Microsoft All Rules Code Analysis Rule Set
The Microsoft All Rules rule set contains all rules for analyzing managed code.
Rule |
Description |
|---|---|
When a static member of a generic type is called, the type argument must be specified for the type. When a generic instance member that does not support inference is called, the type argument must be specified for the member. In these two cases, the syntax for specifying the type argument is different and easily confused. |
|
CA1001: Types that own disposable fields should be disposable |
A class declares and implements an instance field that is a System.IDisposable type, and the class does not implement IDisposable. A class that declares an IDisposable field indirectly owns an unmanaged resource and should implement the IDisposable interface. |
System.Collections.Generic.List<(Of <(T>)>) is a generic collection designed for performance, not inheritance. Therefore, List does not contain any virtual members. The generic collections that are designed for inheritance should be exposed instead. |
|
A type contains a delegate that returns void, whose signature contains two parameters (the first an object and the second a type that is assignable to EventArgs), and the containing assembly targets .NET Framework 2.0. |
|
Inference is how the type argument of a generic method is determined by the type of argument passed to the method, instead of by the explicit specification of the type argument. To enable inference, the parameter signature of a generic method must include a parameter that is of the same type as the type parameter for the method. In this case, the type argument does not have to be specified. When using inference for all type parameters, the syntax for calling generic and non-generic instance methods is identical; this simplifies the usability of generic methods. |
|
The more type parameters a generic type contains, the more difficult it is to know and remember what each type parameter represents. It is usually obvious with one type parameter, as in List<T>, and in certain cases with two type parameters, as in Dictionary<TKey, TValue>. However, if there are more than two type parameters, the difficulty becomes too great for most users. |
|
A nested type argument is a type argument that is also a generic type. To call a member whose signature contains a nested type argument, the user must instantiate one generic type and pass this type to the constructor of a second generic type. The required procedure and syntax is complex and should be avoided. |
|
An externally visible method contains a reference parameter of type System.Object. Use of a generic method enables all types, subject to constraints, to be passed to the method without first casting the type to the reference parameter type. |
|
The default value of an un-initialized enumeration, just as other value types, is zero. A non-flags attributed enumeration should define a member with the value of zero so that the default value is a valid value of the enumeration. If an enumeration that has the FlagsAttribute attribute applied defines a zero-valued member, its name should be "None" to indicate that no values have been set in the enumeration. |
|
Event handler methods take two parameters. The first is of type System.Object and is named "sender". This is the object that raised the event. The second parameter is of type System.EventArgs and is named "e". This is the data associated with the event. Event handler methods should not return a value; in the C# programming language, this is indicated by the return type void. |
|
To broaden the usability of a collection, implement one of the generic collection interfaces. Then the collection can be used to populate generic collection types. |
|
When a base type is specified as a parameter in a method declaration, any type derived from the base type can be passed as the corresponding argument to the method. If the additional functionality provided by the derived parameter type is not required, use of the base type enables the method to be more widely used. |
|
Constructors on abstract types can only be called by derived types. Because public constructors create instances of a type, and you cannot create instances of an abstract type, an abstract type with a public constructor is incorrectly designed. |
|
CA1013: Overload operator equals on overloading add and subtract |
A public or protected type implements the addition or subtraction operators without implementing the equality operator. |
The Common Language Specification (CLS) defines naming restrictions, data types, and rules to which assemblies must conform if they are to be used across programming languages. Good design dictates that all assemblies explicitly indicate CLS compliance with CLSCompliantAttribute. If this attribute is not present on an assembly, the assembly is not compliant. |
|
The .NET Framework uses the version number to uniquely identify an assembly, and to bind to types in strong-named assemblies. The version number is used together with version and publisher policy. By default, applications run only with the assembly version with which they were built. |
|
ComVisibleAttribute determines how COM clients access managed code. Good design dictates that assemblies explicitly indicate COM visibility. COM visibility can be set for the whole assembly and then overridden for individual types and type members. If this attribute is not present, the contents of the assembly are visible to COM clients. |
|
When defining a custom attribute, mark it by using AttributeUsageAttribute to indicate where in the source code the custom attribute can be applied. An attribute's meaning and intended usage will determine its valid locations in code. |
|
Attributes can define mandatory arguments that must be specified when you apply the attribute to a target. These are also known as positional arguments because they are supplied to attribute constructors as positional parameters. For every mandatory argument, the attribute should also provide a corresponding read-only property so that the value of the argument can be retrieved at execution time. Attributes can also define optional arguments, which are also known as named arguments. These arguments are supplied to attribute constructors by name and should have a corresponding read/write property. |
|
Make sure that there is a logical organization to each of your namespaces, and that there is a valid reason for putting types in a sparsely populated namespace. |
|
Passing types by reference (using out or ref) requires experience with pointers, understanding how value types and reference types differ, and handling methods with multiple return values. Also, the difference between out and ref parameters is not widely understood. |
|
Indexers (that is, indexed properties) should use a single index. Multidimensional indexers can significantly reduce the usability of the library. |
|
A public or protected method has a name that starts with "Get", takes no parameters, and returns a value that is not an array. The method might be a good candidate for becoming a property. |
|
Use a parameter array instead of repeated arguments when the exact number of arguments is unknown and when the variable arguments are the same type or can be passed as the same type. |
|
Methods that use default parameters are allowed under the Common Language Specification (CLS); however, the CLS allows compilers to ignore the values assigned to these parameters. To maintain the behavior that you want across programming languages, methods that use default parameters should be replaced with method overloads that provide the default parameters. |
|
An enumeration is a value type that defines a set of related named constants. Apply FlagsAttribute to an enumeration when its named constants can be meaningfully combined. |
|
An enumeration is a value type that defines a set of related named constants. By default, the System.Int32 data type is used to store the constant value. Even though you can change this underlying type, it is not required or recommended for most scenarios. |
|
This rule detects methods that have names that ordinarily would be used for events. If a method is called in response to a clearly defined state change, the method should be invoked by an event handler. Objects that call the method should raise events instead of calling the method directly. |
|
General exceptions should not be caught. Catch a more-specific exception, or re-throw the general exception as the last statement in the catch block. |
|
Failure to provide the full set of constructors can make it difficult to correctly handle exceptions. |
|
An unsealed externally visible type provides an explicit method implementation of a public interface and does not provide an alternative externally visible method with the same name. |
|
A nested type is a type declared in the scope of another type. Nested types are useful for encapsulating private implementation details of the containing type. Used for this purpose, nested types should not be externally visible. |
|
CA1035: ICollection implementations have strongly typed members |
This rule requires ICollection implementations to provide strongly typed members so that users are not required to cast arguments to the Object type when they use the functionality provided by the interface. This rule assumes that the type that implements ICollection does so to manage a collection of instances of a type that is stronger than Object. |
A public or protected type implements the System.IComparable interface. It does not override Object.Equals nor does it overload the language-specific operator for equality, inequality, less than, or greater than. |
|
This rule requires IEnumerator implementations to also provide a strongly typed version of the Current property so that users are not required to cast the return value to the strong type when they use the functionality provided by the interface. |
|
This rule requires IList implementations to provide strongly typed members so that users are not required to cast arguments to the System.Object type when they use the functionality provided by the interface. |
|
Interfaces define members that provide a behavior or usage contract. The functionality described by the interface can be adopted by any type, regardless of where the type appears in the inheritance hierarchy. A type implements an interface by providing implementations for the interface's members. An empty interface does not define any members; therefore, it does not define a contract that can be implemented. |
|
A type or member is marked with a System.ObsoleteAttribute attribute that does not have its ObsoleteAttribute.Message property specified. When a type or member marked with ObsoleteAttribute is compiled, the Message property of the attribute is displayed, giving the user information about the obsolete type or member. |
|
Indexers (that is, indexed properties) should use integral or string types for the index. These types are typically used for indexing data structures and they increase the usability of the library. Use of the Object type should be restricted to those cases where the specific integral or string type cannot be specified at design time. |
|
While it is acceptable and often necessary to have a read-only property, the design guidelines prohibit using write-only properties because allowing a user to set a value, and then preventing the user from viewing that value, does not provide any security. Also, without read access, the state of shared objects cannot be viewed, which limits their usefulness. |
|
Passing types by reference (using out or ref) requires experience with pointers, understanding how value types and reference types differ, and handling methods with multiple return values. Library architects who design for a general audience should not expect users to master working with out or ref parameters. |
|
For reference types, the default implementation of the equality operator is almost always correct. By default, two references are equal only if they point to the same object. |
|
Types declare protected members so that inheriting types can access or override the member. By definition, sealed types can not be inherited, which means that protected methods on sealed types cannot be called. |
|
Types declare methods as virtual so that inheriting types can override the implementation of the virtual method. By definition, a sealed type cannot be inherited. This makes a virtual method on a sealed type meaningless. |
|
CA1049: Types that own native resources should be disposable |
Types that allocate unmanaged resources should implement IDisposable, to enable callers to release those resources on demand and to shorten the lifetimes of the objects holding the resources. |
Types are declared within namespaces to prevent name collisions, and as a way to organize related types in an object hierarchy. |
|
The primary use of a field should be as an implementation detail. Fields should be private or internal and should be exposed by using properties. |
|
A public or protected type contains only static members and is not declared with the sealed (C# Reference) (NotInheritable) modifier. A type that is not meant to be inherited should be marked with the sealed modifier to prevent its use as a base type. |
|
A public or nested public type declares only static members and has a public or protected default constructor. The constructor is unnecessary because calling static members does not require an instance of the type. The string overload should call the URI overload by using the string argument for safety and security. |
|
If a method takes a string representation of a URI, a corresponding overload should be provided that takes an instance of the URI class, which provides these services in a safe and secure manner. |
|
This rule assumes that the method returns a Uniform Resource Identifier (URI). A string representation of a URI is prone to parsing and encoding errors, and can lead to security vulnerabilities. The System.Uri class provides these services in a safe and secure manner. |
|
This rule assumes that the property represents a Uniform Resource Identifier (URI). A string representation of a URI is prone to parsing and encoding errors, and can lead to security vulnerabilities. The System.Uri class provides these services in a safe and secure manner. |
|
A type declares method overloads that differ only by the replacement of a string parameter with a System.Uri parameter. The overload that takes the string parameter does not call the overload that takes the URI parameter. |
|
An externally visible type extends certain base types. Use one of the alternatives. |
|
A concrete type is a type that has a complete implementation and therefore can be instantiated. To enable widespread use of the member, replace the concrete type with the suggested interface. |
|
Platform Invocation methods, such as those marked with the System.Runtime.InteropServices.DllImportAttribute attribute, or methods defined by using the Declare keyword in Visual Basic, access unmanaged code. These methods should be of the NativeMethods, SafeNativeMethods, or UnsafeNativeMethods class. |
|
A method in a base type is hidden by an identically named method in a derived type, when the parameter signature of the derived method differs only by types that are more weakly derived than the corresponding types in the parameter signature of the base method. |
|
All reference arguments passed to externally visible methods should be checked against null. |
|
All IDisposable types should implement the Dispose pattern correctly. |
|
An internal exception is only visible inside its own internal scope. After the exception falls outside the internal scope, only the base exception can be used to catch the exception. If the internal exception is inherited from T:System.Exception, T:System.SystemException, or T:System.ApplicationException, the external code will not have sufficient information to know what to do with the exception. |
|
A method that is not expected to throw exceptions throws an exception. |
|
To correctly display a message box for cultures that use a right-to-left reading order, the RightAlign and RtlReading members of the MessageBoxOptions enumeration must be passed to the Show method. |
|
An access key, also known as an accelerator, enables keyboard access to a control by using the ALT key. When multiple controls have duplicate access keys, the behavior of the access key is not well-defined. |
|
The System.Environment.SpecialFolder enumeration contains members that refer to special system folders. The locations of these folders can have different values on different operating systems, the user can change some of the locations, and the locations are localized. The Environment.GetFolderPath method returns the locations associated with the Environment.SpecialFolder enumeration, localized and appropriate for the currently running computer. |
|
An externally visible method passes a string literal as a parameter to a constructor or method in the .NET Framework class library, and that string should be localizable. |
|
A method or constructor calls a member that has an overload that accepts a System.Globalization.CultureInfo parameter, and the method or constructor does not call the overload that takes the CultureInfo parameter. When a CultureInfo or System.IFormatProvider object is not supplied, the default value supplied by the overloaded member might not have the effect that you want in all locales. |
|
A method or constructor calls one or more members that have overloads that accept a System.IFormatProvider parameter, and the method or constructor does not call the overload that takes the IFormatProvider parameter. When a System.Globalization.CultureInfo or IFormatProvider object is not supplied, the default value supplied by the overloaded member might not have the effect that you want in all locales. |
|
The locale determines culture-specific presentation elements for data, such as formatting used for numeric values, currency symbols, and sort order. When you create a DataTable or DataSet, you should explicitly set the locale. |
|
A string comparison operation uses a method overload that does not set a StringComparison parameter. |
|
Strings should be normalized to uppercase. There is a small group of characters that cannot make a round trip when they are converted to lowercase. |
|
A string comparison operation that is non-linguistic does not set the StringComparison parameter to either Ordinal or OrdinalIgnoreCase. By explicitly setting the parameter to either StringComparison.Ordinal or StringComparison.OrdinalIgnoreCase, your code often gains speed, becomes more correct, and becomes more reliable. |
|
A public or protected method is marked with the System.Runtime.InteropServices.DllImportAttribute attribute. Either the unmanaged library could not be located, or the method could not be matched to a function in the library. |
|
A public or protected method in a public type has the System.Runtime.InteropServices.DllImportAttribute attribute (also implemented by the Declare keyword in Visual Basic). Such methods should not be exposed. |
|
When overloaded methods are exposed to COM clients, only the first method overload retains its name. Subsequent overloads are uniquely renamed by appending to the name an underscore character (_) and an integer that corresponds to the order of declaration of the overload. |
|
A COM-visible value type is marked with the System.Runtime.InteropServices.StructLayoutAttribute attribute set to LayoutKind.Auto. The layout of these types can change between versions of the .NET Framework, which will break COM clients that expect a specific layout. |
|
A call is made to the Marshal.GetLastWin32Error method or the equivalent Win32 GetLastError function, and the immediately previous call is not to a platform invoke method. |
|
A COM-visible type derives from a type that is not COM-visible. |
|
Visual Basic 6 COM clients cannot access 64-bit integers. |
|
COM does not support static methods. |
|
Types that use a dual interface enable clients to bind to a specific interface layout. Any changes in a future version to the layout of the type or any base types will break COM clients that bind to the interface. By default, if the ClassInterfaceAttribute attribute is not specified, a dispatch-only interface is used. |
|
A reference type that is specifically marked as visible to COM contains a public parameterized constructor but does not contain a public default (parameterless) constructor. A type without a public default constructor is not creatable by COM clients. |
|
A type declares a method marked with the System.Runtime.InteropServices.ComRegisterFunctionAttribute attribute but does not declare a method marked with the System.Runtime.InteropServices.ComUnregisterFunctionAttribute attribute, or vice versa. |
|
A method marked with the System.Runtime.InteropServices.ComRegisterFunctionAttribute attribute or the System.Runtime.InteropServices.ComUnregisterFunctionAttribute attribute is externally visible. |
|
A type is marked with the System.Runtime.InteropServices.ComSourceInterfacesAttribute attribute, and at least one of the specified interfaces is not marked with the System.Runtime.InteropServices.InterfaceTypeAttribute attribute set to ComInterfaceType.InterfaceIsIDispatch. |
|
Non-public instance fields of COM-visible value types are visible to COM clients. Review the content of the fields for information that should not be exposed, or that will have unintended design or security effects. |
|
The Boolean data type has multiple representations in unmanaged code. |
|
This rule looks for platform invoke method declarations that target Win32 functions that have a pointer to an OVERLAPPED structure parameter and the corresponding managed parameter is not a pointer to a System.Threading.NativeOverlapped structure. |
|
An instance method declares a parameter or a local variable whose name matches an instance field of the declaring type, leading to errors. |
|
A type is more than four levels deep in its inheritance hierarchy. Deeply nested type hierarchies can be difficult to follow, understand, and maintain. |
|
This rule measures the number of linearly independent paths through the method, which is determined by the number and complexity of conditional branches. |
|
The name of an instance field starts with "s_", or the name of a static (Shared in Visual Basic) field starts with "m_". |
|
A type or method has a low maintainability index value. A low maintainability index indicates that a type or method is probably difficult to maintain and would be a good candidate for redesign. |
|
This rule measures class coupling by counting the number of unique type references that a type or method contains. |
|
Do not set process priority to Idle. Processes with System.Diagnostics.ProcessPriorityClass.Idle will occupy the CPU when it would otherwise be idle, and therefore block standby. |
|
Higher-frequency periodic activity will keep the CPU busy and interfere with power-saving idle timers that turn off the display and hard disks. |
|
This rule assumes that an enumeration member with a name that contains "reserved" is not currently used but is a placeholder to be renamed or removed in a future version. Renaming or removing a member is a breaking change. |
|
CA1701: Resource string compound words should be cased correctly |
Each word in the resource string is split into tokens based on the casing. Each contiguous two-token combination is checked by the Microsoft spelling checker library. If recognized, the word produces a violation of the rule. |
The name of an identifier contains multiple words, and at least one of the words appears to be a compound word that is not cased correctly. |
|
A resource string contains one or more words that are not recognized by the Microsoft spelling checker library. |
|
The name of an externally visible identifier contains one or more words that are not recognized by the Microsoft spelling checker library. |
|
By convention, identifier names do not contain the underscore (_) character. This rule checks namespaces, types, members, and parameters. |
|
Identifiers for namespaces, types, members, and parameters cannot differ only by case because languages that target the common language runtime are not required to be case-sensitive. |
|
By convention, parameter names use camel casing, while namespace, type, and member names use Pascal casing. |
|
By convention, the names of types that extend certain base types or that implement certain interfaces, or types derived from these types, have a suffix that is associated with the base type or interface. |
|
By convention, only the names of types that extend certain base types or that implement certain interfaces, or types derived from these types, should end with specific reserved suffixes. Other type names should not use these reserved suffixes. |
|
Names of enumeration members are not prefixed with the type name because type information is expected to be provided by development tools. |
|
The name of an event starts with "Before" or "After". To name related events that are raised in a specific sequence, use the present or past tense to indicate the relative position in the sequence of actions. |
|
A public enumeration has the System.FlagsAttribute attribute, and its name does not end in "s". Types marked with FlagsAttribute have names that are plural because the attribute indicates that more than one value can be specified. |
|
The name of an externally visible interface does not start with a capital "I". The name of a generic type parameter on an externally visible type or method does not start with a capital "T". |
|
A namespace name or a type name matches a reserved keyword in a programming language. Identifiers for namespaces and types should not match keywords defined by languages that target the common language runtime. |
|
Naming conventions dictate that a plural name for an enumeration indicates that more than one value of the enumeration can be specified at the same time. |
|
A parameter name should communicate a parameter's meaning, and a member name should communicate a member's meaning. It would be a rare design where these were the same. Naming a parameter the same as its member name is unintuitive and makes the library difficult to use. |
|
The name of a parameter in an externally visible member contains a data type name, or the name of an externally visible member contains a language-specific data type name. |
|
The name of a public or protected member starts with "Get" and otherwise matches the name of a public or protected property. "Get" methods and properties should have names that clearly distinguish their function. |
|
By convention, only certain programming elements have names that begin with a specific prefix. |
|
Type names should not match the names of namespaces defined in the .NET Framework class library. Violating this rule can reduce the usability of the library. |
|
Consistent naming of parameters in an override hierarchy increases the usability of the method overrides. A parameter name in a derived method that differs from the name in the base declaration can cause confusion about whether the method is an override of the base method or a new overload of the method. |
|
The name of an externally visible identifier includes a term for which an alternative, preferred term exists. Alternatively, the name includes the term "Flag" or "Flags". |
|
Duplicate casts decrease performance, especially when the casts are performed in compact iteration statements. |
|
A method signature includes a parameter that is not used in the method body. |
|
A field is declared static and read-only (Shared and ReadOnly in Visual Basic), and is initialized with a value that is computable at compile time. Because the value assigned to the targeted field is computable at compile time, change the declaration to a const (Const in Visual Basic) field so that the value is computed at compile time instead of at run time. |
|
Unused local variables and unnecessary assignments increase the size of an assembly and decrease performance. |
|
A static or instance constructor initializes a field to its default value. The common language runtime initializes all fields to their default values before it runs the constructor. |
|
A new object is created but never used, or a method that creates and returns a new string is called and the new string is never used, or a COM or P/Invoke method returns an HRESULT or error code that is never used. |
|
A common performance optimization is to store a value in a processor register instead of memory, which is referred to as "enregistering the value". To increase the possibility that all local variables are enregistered, limit the number of local variables to 64. |
|
When a type declares an explicit static constructor, the just-in-time (JIT) compiler adds a check to each static method and instance constructor of the type, to make sure that the static constructor was previously called. Static constructor checks can decrease performance. |
|
A private or internal (assembly-level) member does not have callers in the assembly, it is not invoked by the common language runtime, and it is not invoked by a delegate. |
|
An instance of an assembly-level type is not created by code in the assembly. |
|
The .NET Framework class library provides methods for retrieving custom attributes. By default, these methods search the attribute inheritance hierarchy. Sealing the attribute eliminates the search through the inheritance hierarchy and can improve performance. |
|
A jagged array is an array whose elements are arrays. The arrays that make up the elements can be of different sizes, leading to less wasted space for some sets of data. |
|
For value types, the inherited implementation of Equals uses the Reflection library and compares the contents of all fields. Reflection is computationally expensive, and comparing every field for equality might be unnecessary. If you expect users to compare or sort instances, or use instances as hash table keys, your value type should implement Equals. |
|
A method that is an implementation of Dispose does not call GC.SuppressFinalize, or a method that is not an implementation of Dispose calls GC.SuppressFinalize, or a method calls GC.SuppressFinalize and passes something other than this (Me in Visual Basic). |
|
Arrays returned by properties are not write-protected, even if the property is read-only. To keep the array tamper-proof, the property must return a copy of the array. Typically, users will not understand the adverse performance implications of calling such a property. |
|
Comparing strings by using the String.Length property or the String.IsNullOrEmpty method is significantly faster than using Equals. |
|
Whenever you can, avoid finalizers because of the additional performance overhead involved in tracking object lifetime. An empty finalizer incurs added overhead without any benefit. |
|
Members that do not access instance data or call instance methods can be marked as static (Shared in Visual Basic). After you mark the methods as static, the compiler will emit non-virtual call sites to these members. This can give you a measurable performance gain for performance-sensitive code. |
|
Private fields were detected that do not appear to be accessed in the assembly. |
|
CA1824: Mark assemblies with NeutralResourcesLanguageAttribute |
The NeutralResourcesLanguage attribute informs the ResourceManager of the language that was used to display the neutral culture's resources for an assembly. This improves lookup performance for the first resource you load and can reduce your working set. |
This rule checks that structures declared with explicit layout will align correctly when marshaled to unmanaged code on 64-bit operating systems. |
|
This rule evaluates the size of each parameter and the return value of a P/Invoke, and verifies that their size is correct when marshaled to unmanaged code on 32-bit and 64-bit operating systems. |
|
Because an exceptional event might occur that will prevent the finalizer of an object from running, the object should be explicitly disposed before all references to it are out of scope. |
|
A member calls a potentially dangerous or problematic method. |
|
An object is said to have a weak identity when it can be directly accessed across application domain boundaries. A thread that tries to acquire a lock on an object that has a weak identity can be blocked by a second thread in a different application domain that has a lock on the same object. |
|
A managed thread is being treated as a Win32 thread. |
|
If converting to SafeHandle usage, remove all calls to GC.KeepAlive (object). In this case, classes should not have to call GC.KeepAlive, assuming they do not have a finalizer but rely on SafeHandle to finalize the OS handle for them. |
|
Use of IntPtr in managed code might indicate a potential security and reliability problem. All uses of IntPtr must be reviewed to determine whether use of a SafeHandle, or similar technology, is required in its place. |
|
A method sets the System.Data.IDbCommand.CommandText property by using a string that is built from a string argument to the method. This rule assumes that the string argument contains user input. A SQL command string built from user input is vulnerable to SQL injection attacks. |
|
A platform invoke member allows partially trusted callers, has a string parameter, and does not explicitly marshal the string. This can cause a potential security vulnerability. |
|
CA2102: Catch non-CLSCompliant exceptions in general handlers |
A member in an assembly that is not marked with the RuntimeCompatibilityAttribute or is marked RuntimeCompatibility(WrapNonExceptionThrows = false) contains a catch block that handles System.Exception and does not contain an immediately following general catch block. |
A method uses imperative security and might be constructing the permission by using state information or return values that can change while the demand is active. Use declarative security whenever possible. |
|
An externally visible type contains an externally visible read-only field that is a mutable reference type. A mutable type is a type whose instance data can be modified. |
|
When you apply the read-only (ReadOnly in Visual Basic) modifier to a field that contains an array, the field cannot be changed to reference a different array. However, the elements of the array stored in a read-only field can be changed. |
|
A method asserts a permission and no security checks are performed on the caller. Asserting a security permission without performing any security checks can leave an exploitable security weakness in your code. |
|
Using the PermitOnly method and CodeAccessPermission.Deny security actions should be used only by those with an advanced knowledge of .NET Framework security. Code that uses these security actions should undergo a security review. |
|
A public or protected value type is secured by Data Access or Link Demands. |
|
A public or protected event-handling method was detected. Event-handling methods should not be exposed unless absolutely necessary. |
|
A pointer is not private, internal, or read-only. Malicious code can change the value of the pointer, potentially allowing access to arbitrary locations in memory or causing application or system failures. |
|
A public or protected type contains public fields and is secured by Link Demands. If code has access to an instance of a type that is secured by a link demand, the code does not have to satisfy the link demand to access the type's fields. |
|
A method should not have both method-level and type-level declarative security for the same action. |
|
This rule detects errors that might occur because an unmanaged resource is being finalized while it is still being used in unmanaged code. |
|
When the APTCA (AllowPartiallyTrustedCallers) attribute is present on a fully trusted assembly, and the assembly executes code in another assembly that does not allow partially trusted callers, a security exploit is possible. |
|
When the APTCA (AllowPartiallyTrustedCallers) attribute is present on a fully trusted assembly, and a type in the assembly inherits from a type that does not allow partially trusted callers, a security exploit is possible. |
|
SuppressUnmanagedCodeSecurityAttribute changes the default security system behavior for members that execute unmanaged code that uses COM interop or platform invocation. This attribute is primarily used to increase performance; however, the performance gains come with significant security risks. |
|
An inheritable public type provides an overridable method implementation of an internal (Friend in Visual Basic) interface. To fix a violation of this rule, prevent the method from being overridden outside the assembly. |
|
This type has a constructor that takes a System.Runtime.Serialization.SerializationInfo object and a System.Runtime.Serialization.StreamingContext object (the signature of the serialization constructor). This constructor is not secured by a security check, but one or more of the regular constructors in the type are secured. |
|
The system calls the static constructor before the first instance of the type is created or any static members are referenced. If a static constructor is not private, it can be called by code other than the system. Depending on the operations that are performed in the constructor, this can cause unexpected behavior. |
|
A public or protected member has Link Demands and is called by a member that does not perform any security checks. A link demand checks the permissions of the immediate caller only. |
|
This rule matches a method to its base method, which is either an interface or a virtual method in another type, and then compares the link demands on each. If this rule is violated, a malicious caller can bypass the link demand just by calling the unsecured method. |
|
A public or protected method contains a try/finally block. The finally block appears to reset the security state and is not itself enclosed in a finally block. |
|
A public unsealed type is protected with a link demand and has an overridable method. Neither the type nor the method is protected with an inheritance demand. |
|
CA2136: Members should not have conflicting transparency annotations |
Critical code cannot occur in a 100%-transparent assembly. This rule analyzes 100%-transparent assemblies for any SecurityCritical annotations at the type, field, and method levels. |
This rule analyzes all methods and types in an assembly that is either 100% transparent or mixed transparent/critical, and flags any declarative or imperative use of Assert. |
|
CA2140: Transparent code must not reference security critical items |
Methods that are marked with SecurityTransparentAttribute call non-public members that are marked as SecurityCritical. This rule analyzes all methods and types in an assembly that is mixed transparent/critical, and flags any calls from transparent code to non-public critical code that are not marked SecurityTreatAsSafe. |
An exception is re-thrown and the exception is explicitly specified in the throw statement. If an exception is re-thrown by specifying the exception in the throw statement, the list of method calls between the original method that threw the exception and the current method is lost. |
|
This makes the original error hard to detect and debug. |
|
A method implementation contains code paths that could cause multiple calls to System.IDisposable.Dispose or a Dispose equivalent (such as a Close() method on some types) on the same object. |
|
A literal string in a method body contains one or more words that are not recognized by the Microsoft spelling checker library. |
|
A platform invoke method is defined and a method with the equivalent functionality exists in the .NET Framework class library. |
|
A value type declares an explicit static constructor. To fix a violation of this rule, initialize all static data when it is declared and remove the static constructor. |
|
A call is made to the default (parameterless) constructor of an exception type that is or derives from ArgumentException, or an incorrect string argument is passed to a parameterized constructor of an exception type that is or derives from ArgumentException. |
|
The strong name protects clients from unknowingly loading an assembly that has been tampered with. Assemblies without strong names should not be deployed outside very limited scenarios. If you share or distribute assemblies that are not correctly signed, the assembly can be tampered with, the common language runtime might not load the assembly, or the user might have to disable verification on his or her computer. |
|
Static fields that are neither constants nor read-only are not thread-safe. Access to such a field must be carefully controlled and requires advanced programming techniques for synchronizing access to the class object. |
|
A method in a type that inherits from System.EnterpriseServices.ServicedComponent is marked with System.Web.Services.WebMethodAttribute. Because WebMethodAttribute and a ServicedComponent method have conflicting behavior and requirements for context and transaction flow, the behavior of the method will be incorrect in some scenarios. |
|
A type that implements System.IDisposable declares fields that are of types that also implement IDisposable. The Dispose method of the field is not called by the Dispose method of the declaring type. |
|
When a constructor calls a virtual method, it is possible that the constructor for the instance that invokes the method has not executed. |
|
If a type inherits from a disposable type, it must call the Dispose method of the base type from its own Dispose method. |
|
A type that implements System.IDisposable, and has fields that suggest the use of unmanaged resources, does not implement a finalizer as described by Object.Finalize. |
|
An externally visible enumeration is marked with FlagsAttribute, and it has one or more values that are not powers of two or a combination of the other defined values on the enumeration. |
|
GetHashCode returns a value, based on the current instance, that is suited for hashing algorithms and data structures such as a hash table. Two objects that are the same type and are equal must return the same hash code. |
|
When an exception is raised in a finally or fault clause, the new exception hides the active exception. When an exception is raised in a filter clause, the run time silently catches the exception. This makes the original error hard to detect and debug. |
|
Finalization must be propagated through the inheritance hierarchy. To guarantee this, types must call their base class Finalize method in their own Finalize method. |
|
Finalizers must use the family access modifier. |
|
You should not change the access modifier for inherited members. Changing an inherited member to private does not prevent callers from accessing the base class implementation of the method. |
|
Although the common language runtime allows the use of return types to differentiate between otherwise identical members, this feature is not in the Common Language Specification, nor is it a common feature of .NET programming languages. |
|
A public type implements the equality operator, but does not override Object.Equals. |
|
An operator overload was detected, and the expected named alternative method was not found. The named alternative member provides access to the same functionality as the operator, and is provided for developers who program in languages that do not support overloaded operators. |
|
A type implements the equality or inequality operator, and does not implement the opposite operator. |
|
A writable collection property allows a user to replace the collection with a different collection. A read-only property stops the collection from being replaced but still allows the individual members to be set. |
|
Resource files that were built by using pre-release versions of the .NET Framework might not be usable by supported versions of the .NET Framework. |
|
To fix a violation of this rule, implement the serialization constructor. For a sealed class, make the constructor private; otherwise, make it protected. |
|
A public or protected type contains a public or protected method that uses the VarArgs calling convention instead of the params keyword. |
|
CA2231: Overload operator equals on overriding ValueType.Equals |
A value type overrides Object.Equals but does not implement the equality operator. |
STAThreadAttribute indicates that the COM threading model for the application is a single-threaded apartment. This attribute must be present on the entry point of any application that uses Windows Forms; if it is omitted, the Windows components might not work correctly. |
|
Arithmetic operations should not be performed without first validating the operands, to make sure that the result of the operation is not outside the range of possible values for the data types involved. |
|
A call is made to a method that has a string parameter whose name contains "uri", "URI", "urn", "URN", "url", or "URL". The declaring type of the method contains a corresponding method overload that has a System.Uri parameter. |
|
An instance field of a type that is not serializable is declared in a type that is serializable. |
|
To fix a violation of this rule, call the base type GetObjectData method or serialization constructor from the corresponding derived type method or constructor. |
|
To be recognized by the common language runtime as serializable, types must be marked with the SerializableAttribute attribute even if the type uses a custom serialization routine through implementation of the ISerializable interface. |
|
A method that handles a serialization event does not have the correct signature, return type, or visibility. |
|
A type has a field that is marked with the System.Runtime.Serialization.OptionalFieldAttribute attribute, and the type does not provide de-serialization event handling methods. |
|
To fix a violation of this rule, make the GetObjectData method visible and overridable, and make sure that all instance fields are included in the serialization process or explicitly marked with the NonSerializedAttribute attribute. |
|
The format argument passed to System.String.Format does not contain a format item that corresponds to each object argument, or vice versa. |
|
This expression tests a value against Single.Nan or Double.Nan. Use Single.IsNan(Single) or Double.IsNan(Double) to test the value. |
|
An attribute's string literal parameter does not parse correctly for a URL, a GUID, or a version. |