XamlLoadPermission.FromXml for element without `class` attribute throws NRE

[hughbe]

[Fact]
public void FromXml_NoClassAttribute_ThrowsNullReferenceException()
{
    var permission = new XamlLoadPermission(PermissionState.None);
    var elem = new SecurityElement("IPermission");
    permission.FromXml(elem);
}

• Expected: throws ArgumentException to match other parse failures
• Actual: throws NullReferenceException!

Cause

public override void FromXml(SecurityElement elem)
{
    if (elem == null)
    {
        throw new ArgumentNullException(nameof(elem));
    }
    if (elem.Tag != XmlConstants.IPermission)
    {
        throw new ArgumentException(SR.Get(SRID.SecurityXmlUnexpectedTag, elem.Tag, XmlConstants.IPermission), nameof(elem));
    }

    string className = elem.Attribute(XmlConstants.Class);
    if (!className.StartsWith(GetType().FullName, false, TypeConverterHelper.InvariantEnglishUS))
    {
        throw new ArgumentException(SR.Get(SRID.SecurityXmlUnexpectedValue, className, XmlConstants.Class, GetType().FullName), nameof(elem));
    }

Problem:

string className = elem.Attribute(XmlConstants.Class);
if (!className.StartsWith(GetType().FullName, false, TypeConverterHelper.InvariantEnglishUS))

The className can be null!

[vatsan-madhavan]

We are going to remove XamlLoadPermission's implementation from .NET Core 3.0 since CAS is no longer supported. Given this, I'm closing this issue.

/c @ojhad