IDISP007 is triggering for an out parameter that is NOT injected and indeed MUST be disposed

[smaillet]

We have a static "factory" method that follows the general standard .NET "try" pattern but does not return a bool, instead it returns a custom status that may include an error message (In real world this is a SafeHandle for a native interop allocated value that needs a dispose) another SafeHandle derived type is an out parameter. Any use of this is triggering IDISP007.

Example:

[DllImport]
private static extern CustomSafeHandleDerivedType Something(out Microsoft.Win32.SafeHandles.SafeFileHandle h)

Using that API will cause IDISP007

using var errorRef = Something(out Microsoft.Win32.SafeHandles.SafeFileHandle h);
using(h) // <--- IDISP007 is triggered here
{
}

But since this is Created by the interop support (DllImport OR LibraryImport) it MUST be disposed of. IDISP007 is saying DON'T dispose it but that would result in leaking the handle until process exit. While we can use pragmas to ignore the warning, doing so in EVERY case of this is a tedious effort and defeats the point of having an analyzer to check for this sort of thing.

[dlebansais]

Late to the party, but the trick here is to create an intermediate class Foo (implementing IDisposable) that takes Microsoft.Win32.SafeHandles.SafeFileHandle h as first parameter of the constructor, and bool disposeHandler=true as second parameter. Create an instance of Foo and use it in place of h but in fact dispose of h regardless of the value of disposeHandler.
You can then change your code to:

using var errorRef = Something(out Microsoft.Win32.SafeHandles.SafeFileHandle h);

using var f = new Foo(h, disposeHandler: false);  // disposeHandler: false tells the analyser that h is not disposed, but in fact Foo will dispose of it.
// Do with f what you would do with h, but implement it in Foo.