Remove CAS code from snippets (dotnet#29144)

docs/framework/ui-automation/find-a-ui-automation-element-based-on-a-property-condition.md

@@ -15,17 +15,17 @@ ms.topic: how-to
 > [!NOTE]
 > This documentation is intended for .NET Framework developers who want to use the managed UI Automation classes defined in the <xref:System.Windows.Automation> namespace. For the latest information about UI Automation, see [Windows Automation API: UI Automation](/windows/win32/winauto/entry-uiauto-win32).
 
- This topic contains example code that shows how to locate an element within the UI Automation tree based on a specific property or properties.
+This article contains example code that shows how to locate an element within the UI Automation tree based on a specific property or properties.
 
 ## Example
 
- In the following example, a set of property conditions are specified that identify a certain element (or elements) of interest in the <xref:System.Windows.Automation.AutomationElement> tree. A search for all matching elements is then performed with the <xref:System.Windows.Automation.AutomationElement.FindAll%2A> method that incorporates a series of <xref:System.Windows.Automation.AndCondition> boolean operations to limit the number of matching elements.
+ In the following example, a set of property conditions are specified that identify a certain element (or elements) of interest in the <xref:System.Windows.Automation.AutomationElement> tree. A search for all matching elements is then performed with the <xref:System.Windows.Automation.AutomationElement.FindAll%2A> method that incorporates a series of <xref:System.Windows.Automation.AndCondition> Boolean operations to limit the number of matching elements.
 
 > [!NOTE]
 > When searching from the <xref:System.Windows.Automation.AutomationElement.RootElement%2A>, you should try to obtain only direct children. A search for descendants might iterate through hundreds or even thousands of elements, possibly resulting in a stack overflow. If you are attempting to obtain a specific element at a lower level, you should start your search from the application window or from a container at a lower level.
 
- [!code-csharp[InvokePatternApp#1100](../../../samples/snippets/csharp/VS_Snippets_Wpf/InvokePatternApp/CSharp/InvokePatternApp.cs#1100)]
- [!code-vb[InvokePatternApp#1100](../../../samples/snippets/visualbasic/VS_Snippets_Wpf/InvokePatternApp/VisualBasic/Client.vb#1100)]
+[!code-csharp[InvokePatternApp#1100](../../../samples/snippets/csharp/VS_Snippets_Wpf/InvokePatternApp/CSharp/InvokePatternApp/InvokePatternApp.cs#1100)]
+[!code-vb[InvokePatternApp#1100](../../../samples/snippets/visualbasic/VS_Snippets_Wpf/InvokePatternApp/VisualBasic/InvokePatternClient/Client.vb#1100)]
 
 ## See also
 

docs/framework/ui-automation/invoke-a-control-using-ui-automation.md

@@ -30,10 +30,10 @@ ms.topic: how-to
 
  This example uses the <xref:System.Windows.Automation.AutomationElement.TryGetCurrentPattern%2A> method of the <xref:System.Windows.Automation.AutomationElement> class to generate an <xref:System.Windows.Automation.InvokePattern> object and invoke a control by using the <xref:System.Windows.Automation.InvokePattern.Invoke%2A> method.
 
- [!code-csharp[InvokePatternApp#1100](../../../samples/snippets/csharp/VS_Snippets_Wpf/InvokePatternApp/CSharp/InvokePatternApp.cs#1100)]
- [!code-vb[InvokePatternApp#1100](../../../samples/snippets/visualbasic/VS_Snippets_Wpf/InvokePatternApp/VisualBasic/Client.vb#1100)]
-[!code-csharp[InvokePatternApp#1102](../../../samples/snippets/csharp/VS_Snippets_Wpf/InvokePatternApp/CSharp/InvokePatternApp.cs#1102)]
-[!code-vb[InvokePatternApp#1102](../../../samples/snippets/visualbasic/VS_Snippets_Wpf/InvokePatternApp/VisualBasic/Client.vb#1102)]
+[!code-csharp[InvokePatternApp#1100](../../../samples/snippets/csharp/VS_Snippets_Wpf/InvokePatternApp/CSharp/InvokePatternApp/InvokePatternApp.cs#1100)]
+[!code-vb[InvokePatternApp#1100](../../../samples/snippets/visualbasic/VS_Snippets_Wpf/InvokePatternApp/VisualBasic/InvokePatternClient/Client.vb#1100)]
+[!code-csharp[InvokePatternApp#1102](../../../samples/snippets/csharp/VS_Snippets_Wpf/InvokePatternApp/CSharp/InvokePatternApp/InvokePatternApp.cs#1102)]
+[!code-vb[InvokePatternApp#1102](../../../samples/snippets/visualbasic/VS_Snippets_Wpf/InvokePatternApp/VisualBasic/InvokePatternClient/Client.vb#1102)]
 
 ## See also
 

docs/framework/wcf/feature-details/best-practices-for-security-in-wcf.md

@@ -33,7 +33,7 @@ The following sections list the best practices to consider when creating secure
 
 ## Always Revert After Impersonation  
 
- When using APIs that enable impersonation of a client, be sure to revert to the original identity. For example, when using the <xref:System.Security.Principal.WindowsIdentity> and <xref:System.Security.Principal.WindowsImpersonationContext>, use the C# `using` statement or the Visual Basic`Using` statement, as shown in the following code. The <xref:System.Security.Principal.WindowsImpersonationContext> class implements the <xref:System.IDisposable> interface, and therefore the common language runtime (CLR) automatically reverts to the original identity once the code leaves the `using` block.  
+ When using APIs that enable impersonation of a client, be sure to revert to the original identity. For example, when using the <xref:System.Security.Principal.WindowsIdentity> and <xref:System.Security.Principal.WindowsImpersonationContext>, use the C# `using` statement or the Visual Basic `Using` statement, as shown in the following code. The <xref:System.Security.Principal.WindowsImpersonationContext> class implements the <xref:System.IDisposable> interface, and therefore the common language runtime (CLR) automatically reverts to the original identity once the code leaves the `using` block.  
 
  [!code-csharp[c_SecurityBestPractices#1](../../../../samples/snippets/csharp/VS_Snippets_CFX/c_securitybestpractices/cs/source.cs#1)]
  [!code-vb[c_SecurityBestPractices#1](../../../../samples/snippets/visualbasic/VS_Snippets_CFX/c_securitybestpractices/vb/source.vb#1)]  

docs/fundamentals/code-analysis/quality-rules/snippets/csharp/all-rules/ca2229.cs

@@ -1,6 +1,5 @@
 using System;
 using System.Runtime.Serialization;
-using System.Security.Permissions;
 
 namespace ca2229
 {
@@ -26,8 +25,6 @@ protected SerializationConstructorsRequired(
         }
 
         // The following method serializes the instance.
-        [SecurityPermission(SecurityAction.LinkDemand,
-            Flags = SecurityPermissionFlag.SerializationFormatter)]
         void ISerializable.GetObjectData(SerializationInfo info,
            StreamingContext context)
         {

docs/fundamentals/code-analysis/quality-rules/snippets/csharp/all-rules/ca2237.cs

@@ -1,5 +1,4 @@
 using System.Runtime.Serialization;
-using System.Security.Permissions;
 
 namespace ca2237
 {
@@ -20,8 +19,6 @@ protected BaseType(
             baseValue = info.GetInt32("baseValue");
         }
 
-        [SecurityPermissionAttribute(SecurityAction.Demand,
-            SerializationFormatter = true)]
         public virtual void GetObjectData(
            SerializationInfo info, StreamingContext context)
         {

docs/standard/serialization/custom-serialization.md

@@ -1,7 +1,7 @@
 ---
 title: "Custom serialization"
 description: Custom serialization is controlling the serialization and deserialization of a type. Controlling serialization can ensure serialization compatibility.
-ms.date: "03/30/2017"
+ms.date: 04/21/2022
 dev_langs: 
   - "csharp"
   - "vb"
@@ -26,7 +26,7 @@ Custom serialization is the process of controlling the serialization and deseria
 [!INCLUDE [binary-serialization-warning](../../../includes/binary-serialization-warning.md)]
 
 > [!IMPORTANT]
-> In versions previous to .NET Framework 4.0, serialization of custom user data in a partially trusted assembly was accomplished using `GetObjectData`. Starting with version 4.0, that method is marked with the <xref:System.Security.SecurityCriticalAttribute> attribute, which prevents execution in partially trusted assemblies. To work around this condition, implement the <xref:System.Runtime.Serialization.ISafeSerializationData> interface.  
+> In versions previous to .NET Framework 4.0, serialization of custom user data in a partially trusted assembly was accomplished using `GetObjectData`. In .NET Framework version 4.0 - 4.8, that method is marked with the <xref:System.Security.SecurityCriticalAttribute> attribute, which prevents execution in partially trusted assemblies. To work around this condition, implement the <xref:System.Runtime.Serialization.ISafeSerializationData> interface.  
   
 ## Running custom methods during and after serialization
 
@@ -50,7 +50,7 @@ The recommended way to run custom methods during and after serialization is to a
 
  In addition, you should not use default serialization on a class that is marked with the [Serializable](xref:System.SerializableAttribute) attribute and has declarative or imperative security at the class level or on its constructors. Instead, these classes should always implement the <xref:System.Runtime.Serialization.ISerializable> interface.  
 
- Implementing <xref:System.Runtime.Serialization.ISerializable> involves implementing the `GetObjectData` method and a special constructor that is used when the object is deserialized. The following sample code shows how to implement <xref:System.Runtime.Serialization.ISerializable> on the `MyObject` class from a previous section.  
+ Implementing <xref:System.Runtime.Serialization.ISerializable> involves implementing the `GetObjectData` method and a special constructor that's used when the object is deserialized. The following sample code shows how to implement <xref:System.Runtime.Serialization.ISerializable> on the `MyObject` class from a previous section.  
 
 ```csharp
 [Serializable]
@@ -71,7 +71,6 @@ public class MyObject : ISerializable
       str = info.GetString("k");
     }
 
-    [SecurityPermissionAttribute(SecurityAction.Demand, SerializationFormatter = true)]
     public virtual void GetObjectData(SerializationInfo info, StreamingContext context)
     {
         info.AddValue("i", n1);
@@ -98,7 +97,6 @@ Public Class MyObject
         str = info.GetString("k")
     End Sub 'New
 
-    <SecurityPermissionAttribute(SecurityAction.Demand, SerializationFormatter := True)> _
     Public Overridable Sub GetObjectData(ByVal info As SerializationInfo, ByVal context As StreamingContext)
         info.AddValue("i", n1)
         info.AddValue("j", n2)
@@ -107,17 +105,13 @@ Public Class MyObject
 End Class
 ```  
 
- When **GetObjectData** is called during serialization, you are responsible for populating the <xref:System.Runtime.Serialization.SerializationInfo> provided with the method call. Add the variables to be serialized as name and value pairs. Any text can be used as the name. You have the freedom to decide which member variables are added to the <xref:System.Runtime.Serialization.SerializationInfo>, provided that sufficient data is serialized to restore the object during deserialization. Derived classes should call the **GetObjectData** method on the base object if the latter implements <xref:System.Runtime.Serialization.ISerializable>.  
+ When **GetObjectData** is called during serialization, you are responsible for populating the <xref:System.Runtime.Serialization.SerializationInfo> provided with the method call. Add the variables to be serialized as name and value pairs. Any text can be used as the name. You have the freedom to decide which member variables are added to the <xref:System.Runtime.Serialization.SerializationInfo>, provided that sufficient data is serialized to restore the object during deserialization. Derived classes should call the **GetObjectData** method on the base object if the latter implements <xref:System.Runtime.Serialization.ISerializable>.
 
- Note that serialization can allow other code to see or modify object instance data that is otherwise inaccessible. Therefore, code that performs serialization requires the [SecurityPermission](xref:System.Security.Permissions.SecurityPermissionAttribute) with the <xref:System.Security.Permissions.SecurityPermissionAttribute.SerializationFormatter> flag specified. Under default policy, this permission is not given to Internet-downloaded or intranet code; only code on the local computer is granted this permission. The **GetObjectData** method must be explicitly protected either by demanding the [SecurityPermission](xref:System.Security.Permissions.SecurityPermissionAttribute) with the <xref:System.Security.Permissions.SecurityPermissionAttribute.SerializationFormatter> flag specified or by demanding other permissions that specifically help protect private data.  
-
- If a private field stores sensitive information, you should demand the appropriate permissions on **GetObjectData** to protect the data. Remember that code that has been granted [SecurityPermission](xref:System.Security.Permissions.SecurityPermissionAttribute) with the **SerializationFormatter** flag specified can view and modify the data stored in private fields. A malicious caller granted this [SecurityPermission](xref:System.Security.Permissions.SecurityPermissionAttribute) can view data such as hidden directory locations or granted permissions and use the data to exploit a security vulnerability on the computer. For a complete list of the security permission flags you can specify, see the [SecurityPermissionFlag Enumeration](xref:System.Security.Permissions.SecurityPermissionFlag).  
-
- It's important to stress that when <xref:System.Runtime.Serialization.ISerializable> is added to a class you must implement both **GetObjectData** and the special constructor. The compiler warns you if **GetObjectData** is missing. However, because it is impossible to enforce the implementation of a constructor, no warning is provided if the constructor is absent, and an exception is thrown when an attempt is made to deserialize a class without the constructor.  
+ It's important to stress that when <xref:System.Runtime.Serialization.ISerializable> is added to a class, you must implement both **GetObjectData** and the special constructor. The compiler warns you if **GetObjectData** is missing. However, because it is impossible to enforce the implementation of a constructor, no warning is provided if the constructor is absent, and an exception is thrown when an attempt is made to deserialize a class without the constructor.  
 
  The current design was favored above a <xref:System.Runtime.Serialization.ISerializationSurrogate.SetObjectData%2A> method to get around potential security and versioning problems. For example, a `SetObjectData` method must be public if it is defined as part of an interface; thus users must write code to defend against having the **SetObjectData** method called multiple times. Otherwise, a malicious application that calls the **SetObjectData** method on an object in the process of executing an operation can cause potential problems.  
 
- During deserialization, <xref:System.Runtime.Serialization.SerializationInfo> is passed to the class using the constructor provided for this purpose. Any visibility constraints placed on the constructor are ignored when the object is deserialized; so you can mark the class as public, protected, internal, or private. However, it is a best practice to make the constructor protected unless the class is sealed, in which case the constructor should be marked private. The constructor should also perform thorough input validation. To avoid misuse by malicious code, the constructor should enforce the same security checks and permissions required to obtain an instance of the class using any other constructor. If you do not follow this recommendation, malicious code can preserialize an object, obtain control with the [SecurityPermission](xref:System.Security.Permissions.SecurityPermissionAttribute) with the <xref:System.Security.Permissions.SecurityPermissionAttribute.SerializationFormatter> flag specified and deserialize the object on a client computer bypassing any security that would have been applied during standard instance construction using a public constructor.  
+ During deserialization, <xref:System.Runtime.Serialization.SerializationInfo> is passed to the class using the constructor provided for this purpose. Any visibility constraints placed on the constructor are ignored when the object is deserialized; so you can mark the class as public, protected, internal, or private. However, it is a best practice to make the constructor protected unless the class is sealed, in which case the constructor should be marked private. The constructor should also perform thorough input validation.
 
  To restore the state of the object, simply retrieve the values of the variables from <xref:System.Runtime.Serialization.SerializationInfo> using the names used during serialization. If the base class implements <xref:System.Runtime.Serialization.ISerializable>, the base constructor should be called to allow the base object to restore its variables.  
 
@@ -140,7 +134,6 @@ public class ObjectTwo : MyObject
         num = si.GetInt32("num");
     }
 
-    [SecurityPermissionAttribute(SecurityAction.Demand, SerializationFormatter = true)]
     public override void GetObjectData(SerializationInfo si, StreamingContext context)
     {
         base.GetObjectData(si,context);
@@ -165,7 +158,6 @@ Public Class ObjectTwo
         num = si.GetInt32("num")
     End Sub
 
-    <SecurityPermissionAttribute(SecurityAction.Demand, SerializationFormatter := True)> _
     Public Overrides Sub GetObjectData(ByVal si As SerializationInfo, ByVal context As StreamingContext)
         MyBase.GetObjectData(si, context)
         si.AddValue("num", num)

docs/standard/serialization/serialization-guidelines.md

@@ -133,11 +133,6 @@ This article lists the guidelines to consider when designing an API to be serial
      [!code-csharp[SerializationGuidelines#10](../../../samples/snippets/csharp/VS_Snippets_CFX/serializationguidelines/cs/source.cs#10)]
      [!code-vb[SerializationGuidelines#10](../../../samples/snippets/visualbasic/VS_Snippets_CFX/serializationguidelines/vb/source.vb#10)]
 
-5. DO apply a link demand to **ISerializable.GetObjectData** implementation. This ensures that only fully trusted core and the runtime serializer have access to the member.
-
-     [!code-csharp[SerializationGuidelines#11](../../../samples/snippets/csharp/VS_Snippets_CFX/serializationguidelines/cs/source.cs#11)]
-     [!code-vb[SerializationGuidelines#11](../../../samples/snippets/visualbasic/VS_Snippets_CFX/serializationguidelines/vb/source.vb#11)]
-
 ## See also
 
 - [Using Data Contracts](../../framework/wcf/feature-details/using-data-contracts.md)

docs/visual-basic/language-reference/statements/end-statement.md

@@ -56,6 +56,5 @@ End
 
 ## See also
 
-- <xref:System.Security.Permissions.SecurityPermissionFlag>
 - [Stop Statement](stop-statement.md)
 - [End \<keyword> Statement](end-keyword-statement.md)