diff --git a/README.md b/README.md index 33a7781..a55af02 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,5 @@ # ReferenceProtector -# ReferenceTrimmer [![NuGet Version](https://img.shields.io/nuget/v/ReferenceProtector.svg)](https://www.nuget.org/packages/ReferenceProtector) [![NuGet Downloads](https://img.shields.io/nuget/dt/ReferenceProtector.svg)](https://www.nuget.org/packages/ReferenceProtector) diff --git a/samples/ClassA/example.sarif b/samples/ClassA/example.sarif deleted file mode 100644 index cb7a88c..0000000 --- a/samples/ClassA/example.sarif +++ /dev/null @@ -1,7830 +0,0 @@ -{ - "$schema": "http://json.schemastore.org/sarif-2.1.0", - "version": "2.1.0", - "runs": [ - { - "results": [ - ], - "properties": { - "analyzerExecutionTime": "0.009" - }, - "tool": { - "driver": { - "name": "Microsoft (R) Visual C# Compiler", - "version": "4.14.0-3.25359.3 (6dbcfd2f)", - "dottedQuadFileVersion": "4.14.0.0", - "semanticVersion": "4.14.0", - "language": "en-US", - "rules": [ - { - "id": "CA1000", - "shortDescription": { - "text": "Do not declare static members on generic types" - }, - "fullDescription": { - "text": "When a static member of a generic type is called, the type argument must be specified for the type. When a generic instance member that does not support inference is called, the type argument must be specified for the member. In these two cases, the syntax for specifying the type argument is different and easily confused." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1000", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1001", - "shortDescription": { - "text": "Types that own disposable fields should be disposable" - }, - "fullDescription": { - "text": "A class declares and implements an instance field that is a System.IDisposable type, and the class does not implement IDisposable. A class that declares an IDisposable field indirectly owns an unmanaged resource and should implement the IDisposable interface." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1001", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1002", - "shortDescription": { - "text": "Do not expose generic lists" - }, - "fullDescription": { - "text": "System.Collections.Generic.List is a generic collection that's designed for performance and not inheritance. List does not contain virtual members that make it easier to change the behavior of an inherited class." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1002", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1003", - "shortDescription": { - "text": "Use generic event handler instances" - }, - "fullDescription": { - "text": "A type contains a delegate that returns void, whose signature contains two parameters (the first an object and the second a type that is assignable to EventArgs), and the containing assembly targets Microsoft .NET Framework?2.0." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1003", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1005", - "shortDescription": { - "text": "Avoid excessive parameters on generic types" - }, - "fullDescription": { - "text": "The more type parameters a generic type contains, the more difficult it is to know and remember what each type parameter represents." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1005", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry" - ] - } - }, - { - "id": "CA1008", - "shortDescription": { - "text": "Enums should have zero value" - }, - "fullDescription": { - "text": "The default value of an uninitialized enumeration, just as other value types, is zero. A nonflags-attributed enumeration should define a member by using the value of zero so that the default value is a valid value of the enumeration. If an enumeration that has the FlagsAttribute attribute applied defines a zero-valued member, its name should be \"\"None\"\" to indicate that no values have been set in the enumeration." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1008", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode", - "RuleRename" - ] - } - }, - { - "id": "CA1010", - "shortDescription": { - "text": "Generic interface should also be implemented" - }, - "fullDescription": { - "text": "To broaden the usability of a type, implement one of the generic interfaces. This is especially true for collections as they can then be used to populate generic collection types." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1010", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1012", - "shortDescription": { - "text": "Abstract types should not have public constructors" - }, - "fullDescription": { - "text": "Constructors on abstract types can be called only by derived types. Because public constructors create instances of a type, and you cannot create instances of an abstract type, an abstract type that has a public constructor is incorrectly designed." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1012", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1014", - "shortDescription": { - "text": "Mark assemblies with CLSCompliant" - }, - "fullDescription": { - "text": "The Common Language Specification (CLS) defines naming restrictions, data types, and rules to which assemblies must conform if they will be used across programming languages. Good design dictates that all assemblies explicitly indicate CLS compliance by using CLSCompliantAttribute . If this attribute is not present on an assembly, the assembly is not compliant." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1014", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "CompilationEnd" - ] - } - }, - { - "id": "CA1016", - "shortDescription": { - "text": "Mark assemblies with assembly version" - }, - "fullDescription": { - "text": "The .NET Framework uses the version number to uniquely identify an assembly, and to bind to types in strongly named assemblies. The version number is used together with version and publisher policy. By default, applications run only with the assembly version with which they were built." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1016", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA1017", - "shortDescription": { - "text": "Mark assemblies with ComVisible" - }, - "fullDescription": { - "text": "ComVisibleAttribute determines how COM clients access managed code. Good design dictates that assemblies explicitly indicate COM visibility. COM visibility can be set for the whole assembly and then overridden for individual types and type members. If this attribute is not present, the contents of the assembly are visible to COM clients." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1017", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "CompilationEnd" - ] - } - }, - { - "id": "CA1018", - "shortDescription": { - "text": "Mark attributes with AttributeUsageAttribute" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1018", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1019", - "shortDescription": { - "text": "Define accessors for attribute arguments" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1019", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1021", - "shortDescription": { - "text": "Avoid out parameters" - }, - "fullDescription": { - "text": "Passing types by reference (using 'out' or 'ref') requires experience with pointers, understanding how value types and reference types differ, and handling methods with multiple return values. Also, the difference between 'out' and 'ref' parameters is not widely understood." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1021", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry" - ] - } - }, - { - "id": "CA1024", - "shortDescription": { - "text": "Use properties where appropriate" - }, - "fullDescription": { - "text": "A public or protected method has a name that starts with \"\"Get\"\", takes no parameters, and returns a value that is not an array. The method might be a good candidate to become a property." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1024", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1027", - "shortDescription": { - "text": "Mark enums with FlagsAttribute" - }, - "fullDescription": { - "text": "An enumeration is a value type that defines a set of related named constants. Apply FlagsAttribute to an enumeration when its named constants can be meaningfully combined." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1027", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1028", - "shortDescription": { - "text": "Enum Storage should be Int32" - }, - "fullDescription": { - "text": "An enumeration is a value type that defines a set of related named constants. By default, the System.Int32 data type is used to store the constant value. Although you can change this underlying type, it is not required or recommended for most scenarios." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1028", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1030", - "shortDescription": { - "text": "Use events where appropriate" - }, - "fullDescription": { - "text": "This rule detects methods that have names that ordinarily would be used for events. If a method is called in response to a clearly defined state change, the method should be invoked by an event handler. Objects that call the method should raise events instead of calling the method directly." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1030", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1031", - "shortDescription": { - "text": "Do not catch general exception types" - }, - "fullDescription": { - "text": "A general exception such as System.Exception or System.SystemException or a disallowed exception type is caught in a catch statement, or a general catch clause is used. General and disallowed exceptions should not be caught." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1031", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1032", - "shortDescription": { - "text": "Implement standard exception constructors" - }, - "fullDescription": { - "text": "Failure to provide the full set of constructors can make it difficult to correctly handle exceptions." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1032", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1033", - "shortDescription": { - "text": "Interface methods should be callable by child types" - }, - "fullDescription": { - "text": "An unsealed externally visible type provides an explicit method implementation of a public interface and does not provide an alternative externally visible method that has the same name." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1033", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1034", - "shortDescription": { - "text": "Nested types should not be visible" - }, - "fullDescription": { - "text": "A nested type is a type that is declared in the scope of another type. Nested types are useful to encapsulate private implementation details of the containing type. Used for this purpose, nested types should not be externally visible." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1034", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1036", - "shortDescription": { - "text": "Override methods on comparable types" - }, - "fullDescription": { - "text": "A public or protected type implements the System.IComparable interface. It does not override Object.Equals nor does it overload the language-specific operator for equality, inequality, less than, less than or equal, greater than or greater than or equal." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1036", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1040", - "shortDescription": { - "text": "Avoid empty interfaces" - }, - "fullDescription": { - "text": "Interfaces define members that provide a behavior or usage contract. The functionality that is described by the interface can be adopted by any type, regardless of where the type appears in the inheritance hierarchy. A type implements an interface by providing implementations for the members of the interface. An empty interface does not define any members; therefore, it does not define a contract that can be implemented." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1040", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1041", - "shortDescription": { - "text": "Provide ObsoleteAttribute message" - }, - "fullDescription": { - "text": "A type or member is marked by using a System.ObsoleteAttribute attribute that does not have its ObsoleteAttribute.Message property specified. When a type or member that is marked by using ObsoleteAttribute is compiled, the Message property of the attribute is displayed. This gives the user information about the obsolete type or member." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1041", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1043", - "shortDescription": { - "text": "Use Integral Or String Argument For Indexers" - }, - "fullDescription": { - "text": "Indexers, that is, indexed properties, should use integer or string types for the index. These types are typically used for indexing data structures and increase the usability of the library. Use of the Object type should be restricted to those cases where the specific integer or string type cannot be specified at design time. If the design requires other types for the index, reconsider whether the type represents a logical data store. If it does not represent a logical data store, use a method." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1043", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1044", - "shortDescription": { - "text": "Properties should not be write only" - }, - "fullDescription": { - "text": "Although it is acceptable and often necessary to have a read-only property, the design guidelines prohibit the use of write-only properties. This is because letting a user set a value, and then preventing the user from viewing that value, does not provide any security. Also, without read access, the state of shared objects cannot be viewed, which limits their usefulness." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1044", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1045", - "shortDescription": { - "text": "Do not pass types by reference" - }, - "fullDescription": { - "text": "Passing types by reference (using out or ref) requires experience with pointers, understanding how value types and reference types differ, and handling methods that have multiple return values. Also, the difference between out and ref parameters is not widely understood." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1045", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry" - ] - } - }, - { - "id": "CA1046", - "shortDescription": { - "text": "Do not overload equality operator on reference types" - }, - "fullDescription": { - "text": "For reference types, the default implementation of the equality operator is almost always correct. By default, two references are equal only if they point to the same object. If the operator is providing meaningful value equality, the type should implement the generic 'System.IEquatable' interface." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1046", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1050", - "shortDescription": { - "text": "Declare types in namespaces" - }, - "fullDescription": { - "text": "Types are declared in namespaces to prevent name collisions and as a way to organize related types in an object hierarchy." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1050", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1051", - "shortDescription": { - "text": "Do not declare visible instance fields" - }, - "fullDescription": { - "text": "The primary use of a field should be as an implementation detail. Fields should be private or internal and should be exposed by using properties." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1051", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1052", - "shortDescription": { - "text": "Static holder types should be Static or NotInheritable" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1052", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1054", - "shortDescription": { - "text": "URI-like parameters should not be strings" - }, - "fullDescription": { - "text": "This rule assumes that the parameter represents a Uniform Resource Identifier (URI). A string representation or a URI is prone to parsing and encoding errors, and can lead to security vulnerabilities. 'System.Uri' class provides these services in a safe and secure manner." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1054", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1055", - "shortDescription": { - "text": "URI-like return values should not be strings" - }, - "fullDescription": { - "text": "This rule assumes that the method returns a URI. A string representation of a URI is prone to parsing and encoding errors, and can lead to security vulnerabilities. The System.Uri class provides these services in a safe and secure manner." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1055", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1056", - "shortDescription": { - "text": "URI-like properties should not be strings" - }, - "fullDescription": { - "text": "This rule assumes that the property represents a Uniform Resource Identifier (URI). A string representation of a URI is prone to parsing and encoding errors, and can lead to security vulnerabilities. The System.Uri class provides these services in a safe and secure manner." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1056", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1058", - "shortDescription": { - "text": "Types should not extend certain base types" - }, - "fullDescription": { - "text": "An externally visible type extends certain base types. Use one of the alternatives." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1058", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1060", - "shortDescription": { - "text": "Move pinvokes to native methods class" - }, - "fullDescription": { - "text": "Platform Invocation methods, such as those that are marked by using the System.Runtime.InteropServices.DllImportAttribute attribute, or methods that are defined by using the Declare keyword in Visual Basic, access unmanaged code. These methods should be of the NativeMethods, SafeNativeMethods, or UnsafeNativeMethods class." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1060", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry" - ] - } - }, - { - "id": "CA1061", - "shortDescription": { - "text": "Do not hide base class methods" - }, - "fullDescription": { - "text": "A method in a base type is hidden by an identically named method in a derived type when the parameter signature of the derived method differs only by types that are more weakly derived than the corresponding types in the parameter signature of the base method." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1061", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1062", - "shortDescription": { - "text": "Validate arguments of public methods" - }, - "fullDescription": { - "text": "An externally visible method dereferences one of its reference arguments without verifying whether that argument is 'null' ('Nothing' in Visual Basic). All reference arguments that are passed to externally visible methods should be checked against 'null'. If appropriate, throw an 'ArgumentNullException' when the argument is 'null'. If the method is designed to be called only by known assemblies, you should make the method internal." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1062", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1063", - "shortDescription": { - "text": "Implement IDisposable Correctly" - }, - "fullDescription": { - "text": "All IDisposable types should implement the Dispose pattern correctly." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1063", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1064", - "shortDescription": { - "text": "Exceptions should be public" - }, - "fullDescription": { - "text": "An internal exception is visible only inside its own internal scope. After the exception falls outside the internal scope, only the base exception can be used to catch the exception. If the internal exception is inherited from T:System.Exception, T:System.SystemException, or T:System.ApplicationException, the external code will not have sufficient information to know what to do with the exception." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1064", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1065", - "shortDescription": { - "text": "Do not raise exceptions in unexpected locations" - }, - "fullDescription": { - "text": "A method that is not expected to throw exceptions throws an exception." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1065", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1066", - "shortDescription": { - "text": "Implement IEquatable when overriding Object.Equals" - }, - "fullDescription": { - "text": "When a type T overrides Object.Equals(object), the implementation must cast the object argument to the correct type T before performing the comparison. If the type implements IEquatable, and therefore offers the method T.Equals(T), and if the argument is known at compile time to be of type T, then the compiler can call IEquatable.Equals(T) instead of Object.Equals(object), and no cast is necessary, improving performance." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1066", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1067", - "shortDescription": { - "text": "Override Object.Equals(object) when implementing IEquatable" - }, - "fullDescription": { - "text": "When a type T implements the interface IEquatable, it suggests to a user who sees a call to the Equals method in source code that an instance of the type can be equated with an instance of any other type. The user might be confused if their attempt to equate the type with an instance of another type fails to compile. This violates the \"principle of least surprise\"." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1067", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1068", - "shortDescription": { - "text": "CancellationToken parameters must come last" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1068", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1069", - "shortDescription": { - "text": "Enums values should not be duplicated" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1069", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1070", - "shortDescription": { - "text": "Do not declare event fields as virtual" - }, - "fullDescription": { - "text": "Do not declare virtual events in a base class. Overridden events in a derived class have undefined behavior. The C# compiler does not handle this correctly and it is unpredictable whether a subscriber to the derived event will actually be subscribing to the base class event." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1070", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1200", - "shortDescription": { - "text": "Avoid using cref tags with a prefix" - }, - "fullDescription": { - "text": "Use of cref tags with prefixes should be avoided, since it prevents the compiler from verifying references and the IDE from updating references during refactorings. It is permissible to suppress this error at a single documentation site if the cref must use a prefix because the type being mentioned is not findable by the compiler. For example, if a cref is mentioning a special attribute in the full framework but you're in a file that compiles against the portable framework, or if you want to reference a type at higher layer of Roslyn, you should suppress the error. You should not suppress the error just because you want to take a shortcut and avoid using the full syntax." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1200", - "properties": { - "category": "Documentation", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1303", - "shortDescription": { - "text": "Do not pass literals as localized parameters" - }, - "fullDescription": { - "text": "A method passes a string literal as a parameter to a constructor or method in the .NET Framework class library and that string should be localizable. To fix a violation of this rule, replace the string literal with a string retrieved through an instance of the ResourceManager class." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1303", - "properties": { - "category": "Globalization", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1304", - "shortDescription": { - "text": "Specify CultureInfo" - }, - "fullDescription": { - "text": "A method or constructor calls a member that has an overload that accepts a System.Globalization.CultureInfo parameter, and the method or constructor does not call the overload that takes the CultureInfo parameter. When a CultureInfo or System.IFormatProvider object is not supplied, the default value that is supplied by the overloaded member might not have the effect that you want in all locales. If the result will be displayed to the user, specify 'CultureInfo.CurrentCulture' as the 'CultureInfo' parameter. Otherwise, if the result will be stored and accessed by software, such as when it is persisted to disk or to a database, specify 'CultureInfo.InvariantCulture'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1304", - "properties": { - "category": "Globalization", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1305", - "shortDescription": { - "text": "Specify IFormatProvider" - }, - "fullDescription": { - "text": "A method or constructor calls one or more members that have overloads that accept a System.IFormatProvider parameter, and the method or constructor does not call the overload that takes the IFormatProvider parameter. When a System.Globalization.CultureInfo or IFormatProvider object is not supplied, the default value that is supplied by the overloaded member might not have the effect that you want in all locales. If the result will be based on the input from/output displayed to the user, specify 'CultureInfo.CurrentCulture' as the 'IFormatProvider'. Otherwise, if the result will be stored and accessed by software, such as when it is loaded from disk/database and when it is persisted to disk/database, specify 'CultureInfo.InvariantCulture'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1305", - "properties": { - "category": "Globalization", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1307", - "shortDescription": { - "text": "Specify StringComparison for clarity" - }, - "fullDescription": { - "text": "A string comparison operation uses a method overload that does not set a StringComparison parameter. It is recommended to use the overload with StringComparison parameter for clarity of intent. If the result will be displayed to the user, such as when sorting a list of items for display in a list box, specify 'StringComparison.CurrentCulture' or 'StringComparison.CurrentCultureIgnoreCase' as the 'StringComparison' parameter. If comparing case-insensitive identifiers, such as file paths, environment variables, or registry keys and values, specify 'StringComparison.OrdinalIgnoreCase'. Otherwise, if comparing case-sensitive identifiers, specify 'StringComparison.Ordinal'." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1307", - "properties": { - "category": "Globalization", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1308", - "shortDescription": { - "text": "Normalize strings to uppercase" - }, - "fullDescription": { - "text": "Strings should be normalized to uppercase. A small group of characters cannot make a round trip when they are converted to lowercase. To make a round trip means to convert the characters from one locale to another locale that represents character data differently, and then to accurately retrieve the original characters from the converted characters." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1308", - "properties": { - "category": "Globalization", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1309", - "shortDescription": { - "text": "Use ordinal string comparison" - }, - "fullDescription": { - "text": "A string comparison operation that is nonlinguistic does not set the StringComparison parameter to either Ordinal or OrdinalIgnoreCase. By explicitly setting the parameter to either StringComparison.Ordinal or StringComparison.OrdinalIgnoreCase, your code often gains speed, becomes more correct, and becomes more reliable." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1309", - "properties": { - "category": "Globalization", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1310", - "shortDescription": { - "text": "Specify StringComparison for correctness" - }, - "fullDescription": { - "text": "A string comparison operation uses a method overload that does not set a StringComparison parameter, hence its behavior could vary based on the current user's locale settings. It is strongly recommended to use the overload with StringComparison parameter for correctness and clarity of intent. If the result will be displayed to the user, such as when sorting a list of items for display in a list box, specify 'StringComparison.CurrentCulture' or 'StringComparison.CurrentCultureIgnoreCase' as the 'StringComparison' parameter. If comparing case-insensitive identifiers, such as file paths, environment variables, or registry keys and values, specify 'StringComparison.OrdinalIgnoreCase'. Otherwise, if comparing case-sensitive identifiers, specify 'StringComparison.Ordinal'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1310", - "properties": { - "category": "Globalization", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1311", - "shortDescription": { - "text": "Specify a culture or use an invariant version" - }, - "fullDescription": { - "text": "Specify culture to help avoid accidental implicit dependency on current culture. Using an invariant version yields consistent results regardless of the culture of an application." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1311", - "properties": { - "category": "Globalization", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1401", - "shortDescription": { - "text": "P/Invokes should not be visible" - }, - "fullDescription": { - "text": "A public or protected method in a public type has the System.Runtime.InteropServices.DllImportAttribute attribute (also implemented by the Declare keyword in Visual Basic). Such methods should not be exposed." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1401", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1416", - "shortDescription": { - "text": "Validate platform compatibility" - }, - "fullDescription": { - "text": "Using platform dependent API on a component makes the code no longer work across all platforms." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1416", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1417", - "shortDescription": { - "text": "Do not use 'OutAttribute' on string parameters for P/Invokes" - }, - "fullDescription": { - "text": "String parameters passed by value with the 'OutAttribute' can destabilize the runtime if the string is an interned string." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1417", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1418", - "shortDescription": { - "text": "Use valid platform string" - }, - "fullDescription": { - "text": "Platform compatibility analyzer requires a valid platform name and version." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1418", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1419", - "shortDescription": { - "text": "Provide a parameterless constructor that is as visible as the containing type for concrete types derived from 'System.Runtime.InteropServices.SafeHandle'" - }, - "fullDescription": { - "text": "Providing a parameterless constructor that is as visible as the containing type for a type derived from 'System.Runtime.InteropServices.SafeHandle' enables better performance and usage with source-generated interop solutions." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1419", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1420", - "shortDescription": { - "text": "Property, type, or attribute requires runtime marshalling" - }, - "fullDescription": { - "text": "Using features that require runtime marshalling when runtime marshalling is disabled will result in runtime exceptions." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1420", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1421", - "shortDescription": { - "text": "This method uses runtime marshalling even when the 'DisableRuntimeMarshallingAttribute' is applied" - }, - "fullDescription": { - "text": "This method uses runtime marshalling even when runtime marshalling is disabled, which can cause unexpected behavior differences at runtime due to different expectations of a type's native layout." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1421", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1422", - "shortDescription": { - "text": "Validate platform compatibility" - }, - "fullDescription": { - "text": "Using platform dependent API on a component makes the code no longer work across all platforms." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1422", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1501", - "shortDescription": { - "text": "Avoid excessive inheritance" - }, - "fullDescription": { - "text": "Deeply nested type hierarchies can be difficult to follow, understand, and maintain. This rule limits analysis to hierarchies in the same module. To fix a violation of this rule, derive the type from a base type that is less deep in the inheritance hierarchy or eliminate some of the intermediate base types." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1501", - "properties": { - "category": "Maintainability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "CompilationEnd" - ] - } - }, - { - "id": "CA1502", - "shortDescription": { - "text": "Avoid excessive complexity" - }, - "fullDescription": { - "text": "Cyclomatic complexity measures the number of linearly independent paths through the method, which is determined by the number and complexity of conditional branches. A low cyclomatic complexity generally indicates a method that is easy to understand, test, and maintain. The cyclomatic complexity is calculated from a control flow graph of the method and is given as follows: `cyclomatic complexity = the number of edges - the number of nodes + 1`, where a node represents a logic branch point and an edge represents a line between nodes." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1502", - "properties": { - "category": "Maintainability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "CompilationEnd" - ] - } - }, - { - "id": "CA1505", - "shortDescription": { - "text": "Avoid unmaintainable code" - }, - "fullDescription": { - "text": "The maintainability index is calculated by using the following metrics: lines of code, program volume, and cyclomatic complexity. Program volume is a measure of the difficulty of understanding of a symbol that is based on the number of operators and operands in the code. Cyclomatic complexity is a measure of the structural complexity of the type or method. A low maintainability index indicates that code is probably difficult to maintain and would be a good candidate to redesign." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1505", - "properties": { - "category": "Maintainability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "CompilationEnd" - ] - } - }, - { - "id": "CA1506", - "shortDescription": { - "text": "Avoid excessive class coupling" - }, - "fullDescription": { - "text": "This rule measures class coupling by counting the number of unique type references that a symbol contains. Symbols that have a high degree of class coupling can be difficult to maintain. It is a good practice to have types and methods that exhibit low coupling and high cohesion. To fix this violation, try to redesign the code to reduce the number of types to which it is coupled." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1506", - "properties": { - "category": "Maintainability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "CompilationEnd" - ] - } - }, - { - "id": "CA1507", - "shortDescription": { - "text": "Use nameof to express symbol names" - }, - "fullDescription": { - "text": "Using nameof helps keep your code valid when refactoring." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1507", - "properties": { - "category": "Maintainability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1508", - "shortDescription": { - "text": "Avoid dead conditional code" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1508", - "properties": { - "category": "Maintainability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1509", - "shortDescription": { - "text": "Invalid entry in code metrics rule specification file" - }, - "fullDescription": { - "text": "Invalid entry in code metrics rule specification file." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1509", - "properties": { - "category": "Maintainability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "CompilationEnd" - ] - } - }, - { - "id": "CA1510", - "shortDescription": { - "text": "Use ArgumentNullException throw helper" - }, - "fullDescription": { - "text": "Throw helpers are simpler and more efficient than an if block constructing a new exception instance." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1510", - "properties": { - "category": "Maintainability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1511", - "shortDescription": { - "text": "Use ArgumentException throw helper" - }, - "fullDescription": { - "text": "Throw helpers are simpler and more efficient than an if block constructing a new exception instance." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1511", - "properties": { - "category": "Maintainability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1512", - "shortDescription": { - "text": "Use ArgumentOutOfRangeException throw helper" - }, - "fullDescription": { - "text": "Throw helpers are simpler and more efficient than an if block constructing a new exception instance." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1512", - "properties": { - "category": "Maintainability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1513", - "shortDescription": { - "text": "Use ObjectDisposedException throw helper" - }, - "fullDescription": { - "text": "Throw helpers are simpler and more efficient than an if block constructing a new exception instance." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1513", - "properties": { - "category": "Maintainability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1514", - "shortDescription": { - "text": "Avoid redundant length argument" - }, - "fullDescription": { - "text": "An explicit length calculation can be error-prone and can be avoided when slicing to end of the buffer." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1514", - "properties": { - "category": "Maintainability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1515", - "shortDescription": { - "text": "Consider making public types internal" - }, - "fullDescription": { - "text": "Unlike a class library, an application's API isn't typically referenced publicly, so types can be marked internal." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1515", - "properties": { - "category": "Maintainability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1700", - "shortDescription": { - "text": "Do not name enum values 'Reserved'" - }, - "fullDescription": { - "text": "This rule assumes that an enumeration member that has a name that contains \"reserved\" is not currently used but is a placeholder to be renamed or removed in a future version. Renaming or removing a member is a breaking change." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1700", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1707", - "shortDescription": { - "text": "Identifiers should not contain underscores" - }, - "fullDescription": { - "text": "By convention, identifier names do not contain the underscore (_) character. This rule checks namespaces, types, members, and parameters." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1707", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1708", - "shortDescription": { - "text": "Identifiers should differ by more than case" - }, - "fullDescription": { - "text": "Identifiers for namespaces, types, members, and parameters cannot differ only by case because languages that target the common language runtime are not required to be case-sensitive." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1708", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1710", - "shortDescription": { - "text": "Identifiers should have correct suffix" - }, - "fullDescription": { - "text": "By convention, the names of types that extend certain base types or that implement certain interfaces, or types that are derived from these types, have a suffix that is associated with the base type or interface." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1710", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1711", - "shortDescription": { - "text": "Identifiers should not have incorrect suffix" - }, - "fullDescription": { - "text": "By convention, only the names of types that extend certain base types or that implement certain interfaces, or types that are derived from these types, should end with specific reserved suffixes. Other type names should not use these reserved suffixes." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1711", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1712", - "shortDescription": { - "text": "Do not prefix enum values with type name" - }, - "fullDescription": { - "text": "An enumeration's values should not start with the type name of the enumeration." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1712", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1713", - "shortDescription": { - "text": "Events should not have 'Before' or 'After' prefix" - }, - "fullDescription": { - "text": "Event names should describe the action that raises the event. To name related events that are raised in a specific sequence, use the present or past tense to indicate the relative position in the sequence of actions. For example, when naming a pair of events that is raised when closing a resource, you might name it 'Closing' and 'Closed', instead of 'BeforeClose' and 'AfterClose'." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1713", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1715", - "shortDescription": { - "text": "Identifiers should have correct prefix" - }, - "fullDescription": { - "text": "The name of an externally visible interface does not start with an uppercase \"\"I\"\". The name of a generic type parameter on an externally visible type or method does not start with an uppercase \"\"T\"\"." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1715", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1716", - "shortDescription": { - "text": "Identifiers should not match keywords" - }, - "fullDescription": { - "text": "A namespace name or a type name matches a reserved keyword in a programming language. Identifiers for namespaces and types should not match keywords that are defined by languages that target the common language runtime." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1716", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1720", - "shortDescription": { - "text": "Identifier contains type name" - }, - "fullDescription": { - "text": "Names of parameters and members are better used to communicate their meaning than to describe their type, which is expected to be provided by development tools. For names of members, if a data type name must be used, use a language-independent name instead of a language-specific one." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1720", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1721", - "shortDescription": { - "text": "Property names should not match get methods" - }, - "fullDescription": { - "text": "The name of a public or protected member starts with \"\"Get\"\" and otherwise matches the name of a public or protected property. \"\"Get\"\" methods and properties should have names that clearly distinguish their function." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1721", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1724", - "shortDescription": { - "text": "Type names should not match namespaces" - }, - "fullDescription": { - "text": "Type names should not match the names of namespaces that are defined in the .NET Framework class library. Violating this rule can reduce the usability of the library." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1724", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA1725", - "shortDescription": { - "text": "Parameter names should match base declaration" - }, - "fullDescription": { - "text": "Consistent naming of parameters in an override hierarchy increases the usability of the method overrides. A parameter name in a derived method that differs from the name in the base declaration can cause confusion about whether the method is an override of the base method or a new overload of the method." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1725", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1727", - "shortDescription": { - "text": "Use PascalCase for named placeholders" - }, - "fullDescription": { - "text": "Use PascalCase for named placeholders in the logging message template." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1727", - "properties": { - "category": "Naming", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1802", - "shortDescription": { - "text": "Use literals where appropriate" - }, - "fullDescription": { - "text": "A field is declared static and read-only (Shared and ReadOnly in Visual Basic), and is initialized by using a value that is computable at compile time. Because the value that is assigned to the targeted field is computable at compile time, change the declaration to a const (Const in Visual Basic) field so that the value is computed at compile time instead of at runtime." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1802", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1805", - "shortDescription": { - "text": "Do not initialize unnecessarily" - }, - "fullDescription": { - "text": "The .NET runtime initializes all fields of reference types to their default values before running the constructor. In most cases, explicitly initializing a field to its default value in a constructor is redundant, adding maintenance costs and potentially degrading performance (such as with increased assembly size), and the explicit initialization can be removed. In some cases, such as with static readonly fields that permanently retain their default value, consider instead changing them to be constants or properties." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1805", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1806", - "shortDescription": { - "text": "Do not ignore method results" - }, - "fullDescription": { - "text": "A new object is created but never used; or a method that creates and returns a new string is called and the new string is never used; or a COM or P/Invoke method returns an HRESULT or error code that is never used." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1806", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1810", - "shortDescription": { - "text": "Initialize reference type static fields inline" - }, - "fullDescription": { - "text": "A reference type declares an explicit static constructor. To fix a violation of this rule, initialize all static data when it is declared and remove the static constructor." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1810", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1812", - "shortDescription": { - "text": "Avoid uninstantiated internal classes" - }, - "fullDescription": { - "text": "An instance of an assembly-level type is not created by code in the assembly." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1812", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA1813", - "shortDescription": { - "text": "Avoid unsealed attributes" - }, - "fullDescription": { - "text": "The .NET Framework class library provides methods for retrieving custom attributes. By default, these methods search the attribute inheritance hierarchy. Sealing the attribute eliminates the search through the inheritance hierarchy and can improve performance." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1813", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1814", - "shortDescription": { - "text": "Prefer jagged arrays over multidimensional" - }, - "fullDescription": { - "text": "A jagged array is an array whose elements are arrays. The arrays that make up the elements can be of different sizes, leading to less wasted space for some sets of data." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1814", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1815", - "shortDescription": { - "text": "Override equals and operator equals on value types" - }, - "fullDescription": { - "text": "For value types, the inherited implementation of Equals uses the Reflection library and compares the contents of all fields. Reflection is computationally expensive, and comparing every field for equality might be unnecessary. If you expect users to compare or sort instances, or to use instances as hash table keys, your value type should implement Equals." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1815", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1816", - "shortDescription": { - "text": "Dispose methods should call SuppressFinalize" - }, - "fullDescription": { - "text": "A method that is an implementation of Dispose does not call GC.SuppressFinalize; or a method that is not an implementation of Dispose calls GC.SuppressFinalize; or a method calls GC.SuppressFinalize and passes something other than this (Me in Visual Basic)." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1816", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1819", - "shortDescription": { - "text": "Properties should not return arrays" - }, - "fullDescription": { - "text": "Arrays that are returned by properties are not write-protected, even when the property is read-only. To keep the array tamper-proof, the property must return a copy of the array. Typically, users will not understand the adverse performance implications of calling such a property." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1819", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1820", - "shortDescription": { - "text": "Test for empty strings using string length" - }, - "fullDescription": { - "text": "Comparing strings by using the String.Length property or the String.IsNullOrEmpty method is significantly faster than using Equals." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1820", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1821", - "shortDescription": { - "text": "Remove empty Finalizers" - }, - "fullDescription": { - "text": "Finalizers should be avoided where possible, to avoid the additional performance overhead involved in tracking object lifetime." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1821", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1822", - "shortDescription": { - "text": "Mark members as static" - }, - "fullDescription": { - "text": "Members that do not access instance data or call instance methods can be marked as static. After you mark the methods as static, the compiler will emit nonvirtual call sites to these members. This can give you a measurable performance gain for performance-sensitive code." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1822", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1823", - "shortDescription": { - "text": "Avoid unused private fields" - }, - "fullDescription": { - "text": "Private fields were detected that do not appear to be accessed in the assembly." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1823", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1824", - "shortDescription": { - "text": "Mark assemblies with NeutralResourcesLanguageAttribute" - }, - "fullDescription": { - "text": "The NeutralResourcesLanguage attribute informs the ResourceManager of the language that was used to display the resources of a neutral culture for an assembly. This improves lookup performance for the first resource that you load and can reduce your working set." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1824", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "3", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1825", - "shortDescription": { - "text": "Avoid zero-length array allocations" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1825", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1826", - "shortDescription": { - "text": "Do not use Enumerable methods on indexable collections" - }, - "fullDescription": { - "text": "This collection is directly indexable. Going through LINQ here causes unnecessary allocations and CPU work." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1826", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1827", - "shortDescription": { - "text": "Do not use Count() or LongCount() when Any() can be used" - }, - "fullDescription": { - "text": "For non-empty collections, Count() and LongCount() enumerate the entire sequence, while Any() stops at the first item or the first item that satisfies a condition." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1827", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1828", - "shortDescription": { - "text": "Do not use CountAsync() or LongCountAsync() when AnyAsync() can be used" - }, - "fullDescription": { - "text": "For non-empty collections, CountAsync() and LongCountAsync() enumerate the entire sequence, while AnyAsync() stops at the first item or the first item that satisfies a condition." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1828", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1829", - "shortDescription": { - "text": "Use Length/Count property instead of Count() when available" - }, - "fullDescription": { - "text": "Enumerable.Count() potentially enumerates the sequence while a Length/Count property is a direct access." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1829", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1830", - "shortDescription": { - "text": "Prefer strongly-typed Append and Insert method overloads on StringBuilder" - }, - "fullDescription": { - "text": "StringBuilder.Append and StringBuilder.Insert provide overloads for multiple types beyond System.String. When possible, prefer the strongly-typed overloads over using ToString() and the string-based overload." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1830", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1831", - "shortDescription": { - "text": "Use AsSpan or AsMemory instead of Range-based indexers when appropriate" - }, - "fullDescription": { - "text": "The Range-based indexer on string values produces a copy of requested portion of the string. This copy is usually unnecessary when it is implicitly used as a ReadOnlySpan or ReadOnlyMemory value. Use the AsSpan method to avoid the unnecessary copy." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1831", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1832", - "shortDescription": { - "text": "Use AsSpan or AsMemory instead of Range-based indexers when appropriate" - }, - "fullDescription": { - "text": "The Range-based indexer on array values produces a copy of requested portion of the array. This copy is usually unnecessary when it is implicitly used as a ReadOnlySpan or ReadOnlyMemory value. Use the AsSpan method to avoid the unnecessary copy." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1832", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1833", - "shortDescription": { - "text": "Use AsSpan or AsMemory instead of Range-based indexers when appropriate" - }, - "fullDescription": { - "text": "The Range-based indexer on array values produces a copy of requested portion of the array. This copy is often unwanted when it is implicitly used as a Span or Memory value. Use the AsSpan method to avoid the copy." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1833", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1834", - "shortDescription": { - "text": "Consider using 'StringBuilder.Append(char)' when applicable" - }, - "fullDescription": { - "text": "'StringBuilder.Append(char)' is more efficient than 'StringBuilder.Append(string)' when the string is a single character. When calling 'Append' with a constant, prefer using a constant char rather than a constant string containing one character." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1834", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1835", - "shortDescription": { - "text": "Prefer the 'Memory'-based overloads for 'ReadAsync' and 'WriteAsync'" - }, - "fullDescription": { - "text": "'Stream' has a 'ReadAsync' overload that takes a 'Memory' as the first argument, and a 'WriteAsync' overload that takes a 'ReadOnlyMemory' as the first argument. Prefer calling the memory based overloads, which are more efficient." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1835", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1836", - "shortDescription": { - "text": "Prefer IsEmpty over Count" - }, - "fullDescription": { - "text": "For determining whether the object contains or not any items, prefer using 'IsEmpty' property rather than retrieving the number of items from the 'Count' property and comparing it to 0 or 1." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1836", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1837", - "shortDescription": { - "text": "Use 'Environment.ProcessId'" - }, - "fullDescription": { - "text": "'Environment.ProcessId' is simpler and faster than 'Process.GetCurrentProcess().Id'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1837", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1838", - "shortDescription": { - "text": "Avoid 'StringBuilder' parameters for P/Invokes" - }, - "fullDescription": { - "text": "Marshalling of 'StringBuilder' always creates a native buffer copy, resulting in multiple allocations for one marshalling operation." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1838", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1839", - "shortDescription": { - "text": "Use 'Environment.ProcessPath'" - }, - "fullDescription": { - "text": "'Environment.ProcessPath' is simpler and faster than 'Process.GetCurrentProcess().MainModule.FileName'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1839", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1840", - "shortDescription": { - "text": "Use 'Environment.CurrentManagedThreadId'" - }, - "fullDescription": { - "text": "'Environment.CurrentManagedThreadId' is simpler and faster than 'Thread.CurrentThread.ManagedThreadId'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1840", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1841", - "shortDescription": { - "text": "Prefer Dictionary.Contains methods" - }, - "fullDescription": { - "text": "'ContainsKey' is usually O(1), while 'Keys.Contains' may be O(n) in some cases. Additionally, many dictionary implementations lazily initialize the Keys collection to cut back on allocations." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1841", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1842", - "shortDescription": { - "text": "Do not use 'WhenAll' with a single task" - }, - "fullDescription": { - "text": "Using 'WhenAll' with a single task may result in performance loss, await or return the task instead." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1842", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1843", - "shortDescription": { - "text": "Do not use 'WaitAll' with a single task" - }, - "fullDescription": { - "text": "Using 'WaitAll' with a single task may result in performance loss, await or return the task instead." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1843", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1844", - "shortDescription": { - "text": "Provide memory-based overrides of async methods when subclassing 'Stream'" - }, - "fullDescription": { - "text": "To improve performance, override the memory-based async methods when subclassing 'Stream'. Then implement the array-based methods in terms of the memory-based methods." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1844", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1845", - "shortDescription": { - "text": "Use span-based 'string.Concat'" - }, - "fullDescription": { - "text": "It is more efficient to use 'AsSpan' and 'string.Concat', instead of 'Substring' and a concatenation operator." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1845", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1846", - "shortDescription": { - "text": "Prefer 'AsSpan' over 'Substring'" - }, - "fullDescription": { - "text": "'AsSpan' is more efficient than 'Substring'. 'Substring' performs an O(n) string copy, while 'AsSpan' does not and has a constant cost." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1846", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1847", - "shortDescription": { - "text": "Use char literal for a single character lookup" - }, - "fullDescription": { - "text": "'string.Contains(char)' is available as a better performing overload for single char lookup." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1847", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1848", - "shortDescription": { - "text": "Use the LoggerMessage delegates" - }, - "fullDescription": { - "text": "For improved performance, use the LoggerMessage delegates." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1848", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1849", - "shortDescription": { - "text": "Call async methods when in an async method" - }, - "fullDescription": { - "text": "When inside a Task-returning method, use the async version of methods, if they exist." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1849", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1850", - "shortDescription": { - "text": "Prefer static 'HashData' method over 'ComputeHash'" - }, - "fullDescription": { - "text": "It is more efficient to use the static 'HashData' method over creating and managing a HashAlgorithm instance to call 'ComputeHash'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1850", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1851", - "shortDescription": { - "text": "Possible multiple enumerations of 'IEnumerable' collection" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1851", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1852", - "shortDescription": { - "text": "Seal internal types" - }, - "fullDescription": { - "text": "When a type is not accessible outside its assembly and has no subtypes within its containing assembly, it can be safely sealed. Sealing types can improve performance." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1852", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA1853", - "shortDescription": { - "text": "Unnecessary call to 'Dictionary.ContainsKey(key)'" - }, - "fullDescription": { - "text": "Do not guard 'Dictionary.Remove(key)' with 'Dictionary.ContainsKey(key)'. The former already checks whether the key exists, and will not throw if it does not." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1853", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1854", - "shortDescription": { - "text": "Prefer the 'IDictionary.TryGetValue(TKey, out TValue)' method" - }, - "fullDescription": { - "text": "Prefer a 'TryGetValue' call over a Dictionary indexer access guarded by a 'ContainsKey' check. 'ContainsKey' and the indexer both would lookup the key under the hood, so using 'TryGetValue' removes the extra lookup." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1854", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1855", - "shortDescription": { - "text": "Prefer 'Clear' over 'Fill'" - }, - "fullDescription": { - "text": "It is more efficient to use 'Clear', instead of 'Fill' with default value." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1855", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1856", - "shortDescription": { - "text": "Incorrect usage of ConstantExpected attribute" - }, - "fullDescription": { - "text": "ConstantExpected attribute is not applied correctly on the parameter." - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1856", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1857", - "shortDescription": { - "text": "A constant is expected for the parameter" - }, - "fullDescription": { - "text": "The parameter expects a constant for optimal performance." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1857", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1858", - "shortDescription": { - "text": "Use 'StartsWith' instead of 'IndexOf'" - }, - "fullDescription": { - "text": "It is both clearer and faster to use 'StartsWith' instead of comparing the result of 'IndexOf' to zero." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1858", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1859", - "shortDescription": { - "text": "Use concrete types when possible for improved performance" - }, - "fullDescription": { - "text": "Using concrete types avoids virtual or interface call overhead and enables inlining." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1859", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1860", - "shortDescription": { - "text": "Avoid using 'Enumerable.Any()' extension method" - }, - "fullDescription": { - "text": "Prefer using 'IsEmpty', 'Count' or 'Length' properties whichever available, rather than calling 'Enumerable.Any()'. The intent is clearer and it is more performant than using 'Enumerable.Any()' extension method." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1860", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1861", - "shortDescription": { - "text": "Avoid constant arrays as arguments" - }, - "fullDescription": { - "text": "Constant arrays passed as arguments are not reused when called repeatedly, which implies a new array is created each time. Consider extracting them to 'static readonly' fields to improve performance if the passed array is not mutated within the called method." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1861", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1862", - "shortDescription": { - "text": "Use the 'StringComparison' method overloads to perform case-insensitive string comparisons" - }, - "fullDescription": { - "text": "Avoid calling 'ToLower', 'ToUpper', 'ToLowerInvariant' and 'ToUpperInvariant' to perform case-insensitive string comparisons because they lead to an allocation. Instead, prefer calling the method overloads of 'Contains', 'IndexOf' and 'StartsWith' that take a 'StringComparison' enum value to perform case-insensitive comparisons. Switching to using an overload that takes a 'StringComparison' might cause subtle changes in behavior, so it's important to conduct thorough testing after applying the suggestion. Additionally, if a culturally sensitive comparison is not required, consider using 'StringComparison.OrdinalIgnoreCase'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1862", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1863", - "shortDescription": { - "text": "Use 'CompositeFormat'" - }, - "fullDescription": { - "text": "Cache and use a 'CompositeFormat' instance as the argument to this formatting operation, rather than passing in the original format string. This reduces the cost of the formatting operation." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1863", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1864", - "shortDescription": { - "text": "Prefer the 'IDictionary.TryAdd(TKey, TValue)' method" - }, - "fullDescription": { - "text": "Prefer a 'TryAdd' call over an 'Add' call guarded by a 'ContainsKey' check. 'TryAdd' behaves the same as 'Add', except that when the specified key already exists, it returns 'false' instead of throwing an exception." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1864", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1865", - "shortDescription": { - "text": "Use char overload" - }, - "fullDescription": { - "text": "The char overload is a better performing overload than a string with a single char." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1865", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "0.005", - "executionTimeInPercentage": "53", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1866", - "shortDescription": { - "text": "Use char overload" - }, - "fullDescription": { - "text": "The char overload is a better performing overload than a string with a single char." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1866", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "0.005", - "executionTimeInPercentage": "53", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1867", - "shortDescription": { - "text": "Use char overload" - }, - "fullDescription": { - "text": "The char overload is a better performing overload than a string with a single char." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1867", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "0.005", - "executionTimeInPercentage": "53", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1868", - "shortDescription": { - "text": "Unnecessary call to 'Contains(item)'" - }, - "fullDescription": { - "text": "Do not guard 'Add(item)' or 'Remove(item)' with 'Contains(item)' for the set. The former two already check whether the item exists and will return if it was added or removed." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1868", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1869", - "shortDescription": { - "text": "Cache and reuse 'JsonSerializerOptions' instances" - }, - "fullDescription": { - "text": "Avoid creating a new 'JsonSerializerOptions' instance for every serialization operation. Cache and reuse instances instead. Single use 'JsonSerializerOptions' instances can substantially degrade the performance of your application." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1869", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1870", - "shortDescription": { - "text": "Use a cached 'SearchValues' instance" - }, - "fullDescription": { - "text": "Using a cached 'SearchValues' instance is more efficient than passing values to 'IndexOfAny'/'ContainsAny' directly." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1870", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1871", - "shortDescription": { - "text": "Do not pass a nullable struct to 'ArgumentNullException.ThrowIfNull'" - }, - "fullDescription": { - "text": "'ArgumentNullException.ThrowIfNull' accepts an 'object', so passing a nullable struct may cause the value to be boxed." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1871", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1872", - "shortDescription": { - "text": "Prefer 'Convert.ToHexString' and 'Convert.ToHexStringLower' over call chains based on 'BitConverter.ToString'" - }, - "fullDescription": { - "text": "Use 'Convert.ToHexString' or 'Convert.ToHexStringLower' when encoding bytes to a hexadecimal string representation. These methods are more efficient and allocation-friendly than using 'BitConverter.ToString' in combination with 'String.Replace' to replace dashes and 'String.ToLower'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1872", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2000", - "shortDescription": { - "text": "Dispose objects before losing scope" - }, - "fullDescription": { - "text": "If a disposable object is not explicitly disposed before all references to it are out of scope, the object will be disposed at some indeterminate time when the garbage collector runs the finalizer of the object. Because an exceptional event might occur that will prevent the finalizer of the object from running, the object should be explicitly disposed instead." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2000", - "properties": { - "category": "Reliability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2002", - "shortDescription": { - "text": "Do not lock on objects with weak identity" - }, - "fullDescription": { - "text": "An object is said to have a weak identity when it can be directly accessed across application domain boundaries. A thread that tries to acquire a lock on an object that has a weak identity can be blocked by a second thread in a different application domain that has a lock on the same object." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2002", - "properties": { - "category": "Reliability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2007", - "shortDescription": { - "text": "Consider calling ConfigureAwait on the awaited task" - }, - "fullDescription": { - "text": "When an asynchronous method awaits a Task directly, continuation occurs in the same thread that created the task. Consider calling Task.ConfigureAwait(Boolean) to signal your intention for continuation. Call ConfigureAwait(false) on the task to schedule continuations to the thread pool, thereby avoiding a deadlock on the UI thread. Passing false is a good option for app-independent libraries. Calling ConfigureAwait(true) on the task has the same behavior as not explicitly calling ConfigureAwait. By explicitly calling this method, you're letting readers know you intentionally want to perform the continuation on the original synchronization context." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2007", - "properties": { - "category": "Reliability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2008", - "shortDescription": { - "text": "Do not create tasks without passing a TaskScheduler" - }, - "fullDescription": { - "text": "Do not create tasks unless you are using one of the overloads that takes a TaskScheduler. The default is to schedule on TaskScheduler.Current, which would lead to deadlocks. Either use TaskScheduler.Default to schedule on the thread pool, or explicitly pass TaskScheduler.Current to make your intentions clear." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2008", - "properties": { - "category": "Reliability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2009", - "shortDescription": { - "text": "Do not call ToImmutableCollection on an ImmutableCollection value" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2009", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2011", - "shortDescription": { - "text": "Avoid infinite recursion" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2011", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2012", - "shortDescription": { - "text": "Use ValueTasks correctly" - }, - "fullDescription": { - "text": "ValueTasks returned from member invocations are intended to be directly awaited. Attempts to consume a ValueTask multiple times or to directly access one's result before it's known to be completed may result in an exception or corruption. Ignoring such a ValueTask is likely an indication of a functional bug and may degrade performance." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2012", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2013", - "shortDescription": { - "text": "Do not use ReferenceEquals with value types" - }, - "fullDescription": { - "text": "Value type typed arguments are uniquely boxed for each call to this method, therefore the result can be unexpected." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2013", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2014", - "shortDescription": { - "text": "Do not use stackalloc in loops" - }, - "fullDescription": { - "text": "Stack space allocated by a stackalloc is only released at the end of the current method's invocation. Using it in a loop can result in unbounded stack growth and eventual stack overflow conditions." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2014", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2015", - "shortDescription": { - "text": "Do not define finalizers for types derived from MemoryManager" - }, - "fullDescription": { - "text": "Adding a finalizer to a type derived from MemoryManager may permit memory to be freed while it is still in use by a Span." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2015", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2016", - "shortDescription": { - "text": "Forward the 'CancellationToken' parameter to methods" - }, - "fullDescription": { - "text": "Forward the 'CancellationToken' parameter to methods to ensure the operation cancellation notifications gets properly propagated, or pass in 'CancellationToken.None' explicitly to indicate intentionally not propagating the token." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2016", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2017", - "shortDescription": { - "text": "Parameter count mismatch" - }, - "fullDescription": { - "text": "Number of parameters supplied in the logging message template do not match the number of named placeholders." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2017", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2018", - "shortDescription": { - "text": "'Buffer.BlockCopy' expects the number of bytes to be copied for the 'count' argument" - }, - "fullDescription": { - "text": "'Buffer.BlockCopy' expects the number of bytes to be copied for the 'count' argument. Using 'Array.Length' may not match the number of bytes that needs to be copied." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2018", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2019", - "shortDescription": { - "text": "Improper 'ThreadStatic' field initialization" - }, - "fullDescription": { - "text": "'ThreadStatic' fields should be initialized lazily on use, not with inline initialization nor explicitly in a static constructor, which would only initialize the field on the thread that runs the type's static constructor." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2019", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2020", - "shortDescription": { - "text": "Prevent behavioral change" - }, - "fullDescription": { - "text": "Some built-in operators added in .NET 7 behave differently when overflowing than did the corresponding user-defined operators in .NET 6 and earlier versions. Some operators that previously threw in an unchecked context now don't throw unless wrapped within a checked context. Also, some operators that did not previously throw in a checked context now throw unless wrapped in an unchecked context." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2020", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2021", - "shortDescription": { - "text": "Do not call Enumerable.Cast or Enumerable.OfType with incompatible types" - }, - "fullDescription": { - "text": "Enumerable.Cast and Enumerable.OfType require compatible types to function expectedly. \u000d\u000aThe generic cast (IL 'unbox.any') used by the sequence returned by Enumerable.Cast will throw InvalidCastException at runtime on elements of the types specified. \u000d\u000aThe generic type check (C# 'is' operator/IL 'isinst') used by Enumerable.OfType will never succeed with elements of types specified, resulting in an empty sequence. \u000d\u000aWidening and user defined conversions are not supported with generic types." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2021", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2022", - "shortDescription": { - "text": "Avoid inexact read with 'Stream.Read'" - }, - "fullDescription": { - "text": "A call to 'Stream.Read' may return fewer bytes than requested, resulting in unreliable code if the return value is not checked." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2022", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2100", - "shortDescription": { - "text": "Review SQL queries for security vulnerabilities" - }, - "fullDescription": { - "text": "SQL queries that directly use user input can be vulnerable to SQL injection attacks. Review this SQL query for potential vulnerabilities, and consider using a parameterized SQL query." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2100", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2101", - "shortDescription": { - "text": "Specify marshaling for P/Invoke string arguments" - }, - "fullDescription": { - "text": "A platform invoke member allows partially trusted callers, has a string parameter, and does not explicitly marshal the string. This can cause a potential security vulnerability." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2101", - "properties": { - "category": "Globalization", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2119", - "shortDescription": { - "text": "Seal methods that satisfy private interfaces" - }, - "fullDescription": { - "text": "An inheritable public type provides an overridable method implementation of an internal (Friend in Visual Basic) interface. To fix a violation of this rule, prevent the method from being overridden outside the assembly." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2119", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2153", - "shortDescription": { - "text": "Do Not Catch Corrupted State Exceptions" - }, - "fullDescription": { - "text": "Catching corrupted state exceptions could mask errors (such as access violations), resulting in inconsistent state of execution or making it easier for attackers to compromise system. Instead, catch and handle a more specific set of exception type(s) or re-throw the exception." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2153", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2200", - "shortDescription": { - "text": "Rethrow to preserve stack details" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2200", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2201", - "shortDescription": { - "text": "Do not raise reserved exception types" - }, - "fullDescription": { - "text": "An exception of type that is not sufficiently specific or reserved by the runtime should never be raised by user code. This makes the original error difficult to detect and debug. If this exception instance might be thrown, use a different exception type." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2201", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2207", - "shortDescription": { - "text": "Initialize value type static fields inline" - }, - "fullDescription": { - "text": "A value type declares an explicit static constructor. To fix a violation of this rule, initialize all static data when it is declared and remove the static constructor." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2207", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2208", - "shortDescription": { - "text": "Instantiate argument exceptions correctly" - }, - "fullDescription": { - "text": "A call is made to the default (parameterless) constructor of an exception type that is or derives from ArgumentException, or an incorrect string argument is passed to a parameterized constructor of an exception type that is or derives from ArgumentException." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2208", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2211", - "shortDescription": { - "text": "Non-constant fields should not be visible" - }, - "fullDescription": { - "text": "Static fields that are neither constants nor read-only are not thread-safe. Access to such a field must be carefully controlled and requires advanced programming techniques to synchronize access to the class object." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2211", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2213", - "shortDescription": { - "text": "Disposable fields should be disposed" - }, - "fullDescription": { - "text": "A type that implements System.IDisposable declares fields that are of types that also implement IDisposable. The Dispose method of the field is not called by the Dispose method of the declaring type. To fix a violation of this rule, call Dispose on fields that are of types that implement IDisposable if you are responsible for allocating and releasing the unmanaged resources held by the field." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2213", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2214", - "shortDescription": { - "text": "Do not call overridable methods in constructors" - }, - "fullDescription": { - "text": "Virtual methods defined on the class should not be called from constructors. If a derived class has overridden the method, the derived class version will be called (before the derived class constructor is called)." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2214", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2215", - "shortDescription": { - "text": "Dispose methods should call base class dispose" - }, - "fullDescription": { - "text": "A type that implements System.IDisposable inherits from a type that also implements IDisposable. The Dispose method of the inheriting type does not call the Dispose method of the parent type. To fix a violation of this rule, call base.Dispose in your Dispose method." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2215", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2216", - "shortDescription": { - "text": "Disposable types should declare finalizer" - }, - "fullDescription": { - "text": "A type that implements System.IDisposable and has fields that suggest the use of unmanaged resources does not implement a finalizer, as described by Object.Finalize." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2216", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2217", - "shortDescription": { - "text": "Do not mark enums with FlagsAttribute" - }, - "fullDescription": { - "text": "An externally visible enumeration is marked by using FlagsAttribute, and it has one or more values that are not powers of two or a combination of the other defined values on the enumeration." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2217", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2219", - "shortDescription": { - "text": "Do not raise exceptions in finally clauses" - }, - "fullDescription": { - "text": "When an exception is raised in a finally clause, the new exception hides the active exception. This makes the original error difficult to detect and debug." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2219", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2225", - "shortDescription": { - "text": "Operator overloads have named alternates" - }, - "fullDescription": { - "text": "An operator overload was detected, and the expected named alternative method was not found. The named alternative member provides access to the same functionality as the operator and is provided for developers who program in languages that do not support overloaded operators." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2225", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2226", - "shortDescription": { - "text": "Operators should have symmetrical overloads" - }, - "fullDescription": { - "text": "A type implements the equality or inequality operator and does not implement the opposite operator." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2226", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2227", - "shortDescription": { - "text": "Collection properties should be read only" - }, - "fullDescription": { - "text": "A writable collection property allows a user to replace the collection with a different collection. A read-only property stops the collection from being replaced but still allows the individual members to be set." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2227", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2231", - "shortDescription": { - "text": "Overload operator equals on overriding value type Equals" - }, - "fullDescription": { - "text": "In most programming languages there is no default implementation of the equality operator (==) for value types. If your programming language supports operator overloads, you should consider implementing the equality operator. Its behavior should be identical to that of Equals." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2231", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2234", - "shortDescription": { - "text": "Pass system uri objects instead of strings" - }, - "fullDescription": { - "text": "A call is made to a method that has a string parameter whose name contains \"uri\", \"URI\", \"urn\", \"URN\", \"url\", or \"URL\". The declaring type of the method contains a corresponding method overload that has a System.Uri parameter." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2234", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2235", - "shortDescription": { - "text": "Mark all non-serializable fields" - }, - "fullDescription": { - "text": "An instance field of a type that is not serializable is declared in a type that is serializable." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2235", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2237", - "shortDescription": { - "text": "Mark ISerializable types with serializable" - }, - "fullDescription": { - "text": "To be recognized by the common language runtime as serializable, types must be marked by using the SerializableAttribute attribute even when the type uses a custom serialization routine through implementation of the ISerializable interface." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2237", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2241", - "shortDescription": { - "text": "Provide correct arguments to formatting methods" - }, - "fullDescription": { - "text": "The format argument that is passed to System.String.Format does not contain a format item that corresponds to each object argument, or vice versa." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2241", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2242", - "shortDescription": { - "text": "Test for NaN correctly" - }, - "fullDescription": { - "text": "This expression tests a value against Single.Nan or Double.Nan. Use Single.IsNan(Single) or Double.IsNan(Double) to test the value." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2242", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2243", - "shortDescription": { - "text": "Attribute string literals should parse correctly" - }, - "fullDescription": { - "text": "The string literal parameter of an attribute does not parse correctly for a URL, a GUID, or a version." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2243", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2244", - "shortDescription": { - "text": "Do not duplicate indexed element initializations" - }, - "fullDescription": { - "text": "Indexed elements in objects initializers must initialize unique elements. A duplicate index might overwrite a previous element initialization." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2244", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2245", - "shortDescription": { - "text": "Do not assign a property to itself" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2245", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2246", - "shortDescription": { - "text": "Assigning symbol and its member in the same statement" - }, - "fullDescription": { - "text": "Assigning to a symbol and its member (field/property) in the same statement is not recommended. It is not clear if the member access was intended to use symbol's old value prior to the assignment or new value from the assignment in this statement. For clarity, consider splitting the assignments into separate statements." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2246", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2247", - "shortDescription": { - "text": "Argument passed to TaskCompletionSource constructor should be TaskCreationOptions enum instead of TaskContinuationOptions enum" - }, - "fullDescription": { - "text": "TaskCompletionSource has constructors that take TaskCreationOptions that control the underlying Task, and constructors that take object state that's stored in the task. Accidentally passing a TaskContinuationOptions instead of a TaskCreationOptions will result in the call treating the options as state." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2247", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2248", - "shortDescription": { - "text": "Provide correct 'enum' argument to 'Enum.HasFlag'" - }, - "fullDescription": { - "text": "'Enum.HasFlag' method expects the 'enum' argument to be of the same 'enum' type as the instance on which the method is invoked and that this 'enum' is marked with 'System.FlagsAttribute'. If these are different 'enum' types, an unhandled exception will be thrown at runtime. If the 'enum' type is not marked with 'System.FlagsAttribute' the call will always return 'false' at runtime." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2248", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2249", - "shortDescription": { - "text": "Consider using 'string.Contains' instead of 'string.IndexOf'" - }, - "fullDescription": { - "text": "Calls to 'string.IndexOf' where the result is used to check for the presence/absence of a substring can be replaced by 'string.Contains'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2249", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2250", - "shortDescription": { - "text": "Use 'ThrowIfCancellationRequested'" - }, - "fullDescription": { - "text": "'ThrowIfCancellationRequested' automatically checks whether the token has been canceled, and throws an 'OperationCanceledException' if it has." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2250", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2251", - "shortDescription": { - "text": "Use 'string.Equals'" - }, - "fullDescription": { - "text": "It is both clearer and likely faster to use 'string.Equals' instead of comparing the result of 'string.Compare' to zero." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2251", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2252", - "shortDescription": { - "text": "This API requires opting into preview features" - }, - "fullDescription": { - "text": "An assembly has to opt into preview features before using them." - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2252", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2253", - "shortDescription": { - "text": "Named placeholders should not be numeric values" - }, - "fullDescription": { - "text": "Named placeholders in the logging message template should not be comprised of only numeric characters." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2253", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2254", - "shortDescription": { - "text": "Template should be a static expression" - }, - "fullDescription": { - "text": "The logging message template should not vary between calls." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2254", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2255", - "shortDescription": { - "text": "The 'ModuleInitializer' attribute should not be used in libraries" - }, - "fullDescription": { - "text": "Module initializers are intended to be used by application code to ensure an application's components are initialized before the application code begins executing. If library code declares a method with the 'ModuleInitializerAttribute', it can interfere with application initialization and also lead to limitations in that application's trimming abilities. Instead of using methods marked with 'ModuleInitializerAttribute', the library should expose methods that can be used to initialize any components within the library and allow the application to invoke the method during application initialization." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2255", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2256", - "shortDescription": { - "text": "All members declared in parent interfaces must have an implementation in a DynamicInterfaceCastableImplementation-attributed interface" - }, - "fullDescription": { - "text": "Types attributed with 'DynamicInterfaceCastableImplementationAttribute' act as an interface implementation for a type that implements the 'IDynamicInterfaceCastable' type. As a result, it must provide an implementation of all of the members defined in the inherited interfaces, because the type that implements 'IDynamicInterfaceCastable' will not provide them otherwise." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2256", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2257", - "shortDescription": { - "text": "Members defined on an interface with the 'DynamicInterfaceCastableImplementationAttribute' should be 'static'" - }, - "fullDescription": { - "text": "Since a type that implements 'IDynamicInterfaceCastable' may not implement a dynamic interface in metadata, calls to an instance interface member that is not an explicit implementation defined on this type are likely to fail at runtime. Mark new interface members 'static' to avoid runtime errors." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2257", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2258", - "shortDescription": { - "text": "Providing a 'DynamicInterfaceCastableImplementation' interface in Visual Basic is unsupported" - }, - "fullDescription": { - "text": "Providing a functional 'DynamicInterfaceCastableImplementationAttribute'-attributed interface requires the Default Interface Members feature, which is unsupported in Visual Basic." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2258", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2259", - "shortDescription": { - "text": "'ThreadStatic' only affects static fields" - }, - "fullDescription": { - "text": "'ThreadStatic' only affects static fields. When applied to instance fields, it has no impact on behavior." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2259", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2260", - "shortDescription": { - "text": "Use correct type parameter" - }, - "fullDescription": { - "text": "Generic math interfaces require the derived type itself to be used for the self recurring type parameter." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2260", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2261", - "shortDescription": { - "text": "Do not use ConfigureAwaitOptions.SuppressThrowing with Task" - }, - "fullDescription": { - "text": "The ConfigureAwaitOptions.SuppressThrowing option is only supported with the non-generic Task, not a Task. To use it with a Task, first cast to the base Task." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2261", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2262", - "shortDescription": { - "text": "Set 'MaxResponseHeadersLength' properly" - }, - "fullDescription": { - "text": "The property 'MaxResponseHeadersLength' is measured in kilobytes, not in bytes. The provided value is multiplied by 1024, which might be greater than your intended maximum length." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2262", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2263", - "shortDescription": { - "text": "Prefer generic overload when type is known" - }, - "fullDescription": { - "text": "Using a generic overload is preferable to the 'System.Type' overload when the type is known, promoting cleaner and more type-safe code with improved compile-time checks." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2263", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2264", - "shortDescription": { - "text": "Do not pass a non-nullable value to 'ArgumentNullException.ThrowIfNull'" - }, - "fullDescription": { - "text": "'ArgumentNullException.ThrowIfNull' throws when the passed argument is 'null'. Certain constructs like non-nullable structs, 'nameof()' and 'new' expressions are known to never be null, so 'ArgumentNullException.ThrowIfNull' will never throw." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2264", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2265", - "shortDescription": { - "text": "Do not compare Span to 'null' or 'default'" - }, - "fullDescription": { - "text": "Comparing a span to 'null' or 'default' might not do what you intended. 'default' and the 'null' literal are implicitly converted to 'Span.Empty'. Remove the redundant comparison or make the code more explicit by using 'IsEmpty'." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2265", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2300", - "shortDescription": { - "text": "Do not use insecure deserializer BinaryFormatter" - }, - "fullDescription": { - "text": "The method '{0}' is insecure when deserializing untrusted data. If you need to instead detect BinaryFormatter deserialization without a SerializationBinder set, then disable rule CA2300, and enable rules CA2301 and CA2302." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2300", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2301", - "shortDescription": { - "text": "Do not call BinaryFormatter.Deserialize without first setting BinaryFormatter.Binder" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2301", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2302", - "shortDescription": { - "text": "Ensure BinaryFormatter.Binder is set before calling BinaryFormatter.Deserialize" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2302", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2305", - "shortDescription": { - "text": "Do not use insecure deserializer LosFormatter" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2305", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2310", - "shortDescription": { - "text": "Do not use insecure deserializer NetDataContractSerializer" - }, - "fullDescription": { - "text": "The method '{0}' is insecure when deserializing untrusted data. If you need to instead detect NetDataContractSerializer deserialization without a SerializationBinder set, then disable rule CA2310, and enable rules CA2311 and CA2312." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2310", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2311", - "shortDescription": { - "text": "Do not deserialize without first setting NetDataContractSerializer.Binder" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2311", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2312", - "shortDescription": { - "text": "Ensure NetDataContractSerializer.Binder is set before deserializing" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2312", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2315", - "shortDescription": { - "text": "Do not use insecure deserializer ObjectStateFormatter" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2315", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2321", - "shortDescription": { - "text": "Do not deserialize with JavaScriptSerializer using a SimpleTypeResolver" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2321", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2322", - "shortDescription": { - "text": "Ensure JavaScriptSerializer is not initialized with SimpleTypeResolver before deserializing" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2322", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2326", - "shortDescription": { - "text": "Do not use TypeNameHandling values other than None" - }, - "fullDescription": { - "text": "Deserializing JSON when using a TypeNameHandling value other than None can be insecure. If you need to instead detect Json.NET deserialization when a SerializationBinder isn't specified, then disable rule CA2326, and enable rules CA2327, CA2328, CA2329, and CA2330." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2326", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2327", - "shortDescription": { - "text": "Do not use insecure JsonSerializerSettings" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2327", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2328", - "shortDescription": { - "text": "Ensure that JsonSerializerSettings are secure" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2328", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2329", - "shortDescription": { - "text": "Do not deserialize with JsonSerializer using an insecure configuration" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2329", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2330", - "shortDescription": { - "text": "Ensure that JsonSerializer has a secure configuration when deserializing" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2330", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2350", - "shortDescription": { - "text": "Do not use DataTable.ReadXml() with untrusted data" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2350", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2351", - "shortDescription": { - "text": "Do not use DataSet.ReadXml() with untrusted data" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2351", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2352", - "shortDescription": { - "text": "Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2352", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2353", - "shortDescription": { - "text": "Unsafe DataSet or DataTable in serializable type" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2353", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2354", - "shortDescription": { - "text": "Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attacks" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2354", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2355", - "shortDescription": { - "text": "Unsafe DataSet or DataTable type found in deserializable object graph" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2355", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2356", - "shortDescription": { - "text": "Unsafe DataSet or DataTable type in web deserializable object graph" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2356", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2361", - "shortDescription": { - "text": "Ensure auto-generated class containing DataSet.ReadXml() is not used with untrusted data" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2361", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2362", - "shortDescription": { - "text": "Unsafe DataSet or DataTable in auto-generated serializable type can be vulnerable to remote code execution attacks" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2362", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3001", - "shortDescription": { - "text": "Review code for SQL injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3001", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3002", - "shortDescription": { - "text": "Review code for XSS vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3002", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3003", - "shortDescription": { - "text": "Review code for file path injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3003", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3004", - "shortDescription": { - "text": "Review code for information disclosure vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3004", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3005", - "shortDescription": { - "text": "Review code for LDAP injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3005", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3006", - "shortDescription": { - "text": "Review code for process command injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3006", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3007", - "shortDescription": { - "text": "Review code for open redirect vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3007", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3008", - "shortDescription": { - "text": "Review code for XPath injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3008", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3009", - "shortDescription": { - "text": "Review code for XML injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3009", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3010", - "shortDescription": { - "text": "Review code for XAML injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3010", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3011", - "shortDescription": { - "text": "Review code for DLL injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3011", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3012", - "shortDescription": { - "text": "Review code for regex injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3012", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3061", - "shortDescription": { - "text": "Do Not Add Schema By URL" - }, - "fullDescription": { - "text": "This overload of XmlSchemaCollection.Add method internally enables DTD processing on the XML reader instance used, and uses UrlResolver for resolving external XML entities. The outcome is information disclosure. Content from file system or network shares for the machine processing the XML can be exposed to attacker. In addition, an attacker can use this as a DoS vector." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3061", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3075", - "shortDescription": { - "text": "Insecure DTD processing in XML" - }, - "fullDescription": { - "text": "Using XmlTextReader.Load(), creating an insecure XmlReaderSettings instance when invoking XmlReader.Create(), setting the InnerXml property of the XmlDocument and enabling DTD processing using XmlUrlResolver insecurely can lead to information disclosure. Replace it with a call to the Load() method overload that takes an XmlReader instance, use XmlReader.Create() to accept XmlReaderSettings arguments or consider explicitly setting secure values. The DataViewSettingCollectionString property of DataViewManager should always be assigned from a trusted source, the DtdProcessing property should be set to false, and the XmlResolver property should be changed to XmlSecureResolver or null." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3075", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3076", - "shortDescription": { - "text": "Insecure XSLT script processing" - }, - "fullDescription": { - "text": "Providing an insecure XsltSettings instance and an insecure XmlResolver instance to XslCompiledTransform.Load method is potentially unsafe as it allows processing script within XSL, which on an untrusted XSL input may lead to malicious code execution. Either replace the insecure XsltSettings argument with XsltSettings.Default or an instance that has disabled document function and script execution, or replace the XmlResolver argument with null or an XmlSecureResolver instance. This message may be suppressed if the input is known to be from a trusted source and external resource resolution from locations that are not known in advance must be supported." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3076", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3077", - "shortDescription": { - "text": "Insecure Processing in API Design, XmlDocument and XmlTextReader" - }, - "fullDescription": { - "text": "Enabling DTD processing on all instances derived from XmlTextReader or  XmlDocument and using XmlUrlResolver for resolving external XML entities may lead to information disclosure. Ensure to set the XmlResolver property to null, create an instance of XmlSecureResolver when processing untrusted input, or use XmlReader.Create method with a secure XmlReaderSettings argument. Unless you need to enable it, ensure the DtdProcessing property is set to false." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3077", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3147", - "shortDescription": { - "text": "Mark Verb Handlers With Validate Antiforgery Token" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3147", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5350", - "shortDescription": { - "text": "Do Not Use Weak Cryptographic Algorithms" - }, - "fullDescription": { - "text": "Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5350", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5351", - "shortDescription": { - "text": "Do Not Use Broken Cryptographic Algorithms" - }, - "fullDescription": { - "text": "An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5351", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5358", - "shortDescription": { - "text": "Review cipher mode usage with cryptography experts" - }, - "fullDescription": { - "text": "These cipher modes might be vulnerable to attacks. Consider using recommended modes (CBC, CTS)." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5358", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5359", - "shortDescription": { - "text": "Do Not Disable Certificate Validation" - }, - "fullDescription": { - "text": "A certificate can help authenticate the identity of the server. Clients should validate the server certificate to ensure requests are sent to the intended server. If the ServerCertificateValidationCallback always returns 'true', any certificate will pass validation." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5359", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5360", - "shortDescription": { - "text": "Do Not Call Dangerous Methods In Deserialization" - }, - "fullDescription": { - "text": "Insecure Deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application, inflict a Denial-of-Service (DoS) attack, or even execute arbitrary code upon it being deserialized. It’s frequently possible for malicious users to abuse these deserialization features when the application is deserializing untrusted data which is under their control. Specifically, invoke dangerous methods in the process of deserialization. Successful insecure deserialization attacks could allow an attacker to carry out attacks such as DoS attacks, authentication bypasses, and remote code execution." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5360", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5361", - "shortDescription": { - "text": "Do Not Disable SChannel Use of Strong Crypto" - }, - "fullDescription": { - "text": "Starting with the .NET Framework 4.6, the System.Net.ServicePointManager and System.Net.Security.SslStream classes are recommended to use new protocols. The old ones have protocol weaknesses and are not supported. Setting Switch.System.Net.DontEnableSchUseStrongCrypto with true will use the old weak crypto check and opt out of the protocol migration." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5361", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5362", - "shortDescription": { - "text": "Potential reference cycle in deserialized object graph" - }, - "fullDescription": { - "text": "Review code that processes untrusted deserialized data for handling of unexpected reference cycles. An unexpected reference cycle should not cause the code to enter an infinite loop. Otherwise, an unexpected reference cycle can allow an attacker to DOS or exhaust the memory of the process when deserializing untrusted data." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5362", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5363", - "shortDescription": { - "text": "Do Not Disable Request Validation" - }, - "fullDescription": { - "text": "Request validation is a feature in ASP.NET that examines HTTP requests and determines whether they contain potentially dangerous content. This check adds protection from markup or code in the URL query string, cookies, or posted form values that might have been added for malicious purposes. So, it is generally desirable and should be left enabled for defense in depth." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5363", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5364", - "shortDescription": { - "text": "Do Not Use Deprecated Security Protocols" - }, - "fullDescription": { - "text": "Using a deprecated security protocol rather than the system default is risky." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5364", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5365", - "shortDescription": { - "text": "Do Not Disable HTTP Header Checking" - }, - "fullDescription": { - "text": "HTTP header checking enables encoding of the carriage return and newline characters, \\r and \\n, that are found in response headers. This encoding can help to avoid injection attacks that exploit an application that echoes untrusted data contained by the header." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5365", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5366", - "shortDescription": { - "text": "Use XmlReader for 'DataSet.ReadXml()'" - }, - "fullDescription": { - "text": "Processing XML from untrusted data may load dangerous external references, which should be restricted by using an XmlReader with a secure resolver or with DTD processing disabled." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5366", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5367", - "shortDescription": { - "text": "Do Not Serialize Types With Pointer Fields" - }, - "fullDescription": { - "text": "Pointers are not \"type safe\" in the sense that you cannot guarantee the correctness of the memory they point at. So, serializing types with pointer fields is dangerous, as it may allow an attacker to control the pointer." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5367", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5368", - "shortDescription": { - "text": "Set ViewStateUserKey For Classes Derived From Page" - }, - "fullDescription": { - "text": "Setting the ViewStateUserKey property can help you prevent attacks on your application by allowing you to assign an identifier to the view-state variable for individual users so that they cannot use the variable to generate an attack. Otherwise, there will be cross-site request forgery vulnerabilities." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5368", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5369", - "shortDescription": { - "text": "Use XmlReader for 'XmlSerializer.Deserialize()'" - }, - "fullDescription": { - "text": "Processing XML from untrusted data may load dangerous external references, which should be restricted by using an XmlReader with a secure resolver or with DTD processing disabled." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5369", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5370", - "shortDescription": { - "text": "Use XmlReader for XmlValidatingReader constructor" - }, - "fullDescription": { - "text": "Processing XML from untrusted data may load dangerous external references, which should be restricted by using an XmlReader with a secure resolver or with DTD processing disabled." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5370", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5371", - "shortDescription": { - "text": "Use XmlReader for 'XmlSchema.Read()'" - }, - "fullDescription": { - "text": "Processing XML from untrusted data may load dangerous external references, which should be restricted by using an XmlReader with a secure resolver or with DTD processing disabled." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5371", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5372", - "shortDescription": { - "text": "Use XmlReader for XPathDocument constructor" - }, - "fullDescription": { - "text": "Processing XML from untrusted data may load dangerous external references, which should be restricted by using an XmlReader with a secure resolver or with DTD processing disabled." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5372", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5373", - "shortDescription": { - "text": "Do not use obsolete key derivation function" - }, - "fullDescription": { - "text": "Password-based key derivation should use PBKDF2 with SHA-2. Avoid using PasswordDeriveBytes since it generates a PBKDF1 key. Avoid using Rfc2898DeriveBytes.CryptDeriveKey since it doesn't use the iteration count or salt." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5373", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5374", - "shortDescription": { - "text": "Do Not Use XslTransform" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5374", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5375", - "shortDescription": { - "text": "Do Not Use Account Shared Access Signature" - }, - "fullDescription": { - "text": "Shared Access Signatures(SAS) are a vital part of the security model for any application using Azure Storage, they should provide limited and safe permissions to your storage account to clients that don't have the account key. All of the operations available via a service SAS are also available via an account SAS, that is, account SAS is too powerful. So it is recommended to use Service SAS to delegate access more carefully." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5375", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5376", - "shortDescription": { - "text": "Use SharedAccessProtocol HttpsOnly" - }, - "fullDescription": { - "text": "HTTPS encrypts network traffic. Use HttpsOnly, rather than HttpOrHttps, to ensure network traffic is always encrypted to help prevent disclosure of sensitive data." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5376", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5377", - "shortDescription": { - "text": "Use Container Level Access Policy" - }, - "fullDescription": { - "text": "No access policy identifier is specified, making tokens non-revocable." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5377", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5378", - "shortDescription": { - "text": "Do not disable ServicePointManagerSecurityProtocols" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5378", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5379", - "shortDescription": { - "text": "Ensure Key Derivation Function algorithm is sufficiently strong" - }, - "fullDescription": { - "text": "Some implementations of the Rfc2898DeriveBytes class allow for a hash algorithm to be specified in a constructor parameter or overwritten in the HashAlgorithm property. If a hash algorithm is specified, then it should be SHA-256 or higher." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5379", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5380", - "shortDescription": { - "text": "Do Not Add Certificates To Root Store" - }, - "fullDescription": { - "text": "By default, the Trusted Root Certification Authorities certificate store is configured with a set of public CAs that has met the requirements of the Microsoft Root Certificate Program. Since all trusted root CAs can issue certificates for any domain, an attacker can pick a weak or coercible CA that you install by yourself to target for an attack - and a single vulnerable, malicious or coercible CA undermines the security of the entire system. To make matters worse, these attacks can go unnoticed quite easily." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5380", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5381", - "shortDescription": { - "text": "Ensure Certificates Are Not Added To Root Store" - }, - "fullDescription": { - "text": "By default, the Trusted Root Certification Authorities certificate store is configured with a set of public CAs that has met the requirements of the Microsoft Root Certificate Program. Since all trusted root CAs can issue certificates for any domain, an attacker can pick a weak or coercible CA that you install by yourself to target for an attack - and a single vulnerable, malicious or coercible CA undermines the security of the entire system. To make matters worse, these attacks can go unnoticed quite easily." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5381", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5382", - "shortDescription": { - "text": "Use Secure Cookies In ASP.NET Core" - }, - "fullDescription": { - "text": "Applications available over HTTPS must use secure cookies." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5382", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5383", - "shortDescription": { - "text": "Ensure Use Secure Cookies In ASP.NET Core" - }, - "fullDescription": { - "text": "Applications available over HTTPS must use secure cookies." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5383", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5384", - "shortDescription": { - "text": "Do Not Use Digital Signature Algorithm (DSA)" - }, - "fullDescription": { - "text": "DSA is too weak to use." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5384", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5385", - "shortDescription": { - "text": "Use Rivest-Shamir-Adleman (RSA) Algorithm With Sufficient Key Size" - }, - "fullDescription": { - "text": "Encryption algorithms are vulnerable to brute force attacks when too small a key size is used." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5385", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5386", - "shortDescription": { - "text": "Avoid hardcoding SecurityProtocolType value" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5386", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5387", - "shortDescription": { - "text": "Do Not Use Weak Key Derivation Function With Insufficient Iteration Count" - }, - "fullDescription": { - "text": "When deriving cryptographic keys from user-provided inputs such as password, use sufficient iteration count (at least 100k)." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5387", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5388", - "shortDescription": { - "text": "Ensure Sufficient Iteration Count When Using Weak Key Derivation Function" - }, - "fullDescription": { - "text": "When deriving cryptographic keys from user-provided inputs such as password, use sufficient iteration count (at least 100k)." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5388", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5389", - "shortDescription": { - "text": "Do Not Add Archive Item's Path To The Target File System Path" - }, - "fullDescription": { - "text": "When extracting files from an archive and using the archive item's path, check if the path is safe. Archive path can be relative and can lead to file system access outside of the expected file system target path, leading to malicious config changes and remote code execution via lay-and-wait technique." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5389", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5390", - "shortDescription": { - "text": "Do not hard-code encryption key" - }, - "fullDescription": { - "text": "SymmetricAlgorithm's .Key property, or a method's rgbKey parameter, should never be a hard-coded value." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5390", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5391", - "shortDescription": { - "text": "Use antiforgery tokens in ASP.NET Core MVC controllers" - }, - "fullDescription": { - "text": "Handling a POST, PUT, PATCH, or DELETE request without validating an antiforgery token may be vulnerable to cross-site request forgery attacks. A cross-site request forgery attack can send malicious requests from an authenticated user to your ASP.NET Core MVC controller." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5391", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5392", - "shortDescription": { - "text": "Use DefaultDllImportSearchPaths attribute for P/Invokes" - }, - "fullDescription": { - "text": "By default, P/Invokes using DllImportAttribute probe a number of directories, including the current working directory for the library to load. This can be a security issue for certain applications, leading to DLL hijacking." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5392", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5393", - "shortDescription": { - "text": "Do not use unsafe DllImportSearchPath value" - }, - "fullDescription": { - "text": "There could be a malicious DLL in the default DLL search directories. Or, depending on where your application is run from, there could be a malicious DLL in the application's directory. Use a DllImportSearchPath value that specifies an explicit search path instead. The DllImportSearchPath flags that this rule looks for can be configured in .editorconfig." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5393", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5394", - "shortDescription": { - "text": "Do not use insecure randomness" - }, - "fullDescription": { - "text": "Using a cryptographically weak pseudo-random number generator may allow an attacker to predict what security-sensitive value will be generated. Use a cryptographically strong random number generator if an unpredictable value is required, or ensure that weak pseudo-random numbers aren't used in a security-sensitive manner." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5394", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5395", - "shortDescription": { - "text": "Miss HttpVerb attribute for action methods" - }, - "fullDescription": { - "text": "All the methods that create, edit, delete, or otherwise modify data do so in the [HttpPost] overload of the method, which needs to be protected with the anti forgery attribute from request forgery. Performing a GET operation should be a safe operation that has no side effects and doesn't modify your persisted data." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5395", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5396", - "shortDescription": { - "text": "Set HttpOnly to true for HttpCookie" - }, - "fullDescription": { - "text": "As a defense in depth measure, ensure security sensitive HTTP cookies are marked as HttpOnly. This indicates web browsers should disallow scripts from accessing the cookies. Injected malicious scripts are a common way of stealing cookies." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5396", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5397", - "shortDescription": { - "text": "Do not use deprecated SslProtocols values" - }, - "fullDescription": { - "text": "Older protocol versions of Transport Layer Security (TLS) are less secure than TLS 1.2 and TLS 1.3, and are more likely to have new vulnerabilities. Avoid older protocol versions to minimize risk." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5397", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5398", - "shortDescription": { - "text": "Avoid hardcoded SslProtocols values" - }, - "fullDescription": { - "text": "Current Transport Layer Security protocol versions may become deprecated if vulnerabilities are found. Avoid hardcoding SslProtocols values to keep your application secure. Use 'None' to let the Operating System choose a version." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5398", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5399", - "shortDescription": { - "text": "HttpClients should enable certificate revocation list checks" - }, - "fullDescription": { - "text": "Using HttpClient without providing a platform specific handler (WinHttpHandler or CurlHandler or HttpClientHandler) where the CheckCertificateRevocationList property is set to true, will allow revoked certificates to be accepted by the HttpClient as valid." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5399", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5400", - "shortDescription": { - "text": "Ensure HttpClient certificate revocation list check is not disabled" - }, - "fullDescription": { - "text": "Using HttpClient without providing a platform specific handler (WinHttpHandler or CurlHandler or HttpClientHandler) where the CheckCertificateRevocationList property is set to true, will allow revoked certificates to be accepted by the HttpClient as valid." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5400", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5401", - "shortDescription": { - "text": "Do not use CreateEncryptor with non-default IV" - }, - "fullDescription": { - "text": "Symmetric encryption should always use a non-repeatable initialization vector to prevent dictionary attacks." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5401", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5402", - "shortDescription": { - "text": "Use CreateEncryptor with the default IV" - }, - "fullDescription": { - "text": "Symmetric encryption should always use a non-repeatable initialization vector to prevent dictionary attacks." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5402", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5403", - "shortDescription": { - "text": "Do not hard-code certificate" - }, - "fullDescription": { - "text": "Hard-coded certificates in source code are vulnerable to being exploited." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5403", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5404", - "shortDescription": { - "text": "Do not disable token validation checks" - }, - "fullDescription": { - "text": "Token validation checks ensure that while validating tokens, all aspects are analyzed and verified. Turning off validation can lead to security holes by allowing untrusted tokens to make it through validation." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5404", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5405", - "shortDescription": { - "text": "Do not always skip token validation in delegates" - }, - "fullDescription": { - "text": "By setting critical TokenValidationParameter validation delegates to true, important authentication safeguards are disabled which can lead to tokens from any issuer or expired tokens being wrongly validated." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5405", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "RP0001", - "shortDescription": { - "text": "Provide dependency rules for analysis" - }, - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "9" - } - }, - { - "id": "RP0002", - "shortDescription": { - "text": "Invalid dependency rules format" - }, - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "9" - } - }, - { - "id": "RP0003", - "shortDescription": { - "text": "No dependency rules matched the current project" - }, - "defaultConfiguration": { - "level": "note" - }, - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "9" - } - }, - { - "id": "RP0004", - "shortDescription": { - "text": "Project reference violation" - }, - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "9" - } - }, - { - "id": "SYSLIB1045", - "shortDescription": { - "text": "Convert to 'GeneratedRegexAttribute'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1045", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1054", - "shortDescription": { - "text": "Use 'LibraryImportAttribute' instead of 'DllImportAttribute' to generate P/Invoke marshalling code at compile time" - }, - "fullDescription": { - "text": "Use 'LibraryImportAttribute' instead of 'DllImportAttribute' to generate P/Invoke marshalling code at compile time" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1054", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1055", - "shortDescription": { - "text": "Invalid 'CustomMarshallerAttribute' usage" - }, - "fullDescription": { - "text": "A type with a 'System.Runtime.InteropServices.CustomMarshallerAttribute' must specify a non-'null' managed type" - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1055", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1056", - "shortDescription": { - "text": "Specified marshaller type is invalid" - }, - "fullDescription": { - "text": "The unmanaged type for a custom marshaller must be a C# unmanaged type." - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1056", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1057", - "shortDescription": { - "text": "Marshaller type does not have the required shape" - }, - "fullDescription": { - "text": "A stateless value marshaller that supports marshalling from managed to unmanaged must provide a one-parameter 'ConvertToUnmanaged' method that takes the managed value as the parameter and returns a value of the 'unmanaged' type." - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1057", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1058", - "shortDescription": { - "text": "Invalid 'NativeMarshallingAttribute' usage" - }, - "fullDescription": { - "text": "An entry-point type for marshalling a given type must have a 'System.Runtime.InteropServices.CustomMarshallerAttribute' that specifies this type as the managed type." - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1058", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1060", - "shortDescription": { - "text": "Specified marshaller type is invalid" - }, - "fullDescription": { - "text": "A marshaller type must either be a stateless static class or a stateful value type. A non-static class is not allowed." - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1060", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1061", - "shortDescription": { - "text": "Marshaller type has incompatible method signatures" - }, - "fullDescription": { - "text": "The return type of 'GetPinnableReference' (after accounting for 'ref') must be blittable." - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1061", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1090", - "shortDescription": { - "text": "'GeneratedComInterfaceType' does not support the 'ComInterfaceType' value supplied to 'InterfaceTypeAttribute' on the same type." - }, - "fullDescription": { - "text": "Using 'GeneratedComInterfaceAttribute' and 'InterfaceTypeAttribute' is not supported with 'ComInterfaceType' value '{0}'." - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1090", - "properties": { - "category": "ComInterfaceGenerator", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1096", - "shortDescription": { - "text": "Convert to 'GeneratedComInterface'" - }, - "fullDescription": { - "text": "Use 'GeneratedComInterfaceAttribute' instead of 'ComImportAttribute' to generate COM marshalling code at compile time" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1096", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1097", - "shortDescription": { - "text": "Add 'GeneratedComClassAttribute' to enable passing objects of this type to COM" - }, - "fullDescription": { - "text": "This type implements at least one type with the 'GeneratedComInterfaceAttribute' attribute or its base type has the 'GeneratedComClassAttribute' attribute. Add the 'GeneratedComClassAttribute' to enable passing this type to COM and exposing the COM interfaces for the types with the 'GeneratedComInterfaceAttribute' from objects of this type." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1097", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1098", - "shortDescription": { - "text": ".NET COM hosting with 'EnableComHosting' does not support interfaces with the 'GeneratedComInterfaceAttribute'" - }, - "fullDescription": { - "text": ".NET COM hosting with 'EnableComHosting' only supports built-in COM interop. It does not support source-generated COM interop with 'GeneratedComInterfaceAttribute'." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1098", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1099", - "shortDescription": { - "text": "COM Interop APIs on 'System.Runtime.InteropServices.Marshal' do not support source-generated COM" - }, - "fullDescription": { - "text": "COM Interop APIs on 'System.Runtime.InteropServices.Marshal' do not support source-generated COM and will fail at runtime" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1099", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - } - ] - } - }, - "columnKind": "utf16CodeUnits" - } - ] -} \ No newline at end of file diff --git a/samples/ClassB/build.sarif b/samples/ClassB/build.sarif deleted file mode 100644 index d2beb02..0000000 --- a/samples/ClassB/build.sarif +++ /dev/null @@ -1,42 +0,0 @@ -{ - "$schema": "http://json.schemastore.org/sarif-1.0.0", - "version": "1.0.0", - "runs": [ - { - "tool": { - "name": "Microsoft (R) Visual C# Compiler", - "version": "4.14.0.0", - "fileVersion": "4.14.0-3.25359.3 (6dbcfd2f)", - "semanticVersion": "4.14.0", - "language": "en-US" - }, - "results": [ - { - "ruleId": "RP0001", - "level": "warning", - "message": "Provide DependencyRulesFile property to specify valid dependency rules file. Current path: DependencyRules.json.", - "properties": { - "warningLevel": 1, - "customProperties": { - "AdditionalFiles": "System.Collections.Generic.Dictionary`2[System.String,System.String]", - "CurrentPath": "N/A", - "DependencyRulesFile": "DependencyRules.json", - "DependencyRulesFileFullPath": "C:\\Program Files\\dotnet\\sdk\\9.0.303\\Roslyn\\bincore\\DependencyRules.json" - } - } - } - ], - "rules": { - "RP0001": { - "id": "RP0001", - "shortDescription": "Provide dependency rules for analysis", - "defaultLevel": "warning", - "properties": { - "category": "Usage", - "isEnabledByDefault": true - } - } - } - } - ] -} \ No newline at end of file diff --git a/samples/ClassB/example.sarif b/samples/ClassB/example.sarif deleted file mode 100644 index d8aa6d9..0000000 --- a/samples/ClassB/example.sarif +++ /dev/null @@ -1,7841 +0,0 @@ -{ - "$schema": "http://json.schemastore.org/sarif-2.1.0", - "version": "2.1.0", - "runs": [ - { - "results": [ - { - "ruleId": "RP0003", - "ruleIndex": 311, - "level": "note", - "message": { - "text": "No dependency rules matched the current project 'C:\\code\\ReferenceProtector\\samples\\ClassB\\ClassB.csproj'" - }, - "properties": { - "warningLevel": 1 - } - } - ], - "properties": { - "analyzerExecutionTime": "0.010" - }, - "tool": { - "driver": { - "name": "Microsoft (R) Visual C# Compiler", - "version": "4.14.0-3.25359.3 (6dbcfd2f)", - "dottedQuadFileVersion": "4.14.0.0", - "semanticVersion": "4.14.0", - "language": "en-US", - "rules": [ - { - "id": "CA1000", - "shortDescription": { - "text": "Do not declare static members on generic types" - }, - "fullDescription": { - "text": "When a static member of a generic type is called, the type argument must be specified for the type. When a generic instance member that does not support inference is called, the type argument must be specified for the member. In these two cases, the syntax for specifying the type argument is different and easily confused." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1000", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1001", - "shortDescription": { - "text": "Types that own disposable fields should be disposable" - }, - "fullDescription": { - "text": "A class declares and implements an instance field that is a System.IDisposable type, and the class does not implement IDisposable. A class that declares an IDisposable field indirectly owns an unmanaged resource and should implement the IDisposable interface." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1001", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1002", - "shortDescription": { - "text": "Do not expose generic lists" - }, - "fullDescription": { - "text": "System.Collections.Generic.List is a generic collection that's designed for performance and not inheritance. List does not contain virtual members that make it easier to change the behavior of an inherited class." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1002", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1003", - "shortDescription": { - "text": "Use generic event handler instances" - }, - "fullDescription": { - "text": "A type contains a delegate that returns void, whose signature contains two parameters (the first an object and the second a type that is assignable to EventArgs), and the containing assembly targets Microsoft .NET Framework?2.0." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1003", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1005", - "shortDescription": { - "text": "Avoid excessive parameters on generic types" - }, - "fullDescription": { - "text": "The more type parameters a generic type contains, the more difficult it is to know and remember what each type parameter represents." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1005", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry" - ] - } - }, - { - "id": "CA1008", - "shortDescription": { - "text": "Enums should have zero value" - }, - "fullDescription": { - "text": "The default value of an uninitialized enumeration, just as other value types, is zero. A nonflags-attributed enumeration should define a member by using the value of zero so that the default value is a valid value of the enumeration. If an enumeration that has the FlagsAttribute attribute applied defines a zero-valued member, its name should be \"\"None\"\" to indicate that no values have been set in the enumeration." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1008", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode", - "RuleRename" - ] - } - }, - { - "id": "CA1010", - "shortDescription": { - "text": "Generic interface should also be implemented" - }, - "fullDescription": { - "text": "To broaden the usability of a type, implement one of the generic interfaces. This is especially true for collections as they can then be used to populate generic collection types." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1010", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1012", - "shortDescription": { - "text": "Abstract types should not have public constructors" - }, - "fullDescription": { - "text": "Constructors on abstract types can be called only by derived types. Because public constructors create instances of a type, and you cannot create instances of an abstract type, an abstract type that has a public constructor is incorrectly designed." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1012", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1014", - "shortDescription": { - "text": "Mark assemblies with CLSCompliant" - }, - "fullDescription": { - "text": "The Common Language Specification (CLS) defines naming restrictions, data types, and rules to which assemblies must conform if they will be used across programming languages. Good design dictates that all assemblies explicitly indicate CLS compliance by using CLSCompliantAttribute . If this attribute is not present on an assembly, the assembly is not compliant." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1014", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "CompilationEnd" - ] - } - }, - { - "id": "CA1016", - "shortDescription": { - "text": "Mark assemblies with assembly version" - }, - "fullDescription": { - "text": "The .NET Framework uses the version number to uniquely identify an assembly, and to bind to types in strongly named assemblies. The version number is used together with version and publisher policy. By default, applications run only with the assembly version with which they were built." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1016", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA1017", - "shortDescription": { - "text": "Mark assemblies with ComVisible" - }, - "fullDescription": { - "text": "ComVisibleAttribute determines how COM clients access managed code. Good design dictates that assemblies explicitly indicate COM visibility. COM visibility can be set for the whole assembly and then overridden for individual types and type members. If this attribute is not present, the contents of the assembly are visible to COM clients." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1017", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "CompilationEnd" - ] - } - }, - { - "id": "CA1018", - "shortDescription": { - "text": "Mark attributes with AttributeUsageAttribute" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1018", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1019", - "shortDescription": { - "text": "Define accessors for attribute arguments" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1019", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1021", - "shortDescription": { - "text": "Avoid out parameters" - }, - "fullDescription": { - "text": "Passing types by reference (using 'out' or 'ref') requires experience with pointers, understanding how value types and reference types differ, and handling methods with multiple return values. Also, the difference between 'out' and 'ref' parameters is not widely understood." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1021", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry" - ] - } - }, - { - "id": "CA1024", - "shortDescription": { - "text": "Use properties where appropriate" - }, - "fullDescription": { - "text": "A public or protected method has a name that starts with \"\"Get\"\", takes no parameters, and returns a value that is not an array. The method might be a good candidate to become a property." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1024", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1027", - "shortDescription": { - "text": "Mark enums with FlagsAttribute" - }, - "fullDescription": { - "text": "An enumeration is a value type that defines a set of related named constants. Apply FlagsAttribute to an enumeration when its named constants can be meaningfully combined." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1027", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1028", - "shortDescription": { - "text": "Enum Storage should be Int32" - }, - "fullDescription": { - "text": "An enumeration is a value type that defines a set of related named constants. By default, the System.Int32 data type is used to store the constant value. Although you can change this underlying type, it is not required or recommended for most scenarios." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1028", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1030", - "shortDescription": { - "text": "Use events where appropriate" - }, - "fullDescription": { - "text": "This rule detects methods that have names that ordinarily would be used for events. If a method is called in response to a clearly defined state change, the method should be invoked by an event handler. Objects that call the method should raise events instead of calling the method directly." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1030", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1031", - "shortDescription": { - "text": "Do not catch general exception types" - }, - "fullDescription": { - "text": "A general exception such as System.Exception or System.SystemException or a disallowed exception type is caught in a catch statement, or a general catch clause is used. General and disallowed exceptions should not be caught." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1031", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1032", - "shortDescription": { - "text": "Implement standard exception constructors" - }, - "fullDescription": { - "text": "Failure to provide the full set of constructors can make it difficult to correctly handle exceptions." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1032", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1033", - "shortDescription": { - "text": "Interface methods should be callable by child types" - }, - "fullDescription": { - "text": "An unsealed externally visible type provides an explicit method implementation of a public interface and does not provide an alternative externally visible method that has the same name." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1033", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1034", - "shortDescription": { - "text": "Nested types should not be visible" - }, - "fullDescription": { - "text": "A nested type is a type that is declared in the scope of another type. Nested types are useful to encapsulate private implementation details of the containing type. Used for this purpose, nested types should not be externally visible." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1034", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1036", - "shortDescription": { - "text": "Override methods on comparable types" - }, - "fullDescription": { - "text": "A public or protected type implements the System.IComparable interface. It does not override Object.Equals nor does it overload the language-specific operator for equality, inequality, less than, less than or equal, greater than or greater than or equal." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1036", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1040", - "shortDescription": { - "text": "Avoid empty interfaces" - }, - "fullDescription": { - "text": "Interfaces define members that provide a behavior or usage contract. The functionality that is described by the interface can be adopted by any type, regardless of where the type appears in the inheritance hierarchy. A type implements an interface by providing implementations for the members of the interface. An empty interface does not define any members; therefore, it does not define a contract that can be implemented." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1040", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1041", - "shortDescription": { - "text": "Provide ObsoleteAttribute message" - }, - "fullDescription": { - "text": "A type or member is marked by using a System.ObsoleteAttribute attribute that does not have its ObsoleteAttribute.Message property specified. When a type or member that is marked by using ObsoleteAttribute is compiled, the Message property of the attribute is displayed. This gives the user information about the obsolete type or member." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1041", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1043", - "shortDescription": { - "text": "Use Integral Or String Argument For Indexers" - }, - "fullDescription": { - "text": "Indexers, that is, indexed properties, should use integer or string types for the index. These types are typically used for indexing data structures and increase the usability of the library. Use of the Object type should be restricted to those cases where the specific integer or string type cannot be specified at design time. If the design requires other types for the index, reconsider whether the type represents a logical data store. If it does not represent a logical data store, use a method." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1043", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1044", - "shortDescription": { - "text": "Properties should not be write only" - }, - "fullDescription": { - "text": "Although it is acceptable and often necessary to have a read-only property, the design guidelines prohibit the use of write-only properties. This is because letting a user set a value, and then preventing the user from viewing that value, does not provide any security. Also, without read access, the state of shared objects cannot be viewed, which limits their usefulness." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1044", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1045", - "shortDescription": { - "text": "Do not pass types by reference" - }, - "fullDescription": { - "text": "Passing types by reference (using out or ref) requires experience with pointers, understanding how value types and reference types differ, and handling methods that have multiple return values. Also, the difference between out and ref parameters is not widely understood." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1045", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry" - ] - } - }, - { - "id": "CA1046", - "shortDescription": { - "text": "Do not overload equality operator on reference types" - }, - "fullDescription": { - "text": "For reference types, the default implementation of the equality operator is almost always correct. By default, two references are equal only if they point to the same object. If the operator is providing meaningful value equality, the type should implement the generic 'System.IEquatable' interface." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1046", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1050", - "shortDescription": { - "text": "Declare types in namespaces" - }, - "fullDescription": { - "text": "Types are declared in namespaces to prevent name collisions and as a way to organize related types in an object hierarchy." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1050", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1051", - "shortDescription": { - "text": "Do not declare visible instance fields" - }, - "fullDescription": { - "text": "The primary use of a field should be as an implementation detail. Fields should be private or internal and should be exposed by using properties." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1051", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1052", - "shortDescription": { - "text": "Static holder types should be Static or NotInheritable" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1052", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1054", - "shortDescription": { - "text": "URI-like parameters should not be strings" - }, - "fullDescription": { - "text": "This rule assumes that the parameter represents a Uniform Resource Identifier (URI). A string representation or a URI is prone to parsing and encoding errors, and can lead to security vulnerabilities. 'System.Uri' class provides these services in a safe and secure manner." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1054", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1055", - "shortDescription": { - "text": "URI-like return values should not be strings" - }, - "fullDescription": { - "text": "This rule assumes that the method returns a URI. A string representation of a URI is prone to parsing and encoding errors, and can lead to security vulnerabilities. The System.Uri class provides these services in a safe and secure manner." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1055", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1056", - "shortDescription": { - "text": "URI-like properties should not be strings" - }, - "fullDescription": { - "text": "This rule assumes that the property represents a Uniform Resource Identifier (URI). A string representation of a URI is prone to parsing and encoding errors, and can lead to security vulnerabilities. The System.Uri class provides these services in a safe and secure manner." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1056", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1058", - "shortDescription": { - "text": "Types should not extend certain base types" - }, - "fullDescription": { - "text": "An externally visible type extends certain base types. Use one of the alternatives." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1058", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1060", - "shortDescription": { - "text": "Move pinvokes to native methods class" - }, - "fullDescription": { - "text": "Platform Invocation methods, such as those that are marked by using the System.Runtime.InteropServices.DllImportAttribute attribute, or methods that are defined by using the Declare keyword in Visual Basic, access unmanaged code. These methods should be of the NativeMethods, SafeNativeMethods, or UnsafeNativeMethods class." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1060", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry" - ] - } - }, - { - "id": "CA1061", - "shortDescription": { - "text": "Do not hide base class methods" - }, - "fullDescription": { - "text": "A method in a base type is hidden by an identically named method in a derived type when the parameter signature of the derived method differs only by types that are more weakly derived than the corresponding types in the parameter signature of the base method." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1061", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1062", - "shortDescription": { - "text": "Validate arguments of public methods" - }, - "fullDescription": { - "text": "An externally visible method dereferences one of its reference arguments without verifying whether that argument is 'null' ('Nothing' in Visual Basic). All reference arguments that are passed to externally visible methods should be checked against 'null'. If appropriate, throw an 'ArgumentNullException' when the argument is 'null'. If the method is designed to be called only by known assemblies, you should make the method internal." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1062", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1063", - "shortDescription": { - "text": "Implement IDisposable Correctly" - }, - "fullDescription": { - "text": "All IDisposable types should implement the Dispose pattern correctly." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1063", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1064", - "shortDescription": { - "text": "Exceptions should be public" - }, - "fullDescription": { - "text": "An internal exception is visible only inside its own internal scope. After the exception falls outside the internal scope, only the base exception can be used to catch the exception. If the internal exception is inherited from T:System.Exception, T:System.SystemException, or T:System.ApplicationException, the external code will not have sufficient information to know what to do with the exception." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1064", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1065", - "shortDescription": { - "text": "Do not raise exceptions in unexpected locations" - }, - "fullDescription": { - "text": "A method that is not expected to throw exceptions throws an exception." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1065", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1066", - "shortDescription": { - "text": "Implement IEquatable when overriding Object.Equals" - }, - "fullDescription": { - "text": "When a type T overrides Object.Equals(object), the implementation must cast the object argument to the correct type T before performing the comparison. If the type implements IEquatable, and therefore offers the method T.Equals(T), and if the argument is known at compile time to be of type T, then the compiler can call IEquatable.Equals(T) instead of Object.Equals(object), and no cast is necessary, improving performance." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1066", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1067", - "shortDescription": { - "text": "Override Object.Equals(object) when implementing IEquatable" - }, - "fullDescription": { - "text": "When a type T implements the interface IEquatable, it suggests to a user who sees a call to the Equals method in source code that an instance of the type can be equated with an instance of any other type. The user might be confused if their attempt to equate the type with an instance of another type fails to compile. This violates the \"principle of least surprise\"." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1067", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1068", - "shortDescription": { - "text": "CancellationToken parameters must come last" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1068", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1069", - "shortDescription": { - "text": "Enums values should not be duplicated" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1069", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1070", - "shortDescription": { - "text": "Do not declare event fields as virtual" - }, - "fullDescription": { - "text": "Do not declare virtual events in a base class. Overridden events in a derived class have undefined behavior. The C# compiler does not handle this correctly and it is unpredictable whether a subscriber to the derived event will actually be subscribing to the base class event." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1070", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1200", - "shortDescription": { - "text": "Avoid using cref tags with a prefix" - }, - "fullDescription": { - "text": "Use of cref tags with prefixes should be avoided, since it prevents the compiler from verifying references and the IDE from updating references during refactorings. It is permissible to suppress this error at a single documentation site if the cref must use a prefix because the type being mentioned is not findable by the compiler. For example, if a cref is mentioning a special attribute in the full framework but you're in a file that compiles against the portable framework, or if you want to reference a type at higher layer of Roslyn, you should suppress the error. You should not suppress the error just because you want to take a shortcut and avoid using the full syntax." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1200", - "properties": { - "category": "Documentation", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1303", - "shortDescription": { - "text": "Do not pass literals as localized parameters" - }, - "fullDescription": { - "text": "A method passes a string literal as a parameter to a constructor or method in the .NET Framework class library and that string should be localizable. To fix a violation of this rule, replace the string literal with a string retrieved through an instance of the ResourceManager class." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1303", - "properties": { - "category": "Globalization", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1304", - "shortDescription": { - "text": "Specify CultureInfo" - }, - "fullDescription": { - "text": "A method or constructor calls a member that has an overload that accepts a System.Globalization.CultureInfo parameter, and the method or constructor does not call the overload that takes the CultureInfo parameter. When a CultureInfo or System.IFormatProvider object is not supplied, the default value that is supplied by the overloaded member might not have the effect that you want in all locales. If the result will be displayed to the user, specify 'CultureInfo.CurrentCulture' as the 'CultureInfo' parameter. Otherwise, if the result will be stored and accessed by software, such as when it is persisted to disk or to a database, specify 'CultureInfo.InvariantCulture'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1304", - "properties": { - "category": "Globalization", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1305", - "shortDescription": { - "text": "Specify IFormatProvider" - }, - "fullDescription": { - "text": "A method or constructor calls one or more members that have overloads that accept a System.IFormatProvider parameter, and the method or constructor does not call the overload that takes the IFormatProvider parameter. When a System.Globalization.CultureInfo or IFormatProvider object is not supplied, the default value that is supplied by the overloaded member might not have the effect that you want in all locales. If the result will be based on the input from/output displayed to the user, specify 'CultureInfo.CurrentCulture' as the 'IFormatProvider'. Otherwise, if the result will be stored and accessed by software, such as when it is loaded from disk/database and when it is persisted to disk/database, specify 'CultureInfo.InvariantCulture'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1305", - "properties": { - "category": "Globalization", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1307", - "shortDescription": { - "text": "Specify StringComparison for clarity" - }, - "fullDescription": { - "text": "A string comparison operation uses a method overload that does not set a StringComparison parameter. It is recommended to use the overload with StringComparison parameter for clarity of intent. If the result will be displayed to the user, such as when sorting a list of items for display in a list box, specify 'StringComparison.CurrentCulture' or 'StringComparison.CurrentCultureIgnoreCase' as the 'StringComparison' parameter. If comparing case-insensitive identifiers, such as file paths, environment variables, or registry keys and values, specify 'StringComparison.OrdinalIgnoreCase'. Otherwise, if comparing case-sensitive identifiers, specify 'StringComparison.Ordinal'." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1307", - "properties": { - "category": "Globalization", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1308", - "shortDescription": { - "text": "Normalize strings to uppercase" - }, - "fullDescription": { - "text": "Strings should be normalized to uppercase. A small group of characters cannot make a round trip when they are converted to lowercase. To make a round trip means to convert the characters from one locale to another locale that represents character data differently, and then to accurately retrieve the original characters from the converted characters." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1308", - "properties": { - "category": "Globalization", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1309", - "shortDescription": { - "text": "Use ordinal string comparison" - }, - "fullDescription": { - "text": "A string comparison operation that is nonlinguistic does not set the StringComparison parameter to either Ordinal or OrdinalIgnoreCase. By explicitly setting the parameter to either StringComparison.Ordinal or StringComparison.OrdinalIgnoreCase, your code often gains speed, becomes more correct, and becomes more reliable." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1309", - "properties": { - "category": "Globalization", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1310", - "shortDescription": { - "text": "Specify StringComparison for correctness" - }, - "fullDescription": { - "text": "A string comparison operation uses a method overload that does not set a StringComparison parameter, hence its behavior could vary based on the current user's locale settings. It is strongly recommended to use the overload with StringComparison parameter for correctness and clarity of intent. If the result will be displayed to the user, such as when sorting a list of items for display in a list box, specify 'StringComparison.CurrentCulture' or 'StringComparison.CurrentCultureIgnoreCase' as the 'StringComparison' parameter. If comparing case-insensitive identifiers, such as file paths, environment variables, or registry keys and values, specify 'StringComparison.OrdinalIgnoreCase'. Otherwise, if comparing case-sensitive identifiers, specify 'StringComparison.Ordinal'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1310", - "properties": { - "category": "Globalization", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1311", - "shortDescription": { - "text": "Specify a culture or use an invariant version" - }, - "fullDescription": { - "text": "Specify culture to help avoid accidental implicit dependency on current culture. Using an invariant version yields consistent results regardless of the culture of an application." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1311", - "properties": { - "category": "Globalization", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1401", - "shortDescription": { - "text": "P/Invokes should not be visible" - }, - "fullDescription": { - "text": "A public or protected method in a public type has the System.Runtime.InteropServices.DllImportAttribute attribute (also implemented by the Declare keyword in Visual Basic). Such methods should not be exposed." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1401", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1416", - "shortDescription": { - "text": "Validate platform compatibility" - }, - "fullDescription": { - "text": "Using platform dependent API on a component makes the code no longer work across all platforms." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1416", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "8", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1417", - "shortDescription": { - "text": "Do not use 'OutAttribute' on string parameters for P/Invokes" - }, - "fullDescription": { - "text": "String parameters passed by value with the 'OutAttribute' can destabilize the runtime if the string is an interned string." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1417", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1418", - "shortDescription": { - "text": "Use valid platform string" - }, - "fullDescription": { - "text": "Platform compatibility analyzer requires a valid platform name and version." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1418", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1419", - "shortDescription": { - "text": "Provide a parameterless constructor that is as visible as the containing type for concrete types derived from 'System.Runtime.InteropServices.SafeHandle'" - }, - "fullDescription": { - "text": "Providing a parameterless constructor that is as visible as the containing type for a type derived from 'System.Runtime.InteropServices.SafeHandle' enables better performance and usage with source-generated interop solutions." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1419", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1420", - "shortDescription": { - "text": "Property, type, or attribute requires runtime marshalling" - }, - "fullDescription": { - "text": "Using features that require runtime marshalling when runtime marshalling is disabled will result in runtime exceptions." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1420", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1421", - "shortDescription": { - "text": "This method uses runtime marshalling even when the 'DisableRuntimeMarshallingAttribute' is applied" - }, - "fullDescription": { - "text": "This method uses runtime marshalling even when runtime marshalling is disabled, which can cause unexpected behavior differences at runtime due to different expectations of a type's native layout." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1421", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1422", - "shortDescription": { - "text": "Validate platform compatibility" - }, - "fullDescription": { - "text": "Using platform dependent API on a component makes the code no longer work across all platforms." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1422", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "8", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1501", - "shortDescription": { - "text": "Avoid excessive inheritance" - }, - "fullDescription": { - "text": "Deeply nested type hierarchies can be difficult to follow, understand, and maintain. This rule limits analysis to hierarchies in the same module. To fix a violation of this rule, derive the type from a base type that is less deep in the inheritance hierarchy or eliminate some of the intermediate base types." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1501", - "properties": { - "category": "Maintainability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "CompilationEnd" - ] - } - }, - { - "id": "CA1502", - "shortDescription": { - "text": "Avoid excessive complexity" - }, - "fullDescription": { - "text": "Cyclomatic complexity measures the number of linearly independent paths through the method, which is determined by the number and complexity of conditional branches. A low cyclomatic complexity generally indicates a method that is easy to understand, test, and maintain. The cyclomatic complexity is calculated from a control flow graph of the method and is given as follows: `cyclomatic complexity = the number of edges - the number of nodes + 1`, where a node represents a logic branch point and an edge represents a line between nodes." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1502", - "properties": { - "category": "Maintainability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "CompilationEnd" - ] - } - }, - { - "id": "CA1505", - "shortDescription": { - "text": "Avoid unmaintainable code" - }, - "fullDescription": { - "text": "The maintainability index is calculated by using the following metrics: lines of code, program volume, and cyclomatic complexity. Program volume is a measure of the difficulty of understanding of a symbol that is based on the number of operators and operands in the code. Cyclomatic complexity is a measure of the structural complexity of the type or method. A low maintainability index indicates that code is probably difficult to maintain and would be a good candidate to redesign." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1505", - "properties": { - "category": "Maintainability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "CompilationEnd" - ] - } - }, - { - "id": "CA1506", - "shortDescription": { - "text": "Avoid excessive class coupling" - }, - "fullDescription": { - "text": "This rule measures class coupling by counting the number of unique type references that a symbol contains. Symbols that have a high degree of class coupling can be difficult to maintain. It is a good practice to have types and methods that exhibit low coupling and high cohesion. To fix this violation, try to redesign the code to reduce the number of types to which it is coupled." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1506", - "properties": { - "category": "Maintainability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "CompilationEnd" - ] - } - }, - { - "id": "CA1507", - "shortDescription": { - "text": "Use nameof to express symbol names" - }, - "fullDescription": { - "text": "Using nameof helps keep your code valid when refactoring." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1507", - "properties": { - "category": "Maintainability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1508", - "shortDescription": { - "text": "Avoid dead conditional code" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1508", - "properties": { - "category": "Maintainability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1509", - "shortDescription": { - "text": "Invalid entry in code metrics rule specification file" - }, - "fullDescription": { - "text": "Invalid entry in code metrics rule specification file." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1509", - "properties": { - "category": "Maintainability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "CompilationEnd" - ] - } - }, - { - "id": "CA1510", - "shortDescription": { - "text": "Use ArgumentNullException throw helper" - }, - "fullDescription": { - "text": "Throw helpers are simpler and more efficient than an if block constructing a new exception instance." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1510", - "properties": { - "category": "Maintainability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1511", - "shortDescription": { - "text": "Use ArgumentException throw helper" - }, - "fullDescription": { - "text": "Throw helpers are simpler and more efficient than an if block constructing a new exception instance." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1511", - "properties": { - "category": "Maintainability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1512", - "shortDescription": { - "text": "Use ArgumentOutOfRangeException throw helper" - }, - "fullDescription": { - "text": "Throw helpers are simpler and more efficient than an if block constructing a new exception instance." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1512", - "properties": { - "category": "Maintainability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1513", - "shortDescription": { - "text": "Use ObjectDisposedException throw helper" - }, - "fullDescription": { - "text": "Throw helpers are simpler and more efficient than an if block constructing a new exception instance." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1513", - "properties": { - "category": "Maintainability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1514", - "shortDescription": { - "text": "Avoid redundant length argument" - }, - "fullDescription": { - "text": "An explicit length calculation can be error-prone and can be avoided when slicing to end of the buffer." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1514", - "properties": { - "category": "Maintainability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1515", - "shortDescription": { - "text": "Consider making public types internal" - }, - "fullDescription": { - "text": "Unlike a class library, an application's API isn't typically referenced publicly, so types can be marked internal." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1515", - "properties": { - "category": "Maintainability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1700", - "shortDescription": { - "text": "Do not name enum values 'Reserved'" - }, - "fullDescription": { - "text": "This rule assumes that an enumeration member that has a name that contains \"reserved\" is not currently used but is a placeholder to be renamed or removed in a future version. Renaming or removing a member is a breaking change." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1700", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1707", - "shortDescription": { - "text": "Identifiers should not contain underscores" - }, - "fullDescription": { - "text": "By convention, identifier names do not contain the underscore (_) character. This rule checks namespaces, types, members, and parameters." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1707", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1708", - "shortDescription": { - "text": "Identifiers should differ by more than case" - }, - "fullDescription": { - "text": "Identifiers for namespaces, types, members, and parameters cannot differ only by case because languages that target the common language runtime are not required to be case-sensitive." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1708", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1710", - "shortDescription": { - "text": "Identifiers should have correct suffix" - }, - "fullDescription": { - "text": "By convention, the names of types that extend certain base types or that implement certain interfaces, or types that are derived from these types, have a suffix that is associated with the base type or interface." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1710", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1711", - "shortDescription": { - "text": "Identifiers should not have incorrect suffix" - }, - "fullDescription": { - "text": "By convention, only the names of types that extend certain base types or that implement certain interfaces, or types that are derived from these types, should end with specific reserved suffixes. Other type names should not use these reserved suffixes." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1711", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1712", - "shortDescription": { - "text": "Do not prefix enum values with type name" - }, - "fullDescription": { - "text": "An enumeration's values should not start with the type name of the enumeration." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1712", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1713", - "shortDescription": { - "text": "Events should not have 'Before' or 'After' prefix" - }, - "fullDescription": { - "text": "Event names should describe the action that raises the event. To name related events that are raised in a specific sequence, use the present or past tense to indicate the relative position in the sequence of actions. For example, when naming a pair of events that is raised when closing a resource, you might name it 'Closing' and 'Closed', instead of 'BeforeClose' and 'AfterClose'." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1713", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1715", - "shortDescription": { - "text": "Identifiers should have correct prefix" - }, - "fullDescription": { - "text": "The name of an externally visible interface does not start with an uppercase \"\"I\"\". The name of a generic type parameter on an externally visible type or method does not start with an uppercase \"\"T\"\"." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1715", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1716", - "shortDescription": { - "text": "Identifiers should not match keywords" - }, - "fullDescription": { - "text": "A namespace name or a type name matches a reserved keyword in a programming language. Identifiers for namespaces and types should not match keywords that are defined by languages that target the common language runtime." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1716", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1720", - "shortDescription": { - "text": "Identifier contains type name" - }, - "fullDescription": { - "text": "Names of parameters and members are better used to communicate their meaning than to describe their type, which is expected to be provided by development tools. For names of members, if a data type name must be used, use a language-independent name instead of a language-specific one." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1720", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1721", - "shortDescription": { - "text": "Property names should not match get methods" - }, - "fullDescription": { - "text": "The name of a public or protected member starts with \"\"Get\"\" and otherwise matches the name of a public or protected property. \"\"Get\"\" methods and properties should have names that clearly distinguish their function." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1721", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1724", - "shortDescription": { - "text": "Type names should not match namespaces" - }, - "fullDescription": { - "text": "Type names should not match the names of namespaces that are defined in the .NET Framework class library. Violating this rule can reduce the usability of the library." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1724", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA1725", - "shortDescription": { - "text": "Parameter names should match base declaration" - }, - "fullDescription": { - "text": "Consistent naming of parameters in an override hierarchy increases the usability of the method overrides. A parameter name in a derived method that differs from the name in the base declaration can cause confusion about whether the method is an override of the base method or a new overload of the method." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1725", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1727", - "shortDescription": { - "text": "Use PascalCase for named placeholders" - }, - "fullDescription": { - "text": "Use PascalCase for named placeholders in the logging message template." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1727", - "properties": { - "category": "Naming", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1802", - "shortDescription": { - "text": "Use literals where appropriate" - }, - "fullDescription": { - "text": "A field is declared static and read-only (Shared and ReadOnly in Visual Basic), and is initialized by using a value that is computable at compile time. Because the value that is assigned to the targeted field is computable at compile time, change the declaration to a const (Const in Visual Basic) field so that the value is computed at compile time instead of at runtime." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1802", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1805", - "shortDescription": { - "text": "Do not initialize unnecessarily" - }, - "fullDescription": { - "text": "The .NET runtime initializes all fields of reference types to their default values before running the constructor. In most cases, explicitly initializing a field to its default value in a constructor is redundant, adding maintenance costs and potentially degrading performance (such as with increased assembly size), and the explicit initialization can be removed. In some cases, such as with static readonly fields that permanently retain their default value, consider instead changing them to be constants or properties." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1805", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1806", - "shortDescription": { - "text": "Do not ignore method results" - }, - "fullDescription": { - "text": "A new object is created but never used; or a method that creates and returns a new string is called and the new string is never used; or a COM or P/Invoke method returns an HRESULT or error code that is never used." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1806", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1810", - "shortDescription": { - "text": "Initialize reference type static fields inline" - }, - "fullDescription": { - "text": "A reference type declares an explicit static constructor. To fix a violation of this rule, initialize all static data when it is declared and remove the static constructor." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1810", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1812", - "shortDescription": { - "text": "Avoid uninstantiated internal classes" - }, - "fullDescription": { - "text": "An instance of an assembly-level type is not created by code in the assembly." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1812", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA1813", - "shortDescription": { - "text": "Avoid unsealed attributes" - }, - "fullDescription": { - "text": "The .NET Framework class library provides methods for retrieving custom attributes. By default, these methods search the attribute inheritance hierarchy. Sealing the attribute eliminates the search through the inheritance hierarchy and can improve performance." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1813", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1814", - "shortDescription": { - "text": "Prefer jagged arrays over multidimensional" - }, - "fullDescription": { - "text": "A jagged array is an array whose elements are arrays. The arrays that make up the elements can be of different sizes, leading to less wasted space for some sets of data." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1814", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1815", - "shortDescription": { - "text": "Override equals and operator equals on value types" - }, - "fullDescription": { - "text": "For value types, the inherited implementation of Equals uses the Reflection library and compares the contents of all fields. Reflection is computationally expensive, and comparing every field for equality might be unnecessary. If you expect users to compare or sort instances, or to use instances as hash table keys, your value type should implement Equals." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1815", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1816", - "shortDescription": { - "text": "Dispose methods should call SuppressFinalize" - }, - "fullDescription": { - "text": "A method that is an implementation of Dispose does not call GC.SuppressFinalize; or a method that is not an implementation of Dispose calls GC.SuppressFinalize; or a method calls GC.SuppressFinalize and passes something other than this (Me in Visual Basic)." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1816", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1819", - "shortDescription": { - "text": "Properties should not return arrays" - }, - "fullDescription": { - "text": "Arrays that are returned by properties are not write-protected, even when the property is read-only. To keep the array tamper-proof, the property must return a copy of the array. Typically, users will not understand the adverse performance implications of calling such a property." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1819", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1820", - "shortDescription": { - "text": "Test for empty strings using string length" - }, - "fullDescription": { - "text": "Comparing strings by using the String.Length property or the String.IsNullOrEmpty method is significantly faster than using Equals." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1820", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1821", - "shortDescription": { - "text": "Remove empty Finalizers" - }, - "fullDescription": { - "text": "Finalizers should be avoided where possible, to avoid the additional performance overhead involved in tracking object lifetime." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1821", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1822", - "shortDescription": { - "text": "Mark members as static" - }, - "fullDescription": { - "text": "Members that do not access instance data or call instance methods can be marked as static. After you mark the methods as static, the compiler will emit nonvirtual call sites to these members. This can give you a measurable performance gain for performance-sensitive code." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1822", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1823", - "shortDescription": { - "text": "Avoid unused private fields" - }, - "fullDescription": { - "text": "Private fields were detected that do not appear to be accessed in the assembly." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1823", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1824", - "shortDescription": { - "text": "Mark assemblies with NeutralResourcesLanguageAttribute" - }, - "fullDescription": { - "text": "The NeutralResourcesLanguage attribute informs the ResourceManager of the language that was used to display the resources of a neutral culture for an assembly. This improves lookup performance for the first resource that you load and can reduce your working set." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1824", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "2", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1825", - "shortDescription": { - "text": "Avoid zero-length array allocations" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1825", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1826", - "shortDescription": { - "text": "Do not use Enumerable methods on indexable collections" - }, - "fullDescription": { - "text": "This collection is directly indexable. Going through LINQ here causes unnecessary allocations and CPU work." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1826", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1827", - "shortDescription": { - "text": "Do not use Count() or LongCount() when Any() can be used" - }, - "fullDescription": { - "text": "For non-empty collections, Count() and LongCount() enumerate the entire sequence, while Any() stops at the first item or the first item that satisfies a condition." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1827", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1828", - "shortDescription": { - "text": "Do not use CountAsync() or LongCountAsync() when AnyAsync() can be used" - }, - "fullDescription": { - "text": "For non-empty collections, CountAsync() and LongCountAsync() enumerate the entire sequence, while AnyAsync() stops at the first item or the first item that satisfies a condition." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1828", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1829", - "shortDescription": { - "text": "Use Length/Count property instead of Count() when available" - }, - "fullDescription": { - "text": "Enumerable.Count() potentially enumerates the sequence while a Length/Count property is a direct access." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1829", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1830", - "shortDescription": { - "text": "Prefer strongly-typed Append and Insert method overloads on StringBuilder" - }, - "fullDescription": { - "text": "StringBuilder.Append and StringBuilder.Insert provide overloads for multiple types beyond System.String. When possible, prefer the strongly-typed overloads over using ToString() and the string-based overload." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1830", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1831", - "shortDescription": { - "text": "Use AsSpan or AsMemory instead of Range-based indexers when appropriate" - }, - "fullDescription": { - "text": "The Range-based indexer on string values produces a copy of requested portion of the string. This copy is usually unnecessary when it is implicitly used as a ReadOnlySpan or ReadOnlyMemory value. Use the AsSpan method to avoid the unnecessary copy." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1831", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1832", - "shortDescription": { - "text": "Use AsSpan or AsMemory instead of Range-based indexers when appropriate" - }, - "fullDescription": { - "text": "The Range-based indexer on array values produces a copy of requested portion of the array. This copy is usually unnecessary when it is implicitly used as a ReadOnlySpan or ReadOnlyMemory value. Use the AsSpan method to avoid the unnecessary copy." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1832", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1833", - "shortDescription": { - "text": "Use AsSpan or AsMemory instead of Range-based indexers when appropriate" - }, - "fullDescription": { - "text": "The Range-based indexer on array values produces a copy of requested portion of the array. This copy is often unwanted when it is implicitly used as a Span or Memory value. Use the AsSpan method to avoid the copy." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1833", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1834", - "shortDescription": { - "text": "Consider using 'StringBuilder.Append(char)' when applicable" - }, - "fullDescription": { - "text": "'StringBuilder.Append(char)' is more efficient than 'StringBuilder.Append(string)' when the string is a single character. When calling 'Append' with a constant, prefer using a constant char rather than a constant string containing one character." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1834", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1835", - "shortDescription": { - "text": "Prefer the 'Memory'-based overloads for 'ReadAsync' and 'WriteAsync'" - }, - "fullDescription": { - "text": "'Stream' has a 'ReadAsync' overload that takes a 'Memory' as the first argument, and a 'WriteAsync' overload that takes a 'ReadOnlyMemory' as the first argument. Prefer calling the memory based overloads, which are more efficient." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1835", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1836", - "shortDescription": { - "text": "Prefer IsEmpty over Count" - }, - "fullDescription": { - "text": "For determining whether the object contains or not any items, prefer using 'IsEmpty' property rather than retrieving the number of items from the 'Count' property and comparing it to 0 or 1." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1836", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1837", - "shortDescription": { - "text": "Use 'Environment.ProcessId'" - }, - "fullDescription": { - "text": "'Environment.ProcessId' is simpler and faster than 'Process.GetCurrentProcess().Id'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1837", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1838", - "shortDescription": { - "text": "Avoid 'StringBuilder' parameters for P/Invokes" - }, - "fullDescription": { - "text": "Marshalling of 'StringBuilder' always creates a native buffer copy, resulting in multiple allocations for one marshalling operation." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1838", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1839", - "shortDescription": { - "text": "Use 'Environment.ProcessPath'" - }, - "fullDescription": { - "text": "'Environment.ProcessPath' is simpler and faster than 'Process.GetCurrentProcess().MainModule.FileName'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1839", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1840", - "shortDescription": { - "text": "Use 'Environment.CurrentManagedThreadId'" - }, - "fullDescription": { - "text": "'Environment.CurrentManagedThreadId' is simpler and faster than 'Thread.CurrentThread.ManagedThreadId'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1840", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1841", - "shortDescription": { - "text": "Prefer Dictionary.Contains methods" - }, - "fullDescription": { - "text": "'ContainsKey' is usually O(1), while 'Keys.Contains' may be O(n) in some cases. Additionally, many dictionary implementations lazily initialize the Keys collection to cut back on allocations." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1841", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1842", - "shortDescription": { - "text": "Do not use 'WhenAll' with a single task" - }, - "fullDescription": { - "text": "Using 'WhenAll' with a single task may result in performance loss, await or return the task instead." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1842", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1843", - "shortDescription": { - "text": "Do not use 'WaitAll' with a single task" - }, - "fullDescription": { - "text": "Using 'WaitAll' with a single task may result in performance loss, await or return the task instead." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1843", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1844", - "shortDescription": { - "text": "Provide memory-based overrides of async methods when subclassing 'Stream'" - }, - "fullDescription": { - "text": "To improve performance, override the memory-based async methods when subclassing 'Stream'. Then implement the array-based methods in terms of the memory-based methods." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1844", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1845", - "shortDescription": { - "text": "Use span-based 'string.Concat'" - }, - "fullDescription": { - "text": "It is more efficient to use 'AsSpan' and 'string.Concat', instead of 'Substring' and a concatenation operator." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1845", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1846", - "shortDescription": { - "text": "Prefer 'AsSpan' over 'Substring'" - }, - "fullDescription": { - "text": "'AsSpan' is more efficient than 'Substring'. 'Substring' performs an O(n) string copy, while 'AsSpan' does not and has a constant cost." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1846", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1847", - "shortDescription": { - "text": "Use char literal for a single character lookup" - }, - "fullDescription": { - "text": "'string.Contains(char)' is available as a better performing overload for single char lookup." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1847", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1848", - "shortDescription": { - "text": "Use the LoggerMessage delegates" - }, - "fullDescription": { - "text": "For improved performance, use the LoggerMessage delegates." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1848", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1849", - "shortDescription": { - "text": "Call async methods when in an async method" - }, - "fullDescription": { - "text": "When inside a Task-returning method, use the async version of methods, if they exist." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1849", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1850", - "shortDescription": { - "text": "Prefer static 'HashData' method over 'ComputeHash'" - }, - "fullDescription": { - "text": "It is more efficient to use the static 'HashData' method over creating and managing a HashAlgorithm instance to call 'ComputeHash'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1850", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1851", - "shortDescription": { - "text": "Possible multiple enumerations of 'IEnumerable' collection" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1851", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1852", - "shortDescription": { - "text": "Seal internal types" - }, - "fullDescription": { - "text": "When a type is not accessible outside its assembly and has no subtypes within its containing assembly, it can be safely sealed. Sealing types can improve performance." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1852", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA1853", - "shortDescription": { - "text": "Unnecessary call to 'Dictionary.ContainsKey(key)'" - }, - "fullDescription": { - "text": "Do not guard 'Dictionary.Remove(key)' with 'Dictionary.ContainsKey(key)'. The former already checks whether the key exists, and will not throw if it does not." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1853", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1854", - "shortDescription": { - "text": "Prefer the 'IDictionary.TryGetValue(TKey, out TValue)' method" - }, - "fullDescription": { - "text": "Prefer a 'TryGetValue' call over a Dictionary indexer access guarded by a 'ContainsKey' check. 'ContainsKey' and the indexer both would lookup the key under the hood, so using 'TryGetValue' removes the extra lookup." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1854", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1855", - "shortDescription": { - "text": "Prefer 'Clear' over 'Fill'" - }, - "fullDescription": { - "text": "It is more efficient to use 'Clear', instead of 'Fill' with default value." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1855", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1856", - "shortDescription": { - "text": "Incorrect usage of ConstantExpected attribute" - }, - "fullDescription": { - "text": "ConstantExpected attribute is not applied correctly on the parameter." - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1856", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1857", - "shortDescription": { - "text": "A constant is expected for the parameter" - }, - "fullDescription": { - "text": "The parameter expects a constant for optimal performance." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1857", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1858", - "shortDescription": { - "text": "Use 'StartsWith' instead of 'IndexOf'" - }, - "fullDescription": { - "text": "It is both clearer and faster to use 'StartsWith' instead of comparing the result of 'IndexOf' to zero." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1858", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1859", - "shortDescription": { - "text": "Use concrete types when possible for improved performance" - }, - "fullDescription": { - "text": "Using concrete types avoids virtual or interface call overhead and enables inlining." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1859", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1860", - "shortDescription": { - "text": "Avoid using 'Enumerable.Any()' extension method" - }, - "fullDescription": { - "text": "Prefer using 'IsEmpty', 'Count' or 'Length' properties whichever available, rather than calling 'Enumerable.Any()'. The intent is clearer and it is more performant than using 'Enumerable.Any()' extension method." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1860", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1861", - "shortDescription": { - "text": "Avoid constant arrays as arguments" - }, - "fullDescription": { - "text": "Constant arrays passed as arguments are not reused when called repeatedly, which implies a new array is created each time. Consider extracting them to 'static readonly' fields to improve performance if the passed array is not mutated within the called method." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1861", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1862", - "shortDescription": { - "text": "Use the 'StringComparison' method overloads to perform case-insensitive string comparisons" - }, - "fullDescription": { - "text": "Avoid calling 'ToLower', 'ToUpper', 'ToLowerInvariant' and 'ToUpperInvariant' to perform case-insensitive string comparisons because they lead to an allocation. Instead, prefer calling the method overloads of 'Contains', 'IndexOf' and 'StartsWith' that take a 'StringComparison' enum value to perform case-insensitive comparisons. Switching to using an overload that takes a 'StringComparison' might cause subtle changes in behavior, so it's important to conduct thorough testing after applying the suggestion. Additionally, if a culturally sensitive comparison is not required, consider using 'StringComparison.OrdinalIgnoreCase'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1862", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1863", - "shortDescription": { - "text": "Use 'CompositeFormat'" - }, - "fullDescription": { - "text": "Cache and use a 'CompositeFormat' instance as the argument to this formatting operation, rather than passing in the original format string. This reduces the cost of the formatting operation." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1863", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1864", - "shortDescription": { - "text": "Prefer the 'IDictionary.TryAdd(TKey, TValue)' method" - }, - "fullDescription": { - "text": "Prefer a 'TryAdd' call over an 'Add' call guarded by a 'ContainsKey' check. 'TryAdd' behaves the same as 'Add', except that when the specified key already exists, it returns 'false' instead of throwing an exception." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1864", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1865", - "shortDescription": { - "text": "Use char overload" - }, - "fullDescription": { - "text": "The char overload is a better performing overload than a string with a single char." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1865", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "0.005", - "executionTimeInPercentage": "51", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1866", - "shortDescription": { - "text": "Use char overload" - }, - "fullDescription": { - "text": "The char overload is a better performing overload than a string with a single char." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1866", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "0.005", - "executionTimeInPercentage": "51", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1867", - "shortDescription": { - "text": "Use char overload" - }, - "fullDescription": { - "text": "The char overload is a better performing overload than a string with a single char." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1867", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "0.005", - "executionTimeInPercentage": "51", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1868", - "shortDescription": { - "text": "Unnecessary call to 'Contains(item)'" - }, - "fullDescription": { - "text": "Do not guard 'Add(item)' or 'Remove(item)' with 'Contains(item)' for the set. The former two already check whether the item exists and will return if it was added or removed." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1868", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1869", - "shortDescription": { - "text": "Cache and reuse 'JsonSerializerOptions' instances" - }, - "fullDescription": { - "text": "Avoid creating a new 'JsonSerializerOptions' instance for every serialization operation. Cache and reuse instances instead. Single use 'JsonSerializerOptions' instances can substantially degrade the performance of your application." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1869", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1870", - "shortDescription": { - "text": "Use a cached 'SearchValues' instance" - }, - "fullDescription": { - "text": "Using a cached 'SearchValues' instance is more efficient than passing values to 'IndexOfAny'/'ContainsAny' directly." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1870", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1871", - "shortDescription": { - "text": "Do not pass a nullable struct to 'ArgumentNullException.ThrowIfNull'" - }, - "fullDescription": { - "text": "'ArgumentNullException.ThrowIfNull' accepts an 'object', so passing a nullable struct may cause the value to be boxed." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1871", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1872", - "shortDescription": { - "text": "Prefer 'Convert.ToHexString' and 'Convert.ToHexStringLower' over call chains based on 'BitConverter.ToString'" - }, - "fullDescription": { - "text": "Use 'Convert.ToHexString' or 'Convert.ToHexStringLower' when encoding bytes to a hexadecimal string representation. These methods are more efficient and allocation-friendly than using 'BitConverter.ToString' in combination with 'String.Replace' to replace dashes and 'String.ToLower'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1872", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2000", - "shortDescription": { - "text": "Dispose objects before losing scope" - }, - "fullDescription": { - "text": "If a disposable object is not explicitly disposed before all references to it are out of scope, the object will be disposed at some indeterminate time when the garbage collector runs the finalizer of the object. Because an exceptional event might occur that will prevent the finalizer of the object from running, the object should be explicitly disposed instead." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2000", - "properties": { - "category": "Reliability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2002", - "shortDescription": { - "text": "Do not lock on objects with weak identity" - }, - "fullDescription": { - "text": "An object is said to have a weak identity when it can be directly accessed across application domain boundaries. A thread that tries to acquire a lock on an object that has a weak identity can be blocked by a second thread in a different application domain that has a lock on the same object." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2002", - "properties": { - "category": "Reliability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2007", - "shortDescription": { - "text": "Consider calling ConfigureAwait on the awaited task" - }, - "fullDescription": { - "text": "When an asynchronous method awaits a Task directly, continuation occurs in the same thread that created the task. Consider calling Task.ConfigureAwait(Boolean) to signal your intention for continuation. Call ConfigureAwait(false) on the task to schedule continuations to the thread pool, thereby avoiding a deadlock on the UI thread. Passing false is a good option for app-independent libraries. Calling ConfigureAwait(true) on the task has the same behavior as not explicitly calling ConfigureAwait. By explicitly calling this method, you're letting readers know you intentionally want to perform the continuation on the original synchronization context." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2007", - "properties": { - "category": "Reliability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2008", - "shortDescription": { - "text": "Do not create tasks without passing a TaskScheduler" - }, - "fullDescription": { - "text": "Do not create tasks unless you are using one of the overloads that takes a TaskScheduler. The default is to schedule on TaskScheduler.Current, which would lead to deadlocks. Either use TaskScheduler.Default to schedule on the thread pool, or explicitly pass TaskScheduler.Current to make your intentions clear." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2008", - "properties": { - "category": "Reliability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2009", - "shortDescription": { - "text": "Do not call ToImmutableCollection on an ImmutableCollection value" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2009", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2011", - "shortDescription": { - "text": "Avoid infinite recursion" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2011", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2012", - "shortDescription": { - "text": "Use ValueTasks correctly" - }, - "fullDescription": { - "text": "ValueTasks returned from member invocations are intended to be directly awaited. Attempts to consume a ValueTask multiple times or to directly access one's result before it's known to be completed may result in an exception or corruption. Ignoring such a ValueTask is likely an indication of a functional bug and may degrade performance." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2012", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2013", - "shortDescription": { - "text": "Do not use ReferenceEquals with value types" - }, - "fullDescription": { - "text": "Value type typed arguments are uniquely boxed for each call to this method, therefore the result can be unexpected." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2013", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2014", - "shortDescription": { - "text": "Do not use stackalloc in loops" - }, - "fullDescription": { - "text": "Stack space allocated by a stackalloc is only released at the end of the current method's invocation. Using it in a loop can result in unbounded stack growth and eventual stack overflow conditions." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2014", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2015", - "shortDescription": { - "text": "Do not define finalizers for types derived from MemoryManager" - }, - "fullDescription": { - "text": "Adding a finalizer to a type derived from MemoryManager may permit memory to be freed while it is still in use by a Span." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2015", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2016", - "shortDescription": { - "text": "Forward the 'CancellationToken' parameter to methods" - }, - "fullDescription": { - "text": "Forward the 'CancellationToken' parameter to methods to ensure the operation cancellation notifications gets properly propagated, or pass in 'CancellationToken.None' explicitly to indicate intentionally not propagating the token." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2016", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2017", - "shortDescription": { - "text": "Parameter count mismatch" - }, - "fullDescription": { - "text": "Number of parameters supplied in the logging message template do not match the number of named placeholders." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2017", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2018", - "shortDescription": { - "text": "'Buffer.BlockCopy' expects the number of bytes to be copied for the 'count' argument" - }, - "fullDescription": { - "text": "'Buffer.BlockCopy' expects the number of bytes to be copied for the 'count' argument. Using 'Array.Length' may not match the number of bytes that needs to be copied." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2018", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2019", - "shortDescription": { - "text": "Improper 'ThreadStatic' field initialization" - }, - "fullDescription": { - "text": "'ThreadStatic' fields should be initialized lazily on use, not with inline initialization nor explicitly in a static constructor, which would only initialize the field on the thread that runs the type's static constructor." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2019", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2020", - "shortDescription": { - "text": "Prevent behavioral change" - }, - "fullDescription": { - "text": "Some built-in operators added in .NET 7 behave differently when overflowing than did the corresponding user-defined operators in .NET 6 and earlier versions. Some operators that previously threw in an unchecked context now don't throw unless wrapped within a checked context. Also, some operators that did not previously throw in a checked context now throw unless wrapped in an unchecked context." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2020", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2021", - "shortDescription": { - "text": "Do not call Enumerable.Cast or Enumerable.OfType with incompatible types" - }, - "fullDescription": { - "text": "Enumerable.Cast and Enumerable.OfType require compatible types to function expectedly. \u000d\u000aThe generic cast (IL 'unbox.any') used by the sequence returned by Enumerable.Cast will throw InvalidCastException at runtime on elements of the types specified. \u000d\u000aThe generic type check (C# 'is' operator/IL 'isinst') used by Enumerable.OfType will never succeed with elements of types specified, resulting in an empty sequence. \u000d\u000aWidening and user defined conversions are not supported with generic types." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2021", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2022", - "shortDescription": { - "text": "Avoid inexact read with 'Stream.Read'" - }, - "fullDescription": { - "text": "A call to 'Stream.Read' may return fewer bytes than requested, resulting in unreliable code if the return value is not checked." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2022", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2100", - "shortDescription": { - "text": "Review SQL queries for security vulnerabilities" - }, - "fullDescription": { - "text": "SQL queries that directly use user input can be vulnerable to SQL injection attacks. Review this SQL query for potential vulnerabilities, and consider using a parameterized SQL query." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2100", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2101", - "shortDescription": { - "text": "Specify marshaling for P/Invoke string arguments" - }, - "fullDescription": { - "text": "A platform invoke member allows partially trusted callers, has a string parameter, and does not explicitly marshal the string. This can cause a potential security vulnerability." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2101", - "properties": { - "category": "Globalization", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2119", - "shortDescription": { - "text": "Seal methods that satisfy private interfaces" - }, - "fullDescription": { - "text": "An inheritable public type provides an overridable method implementation of an internal (Friend in Visual Basic) interface. To fix a violation of this rule, prevent the method from being overridden outside the assembly." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2119", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2153", - "shortDescription": { - "text": "Do Not Catch Corrupted State Exceptions" - }, - "fullDescription": { - "text": "Catching corrupted state exceptions could mask errors (such as access violations), resulting in inconsistent state of execution or making it easier for attackers to compromise system. Instead, catch and handle a more specific set of exception type(s) or re-throw the exception." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2153", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2200", - "shortDescription": { - "text": "Rethrow to preserve stack details" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2200", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2201", - "shortDescription": { - "text": "Do not raise reserved exception types" - }, - "fullDescription": { - "text": "An exception of type that is not sufficiently specific or reserved by the runtime should never be raised by user code. This makes the original error difficult to detect and debug. If this exception instance might be thrown, use a different exception type." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2201", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2207", - "shortDescription": { - "text": "Initialize value type static fields inline" - }, - "fullDescription": { - "text": "A value type declares an explicit static constructor. To fix a violation of this rule, initialize all static data when it is declared and remove the static constructor." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2207", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2208", - "shortDescription": { - "text": "Instantiate argument exceptions correctly" - }, - "fullDescription": { - "text": "A call is made to the default (parameterless) constructor of an exception type that is or derives from ArgumentException, or an incorrect string argument is passed to a parameterized constructor of an exception type that is or derives from ArgumentException." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2208", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2211", - "shortDescription": { - "text": "Non-constant fields should not be visible" - }, - "fullDescription": { - "text": "Static fields that are neither constants nor read-only are not thread-safe. Access to such a field must be carefully controlled and requires advanced programming techniques to synchronize access to the class object." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2211", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2213", - "shortDescription": { - "text": "Disposable fields should be disposed" - }, - "fullDescription": { - "text": "A type that implements System.IDisposable declares fields that are of types that also implement IDisposable. The Dispose method of the field is not called by the Dispose method of the declaring type. To fix a violation of this rule, call Dispose on fields that are of types that implement IDisposable if you are responsible for allocating and releasing the unmanaged resources held by the field." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2213", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2214", - "shortDescription": { - "text": "Do not call overridable methods in constructors" - }, - "fullDescription": { - "text": "Virtual methods defined on the class should not be called from constructors. If a derived class has overridden the method, the derived class version will be called (before the derived class constructor is called)." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2214", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2215", - "shortDescription": { - "text": "Dispose methods should call base class dispose" - }, - "fullDescription": { - "text": "A type that implements System.IDisposable inherits from a type that also implements IDisposable. The Dispose method of the inheriting type does not call the Dispose method of the parent type. To fix a violation of this rule, call base.Dispose in your Dispose method." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2215", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2216", - "shortDescription": { - "text": "Disposable types should declare finalizer" - }, - "fullDescription": { - "text": "A type that implements System.IDisposable and has fields that suggest the use of unmanaged resources does not implement a finalizer, as described by Object.Finalize." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2216", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2217", - "shortDescription": { - "text": "Do not mark enums with FlagsAttribute" - }, - "fullDescription": { - "text": "An externally visible enumeration is marked by using FlagsAttribute, and it has one or more values that are not powers of two or a combination of the other defined values on the enumeration." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2217", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2219", - "shortDescription": { - "text": "Do not raise exceptions in finally clauses" - }, - "fullDescription": { - "text": "When an exception is raised in a finally clause, the new exception hides the active exception. This makes the original error difficult to detect and debug." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2219", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2225", - "shortDescription": { - "text": "Operator overloads have named alternates" - }, - "fullDescription": { - "text": "An operator overload was detected, and the expected named alternative method was not found. The named alternative member provides access to the same functionality as the operator and is provided for developers who program in languages that do not support overloaded operators." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2225", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2226", - "shortDescription": { - "text": "Operators should have symmetrical overloads" - }, - "fullDescription": { - "text": "A type implements the equality or inequality operator and does not implement the opposite operator." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2226", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2227", - "shortDescription": { - "text": "Collection properties should be read only" - }, - "fullDescription": { - "text": "A writable collection property allows a user to replace the collection with a different collection. A read-only property stops the collection from being replaced but still allows the individual members to be set." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2227", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2231", - "shortDescription": { - "text": "Overload operator equals on overriding value type Equals" - }, - "fullDescription": { - "text": "In most programming languages there is no default implementation of the equality operator (==) for value types. If your programming language supports operator overloads, you should consider implementing the equality operator. Its behavior should be identical to that of Equals." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2231", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2234", - "shortDescription": { - "text": "Pass system uri objects instead of strings" - }, - "fullDescription": { - "text": "A call is made to a method that has a string parameter whose name contains \"uri\", \"URI\", \"urn\", \"URN\", \"url\", or \"URL\". The declaring type of the method contains a corresponding method overload that has a System.Uri parameter." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2234", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2235", - "shortDescription": { - "text": "Mark all non-serializable fields" - }, - "fullDescription": { - "text": "An instance field of a type that is not serializable is declared in a type that is serializable." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2235", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2237", - "shortDescription": { - "text": "Mark ISerializable types with serializable" - }, - "fullDescription": { - "text": "To be recognized by the common language runtime as serializable, types must be marked by using the SerializableAttribute attribute even when the type uses a custom serialization routine through implementation of the ISerializable interface." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2237", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2241", - "shortDescription": { - "text": "Provide correct arguments to formatting methods" - }, - "fullDescription": { - "text": "The format argument that is passed to System.String.Format does not contain a format item that corresponds to each object argument, or vice versa." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2241", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2242", - "shortDescription": { - "text": "Test for NaN correctly" - }, - "fullDescription": { - "text": "This expression tests a value against Single.Nan or Double.Nan. Use Single.IsNan(Single) or Double.IsNan(Double) to test the value." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2242", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2243", - "shortDescription": { - "text": "Attribute string literals should parse correctly" - }, - "fullDescription": { - "text": "The string literal parameter of an attribute does not parse correctly for a URL, a GUID, or a version." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2243", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2244", - "shortDescription": { - "text": "Do not duplicate indexed element initializations" - }, - "fullDescription": { - "text": "Indexed elements in objects initializers must initialize unique elements. A duplicate index might overwrite a previous element initialization." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2244", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2245", - "shortDescription": { - "text": "Do not assign a property to itself" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2245", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2246", - "shortDescription": { - "text": "Assigning symbol and its member in the same statement" - }, - "fullDescription": { - "text": "Assigning to a symbol and its member (field/property) in the same statement is not recommended. It is not clear if the member access was intended to use symbol's old value prior to the assignment or new value from the assignment in this statement. For clarity, consider splitting the assignments into separate statements." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2246", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2247", - "shortDescription": { - "text": "Argument passed to TaskCompletionSource constructor should be TaskCreationOptions enum instead of TaskContinuationOptions enum" - }, - "fullDescription": { - "text": "TaskCompletionSource has constructors that take TaskCreationOptions that control the underlying Task, and constructors that take object state that's stored in the task. Accidentally passing a TaskContinuationOptions instead of a TaskCreationOptions will result in the call treating the options as state." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2247", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2248", - "shortDescription": { - "text": "Provide correct 'enum' argument to 'Enum.HasFlag'" - }, - "fullDescription": { - "text": "'Enum.HasFlag' method expects the 'enum' argument to be of the same 'enum' type as the instance on which the method is invoked and that this 'enum' is marked with 'System.FlagsAttribute'. If these are different 'enum' types, an unhandled exception will be thrown at runtime. If the 'enum' type is not marked with 'System.FlagsAttribute' the call will always return 'false' at runtime." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2248", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2249", - "shortDescription": { - "text": "Consider using 'string.Contains' instead of 'string.IndexOf'" - }, - "fullDescription": { - "text": "Calls to 'string.IndexOf' where the result is used to check for the presence/absence of a substring can be replaced by 'string.Contains'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2249", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2250", - "shortDescription": { - "text": "Use 'ThrowIfCancellationRequested'" - }, - "fullDescription": { - "text": "'ThrowIfCancellationRequested' automatically checks whether the token has been canceled, and throws an 'OperationCanceledException' if it has." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2250", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2251", - "shortDescription": { - "text": "Use 'string.Equals'" - }, - "fullDescription": { - "text": "It is both clearer and likely faster to use 'string.Equals' instead of comparing the result of 'string.Compare' to zero." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2251", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2252", - "shortDescription": { - "text": "This API requires opting into preview features" - }, - "fullDescription": { - "text": "An assembly has to opt into preview features before using them." - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2252", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2253", - "shortDescription": { - "text": "Named placeholders should not be numeric values" - }, - "fullDescription": { - "text": "Named placeholders in the logging message template should not be comprised of only numeric characters." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2253", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2254", - "shortDescription": { - "text": "Template should be a static expression" - }, - "fullDescription": { - "text": "The logging message template should not vary between calls." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2254", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2255", - "shortDescription": { - "text": "The 'ModuleInitializer' attribute should not be used in libraries" - }, - "fullDescription": { - "text": "Module initializers are intended to be used by application code to ensure an application's components are initialized before the application code begins executing. If library code declares a method with the 'ModuleInitializerAttribute', it can interfere with application initialization and also lead to limitations in that application's trimming abilities. Instead of using methods marked with 'ModuleInitializerAttribute', the library should expose methods that can be used to initialize any components within the library and allow the application to invoke the method during application initialization." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2255", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2256", - "shortDescription": { - "text": "All members declared in parent interfaces must have an implementation in a DynamicInterfaceCastableImplementation-attributed interface" - }, - "fullDescription": { - "text": "Types attributed with 'DynamicInterfaceCastableImplementationAttribute' act as an interface implementation for a type that implements the 'IDynamicInterfaceCastable' type. As a result, it must provide an implementation of all of the members defined in the inherited interfaces, because the type that implements 'IDynamicInterfaceCastable' will not provide them otherwise." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2256", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2257", - "shortDescription": { - "text": "Members defined on an interface with the 'DynamicInterfaceCastableImplementationAttribute' should be 'static'" - }, - "fullDescription": { - "text": "Since a type that implements 'IDynamicInterfaceCastable' may not implement a dynamic interface in metadata, calls to an instance interface member that is not an explicit implementation defined on this type are likely to fail at runtime. Mark new interface members 'static' to avoid runtime errors." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2257", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2258", - "shortDescription": { - "text": "Providing a 'DynamicInterfaceCastableImplementation' interface in Visual Basic is unsupported" - }, - "fullDescription": { - "text": "Providing a functional 'DynamicInterfaceCastableImplementationAttribute'-attributed interface requires the Default Interface Members feature, which is unsupported in Visual Basic." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2258", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2259", - "shortDescription": { - "text": "'ThreadStatic' only affects static fields" - }, - "fullDescription": { - "text": "'ThreadStatic' only affects static fields. When applied to instance fields, it has no impact on behavior." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2259", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2260", - "shortDescription": { - "text": "Use correct type parameter" - }, - "fullDescription": { - "text": "Generic math interfaces require the derived type itself to be used for the self recurring type parameter." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2260", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2261", - "shortDescription": { - "text": "Do not use ConfigureAwaitOptions.SuppressThrowing with Task" - }, - "fullDescription": { - "text": "The ConfigureAwaitOptions.SuppressThrowing option is only supported with the non-generic Task, not a Task. To use it with a Task, first cast to the base Task." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2261", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2262", - "shortDescription": { - "text": "Set 'MaxResponseHeadersLength' properly" - }, - "fullDescription": { - "text": "The property 'MaxResponseHeadersLength' is measured in kilobytes, not in bytes. The provided value is multiplied by 1024, which might be greater than your intended maximum length." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2262", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2263", - "shortDescription": { - "text": "Prefer generic overload when type is known" - }, - "fullDescription": { - "text": "Using a generic overload is preferable to the 'System.Type' overload when the type is known, promoting cleaner and more type-safe code with improved compile-time checks." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2263", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2264", - "shortDescription": { - "text": "Do not pass a non-nullable value to 'ArgumentNullException.ThrowIfNull'" - }, - "fullDescription": { - "text": "'ArgumentNullException.ThrowIfNull' throws when the passed argument is 'null'. Certain constructs like non-nullable structs, 'nameof()' and 'new' expressions are known to never be null, so 'ArgumentNullException.ThrowIfNull' will never throw." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2264", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2265", - "shortDescription": { - "text": "Do not compare Span to 'null' or 'default'" - }, - "fullDescription": { - "text": "Comparing a span to 'null' or 'default' might not do what you intended. 'default' and the 'null' literal are implicitly converted to 'Span.Empty'. Remove the redundant comparison or make the code more explicit by using 'IsEmpty'." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2265", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2300", - "shortDescription": { - "text": "Do not use insecure deserializer BinaryFormatter" - }, - "fullDescription": { - "text": "The method '{0}' is insecure when deserializing untrusted data. If you need to instead detect BinaryFormatter deserialization without a SerializationBinder set, then disable rule CA2300, and enable rules CA2301 and CA2302." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2300", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2301", - "shortDescription": { - "text": "Do not call BinaryFormatter.Deserialize without first setting BinaryFormatter.Binder" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2301", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2302", - "shortDescription": { - "text": "Ensure BinaryFormatter.Binder is set before calling BinaryFormatter.Deserialize" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2302", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2305", - "shortDescription": { - "text": "Do not use insecure deserializer LosFormatter" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2305", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2310", - "shortDescription": { - "text": "Do not use insecure deserializer NetDataContractSerializer" - }, - "fullDescription": { - "text": "The method '{0}' is insecure when deserializing untrusted data. If you need to instead detect NetDataContractSerializer deserialization without a SerializationBinder set, then disable rule CA2310, and enable rules CA2311 and CA2312." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2310", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2311", - "shortDescription": { - "text": "Do not deserialize without first setting NetDataContractSerializer.Binder" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2311", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2312", - "shortDescription": { - "text": "Ensure NetDataContractSerializer.Binder is set before deserializing" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2312", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2315", - "shortDescription": { - "text": "Do not use insecure deserializer ObjectStateFormatter" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2315", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2321", - "shortDescription": { - "text": "Do not deserialize with JavaScriptSerializer using a SimpleTypeResolver" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2321", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2322", - "shortDescription": { - "text": "Ensure JavaScriptSerializer is not initialized with SimpleTypeResolver before deserializing" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2322", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2326", - "shortDescription": { - "text": "Do not use TypeNameHandling values other than None" - }, - "fullDescription": { - "text": "Deserializing JSON when using a TypeNameHandling value other than None can be insecure. If you need to instead detect Json.NET deserialization when a SerializationBinder isn't specified, then disable rule CA2326, and enable rules CA2327, CA2328, CA2329, and CA2330." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2326", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2327", - "shortDescription": { - "text": "Do not use insecure JsonSerializerSettings" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2327", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2328", - "shortDescription": { - "text": "Ensure that JsonSerializerSettings are secure" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2328", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2329", - "shortDescription": { - "text": "Do not deserialize with JsonSerializer using an insecure configuration" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2329", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2330", - "shortDescription": { - "text": "Ensure that JsonSerializer has a secure configuration when deserializing" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2330", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2350", - "shortDescription": { - "text": "Do not use DataTable.ReadXml() with untrusted data" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2350", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2351", - "shortDescription": { - "text": "Do not use DataSet.ReadXml() with untrusted data" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2351", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2352", - "shortDescription": { - "text": "Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2352", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2353", - "shortDescription": { - "text": "Unsafe DataSet or DataTable in serializable type" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2353", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2354", - "shortDescription": { - "text": "Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attacks" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2354", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2355", - "shortDescription": { - "text": "Unsafe DataSet or DataTable type found in deserializable object graph" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2355", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2356", - "shortDescription": { - "text": "Unsafe DataSet or DataTable type in web deserializable object graph" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2356", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2361", - "shortDescription": { - "text": "Ensure auto-generated class containing DataSet.ReadXml() is not used with untrusted data" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2361", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2362", - "shortDescription": { - "text": "Unsafe DataSet or DataTable in auto-generated serializable type can be vulnerable to remote code execution attacks" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2362", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3001", - "shortDescription": { - "text": "Review code for SQL injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3001", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3002", - "shortDescription": { - "text": "Review code for XSS vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3002", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3003", - "shortDescription": { - "text": "Review code for file path injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3003", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3004", - "shortDescription": { - "text": "Review code for information disclosure vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3004", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3005", - "shortDescription": { - "text": "Review code for LDAP injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3005", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3006", - "shortDescription": { - "text": "Review code for process command injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3006", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3007", - "shortDescription": { - "text": "Review code for open redirect vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3007", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3008", - "shortDescription": { - "text": "Review code for XPath injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3008", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3009", - "shortDescription": { - "text": "Review code for XML injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3009", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3010", - "shortDescription": { - "text": "Review code for XAML injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3010", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3011", - "shortDescription": { - "text": "Review code for DLL injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3011", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3012", - "shortDescription": { - "text": "Review code for regex injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3012", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3061", - "shortDescription": { - "text": "Do Not Add Schema By URL" - }, - "fullDescription": { - "text": "This overload of XmlSchemaCollection.Add method internally enables DTD processing on the XML reader instance used, and uses UrlResolver for resolving external XML entities. The outcome is information disclosure. Content from file system or network shares for the machine processing the XML can be exposed to attacker. In addition, an attacker can use this as a DoS vector." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3061", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3075", - "shortDescription": { - "text": "Insecure DTD processing in XML" - }, - "fullDescription": { - "text": "Using XmlTextReader.Load(), creating an insecure XmlReaderSettings instance when invoking XmlReader.Create(), setting the InnerXml property of the XmlDocument and enabling DTD processing using XmlUrlResolver insecurely can lead to information disclosure. Replace it with a call to the Load() method overload that takes an XmlReader instance, use XmlReader.Create() to accept XmlReaderSettings arguments or consider explicitly setting secure values. The DataViewSettingCollectionString property of DataViewManager should always be assigned from a trusted source, the DtdProcessing property should be set to false, and the XmlResolver property should be changed to XmlSecureResolver or null." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3075", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3076", - "shortDescription": { - "text": "Insecure XSLT script processing" - }, - "fullDescription": { - "text": "Providing an insecure XsltSettings instance and an insecure XmlResolver instance to XslCompiledTransform.Load method is potentially unsafe as it allows processing script within XSL, which on an untrusted XSL input may lead to malicious code execution. Either replace the insecure XsltSettings argument with XsltSettings.Default or an instance that has disabled document function and script execution, or replace the XmlResolver argument with null or an XmlSecureResolver instance. This message may be suppressed if the input is known to be from a trusted source and external resource resolution from locations that are not known in advance must be supported." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3076", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3077", - "shortDescription": { - "text": "Insecure Processing in API Design, XmlDocument and XmlTextReader" - }, - "fullDescription": { - "text": "Enabling DTD processing on all instances derived from XmlTextReader or  XmlDocument and using XmlUrlResolver for resolving external XML entities may lead to information disclosure. Ensure to set the XmlResolver property to null, create an instance of XmlSecureResolver when processing untrusted input, or use XmlReader.Create method with a secure XmlReaderSettings argument. Unless you need to enable it, ensure the DtdProcessing property is set to false." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3077", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3147", - "shortDescription": { - "text": "Mark Verb Handlers With Validate Antiforgery Token" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3147", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5350", - "shortDescription": { - "text": "Do Not Use Weak Cryptographic Algorithms" - }, - "fullDescription": { - "text": "Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5350", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5351", - "shortDescription": { - "text": "Do Not Use Broken Cryptographic Algorithms" - }, - "fullDescription": { - "text": "An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5351", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5358", - "shortDescription": { - "text": "Review cipher mode usage with cryptography experts" - }, - "fullDescription": { - "text": "These cipher modes might be vulnerable to attacks. Consider using recommended modes (CBC, CTS)." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5358", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5359", - "shortDescription": { - "text": "Do Not Disable Certificate Validation" - }, - "fullDescription": { - "text": "A certificate can help authenticate the identity of the server. Clients should validate the server certificate to ensure requests are sent to the intended server. If the ServerCertificateValidationCallback always returns 'true', any certificate will pass validation." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5359", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5360", - "shortDescription": { - "text": "Do Not Call Dangerous Methods In Deserialization" - }, - "fullDescription": { - "text": "Insecure Deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application, inflict a Denial-of-Service (DoS) attack, or even execute arbitrary code upon it being deserialized. It’s frequently possible for malicious users to abuse these deserialization features when the application is deserializing untrusted data which is under their control. Specifically, invoke dangerous methods in the process of deserialization. Successful insecure deserialization attacks could allow an attacker to carry out attacks such as DoS attacks, authentication bypasses, and remote code execution." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5360", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5361", - "shortDescription": { - "text": "Do Not Disable SChannel Use of Strong Crypto" - }, - "fullDescription": { - "text": "Starting with the .NET Framework 4.6, the System.Net.ServicePointManager and System.Net.Security.SslStream classes are recommended to use new protocols. The old ones have protocol weaknesses and are not supported. Setting Switch.System.Net.DontEnableSchUseStrongCrypto with true will use the old weak crypto check and opt out of the protocol migration." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5361", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5362", - "shortDescription": { - "text": "Potential reference cycle in deserialized object graph" - }, - "fullDescription": { - "text": "Review code that processes untrusted deserialized data for handling of unexpected reference cycles. An unexpected reference cycle should not cause the code to enter an infinite loop. Otherwise, an unexpected reference cycle can allow an attacker to DOS or exhaust the memory of the process when deserializing untrusted data." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5362", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5363", - "shortDescription": { - "text": "Do Not Disable Request Validation" - }, - "fullDescription": { - "text": "Request validation is a feature in ASP.NET that examines HTTP requests and determines whether they contain potentially dangerous content. This check adds protection from markup or code in the URL query string, cookies, or posted form values that might have been added for malicious purposes. So, it is generally desirable and should be left enabled for defense in depth." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5363", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5364", - "shortDescription": { - "text": "Do Not Use Deprecated Security Protocols" - }, - "fullDescription": { - "text": "Using a deprecated security protocol rather than the system default is risky." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5364", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5365", - "shortDescription": { - "text": "Do Not Disable HTTP Header Checking" - }, - "fullDescription": { - "text": "HTTP header checking enables encoding of the carriage return and newline characters, \\r and \\n, that are found in response headers. This encoding can help to avoid injection attacks that exploit an application that echoes untrusted data contained by the header." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5365", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5366", - "shortDescription": { - "text": "Use XmlReader for 'DataSet.ReadXml()'" - }, - "fullDescription": { - "text": "Processing XML from untrusted data may load dangerous external references, which should be restricted by using an XmlReader with a secure resolver or with DTD processing disabled." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5366", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5367", - "shortDescription": { - "text": "Do Not Serialize Types With Pointer Fields" - }, - "fullDescription": { - "text": "Pointers are not \"type safe\" in the sense that you cannot guarantee the correctness of the memory they point at. So, serializing types with pointer fields is dangerous, as it may allow an attacker to control the pointer." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5367", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5368", - "shortDescription": { - "text": "Set ViewStateUserKey For Classes Derived From Page" - }, - "fullDescription": { - "text": "Setting the ViewStateUserKey property can help you prevent attacks on your application by allowing you to assign an identifier to the view-state variable for individual users so that they cannot use the variable to generate an attack. Otherwise, there will be cross-site request forgery vulnerabilities." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5368", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5369", - "shortDescription": { - "text": "Use XmlReader for 'XmlSerializer.Deserialize()'" - }, - "fullDescription": { - "text": "Processing XML from untrusted data may load dangerous external references, which should be restricted by using an XmlReader with a secure resolver or with DTD processing disabled." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5369", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5370", - "shortDescription": { - "text": "Use XmlReader for XmlValidatingReader constructor" - }, - "fullDescription": { - "text": "Processing XML from untrusted data may load dangerous external references, which should be restricted by using an XmlReader with a secure resolver or with DTD processing disabled." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5370", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5371", - "shortDescription": { - "text": "Use XmlReader for 'XmlSchema.Read()'" - }, - "fullDescription": { - "text": "Processing XML from untrusted data may load dangerous external references, which should be restricted by using an XmlReader with a secure resolver or with DTD processing disabled." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5371", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5372", - "shortDescription": { - "text": "Use XmlReader for XPathDocument constructor" - }, - "fullDescription": { - "text": "Processing XML from untrusted data may load dangerous external references, which should be restricted by using an XmlReader with a secure resolver or with DTD processing disabled." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5372", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5373", - "shortDescription": { - "text": "Do not use obsolete key derivation function" - }, - "fullDescription": { - "text": "Password-based key derivation should use PBKDF2 with SHA-2. Avoid using PasswordDeriveBytes since it generates a PBKDF1 key. Avoid using Rfc2898DeriveBytes.CryptDeriveKey since it doesn't use the iteration count or salt." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5373", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5374", - "shortDescription": { - "text": "Do Not Use XslTransform" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5374", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5375", - "shortDescription": { - "text": "Do Not Use Account Shared Access Signature" - }, - "fullDescription": { - "text": "Shared Access Signatures(SAS) are a vital part of the security model for any application using Azure Storage, they should provide limited and safe permissions to your storage account to clients that don't have the account key. All of the operations available via a service SAS are also available via an account SAS, that is, account SAS is too powerful. So it is recommended to use Service SAS to delegate access more carefully." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5375", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5376", - "shortDescription": { - "text": "Use SharedAccessProtocol HttpsOnly" - }, - "fullDescription": { - "text": "HTTPS encrypts network traffic. Use HttpsOnly, rather than HttpOrHttps, to ensure network traffic is always encrypted to help prevent disclosure of sensitive data." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5376", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5377", - "shortDescription": { - "text": "Use Container Level Access Policy" - }, - "fullDescription": { - "text": "No access policy identifier is specified, making tokens non-revocable." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5377", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5378", - "shortDescription": { - "text": "Do not disable ServicePointManagerSecurityProtocols" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5378", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5379", - "shortDescription": { - "text": "Ensure Key Derivation Function algorithm is sufficiently strong" - }, - "fullDescription": { - "text": "Some implementations of the Rfc2898DeriveBytes class allow for a hash algorithm to be specified in a constructor parameter or overwritten in the HashAlgorithm property. If a hash algorithm is specified, then it should be SHA-256 or higher." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5379", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5380", - "shortDescription": { - "text": "Do Not Add Certificates To Root Store" - }, - "fullDescription": { - "text": "By default, the Trusted Root Certification Authorities certificate store is configured with a set of public CAs that has met the requirements of the Microsoft Root Certificate Program. Since all trusted root CAs can issue certificates for any domain, an attacker can pick a weak or coercible CA that you install by yourself to target for an attack - and a single vulnerable, malicious or coercible CA undermines the security of the entire system. To make matters worse, these attacks can go unnoticed quite easily." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5380", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5381", - "shortDescription": { - "text": "Ensure Certificates Are Not Added To Root Store" - }, - "fullDescription": { - "text": "By default, the Trusted Root Certification Authorities certificate store is configured with a set of public CAs that has met the requirements of the Microsoft Root Certificate Program. Since all trusted root CAs can issue certificates for any domain, an attacker can pick a weak or coercible CA that you install by yourself to target for an attack - and a single vulnerable, malicious or coercible CA undermines the security of the entire system. To make matters worse, these attacks can go unnoticed quite easily." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5381", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5382", - "shortDescription": { - "text": "Use Secure Cookies In ASP.NET Core" - }, - "fullDescription": { - "text": "Applications available over HTTPS must use secure cookies." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5382", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5383", - "shortDescription": { - "text": "Ensure Use Secure Cookies In ASP.NET Core" - }, - "fullDescription": { - "text": "Applications available over HTTPS must use secure cookies." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5383", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5384", - "shortDescription": { - "text": "Do Not Use Digital Signature Algorithm (DSA)" - }, - "fullDescription": { - "text": "DSA is too weak to use." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5384", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5385", - "shortDescription": { - "text": "Use Rivest-Shamir-Adleman (RSA) Algorithm With Sufficient Key Size" - }, - "fullDescription": { - "text": "Encryption algorithms are vulnerable to brute force attacks when too small a key size is used." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5385", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5386", - "shortDescription": { - "text": "Avoid hardcoding SecurityProtocolType value" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5386", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5387", - "shortDescription": { - "text": "Do Not Use Weak Key Derivation Function With Insufficient Iteration Count" - }, - "fullDescription": { - "text": "When deriving cryptographic keys from user-provided inputs such as password, use sufficient iteration count (at least 100k)." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5387", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5388", - "shortDescription": { - "text": "Ensure Sufficient Iteration Count When Using Weak Key Derivation Function" - }, - "fullDescription": { - "text": "When deriving cryptographic keys from user-provided inputs such as password, use sufficient iteration count (at least 100k)." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5388", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5389", - "shortDescription": { - "text": "Do Not Add Archive Item's Path To The Target File System Path" - }, - "fullDescription": { - "text": "When extracting files from an archive and using the archive item's path, check if the path is safe. Archive path can be relative and can lead to file system access outside of the expected file system target path, leading to malicious config changes and remote code execution via lay-and-wait technique." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5389", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5390", - "shortDescription": { - "text": "Do not hard-code encryption key" - }, - "fullDescription": { - "text": "SymmetricAlgorithm's .Key property, or a method's rgbKey parameter, should never be a hard-coded value." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5390", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5391", - "shortDescription": { - "text": "Use antiforgery tokens in ASP.NET Core MVC controllers" - }, - "fullDescription": { - "text": "Handling a POST, PUT, PATCH, or DELETE request without validating an antiforgery token may be vulnerable to cross-site request forgery attacks. A cross-site request forgery attack can send malicious requests from an authenticated user to your ASP.NET Core MVC controller." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5391", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5392", - "shortDescription": { - "text": "Use DefaultDllImportSearchPaths attribute for P/Invokes" - }, - "fullDescription": { - "text": "By default, P/Invokes using DllImportAttribute probe a number of directories, including the current working directory for the library to load. This can be a security issue for certain applications, leading to DLL hijacking." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5392", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5393", - "shortDescription": { - "text": "Do not use unsafe DllImportSearchPath value" - }, - "fullDescription": { - "text": "There could be a malicious DLL in the default DLL search directories. Or, depending on where your application is run from, there could be a malicious DLL in the application's directory. Use a DllImportSearchPath value that specifies an explicit search path instead. The DllImportSearchPath flags that this rule looks for can be configured in .editorconfig." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5393", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5394", - "shortDescription": { - "text": "Do not use insecure randomness" - }, - "fullDescription": { - "text": "Using a cryptographically weak pseudo-random number generator may allow an attacker to predict what security-sensitive value will be generated. Use a cryptographically strong random number generator if an unpredictable value is required, or ensure that weak pseudo-random numbers aren't used in a security-sensitive manner." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5394", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5395", - "shortDescription": { - "text": "Miss HttpVerb attribute for action methods" - }, - "fullDescription": { - "text": "All the methods that create, edit, delete, or otherwise modify data do so in the [HttpPost] overload of the method, which needs to be protected with the anti forgery attribute from request forgery. Performing a GET operation should be a safe operation that has no side effects and doesn't modify your persisted data." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5395", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5396", - "shortDescription": { - "text": "Set HttpOnly to true for HttpCookie" - }, - "fullDescription": { - "text": "As a defense in depth measure, ensure security sensitive HTTP cookies are marked as HttpOnly. This indicates web browsers should disallow scripts from accessing the cookies. Injected malicious scripts are a common way of stealing cookies." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5396", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5397", - "shortDescription": { - "text": "Do not use deprecated SslProtocols values" - }, - "fullDescription": { - "text": "Older protocol versions of Transport Layer Security (TLS) are less secure than TLS 1.2 and TLS 1.3, and are more likely to have new vulnerabilities. Avoid older protocol versions to minimize risk." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5397", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5398", - "shortDescription": { - "text": "Avoid hardcoded SslProtocols values" - }, - "fullDescription": { - "text": "Current Transport Layer Security protocol versions may become deprecated if vulnerabilities are found. Avoid hardcoding SslProtocols values to keep your application secure. Use 'None' to let the Operating System choose a version." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5398", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5399", - "shortDescription": { - "text": "HttpClients should enable certificate revocation list checks" - }, - "fullDescription": { - "text": "Using HttpClient without providing a platform specific handler (WinHttpHandler or CurlHandler or HttpClientHandler) where the CheckCertificateRevocationList property is set to true, will allow revoked certificates to be accepted by the HttpClient as valid." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5399", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5400", - "shortDescription": { - "text": "Ensure HttpClient certificate revocation list check is not disabled" - }, - "fullDescription": { - "text": "Using HttpClient without providing a platform specific handler (WinHttpHandler or CurlHandler or HttpClientHandler) where the CheckCertificateRevocationList property is set to true, will allow revoked certificates to be accepted by the HttpClient as valid." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5400", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5401", - "shortDescription": { - "text": "Do not use CreateEncryptor with non-default IV" - }, - "fullDescription": { - "text": "Symmetric encryption should always use a non-repeatable initialization vector to prevent dictionary attacks." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5401", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5402", - "shortDescription": { - "text": "Use CreateEncryptor with the default IV" - }, - "fullDescription": { - "text": "Symmetric encryption should always use a non-repeatable initialization vector to prevent dictionary attacks." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5402", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5403", - "shortDescription": { - "text": "Do not hard-code certificate" - }, - "fullDescription": { - "text": "Hard-coded certificates in source code are vulnerable to being exploited." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5403", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5404", - "shortDescription": { - "text": "Do not disable token validation checks" - }, - "fullDescription": { - "text": "Token validation checks ensure that while validating tokens, all aspects are analyzed and verified. Turning off validation can lead to security holes by allowing untrusted tokens to make it through validation." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5404", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5405", - "shortDescription": { - "text": "Do not always skip token validation in delegates" - }, - "fullDescription": { - "text": "By setting critical TokenValidationParameter validation delegates to true, important authentication safeguards are disabled which can lead to tokens from any issuer or expired tokens being wrongly validated." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5405", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "RP0001", - "shortDescription": { - "text": "Provide dependency rules for analysis" - }, - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "3" - } - }, - { - "id": "RP0002", - "shortDescription": { - "text": "Invalid dependency rules format" - }, - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "3" - } - }, - { - "id": "RP0003", - "shortDescription": { - "text": "No dependency rules matched the current project" - }, - "defaultConfiguration": { - "level": "note" - }, - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "3" - } - }, - { - "id": "RP0004", - "shortDescription": { - "text": "Project reference violation" - }, - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "3" - } - }, - { - "id": "SYSLIB1045", - "shortDescription": { - "text": "Convert to 'GeneratedRegexAttribute'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1045", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1054", - "shortDescription": { - "text": "Use 'LibraryImportAttribute' instead of 'DllImportAttribute' to generate P/Invoke marshalling code at compile time" - }, - "fullDescription": { - "text": "Use 'LibraryImportAttribute' instead of 'DllImportAttribute' to generate P/Invoke marshalling code at compile time" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1054", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1055", - "shortDescription": { - "text": "Invalid 'CustomMarshallerAttribute' usage" - }, - "fullDescription": { - "text": "A type with a 'System.Runtime.InteropServices.CustomMarshallerAttribute' must specify a non-'null' managed type" - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1055", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1056", - "shortDescription": { - "text": "Specified marshaller type is invalid" - }, - "fullDescription": { - "text": "The unmanaged type for a custom marshaller must be a C# unmanaged type." - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1056", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1057", - "shortDescription": { - "text": "Marshaller type does not have the required shape" - }, - "fullDescription": { - "text": "A stateless value marshaller that supports marshalling from managed to unmanaged must provide a one-parameter 'ConvertToUnmanaged' method that takes the managed value as the parameter and returns a value of the 'unmanaged' type." - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1057", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1058", - "shortDescription": { - "text": "Invalid 'NativeMarshallingAttribute' usage" - }, - "fullDescription": { - "text": "An entry-point type for marshalling a given type must have a 'System.Runtime.InteropServices.CustomMarshallerAttribute' that specifies this type as the managed type." - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1058", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1060", - "shortDescription": { - "text": "Specified marshaller type is invalid" - }, - "fullDescription": { - "text": "A marshaller type must either be a stateless static class or a stateful value type. A non-static class is not allowed." - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1060", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1061", - "shortDescription": { - "text": "Marshaller type has incompatible method signatures" - }, - "fullDescription": { - "text": "The return type of 'GetPinnableReference' (after accounting for 'ref') must be blittable." - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1061", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1090", - "shortDescription": { - "text": "'GeneratedComInterfaceType' does not support the 'ComInterfaceType' value supplied to 'InterfaceTypeAttribute' on the same type." - }, - "fullDescription": { - "text": "Using 'GeneratedComInterfaceAttribute' and 'InterfaceTypeAttribute' is not supported with 'ComInterfaceType' value '{0}'." - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1090", - "properties": { - "category": "ComInterfaceGenerator", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1096", - "shortDescription": { - "text": "Convert to 'GeneratedComInterface'" - }, - "fullDescription": { - "text": "Use 'GeneratedComInterfaceAttribute' instead of 'ComImportAttribute' to generate COM marshalling code at compile time" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1096", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1097", - "shortDescription": { - "text": "Add 'GeneratedComClassAttribute' to enable passing objects of this type to COM" - }, - "fullDescription": { - "text": "This type implements at least one type with the 'GeneratedComInterfaceAttribute' attribute or its base type has the 'GeneratedComClassAttribute' attribute. Add the 'GeneratedComClassAttribute' to enable passing this type to COM and exposing the COM interfaces for the types with the 'GeneratedComInterfaceAttribute' from objects of this type." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1097", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1098", - "shortDescription": { - "text": ".NET COM hosting with 'EnableComHosting' does not support interfaces with the 'GeneratedComInterfaceAttribute'" - }, - "fullDescription": { - "text": ".NET COM hosting with 'EnableComHosting' only supports built-in COM interop. It does not support source-generated COM interop with 'GeneratedComInterfaceAttribute'." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1098", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1099", - "shortDescription": { - "text": "COM Interop APIs on 'System.Runtime.InteropServices.Marshal' do not support source-generated COM" - }, - "fullDescription": { - "text": "COM Interop APIs on 'System.Runtime.InteropServices.Marshal' do not support source-generated COM and will fail at runtime" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1099", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "1" - } - } - ] - } - }, - "columnKind": "utf16CodeUnits" - } - ] -} \ No newline at end of file diff --git a/samples/ClassC/build.sarif b/samples/ClassC/build.sarif deleted file mode 100644 index d2beb02..0000000 --- a/samples/ClassC/build.sarif +++ /dev/null @@ -1,42 +0,0 @@ -{ - "$schema": "http://json.schemastore.org/sarif-1.0.0", - "version": "1.0.0", - "runs": [ - { - "tool": { - "name": "Microsoft (R) Visual C# Compiler", - "version": "4.14.0.0", - "fileVersion": "4.14.0-3.25359.3 (6dbcfd2f)", - "semanticVersion": "4.14.0", - "language": "en-US" - }, - "results": [ - { - "ruleId": "RP0001", - "level": "warning", - "message": "Provide DependencyRulesFile property to specify valid dependency rules file. Current path: DependencyRules.json.", - "properties": { - "warningLevel": 1, - "customProperties": { - "AdditionalFiles": "System.Collections.Generic.Dictionary`2[System.String,System.String]", - "CurrentPath": "N/A", - "DependencyRulesFile": "DependencyRules.json", - "DependencyRulesFileFullPath": "C:\\Program Files\\dotnet\\sdk\\9.0.303\\Roslyn\\bincore\\DependencyRules.json" - } - } - } - ], - "rules": { - "RP0001": { - "id": "RP0001", - "shortDescription": "Provide dependency rules for analysis", - "defaultLevel": "warning", - "properties": { - "category": "Usage", - "isEnabledByDefault": true - } - } - } - } - ] -} \ No newline at end of file diff --git a/samples/ClassC/example.sarif b/samples/ClassC/example.sarif deleted file mode 100644 index 54db4fa..0000000 --- a/samples/ClassC/example.sarif +++ /dev/null @@ -1,7841 +0,0 @@ -{ - "$schema": "http://json.schemastore.org/sarif-2.1.0", - "version": "2.1.0", - "runs": [ - { - "results": [ - { - "ruleId": "RP0003", - "ruleIndex": 311, - "level": "note", - "message": { - "text": "No dependency rules matched the current project 'C:\\code\\ReferenceProtector\\samples\\ClassC\\ClassC.csproj'" - }, - "properties": { - "warningLevel": 1 - } - } - ], - "properties": { - "analyzerExecutionTime": "0.020" - }, - "tool": { - "driver": { - "name": "Microsoft (R) Visual C# Compiler", - "version": "4.14.0-3.25359.3 (6dbcfd2f)", - "dottedQuadFileVersion": "4.14.0.0", - "semanticVersion": "4.14.0", - "language": "en-US", - "rules": [ - { - "id": "CA1000", - "shortDescription": { - "text": "Do not declare static members on generic types" - }, - "fullDescription": { - "text": "When a static member of a generic type is called, the type argument must be specified for the type. When a generic instance member that does not support inference is called, the type argument must be specified for the member. In these two cases, the syntax for specifying the type argument is different and easily confused." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1000", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1001", - "shortDescription": { - "text": "Types that own disposable fields should be disposable" - }, - "fullDescription": { - "text": "A class declares and implements an instance field that is a System.IDisposable type, and the class does not implement IDisposable. A class that declares an IDisposable field indirectly owns an unmanaged resource and should implement the IDisposable interface." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1001", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1002", - "shortDescription": { - "text": "Do not expose generic lists" - }, - "fullDescription": { - "text": "System.Collections.Generic.List is a generic collection that's designed for performance and not inheritance. List does not contain virtual members that make it easier to change the behavior of an inherited class." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1002", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1003", - "shortDescription": { - "text": "Use generic event handler instances" - }, - "fullDescription": { - "text": "A type contains a delegate that returns void, whose signature contains two parameters (the first an object and the second a type that is assignable to EventArgs), and the containing assembly targets Microsoft .NET Framework?2.0." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1003", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1005", - "shortDescription": { - "text": "Avoid excessive parameters on generic types" - }, - "fullDescription": { - "text": "The more type parameters a generic type contains, the more difficult it is to know and remember what each type parameter represents." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1005", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry" - ] - } - }, - { - "id": "CA1008", - "shortDescription": { - "text": "Enums should have zero value" - }, - "fullDescription": { - "text": "The default value of an uninitialized enumeration, just as other value types, is zero. A nonflags-attributed enumeration should define a member by using the value of zero so that the default value is a valid value of the enumeration. If an enumeration that has the FlagsAttribute attribute applied defines a zero-valued member, its name should be \"\"None\"\" to indicate that no values have been set in the enumeration." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1008", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode", - "RuleRename" - ] - } - }, - { - "id": "CA1010", - "shortDescription": { - "text": "Generic interface should also be implemented" - }, - "fullDescription": { - "text": "To broaden the usability of a type, implement one of the generic interfaces. This is especially true for collections as they can then be used to populate generic collection types." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1010", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1012", - "shortDescription": { - "text": "Abstract types should not have public constructors" - }, - "fullDescription": { - "text": "Constructors on abstract types can be called only by derived types. Because public constructors create instances of a type, and you cannot create instances of an abstract type, an abstract type that has a public constructor is incorrectly designed." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1012", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1014", - "shortDescription": { - "text": "Mark assemblies with CLSCompliant" - }, - "fullDescription": { - "text": "The Common Language Specification (CLS) defines naming restrictions, data types, and rules to which assemblies must conform if they will be used across programming languages. Good design dictates that all assemblies explicitly indicate CLS compliance by using CLSCompliantAttribute . If this attribute is not present on an assembly, the assembly is not compliant." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1014", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "CompilationEnd" - ] - } - }, - { - "id": "CA1016", - "shortDescription": { - "text": "Mark assemblies with assembly version" - }, - "fullDescription": { - "text": "The .NET Framework uses the version number to uniquely identify an assembly, and to bind to types in strongly named assemblies. The version number is used together with version and publisher policy. By default, applications run only with the assembly version with which they were built." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1016", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA1017", - "shortDescription": { - "text": "Mark assemblies with ComVisible" - }, - "fullDescription": { - "text": "ComVisibleAttribute determines how COM clients access managed code. Good design dictates that assemblies explicitly indicate COM visibility. COM visibility can be set for the whole assembly and then overridden for individual types and type members. If this attribute is not present, the contents of the assembly are visible to COM clients." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1017", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "CompilationEnd" - ] - } - }, - { - "id": "CA1018", - "shortDescription": { - "text": "Mark attributes with AttributeUsageAttribute" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1018", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1019", - "shortDescription": { - "text": "Define accessors for attribute arguments" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1019", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1021", - "shortDescription": { - "text": "Avoid out parameters" - }, - "fullDescription": { - "text": "Passing types by reference (using 'out' or 'ref') requires experience with pointers, understanding how value types and reference types differ, and handling methods with multiple return values. Also, the difference between 'out' and 'ref' parameters is not widely understood." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1021", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry" - ] - } - }, - { - "id": "CA1024", - "shortDescription": { - "text": "Use properties where appropriate" - }, - "fullDescription": { - "text": "A public or protected method has a name that starts with \"\"Get\"\", takes no parameters, and returns a value that is not an array. The method might be a good candidate to become a property." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1024", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1027", - "shortDescription": { - "text": "Mark enums with FlagsAttribute" - }, - "fullDescription": { - "text": "An enumeration is a value type that defines a set of related named constants. Apply FlagsAttribute to an enumeration when its named constants can be meaningfully combined." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1027", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1028", - "shortDescription": { - "text": "Enum Storage should be Int32" - }, - "fullDescription": { - "text": "An enumeration is a value type that defines a set of related named constants. By default, the System.Int32 data type is used to store the constant value. Although you can change this underlying type, it is not required or recommended for most scenarios." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1028", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1030", - "shortDescription": { - "text": "Use events where appropriate" - }, - "fullDescription": { - "text": "This rule detects methods that have names that ordinarily would be used for events. If a method is called in response to a clearly defined state change, the method should be invoked by an event handler. Objects that call the method should raise events instead of calling the method directly." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1030", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1031", - "shortDescription": { - "text": "Do not catch general exception types" - }, - "fullDescription": { - "text": "A general exception such as System.Exception or System.SystemException or a disallowed exception type is caught in a catch statement, or a general catch clause is used. General and disallowed exceptions should not be caught." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1031", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1032", - "shortDescription": { - "text": "Implement standard exception constructors" - }, - "fullDescription": { - "text": "Failure to provide the full set of constructors can make it difficult to correctly handle exceptions." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1032", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1033", - "shortDescription": { - "text": "Interface methods should be callable by child types" - }, - "fullDescription": { - "text": "An unsealed externally visible type provides an explicit method implementation of a public interface and does not provide an alternative externally visible method that has the same name." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1033", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1034", - "shortDescription": { - "text": "Nested types should not be visible" - }, - "fullDescription": { - "text": "A nested type is a type that is declared in the scope of another type. Nested types are useful to encapsulate private implementation details of the containing type. Used for this purpose, nested types should not be externally visible." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1034", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1036", - "shortDescription": { - "text": "Override methods on comparable types" - }, - "fullDescription": { - "text": "A public or protected type implements the System.IComparable interface. It does not override Object.Equals nor does it overload the language-specific operator for equality, inequality, less than, less than or equal, greater than or greater than or equal." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1036", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1040", - "shortDescription": { - "text": "Avoid empty interfaces" - }, - "fullDescription": { - "text": "Interfaces define members that provide a behavior or usage contract. The functionality that is described by the interface can be adopted by any type, regardless of where the type appears in the inheritance hierarchy. A type implements an interface by providing implementations for the members of the interface. An empty interface does not define any members; therefore, it does not define a contract that can be implemented." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1040", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1041", - "shortDescription": { - "text": "Provide ObsoleteAttribute message" - }, - "fullDescription": { - "text": "A type or member is marked by using a System.ObsoleteAttribute attribute that does not have its ObsoleteAttribute.Message property specified. When a type or member that is marked by using ObsoleteAttribute is compiled, the Message property of the attribute is displayed. This gives the user information about the obsolete type or member." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1041", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1043", - "shortDescription": { - "text": "Use Integral Or String Argument For Indexers" - }, - "fullDescription": { - "text": "Indexers, that is, indexed properties, should use integer or string types for the index. These types are typically used for indexing data structures and increase the usability of the library. Use of the Object type should be restricted to those cases where the specific integer or string type cannot be specified at design time. If the design requires other types for the index, reconsider whether the type represents a logical data store. If it does not represent a logical data store, use a method." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1043", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1044", - "shortDescription": { - "text": "Properties should not be write only" - }, - "fullDescription": { - "text": "Although it is acceptable and often necessary to have a read-only property, the design guidelines prohibit the use of write-only properties. This is because letting a user set a value, and then preventing the user from viewing that value, does not provide any security. Also, without read access, the state of shared objects cannot be viewed, which limits their usefulness." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1044", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1045", - "shortDescription": { - "text": "Do not pass types by reference" - }, - "fullDescription": { - "text": "Passing types by reference (using out or ref) requires experience with pointers, understanding how value types and reference types differ, and handling methods that have multiple return values. Also, the difference between out and ref parameters is not widely understood." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1045", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry" - ] - } - }, - { - "id": "CA1046", - "shortDescription": { - "text": "Do not overload equality operator on reference types" - }, - "fullDescription": { - "text": "For reference types, the default implementation of the equality operator is almost always correct. By default, two references are equal only if they point to the same object. If the operator is providing meaningful value equality, the type should implement the generic 'System.IEquatable' interface." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1046", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1050", - "shortDescription": { - "text": "Declare types in namespaces" - }, - "fullDescription": { - "text": "Types are declared in namespaces to prevent name collisions and as a way to organize related types in an object hierarchy." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1050", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1051", - "shortDescription": { - "text": "Do not declare visible instance fields" - }, - "fullDescription": { - "text": "The primary use of a field should be as an implementation detail. Fields should be private or internal and should be exposed by using properties." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1051", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1052", - "shortDescription": { - "text": "Static holder types should be Static or NotInheritable" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1052", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1054", - "shortDescription": { - "text": "URI-like parameters should not be strings" - }, - "fullDescription": { - "text": "This rule assumes that the parameter represents a Uniform Resource Identifier (URI). A string representation or a URI is prone to parsing and encoding errors, and can lead to security vulnerabilities. 'System.Uri' class provides these services in a safe and secure manner." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1054", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1055", - "shortDescription": { - "text": "URI-like return values should not be strings" - }, - "fullDescription": { - "text": "This rule assumes that the method returns a URI. A string representation of a URI is prone to parsing and encoding errors, and can lead to security vulnerabilities. The System.Uri class provides these services in a safe and secure manner." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1055", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1056", - "shortDescription": { - "text": "URI-like properties should not be strings" - }, - "fullDescription": { - "text": "This rule assumes that the property represents a Uniform Resource Identifier (URI). A string representation of a URI is prone to parsing and encoding errors, and can lead to security vulnerabilities. The System.Uri class provides these services in a safe and secure manner." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1056", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1058", - "shortDescription": { - "text": "Types should not extend certain base types" - }, - "fullDescription": { - "text": "An externally visible type extends certain base types. Use one of the alternatives." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1058", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1060", - "shortDescription": { - "text": "Move pinvokes to native methods class" - }, - "fullDescription": { - "text": "Platform Invocation methods, such as those that are marked by using the System.Runtime.InteropServices.DllImportAttribute attribute, or methods that are defined by using the Declare keyword in Visual Basic, access unmanaged code. These methods should be of the NativeMethods, SafeNativeMethods, or UnsafeNativeMethods class." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1060", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry" - ] - } - }, - { - "id": "CA1061", - "shortDescription": { - "text": "Do not hide base class methods" - }, - "fullDescription": { - "text": "A method in a base type is hidden by an identically named method in a derived type when the parameter signature of the derived method differs only by types that are more weakly derived than the corresponding types in the parameter signature of the base method." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1061", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1062", - "shortDescription": { - "text": "Validate arguments of public methods" - }, - "fullDescription": { - "text": "An externally visible method dereferences one of its reference arguments without verifying whether that argument is 'null' ('Nothing' in Visual Basic). All reference arguments that are passed to externally visible methods should be checked against 'null'. If appropriate, throw an 'ArgumentNullException' when the argument is 'null'. If the method is designed to be called only by known assemblies, you should make the method internal." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1062", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1063", - "shortDescription": { - "text": "Implement IDisposable Correctly" - }, - "fullDescription": { - "text": "All IDisposable types should implement the Dispose pattern correctly." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1063", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1064", - "shortDescription": { - "text": "Exceptions should be public" - }, - "fullDescription": { - "text": "An internal exception is visible only inside its own internal scope. After the exception falls outside the internal scope, only the base exception can be used to catch the exception. If the internal exception is inherited from T:System.Exception, T:System.SystemException, or T:System.ApplicationException, the external code will not have sufficient information to know what to do with the exception." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1064", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1065", - "shortDescription": { - "text": "Do not raise exceptions in unexpected locations" - }, - "fullDescription": { - "text": "A method that is not expected to throw exceptions throws an exception." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1065", - "properties": { - "category": "Design", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1066", - "shortDescription": { - "text": "Implement IEquatable when overriding Object.Equals" - }, - "fullDescription": { - "text": "When a type T overrides Object.Equals(object), the implementation must cast the object argument to the correct type T before performing the comparison. If the type implements IEquatable, and therefore offers the method T.Equals(T), and if the argument is known at compile time to be of type T, then the compiler can call IEquatable.Equals(T) instead of Object.Equals(object), and no cast is necessary, improving performance." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1066", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1067", - "shortDescription": { - "text": "Override Object.Equals(object) when implementing IEquatable" - }, - "fullDescription": { - "text": "When a type T implements the interface IEquatable, it suggests to a user who sees a call to the Equals method in source code that an instance of the type can be equated with an instance of any other type. The user might be confused if their attempt to equate the type with an instance of another type fails to compile. This violates the \"principle of least surprise\"." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1067", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1068", - "shortDescription": { - "text": "CancellationToken parameters must come last" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1068", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1069", - "shortDescription": { - "text": "Enums values should not be duplicated" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1069", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1070", - "shortDescription": { - "text": "Do not declare event fields as virtual" - }, - "fullDescription": { - "text": "Do not declare virtual events in a base class. Overridden events in a derived class have undefined behavior. The C# compiler does not handle this correctly and it is unpredictable whether a subscriber to the derived event will actually be subscribing to the base class event." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1070", - "properties": { - "category": "Design", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1200", - "shortDescription": { - "text": "Avoid using cref tags with a prefix" - }, - "fullDescription": { - "text": "Use of cref tags with prefixes should be avoided, since it prevents the compiler from verifying references and the IDE from updating references during refactorings. It is permissible to suppress this error at a single documentation site if the cref must use a prefix because the type being mentioned is not findable by the compiler. For example, if a cref is mentioning a special attribute in the full framework but you're in a file that compiles against the portable framework, or if you want to reference a type at higher layer of Roslyn, you should suppress the error. You should not suppress the error just because you want to take a shortcut and avoid using the full syntax." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1200", - "properties": { - "category": "Documentation", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1303", - "shortDescription": { - "text": "Do not pass literals as localized parameters" - }, - "fullDescription": { - "text": "A method passes a string literal as a parameter to a constructor or method in the .NET Framework class library and that string should be localizable. To fix a violation of this rule, replace the string literal with a string retrieved through an instance of the ResourceManager class." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1303", - "properties": { - "category": "Globalization", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1304", - "shortDescription": { - "text": "Specify CultureInfo" - }, - "fullDescription": { - "text": "A method or constructor calls a member that has an overload that accepts a System.Globalization.CultureInfo parameter, and the method or constructor does not call the overload that takes the CultureInfo parameter. When a CultureInfo or System.IFormatProvider object is not supplied, the default value that is supplied by the overloaded member might not have the effect that you want in all locales. If the result will be displayed to the user, specify 'CultureInfo.CurrentCulture' as the 'CultureInfo' parameter. Otherwise, if the result will be stored and accessed by software, such as when it is persisted to disk or to a database, specify 'CultureInfo.InvariantCulture'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1304", - "properties": { - "category": "Globalization", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1305", - "shortDescription": { - "text": "Specify IFormatProvider" - }, - "fullDescription": { - "text": "A method or constructor calls one or more members that have overloads that accept a System.IFormatProvider parameter, and the method or constructor does not call the overload that takes the IFormatProvider parameter. When a System.Globalization.CultureInfo or IFormatProvider object is not supplied, the default value that is supplied by the overloaded member might not have the effect that you want in all locales. If the result will be based on the input from/output displayed to the user, specify 'CultureInfo.CurrentCulture' as the 'IFormatProvider'. Otherwise, if the result will be stored and accessed by software, such as when it is loaded from disk/database and when it is persisted to disk/database, specify 'CultureInfo.InvariantCulture'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1305", - "properties": { - "category": "Globalization", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1307", - "shortDescription": { - "text": "Specify StringComparison for clarity" - }, - "fullDescription": { - "text": "A string comparison operation uses a method overload that does not set a StringComparison parameter. It is recommended to use the overload with StringComparison parameter for clarity of intent. If the result will be displayed to the user, such as when sorting a list of items for display in a list box, specify 'StringComparison.CurrentCulture' or 'StringComparison.CurrentCultureIgnoreCase' as the 'StringComparison' parameter. If comparing case-insensitive identifiers, such as file paths, environment variables, or registry keys and values, specify 'StringComparison.OrdinalIgnoreCase'. Otherwise, if comparing case-sensitive identifiers, specify 'StringComparison.Ordinal'." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1307", - "properties": { - "category": "Globalization", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1308", - "shortDescription": { - "text": "Normalize strings to uppercase" - }, - "fullDescription": { - "text": "Strings should be normalized to uppercase. A small group of characters cannot make a round trip when they are converted to lowercase. To make a round trip means to convert the characters from one locale to another locale that represents character data differently, and then to accurately retrieve the original characters from the converted characters." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1308", - "properties": { - "category": "Globalization", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1309", - "shortDescription": { - "text": "Use ordinal string comparison" - }, - "fullDescription": { - "text": "A string comparison operation that is nonlinguistic does not set the StringComparison parameter to either Ordinal or OrdinalIgnoreCase. By explicitly setting the parameter to either StringComparison.Ordinal or StringComparison.OrdinalIgnoreCase, your code often gains speed, becomes more correct, and becomes more reliable." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1309", - "properties": { - "category": "Globalization", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1310", - "shortDescription": { - "text": "Specify StringComparison for correctness" - }, - "fullDescription": { - "text": "A string comparison operation uses a method overload that does not set a StringComparison parameter, hence its behavior could vary based on the current user's locale settings. It is strongly recommended to use the overload with StringComparison parameter for correctness and clarity of intent. If the result will be displayed to the user, such as when sorting a list of items for display in a list box, specify 'StringComparison.CurrentCulture' or 'StringComparison.CurrentCultureIgnoreCase' as the 'StringComparison' parameter. If comparing case-insensitive identifiers, such as file paths, environment variables, or registry keys and values, specify 'StringComparison.OrdinalIgnoreCase'. Otherwise, if comparing case-sensitive identifiers, specify 'StringComparison.Ordinal'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1310", - "properties": { - "category": "Globalization", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1311", - "shortDescription": { - "text": "Specify a culture or use an invariant version" - }, - "fullDescription": { - "text": "Specify culture to help avoid accidental implicit dependency on current culture. Using an invariant version yields consistent results regardless of the culture of an application." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1311", - "properties": { - "category": "Globalization", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1401", - "shortDescription": { - "text": "P/Invokes should not be visible" - }, - "fullDescription": { - "text": "A public or protected method in a public type has the System.Runtime.InteropServices.DllImportAttribute attribute (also implemented by the Declare keyword in Visual Basic). Such methods should not be exposed." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1401", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1416", - "shortDescription": { - "text": "Validate platform compatibility" - }, - "fullDescription": { - "text": "Using platform dependent API on a component makes the code no longer work across all platforms." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1416", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1417", - "shortDescription": { - "text": "Do not use 'OutAttribute' on string parameters for P/Invokes" - }, - "fullDescription": { - "text": "String parameters passed by value with the 'OutAttribute' can destabilize the runtime if the string is an interned string." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1417", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1418", - "shortDescription": { - "text": "Use valid platform string" - }, - "fullDescription": { - "text": "Platform compatibility analyzer requires a valid platform name and version." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1418", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1419", - "shortDescription": { - "text": "Provide a parameterless constructor that is as visible as the containing type for concrete types derived from 'System.Runtime.InteropServices.SafeHandle'" - }, - "fullDescription": { - "text": "Providing a parameterless constructor that is as visible as the containing type for a type derived from 'System.Runtime.InteropServices.SafeHandle' enables better performance and usage with source-generated interop solutions." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1419", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1420", - "shortDescription": { - "text": "Property, type, or attribute requires runtime marshalling" - }, - "fullDescription": { - "text": "Using features that require runtime marshalling when runtime marshalling is disabled will result in runtime exceptions." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1420", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1421", - "shortDescription": { - "text": "This method uses runtime marshalling even when the 'DisableRuntimeMarshallingAttribute' is applied" - }, - "fullDescription": { - "text": "This method uses runtime marshalling even when runtime marshalling is disabled, which can cause unexpected behavior differences at runtime due to different expectations of a type's native layout." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1421", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1422", - "shortDescription": { - "text": "Validate platform compatibility" - }, - "fullDescription": { - "text": "Using platform dependent API on a component makes the code no longer work across all platforms." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1422", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1501", - "shortDescription": { - "text": "Avoid excessive inheritance" - }, - "fullDescription": { - "text": "Deeply nested type hierarchies can be difficult to follow, understand, and maintain. This rule limits analysis to hierarchies in the same module. To fix a violation of this rule, derive the type from a base type that is less deep in the inheritance hierarchy or eliminate some of the intermediate base types." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1501", - "properties": { - "category": "Maintainability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "CompilationEnd" - ] - } - }, - { - "id": "CA1502", - "shortDescription": { - "text": "Avoid excessive complexity" - }, - "fullDescription": { - "text": "Cyclomatic complexity measures the number of linearly independent paths through the method, which is determined by the number and complexity of conditional branches. A low cyclomatic complexity generally indicates a method that is easy to understand, test, and maintain. The cyclomatic complexity is calculated from a control flow graph of the method and is given as follows: `cyclomatic complexity = the number of edges - the number of nodes + 1`, where a node represents a logic branch point and an edge represents a line between nodes." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1502", - "properties": { - "category": "Maintainability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "CompilationEnd" - ] - } - }, - { - "id": "CA1505", - "shortDescription": { - "text": "Avoid unmaintainable code" - }, - "fullDescription": { - "text": "The maintainability index is calculated by using the following metrics: lines of code, program volume, and cyclomatic complexity. Program volume is a measure of the difficulty of understanding of a symbol that is based on the number of operators and operands in the code. Cyclomatic complexity is a measure of the structural complexity of the type or method. A low maintainability index indicates that code is probably difficult to maintain and would be a good candidate to redesign." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1505", - "properties": { - "category": "Maintainability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "CompilationEnd" - ] - } - }, - { - "id": "CA1506", - "shortDescription": { - "text": "Avoid excessive class coupling" - }, - "fullDescription": { - "text": "This rule measures class coupling by counting the number of unique type references that a symbol contains. Symbols that have a high degree of class coupling can be difficult to maintain. It is a good practice to have types and methods that exhibit low coupling and high cohesion. To fix this violation, try to redesign the code to reduce the number of types to which it is coupled." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1506", - "properties": { - "category": "Maintainability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "CompilationEnd" - ] - } - }, - { - "id": "CA1507", - "shortDescription": { - "text": "Use nameof to express symbol names" - }, - "fullDescription": { - "text": "Using nameof helps keep your code valid when refactoring." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1507", - "properties": { - "category": "Maintainability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1508", - "shortDescription": { - "text": "Avoid dead conditional code" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1508", - "properties": { - "category": "Maintainability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1509", - "shortDescription": { - "text": "Invalid entry in code metrics rule specification file" - }, - "fullDescription": { - "text": "Invalid entry in code metrics rule specification file." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1509", - "properties": { - "category": "Maintainability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "CompilationEnd" - ] - } - }, - { - "id": "CA1510", - "shortDescription": { - "text": "Use ArgumentNullException throw helper" - }, - "fullDescription": { - "text": "Throw helpers are simpler and more efficient than an if block constructing a new exception instance." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1510", - "properties": { - "category": "Maintainability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1511", - "shortDescription": { - "text": "Use ArgumentException throw helper" - }, - "fullDescription": { - "text": "Throw helpers are simpler and more efficient than an if block constructing a new exception instance." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1511", - "properties": { - "category": "Maintainability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1512", - "shortDescription": { - "text": "Use ArgumentOutOfRangeException throw helper" - }, - "fullDescription": { - "text": "Throw helpers are simpler and more efficient than an if block constructing a new exception instance." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1512", - "properties": { - "category": "Maintainability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1513", - "shortDescription": { - "text": "Use ObjectDisposedException throw helper" - }, - "fullDescription": { - "text": "Throw helpers are simpler and more efficient than an if block constructing a new exception instance." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1513", - "properties": { - "category": "Maintainability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1514", - "shortDescription": { - "text": "Avoid redundant length argument" - }, - "fullDescription": { - "text": "An explicit length calculation can be error-prone and can be avoided when slicing to end of the buffer." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1514", - "properties": { - "category": "Maintainability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1515", - "shortDescription": { - "text": "Consider making public types internal" - }, - "fullDescription": { - "text": "Unlike a class library, an application's API isn't typically referenced publicly, so types can be marked internal." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1515", - "properties": { - "category": "Maintainability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1700", - "shortDescription": { - "text": "Do not name enum values 'Reserved'" - }, - "fullDescription": { - "text": "This rule assumes that an enumeration member that has a name that contains \"reserved\" is not currently used but is a placeholder to be renamed or removed in a future version. Renaming or removing a member is a breaking change." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1700", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1707", - "shortDescription": { - "text": "Identifiers should not contain underscores" - }, - "fullDescription": { - "text": "By convention, identifier names do not contain the underscore (_) character. This rule checks namespaces, types, members, and parameters." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1707", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1708", - "shortDescription": { - "text": "Identifiers should differ by more than case" - }, - "fullDescription": { - "text": "Identifiers for namespaces, types, members, and parameters cannot differ only by case because languages that target the common language runtime are not required to be case-sensitive." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1708", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1710", - "shortDescription": { - "text": "Identifiers should have correct suffix" - }, - "fullDescription": { - "text": "By convention, the names of types that extend certain base types or that implement certain interfaces, or types that are derived from these types, have a suffix that is associated with the base type or interface." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1710", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1711", - "shortDescription": { - "text": "Identifiers should not have incorrect suffix" - }, - "fullDescription": { - "text": "By convention, only the names of types that extend certain base types or that implement certain interfaces, or types that are derived from these types, should end with specific reserved suffixes. Other type names should not use these reserved suffixes." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1711", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1712", - "shortDescription": { - "text": "Do not prefix enum values with type name" - }, - "fullDescription": { - "text": "An enumeration's values should not start with the type name of the enumeration." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1712", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1713", - "shortDescription": { - "text": "Events should not have 'Before' or 'After' prefix" - }, - "fullDescription": { - "text": "Event names should describe the action that raises the event. To name related events that are raised in a specific sequence, use the present or past tense to indicate the relative position in the sequence of actions. For example, when naming a pair of events that is raised when closing a resource, you might name it 'Closing' and 'Closed', instead of 'BeforeClose' and 'AfterClose'." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1713", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1715", - "shortDescription": { - "text": "Identifiers should have correct prefix" - }, - "fullDescription": { - "text": "The name of an externally visible interface does not start with an uppercase \"\"I\"\". The name of a generic type parameter on an externally visible type or method does not start with an uppercase \"\"T\"\"." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1715", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1716", - "shortDescription": { - "text": "Identifiers should not match keywords" - }, - "fullDescription": { - "text": "A namespace name or a type name matches a reserved keyword in a programming language. Identifiers for namespaces and types should not match keywords that are defined by languages that target the common language runtime." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1716", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1720", - "shortDescription": { - "text": "Identifier contains type name" - }, - "fullDescription": { - "text": "Names of parameters and members are better used to communicate their meaning than to describe their type, which is expected to be provided by development tools. For names of members, if a data type name must be used, use a language-independent name instead of a language-specific one." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1720", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1721", - "shortDescription": { - "text": "Property names should not match get methods" - }, - "fullDescription": { - "text": "The name of a public or protected member starts with \"\"Get\"\" and otherwise matches the name of a public or protected property. \"\"Get\"\" methods and properties should have names that clearly distinguish their function." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1721", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1724", - "shortDescription": { - "text": "Type names should not match namespaces" - }, - "fullDescription": { - "text": "Type names should not match the names of namespaces that are defined in the .NET Framework class library. Violating this rule can reduce the usability of the library." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1724", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA1725", - "shortDescription": { - "text": "Parameter names should match base declaration" - }, - "fullDescription": { - "text": "Consistent naming of parameters in an override hierarchy increases the usability of the method overrides. A parameter name in a derived method that differs from the name in the base declaration can cause confusion about whether the method is an override of the base method or a new overload of the method." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1725", - "properties": { - "category": "Naming", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1727", - "shortDescription": { - "text": "Use PascalCase for named placeholders" - }, - "fullDescription": { - "text": "Use PascalCase for named placeholders in the logging message template." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1727", - "properties": { - "category": "Naming", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1802", - "shortDescription": { - "text": "Use literals where appropriate" - }, - "fullDescription": { - "text": "A field is declared static and read-only (Shared and ReadOnly in Visual Basic), and is initialized by using a value that is computable at compile time. Because the value that is assigned to the targeted field is computable at compile time, change the declaration to a const (Const in Visual Basic) field so that the value is computed at compile time instead of at runtime." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1802", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1805", - "shortDescription": { - "text": "Do not initialize unnecessarily" - }, - "fullDescription": { - "text": "The .NET runtime initializes all fields of reference types to their default values before running the constructor. In most cases, explicitly initializing a field to its default value in a constructor is redundant, adding maintenance costs and potentially degrading performance (such as with increased assembly size), and the explicit initialization can be removed. In some cases, such as with static readonly fields that permanently retain their default value, consider instead changing them to be constants or properties." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1805", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1806", - "shortDescription": { - "text": "Do not ignore method results" - }, - "fullDescription": { - "text": "A new object is created but never used; or a method that creates and returns a new string is called and the new string is never used; or a COM or P/Invoke method returns an HRESULT or error code that is never used." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1806", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1810", - "shortDescription": { - "text": "Initialize reference type static fields inline" - }, - "fullDescription": { - "text": "A reference type declares an explicit static constructor. To fix a violation of this rule, initialize all static data when it is declared and remove the static constructor." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1810", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1812", - "shortDescription": { - "text": "Avoid uninstantiated internal classes" - }, - "fullDescription": { - "text": "An instance of an assembly-level type is not created by code in the assembly." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1812", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA1813", - "shortDescription": { - "text": "Avoid unsealed attributes" - }, - "fullDescription": { - "text": "The .NET Framework class library provides methods for retrieving custom attributes. By default, these methods search the attribute inheritance hierarchy. Sealing the attribute eliminates the search through the inheritance hierarchy and can improve performance." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1813", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1814", - "shortDescription": { - "text": "Prefer jagged arrays over multidimensional" - }, - "fullDescription": { - "text": "A jagged array is an array whose elements are arrays. The arrays that make up the elements can be of different sizes, leading to less wasted space for some sets of data." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1814", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1815", - "shortDescription": { - "text": "Override equals and operator equals on value types" - }, - "fullDescription": { - "text": "For value types, the inherited implementation of Equals uses the Reflection library and compares the contents of all fields. Reflection is computationally expensive, and comparing every field for equality might be unnecessary. If you expect users to compare or sort instances, or to use instances as hash table keys, your value type should implement Equals." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1815", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1816", - "shortDescription": { - "text": "Dispose methods should call SuppressFinalize" - }, - "fullDescription": { - "text": "A method that is an implementation of Dispose does not call GC.SuppressFinalize; or a method that is not an implementation of Dispose calls GC.SuppressFinalize; or a method calls GC.SuppressFinalize and passes something other than this (Me in Visual Basic)." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1816", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1819", - "shortDescription": { - "text": "Properties should not return arrays" - }, - "fullDescription": { - "text": "Arrays that are returned by properties are not write-protected, even when the property is read-only. To keep the array tamper-proof, the property must return a copy of the array. Typically, users will not understand the adverse performance implications of calling such a property." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1819", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1820", - "shortDescription": { - "text": "Test for empty strings using string length" - }, - "fullDescription": { - "text": "Comparing strings by using the String.Length property or the String.IsNullOrEmpty method is significantly faster than using Equals." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1820", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1821", - "shortDescription": { - "text": "Remove empty Finalizers" - }, - "fullDescription": { - "text": "Finalizers should be avoided where possible, to avoid the additional performance overhead involved in tracking object lifetime." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1821", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1822", - "shortDescription": { - "text": "Mark members as static" - }, - "fullDescription": { - "text": "Members that do not access instance data or call instance methods can be marked as static. After you mark the methods as static, the compiler will emit nonvirtual call sites to these members. This can give you a measurable performance gain for performance-sensitive code." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1822", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1823", - "shortDescription": { - "text": "Avoid unused private fields" - }, - "fullDescription": { - "text": "Private fields were detected that do not appear to be accessed in the assembly." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1823", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1824", - "shortDescription": { - "text": "Mark assemblies with NeutralResourcesLanguageAttribute" - }, - "fullDescription": { - "text": "The NeutralResourcesLanguage attribute informs the ResourceManager of the language that was used to display the resources of a neutral culture for an assembly. This improves lookup performance for the first resource that you load and can reduce your working set." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1824", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "2", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1825", - "shortDescription": { - "text": "Avoid zero-length array allocations" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1825", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1826", - "shortDescription": { - "text": "Do not use Enumerable methods on indexable collections" - }, - "fullDescription": { - "text": "This collection is directly indexable. Going through LINQ here causes unnecessary allocations and CPU work." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1826", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1827", - "shortDescription": { - "text": "Do not use Count() or LongCount() when Any() can be used" - }, - "fullDescription": { - "text": "For non-empty collections, Count() and LongCount() enumerate the entire sequence, while Any() stops at the first item or the first item that satisfies a condition." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1827", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1828", - "shortDescription": { - "text": "Do not use CountAsync() or LongCountAsync() when AnyAsync() can be used" - }, - "fullDescription": { - "text": "For non-empty collections, CountAsync() and LongCountAsync() enumerate the entire sequence, while AnyAsync() stops at the first item or the first item that satisfies a condition." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1828", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1829", - "shortDescription": { - "text": "Use Length/Count property instead of Count() when available" - }, - "fullDescription": { - "text": "Enumerable.Count() potentially enumerates the sequence while a Length/Count property is a direct access." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1829", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1830", - "shortDescription": { - "text": "Prefer strongly-typed Append and Insert method overloads on StringBuilder" - }, - "fullDescription": { - "text": "StringBuilder.Append and StringBuilder.Insert provide overloads for multiple types beyond System.String. When possible, prefer the strongly-typed overloads over using ToString() and the string-based overload." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1830", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1831", - "shortDescription": { - "text": "Use AsSpan or AsMemory instead of Range-based indexers when appropriate" - }, - "fullDescription": { - "text": "The Range-based indexer on string values produces a copy of requested portion of the string. This copy is usually unnecessary when it is implicitly used as a ReadOnlySpan or ReadOnlyMemory value. Use the AsSpan method to avoid the unnecessary copy." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1831", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1832", - "shortDescription": { - "text": "Use AsSpan or AsMemory instead of Range-based indexers when appropriate" - }, - "fullDescription": { - "text": "The Range-based indexer on array values produces a copy of requested portion of the array. This copy is usually unnecessary when it is implicitly used as a ReadOnlySpan or ReadOnlyMemory value. Use the AsSpan method to avoid the unnecessary copy." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1832", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1833", - "shortDescription": { - "text": "Use AsSpan or AsMemory instead of Range-based indexers when appropriate" - }, - "fullDescription": { - "text": "The Range-based indexer on array values produces a copy of requested portion of the array. This copy is often unwanted when it is implicitly used as a Span or Memory value. Use the AsSpan method to avoid the copy." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1833", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1834", - "shortDescription": { - "text": "Consider using 'StringBuilder.Append(char)' when applicable" - }, - "fullDescription": { - "text": "'StringBuilder.Append(char)' is more efficient than 'StringBuilder.Append(string)' when the string is a single character. When calling 'Append' with a constant, prefer using a constant char rather than a constant string containing one character." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1834", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1835", - "shortDescription": { - "text": "Prefer the 'Memory'-based overloads for 'ReadAsync' and 'WriteAsync'" - }, - "fullDescription": { - "text": "'Stream' has a 'ReadAsync' overload that takes a 'Memory' as the first argument, and a 'WriteAsync' overload that takes a 'ReadOnlyMemory' as the first argument. Prefer calling the memory based overloads, which are more efficient." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1835", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1836", - "shortDescription": { - "text": "Prefer IsEmpty over Count" - }, - "fullDescription": { - "text": "For determining whether the object contains or not any items, prefer using 'IsEmpty' property rather than retrieving the number of items from the 'Count' property and comparing it to 0 or 1." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1836", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1837", - "shortDescription": { - "text": "Use 'Environment.ProcessId'" - }, - "fullDescription": { - "text": "'Environment.ProcessId' is simpler and faster than 'Process.GetCurrentProcess().Id'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1837", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1838", - "shortDescription": { - "text": "Avoid 'StringBuilder' parameters for P/Invokes" - }, - "fullDescription": { - "text": "Marshalling of 'StringBuilder' always creates a native buffer copy, resulting in multiple allocations for one marshalling operation." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1838", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1839", - "shortDescription": { - "text": "Use 'Environment.ProcessPath'" - }, - "fullDescription": { - "text": "'Environment.ProcessPath' is simpler and faster than 'Process.GetCurrentProcess().MainModule.FileName'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1839", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1840", - "shortDescription": { - "text": "Use 'Environment.CurrentManagedThreadId'" - }, - "fullDescription": { - "text": "'Environment.CurrentManagedThreadId' is simpler and faster than 'Thread.CurrentThread.ManagedThreadId'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1840", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1841", - "shortDescription": { - "text": "Prefer Dictionary.Contains methods" - }, - "fullDescription": { - "text": "'ContainsKey' is usually O(1), while 'Keys.Contains' may be O(n) in some cases. Additionally, many dictionary implementations lazily initialize the Keys collection to cut back on allocations." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1841", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1842", - "shortDescription": { - "text": "Do not use 'WhenAll' with a single task" - }, - "fullDescription": { - "text": "Using 'WhenAll' with a single task may result in performance loss, await or return the task instead." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1842", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1843", - "shortDescription": { - "text": "Do not use 'WaitAll' with a single task" - }, - "fullDescription": { - "text": "Using 'WaitAll' with a single task may result in performance loss, await or return the task instead." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1843", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1844", - "shortDescription": { - "text": "Provide memory-based overrides of async methods when subclassing 'Stream'" - }, - "fullDescription": { - "text": "To improve performance, override the memory-based async methods when subclassing 'Stream'. Then implement the array-based methods in terms of the memory-based methods." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1844", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1845", - "shortDescription": { - "text": "Use span-based 'string.Concat'" - }, - "fullDescription": { - "text": "It is more efficient to use 'AsSpan' and 'string.Concat', instead of 'Substring' and a concatenation operator." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1845", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1846", - "shortDescription": { - "text": "Prefer 'AsSpan' over 'Substring'" - }, - "fullDescription": { - "text": "'AsSpan' is more efficient than 'Substring'. 'Substring' performs an O(n) string copy, while 'AsSpan' does not and has a constant cost." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1846", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1847", - "shortDescription": { - "text": "Use char literal for a single character lookup" - }, - "fullDescription": { - "text": "'string.Contains(char)' is available as a better performing overload for single char lookup." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1847", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1848", - "shortDescription": { - "text": "Use the LoggerMessage delegates" - }, - "fullDescription": { - "text": "For improved performance, use the LoggerMessage delegates." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1848", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1849", - "shortDescription": { - "text": "Call async methods when in an async method" - }, - "fullDescription": { - "text": "When inside a Task-returning method, use the async version of methods, if they exist." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1849", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1850", - "shortDescription": { - "text": "Prefer static 'HashData' method over 'ComputeHash'" - }, - "fullDescription": { - "text": "It is more efficient to use the static 'HashData' method over creating and managing a HashAlgorithm instance to call 'ComputeHash'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1850", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1851", - "shortDescription": { - "text": "Possible multiple enumerations of 'IEnumerable' collection" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1851", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1852", - "shortDescription": { - "text": "Seal internal types" - }, - "fullDescription": { - "text": "When a type is not accessible outside its assembly and has no subtypes within its containing assembly, it can be safely sealed. Sealing types can improve performance." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1852", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA1853", - "shortDescription": { - "text": "Unnecessary call to 'Dictionary.ContainsKey(key)'" - }, - "fullDescription": { - "text": "Do not guard 'Dictionary.Remove(key)' with 'Dictionary.ContainsKey(key)'. The former already checks whether the key exists, and will not throw if it does not." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1853", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1854", - "shortDescription": { - "text": "Prefer the 'IDictionary.TryGetValue(TKey, out TValue)' method" - }, - "fullDescription": { - "text": "Prefer a 'TryGetValue' call over a Dictionary indexer access guarded by a 'ContainsKey' check. 'ContainsKey' and the indexer both would lookup the key under the hood, so using 'TryGetValue' removes the extra lookup." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1854", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1855", - "shortDescription": { - "text": "Prefer 'Clear' over 'Fill'" - }, - "fullDescription": { - "text": "It is more efficient to use 'Clear', instead of 'Fill' with default value." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1855", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1856", - "shortDescription": { - "text": "Incorrect usage of ConstantExpected attribute" - }, - "fullDescription": { - "text": "ConstantExpected attribute is not applied correctly on the parameter." - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1856", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1857", - "shortDescription": { - "text": "A constant is expected for the parameter" - }, - "fullDescription": { - "text": "The parameter expects a constant for optimal performance." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1857", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1858", - "shortDescription": { - "text": "Use 'StartsWith' instead of 'IndexOf'" - }, - "fullDescription": { - "text": "It is both clearer and faster to use 'StartsWith' instead of comparing the result of 'IndexOf' to zero." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1858", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1859", - "shortDescription": { - "text": "Use concrete types when possible for improved performance" - }, - "fullDescription": { - "text": "Using concrete types avoids virtual or interface call overhead and enables inlining." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1859", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1860", - "shortDescription": { - "text": "Avoid using 'Enumerable.Any()' extension method" - }, - "fullDescription": { - "text": "Prefer using 'IsEmpty', 'Count' or 'Length' properties whichever available, rather than calling 'Enumerable.Any()'. The intent is clearer and it is more performant than using 'Enumerable.Any()' extension method." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1860", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1861", - "shortDescription": { - "text": "Avoid constant arrays as arguments" - }, - "fullDescription": { - "text": "Constant arrays passed as arguments are not reused when called repeatedly, which implies a new array is created each time. Consider extracting them to 'static readonly' fields to improve performance if the passed array is not mutated within the called method." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1861", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1862", - "shortDescription": { - "text": "Use the 'StringComparison' method overloads to perform case-insensitive string comparisons" - }, - "fullDescription": { - "text": "Avoid calling 'ToLower', 'ToUpper', 'ToLowerInvariant' and 'ToUpperInvariant' to perform case-insensitive string comparisons because they lead to an allocation. Instead, prefer calling the method overloads of 'Contains', 'IndexOf' and 'StartsWith' that take a 'StringComparison' enum value to perform case-insensitive comparisons. Switching to using an overload that takes a 'StringComparison' might cause subtle changes in behavior, so it's important to conduct thorough testing after applying the suggestion. Additionally, if a culturally sensitive comparison is not required, consider using 'StringComparison.OrdinalIgnoreCase'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1862", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1863", - "shortDescription": { - "text": "Use 'CompositeFormat'" - }, - "fullDescription": { - "text": "Cache and use a 'CompositeFormat' instance as the argument to this formatting operation, rather than passing in the original format string. This reduces the cost of the formatting operation." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1863", - "properties": { - "category": "Performance", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1864", - "shortDescription": { - "text": "Prefer the 'IDictionary.TryAdd(TKey, TValue)' method" - }, - "fullDescription": { - "text": "Prefer a 'TryAdd' call over an 'Add' call guarded by a 'ContainsKey' check. 'TryAdd' behaves the same as 'Add', except that when the specified key already exists, it returns 'false' instead of throwing an exception." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1864", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1865", - "shortDescription": { - "text": "Use char overload" - }, - "fullDescription": { - "text": "The char overload is a better performing overload than a string with a single char." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1865", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "0.006", - "executionTimeInPercentage": "28", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1866", - "shortDescription": { - "text": "Use char overload" - }, - "fullDescription": { - "text": "The char overload is a better performing overload than a string with a single char." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1866", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "0.006", - "executionTimeInPercentage": "28", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1867", - "shortDescription": { - "text": "Use char overload" - }, - "fullDescription": { - "text": "The char overload is a better performing overload than a string with a single char." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1867", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "0.006", - "executionTimeInPercentage": "28", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1868", - "shortDescription": { - "text": "Unnecessary call to 'Contains(item)'" - }, - "fullDescription": { - "text": "Do not guard 'Add(item)' or 'Remove(item)' with 'Contains(item)' for the set. The former two already check whether the item exists and will return if it was added or removed." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1868", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1869", - "shortDescription": { - "text": "Cache and reuse 'JsonSerializerOptions' instances" - }, - "fullDescription": { - "text": "Avoid creating a new 'JsonSerializerOptions' instance for every serialization operation. Cache and reuse instances instead. Single use 'JsonSerializerOptions' instances can substantially degrade the performance of your application." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1869", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1870", - "shortDescription": { - "text": "Use a cached 'SearchValues' instance" - }, - "fullDescription": { - "text": "Using a cached 'SearchValues' instance is more efficient than passing values to 'IndexOfAny'/'ContainsAny' directly." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1870", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1871", - "shortDescription": { - "text": "Do not pass a nullable struct to 'ArgumentNullException.ThrowIfNull'" - }, - "fullDescription": { - "text": "'ArgumentNullException.ThrowIfNull' accepts an 'object', so passing a nullable struct may cause the value to be boxed." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1871", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA1872", - "shortDescription": { - "text": "Prefer 'Convert.ToHexString' and 'Convert.ToHexStringLower' over call chains based on 'BitConverter.ToString'" - }, - "fullDescription": { - "text": "Use 'Convert.ToHexString' or 'Convert.ToHexStringLower' when encoding bytes to a hexadecimal string representation. These methods are more efficient and allocation-friendly than using 'BitConverter.ToString' in combination with 'String.Replace' to replace dashes and 'String.ToLower'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1872", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2000", - "shortDescription": { - "text": "Dispose objects before losing scope" - }, - "fullDescription": { - "text": "If a disposable object is not explicitly disposed before all references to it are out of scope, the object will be disposed at some indeterminate time when the garbage collector runs the finalizer of the object. Because an exceptional event might occur that will prevent the finalizer of the object from running, the object should be explicitly disposed instead." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2000", - "properties": { - "category": "Reliability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2002", - "shortDescription": { - "text": "Do not lock on objects with weak identity" - }, - "fullDescription": { - "text": "An object is said to have a weak identity when it can be directly accessed across application domain boundaries. A thread that tries to acquire a lock on an object that has a weak identity can be blocked by a second thread in a different application domain that has a lock on the same object." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2002", - "properties": { - "category": "Reliability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2007", - "shortDescription": { - "text": "Consider calling ConfigureAwait on the awaited task" - }, - "fullDescription": { - "text": "When an asynchronous method awaits a Task directly, continuation occurs in the same thread that created the task. Consider calling Task.ConfigureAwait(Boolean) to signal your intention for continuation. Call ConfigureAwait(false) on the task to schedule continuations to the thread pool, thereby avoiding a deadlock on the UI thread. Passing false is a good option for app-independent libraries. Calling ConfigureAwait(true) on the task has the same behavior as not explicitly calling ConfigureAwait. By explicitly calling this method, you're letting readers know you intentionally want to perform the continuation on the original synchronization context." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2007", - "properties": { - "category": "Reliability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2008", - "shortDescription": { - "text": "Do not create tasks without passing a TaskScheduler" - }, - "fullDescription": { - "text": "Do not create tasks unless you are using one of the overloads that takes a TaskScheduler. The default is to schedule on TaskScheduler.Current, which would lead to deadlocks. Either use TaskScheduler.Default to schedule on the thread pool, or explicitly pass TaskScheduler.Current to make your intentions clear." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2008", - "properties": { - "category": "Reliability", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2009", - "shortDescription": { - "text": "Do not call ToImmutableCollection on an ImmutableCollection value" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2009", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2011", - "shortDescription": { - "text": "Avoid infinite recursion" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2011", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2012", - "shortDescription": { - "text": "Use ValueTasks correctly" - }, - "fullDescription": { - "text": "ValueTasks returned from member invocations are intended to be directly awaited. Attempts to consume a ValueTask multiple times or to directly access one's result before it's known to be completed may result in an exception or corruption. Ignoring such a ValueTask is likely an indication of a functional bug and may degrade performance." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2012", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2013", - "shortDescription": { - "text": "Do not use ReferenceEquals with value types" - }, - "fullDescription": { - "text": "Value type typed arguments are uniquely boxed for each call to this method, therefore the result can be unexpected." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2013", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2014", - "shortDescription": { - "text": "Do not use stackalloc in loops" - }, - "fullDescription": { - "text": "Stack space allocated by a stackalloc is only released at the end of the current method's invocation. Using it in a loop can result in unbounded stack growth and eventual stack overflow conditions." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2014", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2015", - "shortDescription": { - "text": "Do not define finalizers for types derived from MemoryManager" - }, - "fullDescription": { - "text": "Adding a finalizer to a type derived from MemoryManager may permit memory to be freed while it is still in use by a Span." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2015", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2016", - "shortDescription": { - "text": "Forward the 'CancellationToken' parameter to methods" - }, - "fullDescription": { - "text": "Forward the 'CancellationToken' parameter to methods to ensure the operation cancellation notifications gets properly propagated, or pass in 'CancellationToken.None' explicitly to indicate intentionally not propagating the token." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2016", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2017", - "shortDescription": { - "text": "Parameter count mismatch" - }, - "fullDescription": { - "text": "Number of parameters supplied in the logging message template do not match the number of named placeholders." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2017", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2018", - "shortDescription": { - "text": "'Buffer.BlockCopy' expects the number of bytes to be copied for the 'count' argument" - }, - "fullDescription": { - "text": "'Buffer.BlockCopy' expects the number of bytes to be copied for the 'count' argument. Using 'Array.Length' may not match the number of bytes that needs to be copied." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2018", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2019", - "shortDescription": { - "text": "Improper 'ThreadStatic' field initialization" - }, - "fullDescription": { - "text": "'ThreadStatic' fields should be initialized lazily on use, not with inline initialization nor explicitly in a static constructor, which would only initialize the field on the thread that runs the type's static constructor." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2019", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2020", - "shortDescription": { - "text": "Prevent behavioral change" - }, - "fullDescription": { - "text": "Some built-in operators added in .NET 7 behave differently when overflowing than did the corresponding user-defined operators in .NET 6 and earlier versions. Some operators that previously threw in an unchecked context now don't throw unless wrapped within a checked context. Also, some operators that did not previously throw in a checked context now throw unless wrapped in an unchecked context." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2020", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2021", - "shortDescription": { - "text": "Do not call Enumerable.Cast or Enumerable.OfType with incompatible types" - }, - "fullDescription": { - "text": "Enumerable.Cast and Enumerable.OfType require compatible types to function expectedly. \u000d\u000aThe generic cast (IL 'unbox.any') used by the sequence returned by Enumerable.Cast will throw InvalidCastException at runtime on elements of the types specified. \u000d\u000aThe generic type check (C# 'is' operator/IL 'isinst') used by Enumerable.OfType will never succeed with elements of types specified, resulting in an empty sequence. \u000d\u000aWidening and user defined conversions are not supported with generic types." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2021", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2022", - "shortDescription": { - "text": "Avoid inexact read with 'Stream.Read'" - }, - "fullDescription": { - "text": "A call to 'Stream.Read' may return fewer bytes than requested, resulting in unreliable code if the return value is not checked." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2022", - "properties": { - "category": "Reliability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2100", - "shortDescription": { - "text": "Review SQL queries for security vulnerabilities" - }, - "fullDescription": { - "text": "SQL queries that directly use user input can be vulnerable to SQL injection attacks. Review this SQL query for potential vulnerabilities, and consider using a parameterized SQL query." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2100", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2101", - "shortDescription": { - "text": "Specify marshaling for P/Invoke string arguments" - }, - "fullDescription": { - "text": "A platform invoke member allows partially trusted callers, has a string parameter, and does not explicitly marshal the string. This can cause a potential security vulnerability." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2101", - "properties": { - "category": "Globalization", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2119", - "shortDescription": { - "text": "Seal methods that satisfy private interfaces" - }, - "fullDescription": { - "text": "An inheritable public type provides an overridable method implementation of an internal (Friend in Visual Basic) interface. To fix a violation of this rule, prevent the method from being overridden outside the assembly." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2119", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2153", - "shortDescription": { - "text": "Do Not Catch Corrupted State Exceptions" - }, - "fullDescription": { - "text": "Catching corrupted state exceptions could mask errors (such as access violations), resulting in inconsistent state of execution or making it easier for attackers to compromise system. Instead, catch and handle a more specific set of exception type(s) or re-throw the exception." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2153", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2200", - "shortDescription": { - "text": "Rethrow to preserve stack details" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2200", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2201", - "shortDescription": { - "text": "Do not raise reserved exception types" - }, - "fullDescription": { - "text": "An exception of type that is not sufficiently specific or reserved by the runtime should never be raised by user code. This makes the original error difficult to detect and debug. If this exception instance might be thrown, use a different exception type." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2201", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2207", - "shortDescription": { - "text": "Initialize value type static fields inline" - }, - "fullDescription": { - "text": "A value type declares an explicit static constructor. To fix a violation of this rule, initialize all static data when it is declared and remove the static constructor." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2207", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2208", - "shortDescription": { - "text": "Instantiate argument exceptions correctly" - }, - "fullDescription": { - "text": "A call is made to the default (parameterless) constructor of an exception type that is or derives from ArgumentException, or an incorrect string argument is passed to a parameterized constructor of an exception type that is or derives from ArgumentException." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2208", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2211", - "shortDescription": { - "text": "Non-constant fields should not be visible" - }, - "fullDescription": { - "text": "Static fields that are neither constants nor read-only are not thread-safe. Access to such a field must be carefully controlled and requires advanced programming techniques to synchronize access to the class object." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2211", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2213", - "shortDescription": { - "text": "Disposable fields should be disposed" - }, - "fullDescription": { - "text": "A type that implements System.IDisposable declares fields that are of types that also implement IDisposable. The Dispose method of the field is not called by the Dispose method of the declaring type. To fix a violation of this rule, call Dispose on fields that are of types that implement IDisposable if you are responsible for allocating and releasing the unmanaged resources held by the field." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2213", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2214", - "shortDescription": { - "text": "Do not call overridable methods in constructors" - }, - "fullDescription": { - "text": "Virtual methods defined on the class should not be called from constructors. If a derived class has overridden the method, the derived class version will be called (before the derived class constructor is called)." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2214", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2215", - "shortDescription": { - "text": "Dispose methods should call base class dispose" - }, - "fullDescription": { - "text": "A type that implements System.IDisposable inherits from a type that also implements IDisposable. The Dispose method of the inheriting type does not call the Dispose method of the parent type. To fix a violation of this rule, call base.Dispose in your Dispose method." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2215", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2216", - "shortDescription": { - "text": "Disposable types should declare finalizer" - }, - "fullDescription": { - "text": "A type that implements System.IDisposable and has fields that suggest the use of unmanaged resources does not implement a finalizer, as described by Object.Finalize." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2216", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2217", - "shortDescription": { - "text": "Do not mark enums with FlagsAttribute" - }, - "fullDescription": { - "text": "An externally visible enumeration is marked by using FlagsAttribute, and it has one or more values that are not powers of two or a combination of the other defined values on the enumeration." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2217", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2219", - "shortDescription": { - "text": "Do not raise exceptions in finally clauses" - }, - "fullDescription": { - "text": "When an exception is raised in a finally clause, the new exception hides the active exception. This makes the original error difficult to detect and debug." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2219", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2225", - "shortDescription": { - "text": "Operator overloads have named alternates" - }, - "fullDescription": { - "text": "An operator overload was detected, and the expected named alternative method was not found. The named alternative member provides access to the same functionality as the operator and is provided for developers who program in languages that do not support overloaded operators." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2225", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2226", - "shortDescription": { - "text": "Operators should have symmetrical overloads" - }, - "fullDescription": { - "text": "A type implements the equality or inequality operator and does not implement the opposite operator." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2226", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2227", - "shortDescription": { - "text": "Collection properties should be read only" - }, - "fullDescription": { - "text": "A writable collection property allows a user to replace the collection with a different collection. A read-only property stops the collection from being replaced but still allows the individual members to be set." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2227", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2231", - "shortDescription": { - "text": "Overload operator equals on overriding value type Equals" - }, - "fullDescription": { - "text": "In most programming languages there is no default implementation of the equality operator (==) for value types. If your programming language supports operator overloads, you should consider implementing the equality operator. Its behavior should be identical to that of Equals." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2231", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2234", - "shortDescription": { - "text": "Pass system uri objects instead of strings" - }, - "fullDescription": { - "text": "A call is made to a method that has a string parameter whose name contains \"uri\", \"URI\", \"urn\", \"URN\", \"url\", or \"URL\". The declaring type of the method contains a corresponding method overload that has a System.Uri parameter." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2234", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2235", - "shortDescription": { - "text": "Mark all non-serializable fields" - }, - "fullDescription": { - "text": "An instance field of a type that is not serializable is declared in a type that is serializable." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2235", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2237", - "shortDescription": { - "text": "Mark ISerializable types with serializable" - }, - "fullDescription": { - "text": "To be recognized by the common language runtime as serializable, types must be marked by using the SerializableAttribute attribute even when the type uses a custom serialization routine through implementation of the ISerializable interface." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2237", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2241", - "shortDescription": { - "text": "Provide correct arguments to formatting methods" - }, - "fullDescription": { - "text": "The format argument that is passed to System.String.Format does not contain a format item that corresponds to each object argument, or vice versa." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2241", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2242", - "shortDescription": { - "text": "Test for NaN correctly" - }, - "fullDescription": { - "text": "This expression tests a value against Single.Nan or Double.Nan. Use Single.IsNan(Single) or Double.IsNan(Double) to test the value." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2242", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2243", - "shortDescription": { - "text": "Attribute string literals should parse correctly" - }, - "fullDescription": { - "text": "The string literal parameter of an attribute does not parse correctly for a URL, a GUID, or a version." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2243", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "PortedFromFxCop", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2244", - "shortDescription": { - "text": "Do not duplicate indexed element initializations" - }, - "fullDescription": { - "text": "Indexed elements in objects initializers must initialize unique elements. A duplicate index might overwrite a previous element initialization." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2244", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2245", - "shortDescription": { - "text": "Do not assign a property to itself" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2245", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2246", - "shortDescription": { - "text": "Assigning symbol and its member in the same statement" - }, - "fullDescription": { - "text": "Assigning to a symbol and its member (field/property) in the same statement is not recommended. It is not clear if the member access was intended to use symbol's old value prior to the assignment or new value from the assignment in this statement. For clarity, consider splitting the assignments into separate statements." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2246", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2247", - "shortDescription": { - "text": "Argument passed to TaskCompletionSource constructor should be TaskCreationOptions enum instead of TaskContinuationOptions enum" - }, - "fullDescription": { - "text": "TaskCompletionSource has constructors that take TaskCreationOptions that control the underlying Task, and constructors that take object state that's stored in the task. Accidentally passing a TaskContinuationOptions instead of a TaskCreationOptions will result in the call treating the options as state." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2247", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2248", - "shortDescription": { - "text": "Provide correct 'enum' argument to 'Enum.HasFlag'" - }, - "fullDescription": { - "text": "'Enum.HasFlag' method expects the 'enum' argument to be of the same 'enum' type as the instance on which the method is invoked and that this 'enum' is marked with 'System.FlagsAttribute'. If these are different 'enum' types, an unhandled exception will be thrown at runtime. If the 'enum' type is not marked with 'System.FlagsAttribute' the call will always return 'false' at runtime." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2248", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2249", - "shortDescription": { - "text": "Consider using 'string.Contains' instead of 'string.IndexOf'" - }, - "fullDescription": { - "text": "Calls to 'string.IndexOf' where the result is used to check for the presence/absence of a substring can be replaced by 'string.Contains'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2249", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2250", - "shortDescription": { - "text": "Use 'ThrowIfCancellationRequested'" - }, - "fullDescription": { - "text": "'ThrowIfCancellationRequested' automatically checks whether the token has been canceled, and throws an 'OperationCanceledException' if it has." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2250", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2251", - "shortDescription": { - "text": "Use 'string.Equals'" - }, - "fullDescription": { - "text": "It is both clearer and likely faster to use 'string.Equals' instead of comparing the result of 'string.Compare' to zero." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2251", - "properties": { - "category": "Usage", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2252", - "shortDescription": { - "text": "This API requires opting into preview features" - }, - "fullDescription": { - "text": "An assembly has to opt into preview features before using them." - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2252", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2253", - "shortDescription": { - "text": "Named placeholders should not be numeric values" - }, - "fullDescription": { - "text": "Named placeholders in the logging message template should not be comprised of only numeric characters." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2253", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2254", - "shortDescription": { - "text": "Template should be a static expression" - }, - "fullDescription": { - "text": "The logging message template should not vary between calls." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2254", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2255", - "shortDescription": { - "text": "The 'ModuleInitializer' attribute should not be used in libraries" - }, - "fullDescription": { - "text": "Module initializers are intended to be used by application code to ensure an application's components are initialized before the application code begins executing. If library code declares a method with the 'ModuleInitializerAttribute', it can interfere with application initialization and also lead to limitations in that application's trimming abilities. Instead of using methods marked with 'ModuleInitializerAttribute', the library should expose methods that can be used to initialize any components within the library and allow the application to invoke the method during application initialization." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2255", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2256", - "shortDescription": { - "text": "All members declared in parent interfaces must have an implementation in a DynamicInterfaceCastableImplementation-attributed interface" - }, - "fullDescription": { - "text": "Types attributed with 'DynamicInterfaceCastableImplementationAttribute' act as an interface implementation for a type that implements the 'IDynamicInterfaceCastable' type. As a result, it must provide an implementation of all of the members defined in the inherited interfaces, because the type that implements 'IDynamicInterfaceCastable' will not provide them otherwise." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2256", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2257", - "shortDescription": { - "text": "Members defined on an interface with the 'DynamicInterfaceCastableImplementationAttribute' should be 'static'" - }, - "fullDescription": { - "text": "Since a type that implements 'IDynamicInterfaceCastable' may not implement a dynamic interface in metadata, calls to an instance interface member that is not an explicit implementation defined on this type are likely to fail at runtime. Mark new interface members 'static' to avoid runtime errors." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2257", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2258", - "shortDescription": { - "text": "Providing a 'DynamicInterfaceCastableImplementation' interface in Visual Basic is unsupported" - }, - "fullDescription": { - "text": "Providing a functional 'DynamicInterfaceCastableImplementationAttribute'-attributed interface requires the Default Interface Members feature, which is unsupported in Visual Basic." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2258", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2259", - "shortDescription": { - "text": "'ThreadStatic' only affects static fields" - }, - "fullDescription": { - "text": "'ThreadStatic' only affects static fields. When applied to instance fields, it has no impact on behavior." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2259", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2260", - "shortDescription": { - "text": "Use correct type parameter" - }, - "fullDescription": { - "text": "Generic math interfaces require the derived type itself to be used for the self recurring type parameter." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2260", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2261", - "shortDescription": { - "text": "Do not use ConfigureAwaitOptions.SuppressThrowing with Task" - }, - "fullDescription": { - "text": "The ConfigureAwaitOptions.SuppressThrowing option is only supported with the non-generic Task, not a Task. To use it with a Task, first cast to the base Task." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2261", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2262", - "shortDescription": { - "text": "Set 'MaxResponseHeadersLength' properly" - }, - "fullDescription": { - "text": "The property 'MaxResponseHeadersLength' is measured in kilobytes, not in bytes. The provided value is multiplied by 1024, which might be greater than your intended maximum length." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2262", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2263", - "shortDescription": { - "text": "Prefer generic overload when type is known" - }, - "fullDescription": { - "text": "Using a generic overload is preferable to the 'System.Type' overload when the type is known, promoting cleaner and more type-safe code with improved compile-time checks." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2263", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2264", - "shortDescription": { - "text": "Do not pass a non-nullable value to 'ArgumentNullException.ThrowIfNull'" - }, - "fullDescription": { - "text": "'ArgumentNullException.ThrowIfNull' throws when the passed argument is 'null'. Certain constructs like non-nullable structs, 'nameof()' and 'new' expressions are known to never be null, so 'ArgumentNullException.ThrowIfNull' will never throw." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2264", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2265", - "shortDescription": { - "text": "Do not compare Span to 'null' or 'default'" - }, - "fullDescription": { - "text": "Comparing a span to 'null' or 'default' might not do what you intended. 'default' and the 'null' literal are implicitly converted to 'Span.Empty'. Remove the redundant comparison or make the code more explicit by using 'IsEmpty'." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2265", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2300", - "shortDescription": { - "text": "Do not use insecure deserializer BinaryFormatter" - }, - "fullDescription": { - "text": "The method '{0}' is insecure when deserializing untrusted data. If you need to instead detect BinaryFormatter deserialization without a SerializationBinder set, then disable rule CA2300, and enable rules CA2301 and CA2302." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2300", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2301", - "shortDescription": { - "text": "Do not call BinaryFormatter.Deserialize without first setting BinaryFormatter.Binder" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2301", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2302", - "shortDescription": { - "text": "Ensure BinaryFormatter.Binder is set before calling BinaryFormatter.Deserialize" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2302", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2305", - "shortDescription": { - "text": "Do not use insecure deserializer LosFormatter" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2305", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2310", - "shortDescription": { - "text": "Do not use insecure deserializer NetDataContractSerializer" - }, - "fullDescription": { - "text": "The method '{0}' is insecure when deserializing untrusted data. If you need to instead detect NetDataContractSerializer deserialization without a SerializationBinder set, then disable rule CA2310, and enable rules CA2311 and CA2312." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2310", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2311", - "shortDescription": { - "text": "Do not deserialize without first setting NetDataContractSerializer.Binder" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2311", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2312", - "shortDescription": { - "text": "Ensure NetDataContractSerializer.Binder is set before deserializing" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2312", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2315", - "shortDescription": { - "text": "Do not use insecure deserializer ObjectStateFormatter" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2315", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2321", - "shortDescription": { - "text": "Do not deserialize with JavaScriptSerializer using a SimpleTypeResolver" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2321", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2322", - "shortDescription": { - "text": "Ensure JavaScriptSerializer is not initialized with SimpleTypeResolver before deserializing" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2322", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2326", - "shortDescription": { - "text": "Do not use TypeNameHandling values other than None" - }, - "fullDescription": { - "text": "Deserializing JSON when using a TypeNameHandling value other than None can be insecure. If you need to instead detect Json.NET deserialization when a SerializationBinder isn't specified, then disable rule CA2326, and enable rules CA2327, CA2328, CA2329, and CA2330." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2326", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2327", - "shortDescription": { - "text": "Do not use insecure JsonSerializerSettings" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2327", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2328", - "shortDescription": { - "text": "Ensure that JsonSerializerSettings are secure" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2328", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2329", - "shortDescription": { - "text": "Do not deserialize with JsonSerializer using an insecure configuration" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2329", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2330", - "shortDescription": { - "text": "Ensure that JsonSerializer has a secure configuration when deserializing" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2330", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA2350", - "shortDescription": { - "text": "Do not use DataTable.ReadXml() with untrusted data" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2350", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2351", - "shortDescription": { - "text": "Do not use DataSet.ReadXml() with untrusted data" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2351", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2352", - "shortDescription": { - "text": "Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2352", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2353", - "shortDescription": { - "text": "Unsafe DataSet or DataTable in serializable type" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2353", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2354", - "shortDescription": { - "text": "Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attacks" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2354", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2355", - "shortDescription": { - "text": "Unsafe DataSet or DataTable type found in deserializable object graph" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2355", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2356", - "shortDescription": { - "text": "Unsafe DataSet or DataTable type in web deserializable object graph" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2356", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2361", - "shortDescription": { - "text": "Ensure auto-generated class containing DataSet.ReadXml() is not used with untrusted data" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2361", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA2362", - "shortDescription": { - "text": "Unsafe DataSet or DataTable in auto-generated serializable type can be vulnerable to remote code execution attacks" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2362", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3001", - "shortDescription": { - "text": "Review code for SQL injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3001", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3002", - "shortDescription": { - "text": "Review code for XSS vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3002", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3003", - "shortDescription": { - "text": "Review code for file path injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3003", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3004", - "shortDescription": { - "text": "Review code for information disclosure vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3004", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3005", - "shortDescription": { - "text": "Review code for LDAP injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3005", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3006", - "shortDescription": { - "text": "Review code for process command injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3006", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3007", - "shortDescription": { - "text": "Review code for open redirect vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3007", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3008", - "shortDescription": { - "text": "Review code for XPath injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3008", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3009", - "shortDescription": { - "text": "Review code for XML injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3009", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3010", - "shortDescription": { - "text": "Review code for XAML injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3010", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3011", - "shortDescription": { - "text": "Review code for DLL injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3011", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3012", - "shortDescription": { - "text": "Review code for regex injection vulnerabilities" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3012", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3061", - "shortDescription": { - "text": "Do Not Add Schema By URL" - }, - "fullDescription": { - "text": "This overload of XmlSchemaCollection.Add method internally enables DTD processing on the XML reader instance used, and uses UrlResolver for resolving external XML entities. The outcome is information disclosure. Content from file system or network shares for the machine processing the XML can be exposed to attacker. In addition, an attacker can use this as a DoS vector." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3061", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3075", - "shortDescription": { - "text": "Insecure DTD processing in XML" - }, - "fullDescription": { - "text": "Using XmlTextReader.Load(), creating an insecure XmlReaderSettings instance when invoking XmlReader.Create(), setting the InnerXml property of the XmlDocument and enabling DTD processing using XmlUrlResolver insecurely can lead to information disclosure. Replace it with a call to the Load() method overload that takes an XmlReader instance, use XmlReader.Create() to accept XmlReaderSettings arguments or consider explicitly setting secure values. The DataViewSettingCollectionString property of DataViewManager should always be assigned from a trusted source, the DtdProcessing property should be set to false, and the XmlResolver property should be changed to XmlSecureResolver or null." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3075", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3076", - "shortDescription": { - "text": "Insecure XSLT script processing" - }, - "fullDescription": { - "text": "Providing an insecure XsltSettings instance and an insecure XmlResolver instance to XslCompiledTransform.Load method is potentially unsafe as it allows processing script within XSL, which on an untrusted XSL input may lead to malicious code execution. Either replace the insecure XsltSettings argument with XsltSettings.Default or an instance that has disabled document function and script execution, or replace the XmlResolver argument with null or an XmlSecureResolver instance. This message may be suppressed if the input is known to be from a trusted source and external resource resolution from locations that are not known in advance must be supported." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3076", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3077", - "shortDescription": { - "text": "Insecure Processing in API Design, XmlDocument and XmlTextReader" - }, - "fullDescription": { - "text": "Enabling DTD processing on all instances derived from XmlTextReader or  XmlDocument and using XmlUrlResolver for resolving external XML entities may lead to information disclosure. Ensure to set the XmlResolver property to null, create an instance of XmlSecureResolver when processing untrusted input, or use XmlReader.Create method with a secure XmlReaderSettings argument. Unless you need to enable it, ensure the DtdProcessing property is set to false." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3077", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA3147", - "shortDescription": { - "text": "Mark Verb Handlers With Validate Antiforgery Token" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca3147", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5350", - "shortDescription": { - "text": "Do Not Use Weak Cryptographic Algorithms" - }, - "fullDescription": { - "text": "Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5350", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5351", - "shortDescription": { - "text": "Do Not Use Broken Cryptographic Algorithms" - }, - "fullDescription": { - "text": "An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5351", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5358", - "shortDescription": { - "text": "Review cipher mode usage with cryptography experts" - }, - "fullDescription": { - "text": "These cipher modes might be vulnerable to attacks. Consider using recommended modes (CBC, CTS)." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5358", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5359", - "shortDescription": { - "text": "Do Not Disable Certificate Validation" - }, - "fullDescription": { - "text": "A certificate can help authenticate the identity of the server. Clients should validate the server certificate to ensure requests are sent to the intended server. If the ServerCertificateValidationCallback always returns 'true', any certificate will pass validation." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5359", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5360", - "shortDescription": { - "text": "Do Not Call Dangerous Methods In Deserialization" - }, - "fullDescription": { - "text": "Insecure Deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application, inflict a Denial-of-Service (DoS) attack, or even execute arbitrary code upon it being deserialized. It’s frequently possible for malicious users to abuse these deserialization features when the application is deserializing untrusted data which is under their control. Specifically, invoke dangerous methods in the process of deserialization. Successful insecure deserialization attacks could allow an attacker to carry out attacks such as DoS attacks, authentication bypasses, and remote code execution." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5360", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5361", - "shortDescription": { - "text": "Do Not Disable SChannel Use of Strong Crypto" - }, - "fullDescription": { - "text": "Starting with the .NET Framework 4.6, the System.Net.ServicePointManager and System.Net.Security.SslStream classes are recommended to use new protocols. The old ones have protocol weaknesses and are not supported. Setting Switch.System.Net.DontEnableSchUseStrongCrypto with true will use the old weak crypto check and opt out of the protocol migration." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5361", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5362", - "shortDescription": { - "text": "Potential reference cycle in deserialized object graph" - }, - "fullDescription": { - "text": "Review code that processes untrusted deserialized data for handling of unexpected reference cycles. An unexpected reference cycle should not cause the code to enter an infinite loop. Otherwise, an unexpected reference cycle can allow an attacker to DOS or exhaust the memory of the process when deserializing untrusted data." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5362", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5363", - "shortDescription": { - "text": "Do Not Disable Request Validation" - }, - "fullDescription": { - "text": "Request validation is a feature in ASP.NET that examines HTTP requests and determines whether they contain potentially dangerous content. This check adds protection from markup or code in the URL query string, cookies, or posted form values that might have been added for malicious purposes. So, it is generally desirable and should be left enabled for defense in depth." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5363", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5364", - "shortDescription": { - "text": "Do Not Use Deprecated Security Protocols" - }, - "fullDescription": { - "text": "Using a deprecated security protocol rather than the system default is risky." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5364", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5365", - "shortDescription": { - "text": "Do Not Disable HTTP Header Checking" - }, - "fullDescription": { - "text": "HTTP header checking enables encoding of the carriage return and newline characters, \\r and \\n, that are found in response headers. This encoding can help to avoid injection attacks that exploit an application that echoes untrusted data contained by the header." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5365", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5366", - "shortDescription": { - "text": "Use XmlReader for 'DataSet.ReadXml()'" - }, - "fullDescription": { - "text": "Processing XML from untrusted data may load dangerous external references, which should be restricted by using an XmlReader with a secure resolver or with DTD processing disabled." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5366", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5367", - "shortDescription": { - "text": "Do Not Serialize Types With Pointer Fields" - }, - "fullDescription": { - "text": "Pointers are not \"type safe\" in the sense that you cannot guarantee the correctness of the memory they point at. So, serializing types with pointer fields is dangerous, as it may allow an attacker to control the pointer." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5367", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5368", - "shortDescription": { - "text": "Set ViewStateUserKey For Classes Derived From Page" - }, - "fullDescription": { - "text": "Setting the ViewStateUserKey property can help you prevent attacks on your application by allowing you to assign an identifier to the view-state variable for individual users so that they cannot use the variable to generate an attack. Otherwise, there will be cross-site request forgery vulnerabilities." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5368", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5369", - "shortDescription": { - "text": "Use XmlReader for 'XmlSerializer.Deserialize()'" - }, - "fullDescription": { - "text": "Processing XML from untrusted data may load dangerous external references, which should be restricted by using an XmlReader with a secure resolver or with DTD processing disabled." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5369", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5370", - "shortDescription": { - "text": "Use XmlReader for XmlValidatingReader constructor" - }, - "fullDescription": { - "text": "Processing XML from untrusted data may load dangerous external references, which should be restricted by using an XmlReader with a secure resolver or with DTD processing disabled." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5370", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5371", - "shortDescription": { - "text": "Use XmlReader for 'XmlSchema.Read()'" - }, - "fullDescription": { - "text": "Processing XML from untrusted data may load dangerous external references, which should be restricted by using an XmlReader with a secure resolver or with DTD processing disabled." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5371", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5372", - "shortDescription": { - "text": "Use XmlReader for XPathDocument constructor" - }, - "fullDescription": { - "text": "Processing XML from untrusted data may load dangerous external references, which should be restricted by using an XmlReader with a secure resolver or with DTD processing disabled." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5372", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5373", - "shortDescription": { - "text": "Do not use obsolete key derivation function" - }, - "fullDescription": { - "text": "Password-based key derivation should use PBKDF2 with SHA-2. Avoid using PasswordDeriveBytes since it generates a PBKDF1 key. Avoid using Rfc2898DeriveBytes.CryptDeriveKey since it doesn't use the iteration count or salt." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5373", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5374", - "shortDescription": { - "text": "Do Not Use XslTransform" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5374", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5375", - "shortDescription": { - "text": "Do Not Use Account Shared Access Signature" - }, - "fullDescription": { - "text": "Shared Access Signatures(SAS) are a vital part of the security model for any application using Azure Storage, they should provide limited and safe permissions to your storage account to clients that don't have the account key. All of the operations available via a service SAS are also available via an account SAS, that is, account SAS is too powerful. So it is recommended to use Service SAS to delegate access more carefully." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5375", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5376", - "shortDescription": { - "text": "Use SharedAccessProtocol HttpsOnly" - }, - "fullDescription": { - "text": "HTTPS encrypts network traffic. Use HttpsOnly, rather than HttpOrHttps, to ensure network traffic is always encrypted to help prevent disclosure of sensitive data." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5376", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5377", - "shortDescription": { - "text": "Use Container Level Access Policy" - }, - "fullDescription": { - "text": "No access policy identifier is specified, making tokens non-revocable." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5377", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5378", - "shortDescription": { - "text": "Do not disable ServicePointManagerSecurityProtocols" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5378", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5379", - "shortDescription": { - "text": "Ensure Key Derivation Function algorithm is sufficiently strong" - }, - "fullDescription": { - "text": "Some implementations of the Rfc2898DeriveBytes class allow for a hash algorithm to be specified in a constructor parameter or overwritten in the HashAlgorithm property. If a hash algorithm is specified, then it should be SHA-256 or higher." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5379", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5380", - "shortDescription": { - "text": "Do Not Add Certificates To Root Store" - }, - "fullDescription": { - "text": "By default, the Trusted Root Certification Authorities certificate store is configured with a set of public CAs that has met the requirements of the Microsoft Root Certificate Program. Since all trusted root CAs can issue certificates for any domain, an attacker can pick a weak or coercible CA that you install by yourself to target for an attack - and a single vulnerable, malicious or coercible CA undermines the security of the entire system. To make matters worse, these attacks can go unnoticed quite easily." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5380", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5381", - "shortDescription": { - "text": "Ensure Certificates Are Not Added To Root Store" - }, - "fullDescription": { - "text": "By default, the Trusted Root Certification Authorities certificate store is configured with a set of public CAs that has met the requirements of the Microsoft Root Certificate Program. Since all trusted root CAs can issue certificates for any domain, an attacker can pick a weak or coercible CA that you install by yourself to target for an attack - and a single vulnerable, malicious or coercible CA undermines the security of the entire system. To make matters worse, these attacks can go unnoticed quite easily." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5381", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5382", - "shortDescription": { - "text": "Use Secure Cookies In ASP.NET Core" - }, - "fullDescription": { - "text": "Applications available over HTTPS must use secure cookies." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5382", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5383", - "shortDescription": { - "text": "Ensure Use Secure Cookies In ASP.NET Core" - }, - "fullDescription": { - "text": "Applications available over HTTPS must use secure cookies." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5383", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5384", - "shortDescription": { - "text": "Do Not Use Digital Signature Algorithm (DSA)" - }, - "fullDescription": { - "text": "DSA is too weak to use." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5384", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5385", - "shortDescription": { - "text": "Use Rivest-Shamir-Adleman (RSA) Algorithm With Sufficient Key Size" - }, - "fullDescription": { - "text": "Encryption algorithms are vulnerable to brute force attacks when too small a key size is used." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5385", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5386", - "shortDescription": { - "text": "Avoid hardcoding SecurityProtocolType value" - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5386", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5387", - "shortDescription": { - "text": "Do Not Use Weak Key Derivation Function With Insufficient Iteration Count" - }, - "fullDescription": { - "text": "When deriving cryptographic keys from user-provided inputs such as password, use sufficient iteration count (at least 100k)." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5387", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5388", - "shortDescription": { - "text": "Ensure Sufficient Iteration Count When Using Weak Key Derivation Function" - }, - "fullDescription": { - "text": "When deriving cryptographic keys from user-provided inputs such as password, use sufficient iteration count (at least 100k)." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5388", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5389", - "shortDescription": { - "text": "Do Not Add Archive Item's Path To The Target File System Path" - }, - "fullDescription": { - "text": "When extracting files from an archive and using the archive item's path, check if the path is safe. Archive path can be relative and can lead to file system access outside of the expected file system target path, leading to malicious config changes and remote code execution via lay-and-wait technique." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5389", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5390", - "shortDescription": { - "text": "Do not hard-code encryption key" - }, - "fullDescription": { - "text": "SymmetricAlgorithm's .Key property, or a method's rgbKey parameter, should never be a hard-coded value." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5390", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5391", - "shortDescription": { - "text": "Use antiforgery tokens in ASP.NET Core MVC controllers" - }, - "fullDescription": { - "text": "Handling a POST, PUT, PATCH, or DELETE request without validating an antiforgery token may be vulnerable to cross-site request forgery attacks. A cross-site request forgery attack can send malicious requests from an authenticated user to your ASP.NET Core MVC controller." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5391", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5392", - "shortDescription": { - "text": "Use DefaultDllImportSearchPaths attribute for P/Invokes" - }, - "fullDescription": { - "text": "By default, P/Invokes using DllImportAttribute probe a number of directories, including the current working directory for the library to load. This can be a security issue for certain applications, leading to DLL hijacking." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5392", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5393", - "shortDescription": { - "text": "Do not use unsafe DllImportSearchPath value" - }, - "fullDescription": { - "text": "There could be a malicious DLL in the default DLL search directories. Or, depending on where your application is run from, there could be a malicious DLL in the application's directory. Use a DllImportSearchPath value that specifies an explicit search path instead. The DllImportSearchPath flags that this rule looks for can be configured in .editorconfig." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5393", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5394", - "shortDescription": { - "text": "Do not use insecure randomness" - }, - "fullDescription": { - "text": "Using a cryptographically weak pseudo-random number generator may allow an attacker to predict what security-sensitive value will be generated. Use a cryptographically strong random number generator if an unpredictable value is required, or ensure that weak pseudo-random numbers aren't used in a security-sensitive manner." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5394", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5395", - "shortDescription": { - "text": "Miss HttpVerb attribute for action methods" - }, - "fullDescription": { - "text": "All the methods that create, edit, delete, or otherwise modify data do so in the [HttpPost] overload of the method, which needs to be protected with the anti forgery attribute from request forgery. Performing a GET operation should be a safe operation that has no side effects and doesn't modify your persisted data." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5395", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5396", - "shortDescription": { - "text": "Set HttpOnly to true for HttpCookie" - }, - "fullDescription": { - "text": "As a defense in depth measure, ensure security sensitive HTTP cookies are marked as HttpOnly. This indicates web browsers should disallow scripts from accessing the cookies. Injected malicious scripts are a common way of stealing cookies." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5396", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5397", - "shortDescription": { - "text": "Do not use deprecated SslProtocols values" - }, - "fullDescription": { - "text": "Older protocol versions of Transport Layer Security (TLS) are less secure than TLS 1.2 and TLS 1.3, and are more likely to have new vulnerabilities. Avoid older protocol versions to minimize risk." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5397", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5398", - "shortDescription": { - "text": "Avoid hardcoded SslProtocols values" - }, - "fullDescription": { - "text": "Current Transport Layer Security protocol versions may become deprecated if vulnerabilities are found. Avoid hardcoding SslProtocols values to keep your application secure. Use 'None' to let the Operating System choose a version." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5398", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5399", - "shortDescription": { - "text": "HttpClients should enable certificate revocation list checks" - }, - "fullDescription": { - "text": "Using HttpClient without providing a platform specific handler (WinHttpHandler or CurlHandler or HttpClientHandler) where the CheckCertificateRevocationList property is set to true, will allow revoked certificates to be accepted by the HttpClient as valid." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5399", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5400", - "shortDescription": { - "text": "Ensure HttpClient certificate revocation list check is not disabled" - }, - "fullDescription": { - "text": "Using HttpClient without providing a platform specific handler (WinHttpHandler or CurlHandler or HttpClientHandler) where the CheckCertificateRevocationList property is set to true, will allow revoked certificates to be accepted by the HttpClient as valid." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5400", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5401", - "shortDescription": { - "text": "Do not use CreateEncryptor with non-default IV" - }, - "fullDescription": { - "text": "Symmetric encryption should always use a non-repeatable initialization vector to prevent dictionary attacks." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5401", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5402", - "shortDescription": { - "text": "Use CreateEncryptor with the default IV" - }, - "fullDescription": { - "text": "Symmetric encryption should always use a non-repeatable initialization vector to prevent dictionary attacks." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5402", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode", - "CompilationEnd" - ] - } - }, - { - "id": "CA5403", - "shortDescription": { - "text": "Do not hard-code certificate" - }, - "fullDescription": { - "text": "Hard-coded certificates in source code are vulnerable to being exploited." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5403", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Dataflow", - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5404", - "shortDescription": { - "text": "Do not disable token validation checks" - }, - "fullDescription": { - "text": "Token validation checks ensure that while validating tokens, all aspects are analyzed and verified. Turning off validation can lead to security holes by allowing untrusted tokens to make it through validation." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5404", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "CA5405", - "shortDescription": { - "text": "Do not always skip token validation in delegates" - }, - "fullDescription": { - "text": "By setting critical TokenValidationParameter validation delegates to true, important authentication safeguards are disabled which can lead to tokens from any issuer or expired tokens being wrongly validated." - }, - "defaultConfiguration": { - "enabled": false - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca5405", - "properties": { - "category": "Security", - "isEverSuppressed": "true", - "suppressionKinds": [ - "external" - ], - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1", - "tags": [ - "Telemetry", - "EnabledRuleInAggressiveMode" - ] - } - }, - { - "id": "RP0001", - "shortDescription": { - "text": "Provide dependency rules for analysis" - }, - "properties": { - "category": "Usage", - "executionTimeInSeconds": "0.011", - "executionTimeInPercentage": "56" - } - }, - { - "id": "RP0002", - "shortDescription": { - "text": "Invalid dependency rules format" - }, - "properties": { - "category": "Usage", - "executionTimeInSeconds": "0.011", - "executionTimeInPercentage": "56" - } - }, - { - "id": "RP0003", - "shortDescription": { - "text": "No dependency rules matched the current project" - }, - "defaultConfiguration": { - "level": "note" - }, - "properties": { - "category": "Usage", - "executionTimeInSeconds": "0.011", - "executionTimeInPercentage": "56" - } - }, - { - "id": "RP0004", - "shortDescription": { - "text": "Project reference violation" - }, - "properties": { - "category": "Usage", - "executionTimeInSeconds": "0.011", - "executionTimeInPercentage": "56" - } - }, - { - "id": "SYSLIB1045", - "shortDescription": { - "text": "Convert to 'GeneratedRegexAttribute'." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1045", - "properties": { - "category": "Performance", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1054", - "shortDescription": { - "text": "Use 'LibraryImportAttribute' instead of 'DllImportAttribute' to generate P/Invoke marshalling code at compile time" - }, - "fullDescription": { - "text": "Use 'LibraryImportAttribute' instead of 'DllImportAttribute' to generate P/Invoke marshalling code at compile time" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1054", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1055", - "shortDescription": { - "text": "Invalid 'CustomMarshallerAttribute' usage" - }, - "fullDescription": { - "text": "A type with a 'System.Runtime.InteropServices.CustomMarshallerAttribute' must specify a non-'null' managed type" - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1055", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1056", - "shortDescription": { - "text": "Specified marshaller type is invalid" - }, - "fullDescription": { - "text": "The unmanaged type for a custom marshaller must be a C# unmanaged type." - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1056", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1057", - "shortDescription": { - "text": "Marshaller type does not have the required shape" - }, - "fullDescription": { - "text": "A stateless value marshaller that supports marshalling from managed to unmanaged must provide a one-parameter 'ConvertToUnmanaged' method that takes the managed value as the parameter and returns a value of the 'unmanaged' type." - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1057", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1058", - "shortDescription": { - "text": "Invalid 'NativeMarshallingAttribute' usage" - }, - "fullDescription": { - "text": "An entry-point type for marshalling a given type must have a 'System.Runtime.InteropServices.CustomMarshallerAttribute' that specifies this type as the managed type." - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1058", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1060", - "shortDescription": { - "text": "Specified marshaller type is invalid" - }, - "fullDescription": { - "text": "A marshaller type must either be a stateless static class or a stateful value type. A non-static class is not allowed." - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1060", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1061", - "shortDescription": { - "text": "Marshaller type has incompatible method signatures" - }, - "fullDescription": { - "text": "The return type of 'GetPinnableReference' (after accounting for 'ref') must be blittable." - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1061", - "properties": { - "category": "Usage", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1090", - "shortDescription": { - "text": "'GeneratedComInterfaceType' does not support the 'ComInterfaceType' value supplied to 'InterfaceTypeAttribute' on the same type." - }, - "fullDescription": { - "text": "Using 'GeneratedComInterfaceAttribute' and 'InterfaceTypeAttribute' is not supported with 'ComInterfaceType' value '{0}'." - }, - "defaultConfiguration": { - "level": "error" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1090", - "properties": { - "category": "ComInterfaceGenerator", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1096", - "shortDescription": { - "text": "Convert to 'GeneratedComInterface'" - }, - "fullDescription": { - "text": "Use 'GeneratedComInterfaceAttribute' instead of 'ComImportAttribute' to generate COM marshalling code at compile time" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1096", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1097", - "shortDescription": { - "text": "Add 'GeneratedComClassAttribute' to enable passing objects of this type to COM" - }, - "fullDescription": { - "text": "This type implements at least one type with the 'GeneratedComInterfaceAttribute' attribute or its base type has the 'GeneratedComClassAttribute' attribute. Add the 'GeneratedComClassAttribute' to enable passing this type to COM and exposing the COM interfaces for the types with the 'GeneratedComInterfaceAttribute' from objects of this type." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1097", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1098", - "shortDescription": { - "text": ".NET COM hosting with 'EnableComHosting' does not support interfaces with the 'GeneratedComInterfaceAttribute'" - }, - "fullDescription": { - "text": ".NET COM hosting with 'EnableComHosting' only supports built-in COM interop. It does not support source-generated COM interop with 'GeneratedComInterfaceAttribute'." - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1098", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - }, - { - "id": "SYSLIB1099", - "shortDescription": { - "text": "COM Interop APIs on 'System.Runtime.InteropServices.Marshal' do not support source-generated COM" - }, - "fullDescription": { - "text": "COM Interop APIs on 'System.Runtime.InteropServices.Marshal' do not support source-generated COM and will fail at runtime" - }, - "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/syslib-diagnostics/syslib1099", - "properties": { - "category": "Interoperability", - "executionTimeInSeconds": "<0.001", - "executionTimeInPercentage": "<1" - } - } - ] - } - }, - "columnKind": "utf16CodeUnits" - } - ] -} \ No newline at end of file diff --git a/src/Analyzers/ReferenceProtector.Analyzers.Tests/ReferenceProtectorAnalyzerTests.cs b/src/Analyzers/ReferenceProtector.Analyzers.Tests/ReferenceProtectorAnalyzerTests.cs index e13c0ac..a60bda7 100644 --- a/src/Analyzers/ReferenceProtector.Analyzers.Tests/ReferenceProtectorAnalyzerTests.cs +++ b/src/Analyzers/ReferenceProtector.Analyzers.Tests/ReferenceProtectorAnalyzerTests.cs @@ -98,11 +98,11 @@ TestProject.csproj ProjectReferenceTransitive TransitiveReferencedProject.csproj test.ExpectedDiagnostics.Add(DiagnosticResult.CompilerWarning("RP0004") .WithNoLocation() - .WithMessage("Project reference 'TestProject.csproj' ==> 'ReferencedProject.csproj' violates dependency rule 'Can't reference this project directly' or one of its exceptions")); + .WithMessage("Project reference 'TestProject.csproj' ==> 'ReferencedProject.csproj' violates dependency rule 'Can't reference this project directly' or one of its exceptions. Please remove the dependency or update 'DependencyRules.json' file to allow it.")); test.ExpectedDiagnostics.Add(DiagnosticResult.CompilerWarning("RP0004") .WithNoLocation() - .WithMessage("Project reference 'TestProject.csproj' ==> 'TransitiveReferencedProject.csproj' violates dependency rule 'Can't reference this project transitively' or one of its exceptions")); + .WithMessage("Project reference 'TestProject.csproj' ==> 'TransitiveReferencedProject.csproj' violates dependency rule 'Can't reference this project transitively' or one of its exceptions. Please remove the dependency or update 'DependencyRules.json' file to allow it.")); await test.RunAsync(TestContext.Current.CancellationToken); } diff --git a/src/Analyzers/ReferenceProtector.Analyzers/DiagnosticDescriptors.cs b/src/Analyzers/ReferenceProtector.Analyzers/DiagnosticDescriptors.cs index 5225fff..5a1df79 100644 --- a/src/Analyzers/ReferenceProtector.Analyzers/DiagnosticDescriptors.cs +++ b/src/Analyzers/ReferenceProtector.Analyzers/DiagnosticDescriptors.cs @@ -33,7 +33,7 @@ internal static class Descriptors public static readonly DiagnosticDescriptor ProjectReferenceViolation = new( id: "RP0004", title: "Project reference violation", - messageFormat: "Project reference '{0}' ==> '{1}' violates dependency rule '{2}' or one of its exceptions", + messageFormat: "Project reference '{0}' ==> '{1}' violates dependency rule '{2}' or one of its exceptions. Please remove the dependency or update '{3}' file to allow it.", category: "Usage", defaultSeverity: DiagnosticSeverity.Warning, isEnabledByDefault: true); diff --git a/src/Analyzers/ReferenceProtector.Analyzers/ReferenceProtector.Analyzers.cs b/src/Analyzers/ReferenceProtector.Analyzers/ReferenceProtector.Analyzers.cs index ad2edca..6994641 100644 --- a/src/Analyzers/ReferenceProtector.Analyzers/ReferenceProtector.Analyzers.cs +++ b/src/Analyzers/ReferenceProtector.Analyzers/ReferenceProtector.Analyzers.cs @@ -147,13 +147,14 @@ private void AnalyzeDependencyRules(CompilationAnalysisContext context) .Select(line => ReferenceItem.FromLine(line.ToString())) .Where(r => IsMatchByName(r.Source, projectPath)); - AnalyzeDeclaredReferences(context, declaredReferences.ToImmutableArray(), thisProjectDependencyRules.ToImmutableArray()); + AnalyzeDeclaredReferences(context, declaredReferences.ToImmutableArray(), thisProjectDependencyRules.ToImmutableArray(), dependencyRulesFile.Path); } private void AnalyzeDeclaredReferences( CompilationAnalysisContext context, ImmutableArray declaredReferences, - ImmutableArray dependencyRules) + ImmutableArray dependencyRules, + string dependencyRulesFile) { foreach (var reference in declaredReferences) { @@ -185,7 +186,8 @@ private void AnalyzeDeclaredReferences( Location.None, reference.Source, reference.Target, - rule.Description)); + rule.Description, + dependencyRulesFile)); } } } diff --git a/src/Tasks/ReferenceProtector.Tasks/CollectAllReferences.cs b/src/Tasks/ReferenceProtector.Tasks/CollectAllReferences.cs index b939ff4..2bb64f1 100644 --- a/src/Tasks/ReferenceProtector.Tasks/CollectAllReferences.cs +++ b/src/Tasks/ReferenceProtector.Tasks/CollectAllReferences.cs @@ -46,7 +46,14 @@ public override bool Execute() foreach (var projectReference in ProjectReferences) { var projectReferenceAssemblyPath = Path.GetFullPath(projectReference.ItemSpec); - var referenceProjectFile = projectReference.GetMetadata("OriginalProjectReferenceItemSpec"); + + // Check for OutputType metadata + var outputType = projectReference.GetMetadata("OutputItemType"); + if (string.Equals(outputType, "Analyzer", StringComparison.OrdinalIgnoreCase)) + { + // Skip analyzers + continue; + } // Weirdly, NuGet restore is actually how transitive project references are determined and they're // added to to project.assets.json and collected via the IncludeTransitiveProjectReferences target. diff --git a/tests/ReferenceProtector.IntegrationTests/ReferenceProtector.IntegrationTests.cs b/tests/ReferenceProtector.IntegrationTests/ReferenceProtector.IntegrationTests.cs index 48c6a23..09d68b7 100644 --- a/tests/ReferenceProtector.IntegrationTests/ReferenceProtector.IntegrationTests.cs +++ b/tests/ReferenceProtector.IntegrationTests/ReferenceProtector.IntegrationTests.cs @@ -101,7 +101,7 @@ public async Task PackageReference_DependencyRuleViolated_ProducesWarnings_Async var warning = Assert.Single(warnings); Assert.Equal(new Warning() { - Message = $"RP0004: Project reference '{projectA}' ==> '{projectB}' violates dependency rule 'test rule' or one of its exceptions", + Message = $"RP0004: Project reference '{projectA}' ==> '{projectB}' violates dependency rule 'test rule' or one of its exceptions. Please remove the dependency or update '{testRulesPath}' file to allow it.", Project = "A/A.csproj", }, warning); }