Extended Correctness Rules rule set for managed code


This article applies to Visual Studio 2015. If you're looking for the latest Visual Studio documentation, use the version selector at the top left. We recommend upgrading to Visual Studio 2019. Download it here

The Microsoft Extended Correctness Rules rule set maximizes the logic and framework usage errors that are reported by code analysis. Extra emphasis is placed on specific scenarios such as COM interoperability and mobile applications. You should consider including this rule set if one of these scenarios applies to your project or to find additional problems in your project.

The Microsoft Extended Correctness Rules rule set includes the rules that are in the Microsoft Basic Correctness Rules rule set. The Basic Correctness Rules include the rules that are in the Microsoft Minimum Recommended Rules rule set. For more information see Basic Correctness Rules rule set for managed code and Managed Recommended Rules rule set for managed code

The following table describes all of the rules in the Microsoft Extended Correctness Rules rule set.

Rule Description
CA1001 Types that own disposable fields should be disposable
CA1009 Declare event handlers correctly
CA1016 Mark assemblies with AssemblyVersionAttribute
CA1033 Interface methods should be callable by child types
CA1049 Types that own native resources should be disposable
CA1060 Move P/Invokes to NativeMethods class
CA1061 Do not hide base class methods
CA1063 Implement IDisposable correctly
CA1065 Do not raise exceptions in unexpected locations
CA1301 Avoid duplicate accelerators
CA1400 P/Invoke entry points should exist
CA1401 P/Invokes should not be visible
CA1403 Auto layout types should not be COM visible
CA1404 Call GetLastError immediately after P/Invoke
CA1405 COM visible type base types should be COM visible
CA1410 COM registration methods should be matched
CA1415 Declare P/Invokes correctly
CA1821 Remove empty finalizers
CA1900 Value type fields should be portable
CA1901 P/Invoke declarations should be portable
CA2002 Do not lock on objects with weak identity
CA2100 Review SQL queries for security vulnerabilities
CA2101 Specify marshaling for P/Invoke string arguments
CA2108 Review declarative security on value types
CA2111 Pointers should not be visible
CA2112 Secured types should not expose fields
CA2114 Method security should be a superset of type
CA2116 APTCA methods should only call APTCA methods
CA2117 APTCA types should only extend APTCA base types
CA2122 Do not indirectly expose methods with link demands
CA2123 Override link demands should be identical to base
CA2124 Wrap vulnerable finally clauses in outer try
CA2126 Type link demands require inheritance demands
CA2131 Security critical types may not participate in type equivalence
CA2132 Default constructors must be at least as critical as base type default constructors
CA2133 Delegates must bind to methods with consistent transparency
CA2134 Methods must keep consistent transparency when overriding base methods
CA2137 Transparent methods must contain only verifiable IL
CA2138 Transparent methods must not call methods with the SuppressUnmanagedCodeSecurity attribute
CA2140 Transparent code must not reference security critical items
CA2141 Transparent methods must not satisfy LinkDemands
CA2146 Types must be at least as critical as their base types and interfaces
CA2147 Transparent methods may not use security asserts
CA2149 Transparent methods must not call into native code
CA2200 Rethrow to preserve stack details
CA2202 Do not dispose objects multiple times
CA2207 Initialize value type static fields inline
CA2212 Do not mark serviced components with WebMethod
CA2213 Disposable fields should be disposed
CA2214 Do not call overridable methods in constructors
CA2216 Disposable types should declare finalizer
CA2220 Finalizers should call base class finalizer
CA2229 Implement serialization constructors
CA2231 Overload operator equals on overriding ValueType.Equals
CA2232 Mark Windows Forms entry points with STAThread
CA2235 Mark all non-serializable fields
CA2236 Call base class methods on ISerializable types
CA2237 Mark ISerializable types with SerializableAttribute
CA2238 Implement serialization methods correctly
CA2240 Implement ISerializable correctly
CA2241 Provide correct arguments to formatting methods
CA2242 Test for NaN correctly
CA1008 Enums should have zero value
CA1013 Overload operator equals on overloading add and subtract
CA1303 Do not pass literals as localized parameters
CA1308 Normalize strings to uppercase
CA1806 Do not ignore method results
CA1816 Call GC.SuppressFinalize correctly
CA1819 Properties should not return arrays
CA1820 Test for empty strings using string length
CA1903 Use only API from targeted framework
CA2004 Remove calls to GC.KeepAlive
CA2006 Use SafeHandle to encapsulate native resources
CA2102 Catch non-CLSCompliant exceptions in general handlers
CA2104 Do not declare read only mutable reference types
CA2105 Array fields should not be read only
CA2106 Secure asserts
CA2115 Call GC.KeepAlive when using native resources
CA2119 Seal methods that satisfy private interfaces
CA2120 Secure serialization constructors
CA2121 Static constructors should be private
CA2130 Security critical constants should be transparent
CA2205 Use managed equivalents of Win32 API
CA2215 Dispose methods should call base class dispose
CA2221 Finalizers should be protected
CA2222 Do not decrease inherited member visibility
CA2223 Members should differ by more than return type
CA2224 Override equals on overloading operator equals
CA2226 Operators should have symmetrical overloads
CA2227 Collection properties should be read only
CA2239 Provide deserialization methods for optional fields
CA1032 Implement standard exception constructors
CA1054 URI parameters should not be strings
CA1055 URI return values should not be strings
CA1056 URI properties should not be strings
CA1057 String URI overloads call System.Uri overloads
CA1402 Avoid overloads in COM visible interfaces
CA1406 Avoid Int64 arguments for Visual Basic 6 clients
CA1407 Avoid static members in COM visible types
CA1408 Do not use AutoDual ClassInterfaceType
CA1409 Com visible types should be creatable
CA1411 COM registration methods should not be visible
CA1412 Mark ComSource Interfaces as IDispatch
CA1413 Avoid non-public fields in COM visible value types
CA1414 Mark boolean P/Invoke arguments with MarshalAs
CA1600 Do not use idle process priority
CA1601 Do not use timers that prevent power state changes
CA1824 Mark assemblies with NeutralResourcesLanguageAttribute
CA2001 Avoid calling problematic methods
CA2003 Do not treat fibers as threads
CA2135 Level 2 assemblies should not contain LinkDemands
CA2136 Members should not have conflicting transparency annotations
CA2139 Transparent methods may not use the HandleProcessCorruptingExceptions attribute
CA2142 Transparent code should not be protected with LinkDemands
CA2143 Transparent methods should not use security demands
CA2144 Transparent code should not load assemblies from byte arrays
CA2145 Transparent methods should not be decorated with the SuppressUnmanagedCodeSecurityAttribute
CA2204 Literals should be spelled correctly
CA2211 Non-constant fields should not be visible
CA2217 Do not mark enums with FlagsAttribute
CA2218 Override GetHashCode on overriding Equals
CA2219 Do not raise exceptions in exception clauses
CA2225 Operator overloads have named alternates
CA2228 Do not ship unreleased resource formats
CA2230 Use params for variable arguments
CA2233 Operations should not overflow
CA2234 Pass System.Uri objects instead of strings
CA2243 Attribute string literals should parse correctly