }
}
 
class MyCodeAccessSecurityAttribute : CodeAccessSecurityAttribute
{
    public MyCodeAccessSecurityAttribute(SecurityAction a) : base(a) { }
    public override IPermission CreatePermission() { return null; }
}
 
[MySecurityAttribute(SecurityAction.RequestMinimum)]
[MySecurityAttribute(SecurityAction.RequestOptional)]
[MySecurityAttribute(SecurityAction.RequestRefuse)]
[MyCodeAccessSecurityAttribute(SecurityAction.RequestMinimum)]
[MyCodeAccessSecurityAttribute(SecurityAction.RequestOptional)]
[MyCodeAccessSecurityAttribute(SecurityAction.RequestRefuse)]
class Test
{
    [MySecurityAttribute(SecurityAction.RequestMinimum)]
    [MySecurityAttribute(SecurityAction.RequestOptional)]
    [MySecurityAttribute(SecurityAction.RequestRefuse)]
    [MyCodeAccessSecurityAttribute(SecurityAction.RequestMinimum)]
    [MyCodeAccessSecurityAttribute(SecurityAction.RequestOptional)]
    [MyCodeAccessSecurityAttribute(SecurityAction.RequestRefuse)]
    public static void Main() {}
}";
            CreateCompilationWithMscorlib40(source).VerifyDiagnostics(
                // (17,22): warning CS0618: 'System.Security.Permissions.SecurityAction.RequestMinimum' is obsolete: 'Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.'
                // [MySecurityAttribute(SecurityAction.RequestMinimum)]
                Diagnostic(ErrorCode.WRN_DeprecatedSymbolStr, "SecurityAction.RequestMinimum").WithArguments("System.Security.Permissions.SecurityAction.RequestMinimum", "Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information."),
                // (18,22): warning CS0618: 'System.Security.Permissions.SecurityAction.RequestOptional' is obsolete: 'Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.'
                // [MySecurityAttribute(SecurityAction.RequestOptional)]
                Diagnostic(ErrorCode.WRN_DeprecatedSymbolStr, "SecurityAction.RequestOptional").WithArguments("System.Security.Permissions.SecurityAction.RequestOptional", "Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information."),
                // (19,22): warning CS0618: 'System.Security.Permissions.SecurityAction.RequestRefuse' is obsolete: 'Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.'
                // [MySecurityAttribute(SecurityAction.RequestRefuse)]
                Diagnostic(ErrorCode.WRN_DeprecatedSymbolStr, "SecurityAction.RequestRefuse").WithArguments("System.Security.Permissions.SecurityAction.RequestRefuse", "Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information."),
                // (20,32): warning CS0618: 'System.Security.Permissions.SecurityAction.RequestMinimum' is obsolete: 'Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.'
                // [MyCodeAccessSecurityAttribute(SecurityAction.RequestMinimum)]
                Diagnostic(ErrorCode.WRN_DeprecatedSymbolStr, "SecurityAction.RequestMinimum").WithArguments("System.Security.Permissions.SecurityAction.RequestMinimum", "Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information."),
                // (21,32): warning CS0618: 'System.Security.Permissions.SecurityAction.RequestOptional' is obsolete: 'Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.'
                // [MyCodeAccessSecurityAttribute(SecurityAction.RequestOptional)]
                Diagnostic(ErrorCode.WRN_DeprecatedSymbolStr, "SecurityAction.RequestOptional").WithArguments("System.Security.Permissions.SecurityAction.RequestOptional", "Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information."),
                // (22,32): warning CS0618: 'System.Security.Permissions.SecurityAction.RequestRefuse' is obsolete: 'Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.'
                // [MyCodeAccessSecurityAttribute(SecurityAction.RequestRefuse)]
                Diagnostic(ErrorCode.WRN_DeprecatedSymbolStr, "SecurityAction.RequestRefuse").WithArguments("System.Security.Permissions.SecurityAction.RequestRefuse", "Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information."),
                // (17,22): error CS7051: SecurityAction value 'SecurityAction.RequestMinimum' is invalid for security attributes applied to a type or a method
                // [MySecurityAttribute(SecurityAction.RequestMinimum)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionTypeOrMethod, "SecurityAction.RequestMinimum").WithArguments("SecurityAction.RequestMinimum"),
                // (18,22): error CS7051: SecurityAction value 'SecurityAction.RequestOptional' is invalid for security attributes applied to a type or a method
                // [MySecurityAttribute(SecurityAction.RequestOptional)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionTypeOrMethod, "SecurityAction.RequestOptional").WithArguments("SecurityAction.RequestOptional"),
                // (19,22): error CS7051: SecurityAction value 'SecurityAction.RequestRefuse' is invalid for security attributes applied to a type or a method
                // [MySecurityAttribute(SecurityAction.RequestRefuse)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionTypeOrMethod, "SecurityAction.RequestRefuse").WithArguments("SecurityAction.RequestRefuse"),
                // (20,32): error CS7051: SecurityAction value 'SecurityAction.RequestMinimum' is invalid for security attributes applied to a type or a method
                // [MyCodeAccessSecurityAttribute(SecurityAction.RequestMinimum)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionTypeOrMethod, "SecurityAction.RequestMinimum").WithArguments("SecurityAction.RequestMinimum"),
                // (21,32): error CS7051: SecurityAction value 'SecurityAction.RequestOptional' is invalid for security attributes applied to a type or a method
                // [MyCodeAccessSecurityAttribute(SecurityAction.RequestOptional)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionTypeOrMethod, "SecurityAction.RequestOptional").WithArguments("SecurityAction.RequestOptional"),
                // (22,32): error CS7051: SecurityAction value 'SecurityAction.RequestRefuse' is invalid for security attributes applied to a type or a method
                // [MyCodeAccessSecurityAttribute(SecurityAction.RequestRefuse)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionTypeOrMethod, "SecurityAction.RequestRefuse").WithArguments("SecurityAction.RequestRefuse"),
                // (25,26): warning CS0618: 'System.Security.Permissions.SecurityAction.RequestMinimum' is obsolete: 'Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.'
                //     [MySecurityAttribute(SecurityAction.RequestMinimum)]
                Diagnostic(ErrorCode.WRN_DeprecatedSymbolStr, "SecurityAction.RequestMinimum").WithArguments("System.Security.Permissions.SecurityAction.RequestMinimum", "Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information."),
                // (26,26): warning CS0618: 'System.Security.Permissions.SecurityAction.RequestOptional' is obsolete: 'Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.'
                //     [MySecurityAttribute(SecurityAction.RequestOptional)]
                Diagnostic(ErrorCode.WRN_DeprecatedSymbolStr, "SecurityAction.RequestOptional").WithArguments("System.Security.Permissions.SecurityAction.RequestOptional", "Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information."),
                // (27,26): warning CS0618: 'System.Security.Permissions.SecurityAction.RequestRefuse' is obsolete: 'Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.'
                //     [MySecurityAttribute(SecurityAction.RequestRefuse)]
                Diagnostic(ErrorCode.WRN_DeprecatedSymbolStr, "SecurityAction.RequestRefuse").WithArguments("System.Security.Permissions.SecurityAction.RequestRefuse", "Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information."),
                // (28,36): warning CS0618: 'System.Security.Permissions.SecurityAction.RequestMinimum' is obsolete: 'Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.'
                //     [MyCodeAccessSecurityAttribute(SecurityAction.RequestMinimum)]
                Diagnostic(ErrorCode.WRN_DeprecatedSymbolStr, "SecurityAction.RequestMinimum").WithArguments("System.Security.Permissions.SecurityAction.RequestMinimum", "Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information."),
                // (29,36): warning CS0618: 'System.Security.Permissions.SecurityAction.RequestOptional' is obsolete: 'Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.'
                //     [MyCodeAccessSecurityAttribute(SecurityAction.RequestOptional)]
                Diagnostic(ErrorCode.WRN_DeprecatedSymbolStr, "SecurityAction.RequestOptional").WithArguments("System.Security.Permissions.SecurityAction.RequestOptional", "Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information."),
                // (30,36): warning CS0618: 'System.Security.Permissions.SecurityAction.RequestRefuse' is obsolete: 'Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.'
                //     [MyCodeAccessSecurityAttribute(SecurityAction.RequestRefuse)]
                Diagnostic(ErrorCode.WRN_DeprecatedSymbolStr, "SecurityAction.RequestRefuse").WithArguments("System.Security.Permissions.SecurityAction.RequestRefuse", "Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information."),
                // (25,26): error CS7051: SecurityAction value 'SecurityAction.RequestMinimum' is invalid for security attributes applied to a type or a method
                //     [MySecurityAttribute(SecurityAction.RequestMinimum)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionTypeOrMethod, "SecurityAction.RequestMinimum").WithArguments("SecurityAction.RequestMinimum"),
                // (26,26): error CS7051: SecurityAction value 'SecurityAction.RequestOptional' is invalid for security attributes applied to a type or a method
                //     [MySecurityAttribute(SecurityAction.RequestOptional)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionTypeOrMethod, "SecurityAction.RequestOptional").WithArguments("SecurityAction.RequestOptional"),
                // (27,26): error CS7051: SecurityAction value 'SecurityAction.RequestRefuse' is invalid for security attributes applied to a type or a method
                //     [MySecurityAttribute(SecurityAction.RequestRefuse)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionTypeOrMethod, "SecurityAction.RequestRefuse").WithArguments("SecurityAction.RequestRefuse"),
                // (28,36): error CS7051: SecurityAction value 'SecurityAction.RequestMinimum' is invalid for security attributes applied to a type or a method
                //     [MyCodeAccessSecurityAttribute(SecurityAction.RequestMinimum)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionTypeOrMethod, "SecurityAction.RequestMinimum").WithArguments("SecurityAction.RequestMinimum"),
                // (29,36): error CS7051: SecurityAction value 'SecurityAction.RequestOptional' is invalid for security attributes applied to a type or a method
                //     [MyCodeAccessSecurityAttribute(SecurityAction.RequestOptional)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionTypeOrMethod, "SecurityAction.RequestOptional").WithArguments("SecurityAction.RequestOptional"),
                // (30,36): error CS7051: SecurityAction value 'SecurityAction.RequestRefuse' is invalid for security attributes applied to a type or a method
                //     [MyCodeAccessSecurityAttribute(SecurityAction.RequestRefuse)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidActionTypeOrMethod, "SecurityAction.RequestRefuse").WithArguments("SecurityAction.RequestRefuse"));
        }
 
        [WorkItem(546623, "http://vstfdevdiv:8080/DevDiv2/DevDiv/_workitems/edit/546623")]
        [Fact]
        public void CS7070ERR_SecurityAttributeInvalidTarget()
        {
            string source = @"
using System;
using System.Security;
using System.Security.Permissions;
 
class Program
{
    [MyPermission(SecurityAction.Demand)]
    public int x = 0;
}
 
[AttributeUsage(AttributeTargets.All)]
class MyPermissionAttribute : CodeAccessSecurityAttribute
{
    public MyPermissionAttribute(SecurityAction action) : base(action)
    {
    }
 
    public override IPermission CreatePermission()
    {
        return null;
    }
}";
            CreateCompilationWithMscorlib40(source).VerifyDiagnostics(
                // (8,6): error CS7070: Security attribute 'MyPermission' is not valid on this declaration type. Security attributes are only valid on assembly, type and method declarations.
                //     [MyPermission(SecurityAction.Demand)]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidTarget, "MyPermission").WithArguments("MyPermission"));
        }
 
        [WorkItem(546056, "http://vstfdevdiv:8080/DevDiv2/DevDiv/_workitems/edit/546056")]
        [Fact]
        public void TestMissingCodeAccessSecurityAttributeGeneratesNoErrors()
        {
            string source = @"
namespace System
{
    public enum AttributeTargets { All = 32767, }
    public class AttributeUsageAttribute : Attribute
    {
        public AttributeUsageAttribute(AttributeTargets targets) { }
        public bool AllowMultiple { get; set; }
        public bool Inherited { get; set; }
    }
 
    [AttributeUsage(AttributeTargets.All)]
    public class MyAttr : Attribute { }
    [MyAttr()] // error here
    public class C { }
}
 
// following are the minimum code to make Dev11 pass when using /nostdlib option
namespace System
{
    public class Object { }
    public abstract class ValueType { }
    public class Enum { }
    public class String { }
    public struct Byte { }
    public struct Int16 { }
    public struct Int32 { }
    public struct Int64 { }
    public struct Single { }
    public struct Double { }
    public struct Char { }
    public struct Boolean { }
    public struct SByte { }
    public struct UInt16 { }
    public struct UInt32 { }
    public struct UInt64 { }
    public struct IntPtr { }
    public struct UIntPtr { }
    public class Delegate { }
    public class MulticastDelegate : Delegate { }
    public class Array { }
    public class Exception { }
    public class Type { }
    public struct Void { }
    public interface IDisposable { void Dispose(); }
    public class Attribute { }
    public class ParamArrayAttribute : Attribute { }
    public struct RuntimeTypeHandle { }
    public struct RuntimeFieldHandle { }
    namespace Runtime.InteropServices
    {
        public class OutAttribute : Attribute { }
    }
 
    namespace Reflection
    {
        public class DefaultMemberAttribute { }
    }
    namespace Collections
    {
        public interface IEnumerable { }
        public interface IEnumerator { }
    }
}
";
            var comp = CreateEmptyCompilation(source);
            comp.EmitToArray(options: new EmitOptions(runtimeMetadataVersion: "v4.0.31019"), expectedWarnings: new DiagnosticDescription[0]);
        }
 
        #endregion
 
        #region Metadata validation tests
 
        [Fact]
        public void CheckSecurityAttributeOnType()
        {
            string source = @"
using System.Security;
using System.Security.Permissions;
 
class MySecurityAttribute : SecurityAttribute
{
    public MySecurityAttribute(SecurityAction a) : base(a) { }
    public override IPermission CreatePermission() { return null; }
}
 
namespace N
{
    [PrincipalPermission(SecurityAction.Demand, Role=@""User1"")]
    [MySecurityAttribute(SecurityAction.Assert)]
	public class C
	{
    }
}
";
            var compilation = CreateCompilationWithMscorlib40(source, options: TestOptions.ReleaseDll, assemblyName: "Test");
            CompileAndVerify(compilation, symbolValidator: module =>
            {
                ValidateDeclSecurity(module, new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.Demand,
                    ParentKind = SymbolKind.NamedType,
                    ParentNameOpt = @"C",
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0001" + // number of attributes (small enough to fit in 1 byte)
                        "\u0080\u0085" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.PrincipalPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u000e" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u000e" + // type string
                        "\u0004" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "Role" + // property name
                        "\u0005" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "User1", // argument value (@"User1")
                },
                new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.Assert,
                    ParentKind = SymbolKind.NamedType,
                    ParentNameOpt = @"C",
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0001" + // number of attributes (small enough to fit in 1 byte)
                        "\u0050" + // length of UTF-8 string
                        "MySecurityAttribute, Test, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null" + // attr type name
                        "\u0001" + // number of bytes in the encoding of the named arguments
                        "\u0000" // number of named arguments
                });
            });
        }
 
        [Fact]
        public void CheckSecurityAttributeOnMethod()
        {
            string source = @"
using System.Security.Permissions;
 
namespace N
{
	public class C
	{
        [PrincipalPermission(SecurityAction.Demand, Role=@""User1"")]
		public static void Goo() {}
    }
}
";
            var compilation = CreateCompilationWithMscorlib40(source, options: TestOptions.ReleaseDll);
            CompileAndVerify(compilation, symbolValidator: module =>
            {
                ValidateDeclSecurity(module, new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.Demand,
                    ParentKind = SymbolKind.Method,
                    ParentNameOpt = @"Goo",
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0001" + // number of attributes (small enough to fit in 1 byte)
                        "\u0080\u0085" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.PrincipalPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u000e" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u000e" + // type string
                        "\u0004" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "Role" + // property name
                        "\u0005" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "User1", // argument value (@"User1")
                });
            });
        }
 
        [Fact]
        public void CheckSecurityAttributeOnLocalFunction()
        {
            string source = @"
using System.Security.Permissions;
 
namespace N
{
    public class C
    {
        void M()
        {
            [PrincipalPermission(SecurityAction.Demand, Role=@""User1"")]
            static void local1() {}
        }
    }
}
";
            var compilation = CreateCompilationWithMscorlib40(source, options: TestOptions.ReleaseDll, parseOptions: TestOptions.Regular9);
            CompileAndVerify(compilation, symbolValidator: module =>
            {
                ValidateDeclSecurity(module, new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.Demand,
                    ParentKind = SymbolKind.Method,
                    ParentNameOpt = @"<M>g__local1|0_0",
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0001" + // number of attributes (small enough to fit in 1 byte)
                        "\u0080\u0085" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.PrincipalPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u000e" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u000e" + // type string
                        "\u0004" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "Role" + // property name
                        "\u0005" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "User1", // argument value (@"User1")
                });
            });
        }
 
        [Fact]
        public void CheckSecurityAttributeOnLambda()
        {
            string source =
@"using System;
using System.Security.Permissions;
class Program
{
    static void Main()
    {
        Action a = [PrincipalPermission(SecurityAction.Demand, Role=@""User1"")] () => { };
    }
}";
            var compilation = CreateCompilationWithMscorlib40(source, options: TestOptions.ReleaseDll, parseOptions: TestOptions.RegularPreview);
            CompileAndVerify(compilation, symbolValidator: module =>
            {
                ValidateDeclSecurity(module, new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.Demand,
                    ParentKind = SymbolKind.Method,
                    ParentNameOpt = @"<Main>b__0_0",
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0001" + // number of attributes (small enough to fit in 1 byte)
                        "\u0080\u0085" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.PrincipalPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u000e" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u000e" + // type string
                        "\u0004" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "Role" + // property name
                        "\u0005" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "User1", // argument value (@"User1")
                });
            });
        }
 
        [Fact]
        public void CheckMultipleSecurityAttributes_SameType_SameAction()
        {
            string source = @"
using System.Security.Permissions;
 
namespace N
{
    [PrincipalPermission(SecurityAction.Demand, Role=@""User1"")]
	[PrincipalPermission(SecurityAction.Demand, Role=@""User1"")]
	public class C
	{
    }
}
";
            var compilation = CreateCompilationWithMscorlib40(source, options: TestOptions.ReleaseDll);
            CompileAndVerify(compilation, symbolValidator: module =>
            {
                ValidateDeclSecurity(module, new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.Demand,
                    ParentKind = SymbolKind.NamedType,
                    ParentNameOpt = @"C",
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0002" + // number of attributes (small enough to fit in 1 byte)
 
                        "\u0080\u0085" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.PrincipalPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u000e" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u000e" + // type string
                        "\u0004" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "Role" + // property name
                        "\u0005" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "User1" + // argument value (@"User1")
 
                        "\u0080\u0085" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.PrincipalPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u000e" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u000e" + // type string
                        "\u0004" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "Role" + // property name
                        "\u0005" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "User1", // argument value (@"User1")
                });
            });
        }
 
        [Fact]
        public void CheckMultipleSecurityAttributes_SameMethod_SameAction()
        {
            string source = @"
using System.Security.Permissions;
 
namespace N
{
    public class C
	{
        [PrincipalPermission(SecurityAction.Demand, Role=@""User1"")]
	    [PrincipalPermission(SecurityAction.Demand, Role=@""User1"")]
        public static void Goo() {}
    }
}
";
            var compilation = CreateCompilationWithMscorlib40(source, options: TestOptions.ReleaseDll);
            CompileAndVerify(compilation, symbolValidator: module =>
            {
                ValidateDeclSecurity(module, new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.Demand,
                    ParentKind = SymbolKind.Method,
                    ParentNameOpt = @"Goo",
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0002" + // number of attributes (small enough to fit in 1 byte)
 
                        "\u0080\u0085" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.PrincipalPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u000e" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u000e" + // type string
                        "\u0004" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "Role" + // property name
                        "\u0005" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "User1" + // argument value (@"User1")
 
                        "\u0080\u0085" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.PrincipalPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u000e" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u000e" + // type string
                        "\u0004" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "Role" + // property name
                        "\u0005" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "User1", // argument value (@"User1")
                });
            });
        }
 
        [Fact]
        public void CheckMultipleSecurityAttributes_SameType_DifferentAction()
        {
            string source = @"
using System.Security.Permissions;
 
namespace N
{
    [PrincipalPermission(SecurityAction.Demand, Role=@""User1"")]
	[PrincipalPermission(SecurityAction.Assert, Role=@""User2"")]
	public class C
	{
    }
}
";
            var compilation = CreateCompilationWithMscorlib40(source, options: TestOptions.ReleaseDll);
            CompileAndVerify(compilation, symbolValidator: module =>
            {
                ValidateDeclSecurity(module, new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.Demand,
                    ParentKind = SymbolKind.NamedType,
                    ParentNameOpt = @"C",
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0001" + // number of attributes (small enough to fit in 1 byte)
                        "\u0080\u0085" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.PrincipalPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u000e" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u000e" + // type string
                        "\u0004" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "Role" + // property name
                        "\u0005" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "User1", // argument value (@"User1")
                },
                new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.Assert,
                    ParentKind = SymbolKind.NamedType,
                    ParentNameOpt = @"C",
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0001" + // number of attributes (small enough to fit in 1 byte)
                        "\u0080\u0085" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.PrincipalPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u000e" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u000e" + // type string
                        "\u0004" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "Role" + // property name
                        "\u0005" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "User2", // argument value (@"User2")
                });
            });
        }
 
        [Fact]
        public void CheckMultipleSecurityAttributes_SameMethod_DifferentAction()
        {
            string source = @"
using System.Security.Permissions;
 
namespace N
{
    public class C
	{
        [PrincipalPermission(SecurityAction.Demand, Role=@""User1"")]
	    [PrincipalPermission(SecurityAction.Assert, Role=@""User2"")]
        public static void Goo() {}
    }
}
";
            var compilation = CreateCompilationWithMscorlib40(source, options: TestOptions.ReleaseDll);
            CompileAndVerify(compilation, symbolValidator: module =>
            {
                ValidateDeclSecurity(module, new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.Demand,
                    ParentKind = SymbolKind.Method,
                    ParentNameOpt = @"Goo",
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0001" + // number of attributes (small enough to fit in 1 byte)
                        "\u0080\u0085" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.PrincipalPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u000e" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u000e" + // type string
                        "\u0004" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "Role" + // property name
                        "\u0005" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "User1", // argument value (@"User1")
                },
                new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.Assert,
                    ParentKind = SymbolKind.Method,
                    ParentNameOpt = @"Goo",
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0001" + // number of attributes (small enough to fit in 1 byte)
                        "\u0080\u0085" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.PrincipalPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u000e" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u000e" + // type string
                        "\u0004" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "Role" + // property name
                        "\u0005" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "User2", // argument value (@"User2")
                });
            });
        }
 
        [Fact]
        public void CheckMultipleSecurityAttributes_DifferentType_SameAction()
        {
            string source = @"
using System.Security.Permissions;
 
namespace N
{
    [PrincipalPermission(SecurityAction.Demand, Role=@""User1"")]
	public class C
	{
    }
}
 
namespace N2
{
    [PrincipalPermission(SecurityAction.Demand, Role=@""User1"")]
	public class C2
	{
    }
}
";
            var compilation = CreateCompilationWithMscorlib40(source, options: TestOptions.ReleaseDll);
            CompileAndVerify(compilation, symbolValidator: module =>
            {
                ValidateDeclSecurity(module, new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.Demand,
                    ParentKind = SymbolKind.NamedType,
                    ParentNameOpt = @"C",
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0001" + // number of attributes (small enough to fit in 1 byte)
                        "\u0080\u0085" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.PrincipalPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u000e" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u000e" + // type string
                        "\u0004" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "Role" + // property name
                        "\u0005" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "User1", // argument value (@"User1")
                },
                new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.Demand,
                    ParentKind = SymbolKind.NamedType,
                    ParentNameOpt = @"C2",
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0001" + // number of attributes (small enough to fit in 1 byte)
                        "\u0080\u0085" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.PrincipalPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u000e" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u000e" + // type string
                        "\u0004" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "Role" + // property name
                        "\u0005" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "User1", // argument value (@"User1")
                });
            });
        }
 
        [Fact]
        public void CheckMultipleSecurityAttributes_DifferentMethod_SameAction()
        {
            string source = @"
using System.Security.Permissions;
 
namespace N
{
    public class C
	{
        [PrincipalPermission(SecurityAction.Demand, Role=@""User1"")]
	    public static void Goo1() {}
 
        [PrincipalPermission(SecurityAction.Demand, Role=@""User1"")]
	    public static void Goo2() {}
    }
}
";
            var compilation = CreateCompilationWithMscorlib40(source, options: TestOptions.ReleaseDll);
            CompileAndVerify(compilation, symbolValidator: module =>
            {
                ValidateDeclSecurity(module, new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.Demand,
                    ParentKind = SymbolKind.Method,
                    ParentNameOpt = @"Goo1",
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0001" + // number of attributes (small enough to fit in 1 byte)
                        "\u0080\u0085" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.PrincipalPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u000e" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u000e" + // type string
                        "\u0004" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "Role" + // property name
                        "\u0005" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "User1", // argument value (@"User1")
                },
                new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.Demand,
                    ParentKind = SymbolKind.Method,
                    ParentNameOpt = @"Goo2",
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0001" + // number of attributes (small enough to fit in 1 byte)
                        "\u0080\u0085" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.PrincipalPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u000e" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u000e" + // type string
                        "\u0004" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "Role" + // property name
                        "\u0005" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "User1", // argument value (@"User1")
                });
            });
        }
 
        [Fact]
        public void CheckMultipleSecurityAttributes_Assembly_Type_Method()
        {
            string source = @"
using System.Security.Permissions;
 
[assembly: SecurityPermission(SecurityAction.RequestOptional, RemotingConfiguration = true)]
[assembly: SecurityPermission(SecurityAction.RequestMinimum, UnmanagedCode = true)]
 
namespace N
{
    [PrincipalPermission(SecurityAction.Demand, Role=@""User1"")]
    public class C
	{
        [PrincipalPermission(SecurityAction.Demand, Role=@""User1"")]
	    public static void Goo() {}
    }
}
";
            var compilation = CreateCompilationWithMscorlib40(source, options: TestOptions.ReleaseDll);
 
            compilation.VerifyDiagnostics(
                // (4,31): warning CS0618: 'System.Security.Permissions.SecurityAction.RequestOptional' is obsolete: 'Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.'
                // [assembly: SecurityPermission(SecurityAction.RequestOptional, RemotingConfiguration = true)]
                Diagnostic(ErrorCode.WRN_DeprecatedSymbolStr, "SecurityAction.RequestOptional").WithArguments("System.Security.Permissions.SecurityAction.RequestOptional", "Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information."),
                // (5,31): warning CS0618: 'System.Security.Permissions.SecurityAction.RequestMinimum' is obsolete: 'Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.'
                // [assembly: SecurityPermission(SecurityAction.RequestMinimum, UnmanagedCode = true)]
                Diagnostic(ErrorCode.WRN_DeprecatedSymbolStr, "SecurityAction.RequestMinimum").WithArguments("System.Security.Permissions.SecurityAction.RequestMinimum", "Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information."));
 
            CompileAndVerify(compilation, symbolValidator: module =>
            {
                ValidateDeclSecurity(module, new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.RequestOptional,
                    ParentKind = SymbolKind.Assembly,
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0001" + // number of attributes (small enough to fit in 1 byte)
                        "\u0080\u0084" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u001a" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u0002" + // type bool
                        "\u0015" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "RemotingConfiguration" + // property name
                        "\u0001", // argument value (true)
                },
                new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.RequestMinimum,
                    ParentKind = SymbolKind.Assembly,
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0001" + // number of attributes (small enough to fit in 1 byte)
                        "\u0080\u0084" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u0012" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u0002" + // type bool
                        "\u000d" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "UnmanagedCode" + // property name
                        "\u0001", // argument value (true)
                },
                new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.Demand,
                    ParentKind = SymbolKind.NamedType,
                    ParentNameOpt = @"C",
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0001" + // number of attributes (small enough to fit in 1 byte)
                        "\u0080\u0085" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.PrincipalPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u000e" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u000e" + // type string
                        "\u0004" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "Role" + // property name
                        "\u0005" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "User1", // argument value (@"User1")
                },
                new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.Demand,
                    ParentKind = SymbolKind.Method,
                    ParentNameOpt = @"Goo",
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0001" + // number of attributes (small enough to fit in 1 byte)
                        "\u0080\u0085" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.PrincipalPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u000e" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u000e" + // type string
                        "\u0004" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "Role" + // property name
                        "\u0005" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "User1", // argument value (@"User1")
                });
            });
        }
 
        [Fact]
        public void CheckMultipleSecurityAttributes_Type_Method_UnsafeDll()
        {
            string source = @"
using System.Security.Permissions;
 
namespace N
{
    [PrincipalPermission(SecurityAction.Demand, Role=@""User1"")]
    public class C
	{
        [PrincipalPermission(SecurityAction.Demand, Role=@""User1"")]
	    public static void Goo() {}
    }
}
";
            var compilation = CreateCompilationWithMscorlib40(source, options: TestOptions.UnsafeReleaseDll);
            CompileAndVerify(compilation, verify: Verification.Passes, symbolValidator: module =>
            {
                ValidateDeclSecurity(module, new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.RequestMinimum,
                    ParentKind = SymbolKind.Assembly,
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0001" + // number of attributes (small enough to fit in 1 byte)
                        "\u0080\u0084" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u0015" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u0002" + // type bool
                        "\u0010" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "SkipVerification" + // property name
                        "\u0001", // argument value (true)
                },
                new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.Demand,
                    ParentKind = SymbolKind.NamedType,
                    ParentNameOpt = @"C",
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0001" + // number of attributes (small enough to fit in 1 byte)
                        "\u0080\u0085" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.PrincipalPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u000e" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u000e" + // type string
                        "\u0004" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "Role" + // property name
                        "\u0005" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "User1", // argument value (@"User1")
                },
                new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.Demand,
                    ParentKind = SymbolKind.Method,
                    ParentNameOpt = @"Goo",
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0001" + // number of attributes (small enough to fit in 1 byte)
                        "\u0080\u0085" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.PrincipalPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u000e" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u000e" + // type string
                        "\u0004" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "Role" + // property name
                        "\u0005" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "User1", // argument value (@"User1")
                });
            });
        }
 
        [Fact]
        public void GetSecurityAttributes_Type_Method_Assembly()
        {
            string source = @"
using System.Security.Permissions;
 
namespace N
{
    [PrincipalPermission(SecurityAction.Demand, Role=@""User1"")]
    [PrincipalPermission(SecurityAction.Assert, Role=@""User2"")]
    public class C
	{
        [PrincipalPermission(SecurityAction.Demand, Role=@""User1"")]
        [PrincipalPermission(SecurityAction.Demand, Role=@""User2"")]
	    public static void Goo() {}
    }
}
";
 
            var compilation = CreateCompilationWithMscorlib40(source, options: TestOptions.UnsafeReleaseDll);
            CompileAndVerify(compilation, verify: Verification.Passes, symbolValidator: module =>
            {
                ValidateDeclSecurity(module, new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.RequestMinimum,
                    ParentKind = SymbolKind.Assembly,
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0001" + // number of attributes (small enough to fit in 1 byte)
                        "\u0080\u0084" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u0015" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u0002" + // type bool
                        "\u0010" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "SkipVerification" + // property name
                        "\u0001", // argument value (true)
                },
                new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.Demand,
                    ParentKind = SymbolKind.NamedType,
                    ParentNameOpt = @"C",
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0001" + // number of attributes (small enough to fit in 1 byte)
                        "\u0080\u0085" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.PrincipalPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u000e" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u000e" + // type string
                        "\u0004" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "Role" + // property name
                        "\u0005" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "User1", // argument value (@"User1")
                },
                new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.Assert,
                    ParentKind = SymbolKind.NamedType,
                    ParentNameOpt = @"C",
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0001" + // number of attributes (small enough to fit in 1 byte)
                        "\u0080\u0085" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.PrincipalPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u000e" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u000e" + // type string
                        "\u0004" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "Role" + // property name
                        "\u0005" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "User2", // argument value (@"User2")
                },
                new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.Demand,
                    ParentKind = SymbolKind.Method,
                    ParentNameOpt = @"Goo",
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0002" + // number of attributes (small enough to fit in 1 byte)
                        "\u0080\u0085" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.PrincipalPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u000e" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u000e" + // type string
                        "\u0004" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "Role" + // property name
                        "\u0005" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "User1" + // argument value (@"User1")
                        "\u0080\u0085" + // length of UTF-8 string (0x80 indicates a 2-byte encoding)
                        "System.Security.Permissions.PrincipalPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u000e" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u000e" + // type string
                        "\u0004" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "Role" + // property name
                        "\u0005" + // length of UTF-8 string (small enough to fit in 1 byte)
                        "User2", // argument value (@"User2")
                });
            });
        }
 
        [WorkItem(545084, "http://vstfdevdiv:8080/DevDiv2/DevDiv/_workitems/edit/545084"), WorkItem(529492, "http://vstfdevdiv:8080/DevDiv2/DevDiv/_workitems/edit/529492")]
        [ConditionalFact(typeof(WindowsOnly), Reason = ConditionalSkipReason.TestExecutionNeedsDesktopTypes)]
        public void PermissionSetAttribute_Fixup()
        {
            var tempDir = Temp.CreateDirectory();
            var tempFile = tempDir.CreateFile("pset.xml");
 
            string text = @"
<PermissionSet class=""System.Security.PermissionSet"" version=""1"">
  <Permission class=""System.Security.Permissions.FileIOPermission, mscorlib"" version=""1""><AllWindows/></Permission>
  <Permission class=""System.Security.Permissions.RegistryPermission, mscorlib"" version=""1""><Unrestricted/></Permission>
</PermissionSet>";
 
            tempFile.WriteAllText(text);
 
            string hexFileContent = PermissionSetAttributeWithFileReference.ConvertToHex(new MemoryStream(Encoding.UTF8.GetBytes(text)));
 
            string source = @"
using System.Security.Permissions;
 
[PermissionSetAttribute(SecurityAction.Deny, File = @""pset.xml"")]
public class MyClass
{
    public static void Main() 
    {
        typeof(MyClass).GetCustomAttributes(false);
    }
}";
            var syntaxTree = Parse(source);
            var resolver = new XmlFileResolver(tempDir.Path);
            var compilation = CSharpCompilation.Create(
                GetUniqueName(),
                new[] { syntaxTree },
                new[] { MscorlibRef },
                TestOptions.ReleaseDll.WithXmlReferenceResolver(resolver));
 
            compilation.VerifyDiagnostics(
                // (4,25): warning CS0618: 'System.Security.Permissions.SecurityAction.Deny' is obsolete: 'Deny is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.'
                // [PermissionSetAttribute(SecurityAction.Deny, File = @"pset.xml")]
                Diagnostic(ErrorCode.WRN_DeprecatedSymbolStr, "SecurityAction.Deny").WithArguments("System.Security.Permissions.SecurityAction.Deny", "Deny is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information."));
 
            CompileAndVerify(compilation, symbolValidator: module =>
            {
                ValidateDeclSecurity(module, new DeclSecurityEntry
                {
                    ActionFlags = DeclarativeSecurityAction.Deny,
                    ParentKind = SymbolKind.NamedType,
                    ParentNameOpt = @"MyClass",
                    PermissionSet =
                        "." + // always start with a dot
                        "\u0001" + // number of attributes (small enough to fit in 1 byte)
                        "\u007f" + // length of string
                        "System.Security.Permissions.PermissionSetAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" + // attr type name
                        "\u0082" + "\u008f" + // number of bytes in the encoding of the named arguments
                        "\u0001" + // number of named arguments
                        "\u0054" + // property (vs field)
                        "\u000e" + // type string
                        "\u0003" + // length of string (small enough to fit in 1 byte)
                        "Hex" + // property name
                        "\u0082" + "\u0086" + // length of string
                        hexFileContent // argument value
                });
            });
        }
 
        [WorkItem(545084, "http://vstfdevdiv:8080/DevDiv2/DevDiv/_workitems/edit/545084"), WorkItem(529492, "http://vstfdevdiv:8080/DevDiv2/DevDiv/_workitems/edit/529492")]
        [Fact]
        public void CS7056ERR_PermissionSetAttributeInvalidFile()
        {
            string source = @"
using System.Security.Permissions;
 
[PermissionSetAttribute(SecurityAction.Deny, File = @""NonExistentFile.xml"")]
[PermissionSetAttribute(SecurityAction.Deny, File = null)]
public class MyClass 
{
}";
            CreateCompilationWithMscorlib40(source).VerifyDiagnostics(
                // (4,25): warning CS0618: 'System.Security.Permissions.SecurityAction.Deny' is obsolete: 'Deny is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.'
                // [PermissionSetAttribute(SecurityAction.Deny, File = @"NonExistentFile.xml")]
                Diagnostic(ErrorCode.WRN_DeprecatedSymbolStr, "SecurityAction.Deny").WithArguments("System.Security.Permissions.SecurityAction.Deny", "Deny is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information."),
                // (5,25): warning CS0618: 'System.Security.Permissions.SecurityAction.Deny' is obsolete: 'Deny is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.'
                // [PermissionSetAttribute(SecurityAction.Deny, File = null)]
                Diagnostic(ErrorCode.WRN_DeprecatedSymbolStr, "SecurityAction.Deny").WithArguments("System.Security.Permissions.SecurityAction.Deny", "Deny is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information."),
                // (4,46): error CS7056: Unable to resolve file path 'NonExistentFile.xml' specified for the named argument 'File' for PermissionSet attribute
                // [PermissionSetAttribute(SecurityAction.Deny, File = @"NonExistentFile.xml")]
                Diagnostic(ErrorCode.ERR_PermissionSetAttributeInvalidFile, @"File = @""NonExistentFile.xml""").WithArguments("NonExistentFile.xml", "File").WithLocation(4, 46),
                // (5,46): error CS7056: Unable to resolve file path '<null>' specified for the named argument 'File' for PermissionSet attribute
                // [PermissionSetAttribute(SecurityAction.Deny, File = null)]
                Diagnostic(ErrorCode.ERR_PermissionSetAttributeInvalidFile, "File = null").WithArguments("<null>", "File").WithLocation(5, 46));
        }
 
        [Fact]
        public void CS7056ERR_PermissionSetAttributeInvalidFile_WithXmlReferenceResolver()
        {
            var tempDir = Temp.CreateDirectory();
            var tempFile = tempDir.CreateFile("pset.xml");
 
            string text = @"
<PermissionSet class=""System.Security.PermissionSet"" version=""1"">
</PermissionSet>";
 
            tempFile.WriteAllText(text);
 
            string source = @"
using System.Security.Permissions;
 
[PermissionSetAttribute(SecurityAction.Deny, File = @""NonExistentFile.xml"")]
[PermissionSetAttribute(SecurityAction.Deny, File = null)]
public class MyClass
{
}";
            var resolver = new XmlFileResolver(tempDir.Path);
            CreateCompilationWithMscorlib40(source, options: TestOptions.DebugDll.WithXmlReferenceResolver(resolver)).VerifyDiagnostics(
                // (4,25): warning CS0618: 'System.Security.Permissions.SecurityAction.Deny' is obsolete: 'Deny is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.'
                // [PermissionSetAttribute(SecurityAction.Deny, File = @"NonExistentFile.xml")]
                Diagnostic(ErrorCode.WRN_DeprecatedSymbolStr, "SecurityAction.Deny").WithArguments("System.Security.Permissions.SecurityAction.Deny", "Deny is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information."),
                // (5,25): warning CS0618: 'System.Security.Permissions.SecurityAction.Deny' is obsolete: 'Deny is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.'
                // [PermissionSetAttribute(SecurityAction.Deny, File = null)]
                Diagnostic(ErrorCode.WRN_DeprecatedSymbolStr, "SecurityAction.Deny").WithArguments("System.Security.Permissions.SecurityAction.Deny", "Deny is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information."),
                // (4,46): error CS7056: Unable to resolve file path 'NonExistentFile.xml' specified for the named argument 'File' for PermissionSet attribute
                // [PermissionSetAttribute(SecurityAction.Deny, File = @"NonExistentFile.xml")]
                Diagnostic(ErrorCode.ERR_PermissionSetAttributeInvalidFile, @"File = @""NonExistentFile.xml""").WithArguments("NonExistentFile.xml", "File").WithLocation(4, 46),
                // (5,46): error CS7056: Unable to resolve file path '<null>' specified for the named argument 'File' for PermissionSet attribute
                // [PermissionSetAttribute(SecurityAction.Deny, File = null)]
                Diagnostic(ErrorCode.ERR_PermissionSetAttributeInvalidFile, "File = null").WithArguments("<null>", "File").WithLocation(5, 46));
        }
 
        [WorkItem(545084, "http://vstfdevdiv:8080/DevDiv2/DevDiv/_workitems/edit/545084"), WorkItem(529492, "http://vstfdevdiv:8080/DevDiv2/DevDiv/_workitems/edit/529492")]
        [Fact]
        public void CS7057ERR_PermissionSetAttributeFileReadError()
        {
            var tempDir = Temp.CreateDirectory();
            string filePath = Path.Combine(tempDir.Path, "pset_01.xml");
 
            string source = @"
using System.Security.Permissions;
 
[PermissionSetAttribute(SecurityAction.Deny, File = @""pset_01.xml"")]
public class MyClass
{
    public static void Main()
    {
        typeof(MyClass).GetCustomAttributes(false);
    }
}";
            var syntaxTree = Parse(source);
            CSharpCompilation comp;
 
            // create file with no file sharing allowed and verify ERR_PermissionSetAttributeFileReadError during emit
            using (var fileStream = File.Open(filePath, FileMode.OpenOrCreate, FileAccess.Read, FileShare.None))
            {
                comp = CSharpCompilation.Create(
                    GetUniqueName(),
                    new[] { syntaxTree },
                    new[] { MscorlibRef },
                    TestOptions.ReleaseDll.WithXmlReferenceResolver(new XmlFileResolver(tempDir.Path)));
 
                comp.VerifyDiagnostics(
                    // (4,25): warning CS0618: 'System.Security.Permissions.SecurityAction.Deny' is obsolete: 'Deny is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.'
                    // [PermissionSetAttribute(SecurityAction.Deny, File = @"pset_01.xml")]
                    Diagnostic(ErrorCode.WRN_DeprecatedSymbolStr, "SecurityAction.Deny").WithArguments("System.Security.Permissions.SecurityAction.Deny", "Deny is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information."));
 
                using (var output = new MemoryStream())
                {
                    var emitResult = comp.Emit(output);
 
                    Assert.False(emitResult.Success);
                    emitResult.Diagnostics.VerifyErrorCodes(
                        Diagnostic(ErrorCode.WRN_DeprecatedSymbolStr),
                        Diagnostic(ErrorCode.ERR_PermissionSetAttributeFileReadError));
                }
            }
 
            // emit succeeds now since we closed the file:
 
            using (var output = new MemoryStream())
            {
                var emitResult = comp.Emit(output);
                Assert.True(emitResult.Success);
            }
        }
 
        #endregion
 
        [Fact]
        [WorkItem(1034429, "http://vstfdevdiv:8080/DevDiv2/DevDiv/_workitems/edit/1034429")]
        public void CrashOnParamsInSecurityAttribute()
        {
            const string source = @"
using System.Security.Permissions;
 
class Program
{
    [A(SecurityAction.Assert)]
    static void Main()
    {
    }
}
 
public class A : CodeAccessSecurityAttribute
{
    public A(params SecurityAction a)
    {
    }
}";
            CreateCompilationWithMscorlib46(source).GetDiagnostics();
        }
 
        [Fact]
        [WorkItem(1036339, "http://vstfdevdiv:8080/DevDiv2/DevDiv/_workitems/edit/1036339")]
        public void CrashOnOptionalParameterInSecurityAttribute()
        {
            const string source = @"
using System.Security.Permissions;
 
[A]
[A()]
class A : CodeAccessSecurityAttribute
{
    public A(SecurityAction a = 0) : base(a)
    {
    }
}";
            CreateCompilationWithMscorlib46(source).VerifyDiagnostics(
                // (4,2): error CS7049: Security attribute 'A' has an invalid SecurityAction value '0'
                // [A]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidAction, "A").WithArguments("A", "0").WithLocation(4, 2),
                // (5,2): error CS7049: Security attribute 'A' has an invalid SecurityAction value '0'
                // [A()]
                Diagnostic(ErrorCode.ERR_SecurityAttributeInvalidAction, "A()").WithArguments("A", "0").WithLocation(5, 2),
                // (6,7): error CS0534: 'A' does not implement inherited abstract member 'SecurityAttribute.CreatePermission()'
                // class A : CodeAccessSecurityAttribute
                Diagnostic(ErrorCode.ERR_UnimplementedAbstractMethod, "A").WithArguments("A", "System.Security.Permissions.SecurityAttribute.CreatePermission()").WithLocation(6, 7));
        }
    }
}