C# Scan rules
Contrast Scan supports these rules for C#.
Severity | Contrast rule | Engine rule ID | Description |
|---|---|---|---|
Critical | Too Much Origins Allowed | OPT.CSHARP.TooMuchOriginsAllowed | TooMuchOriginsAllowed: CORS policy (Cross-origin resource sharing) too broad |
Critical | Avoid Exception Throwing In Binary Operators | OPT.CSHARP.Csharp.AvoidExceptionThrowingInBinaryOperators | AvoidExceptionThrowingInBinaryOperators: The override of the Equality binary operator should not throw an exception |
Critical | Avoid Exception Throwing In Dispose Method | OPT.CSHARP.Csharp.AvoidExceptionThrowingInDisposeMethod | AvoidExceptionThrowingInDisposeMethod: The Dispose method shoud not throw exceptions |
Critical | Avoid Exception Throwing In Equals Clause | OPT.CSHARP.Csharp.AvoidExceptionThrowingInEqualsClause | AvoidExceptionThrowingInEqualsClause: The override of Equals method should not thrown an exception |
Critical | Avoid Exception Throwing In Get Hash Code | OPT.CSHARP.Csharp.AvoidExceptionThrowingInGetHashCode | AvoidExceptionThrowingInGetHashCode: The override of the GetHashCode method should not throw an exception |
Critical | Dispose Objects Before Losing Scope | OPT.CSHARP.Csharp.DisposeObjectsBeforeLosingScope | DisposeObjectsBeforeLosingScope: Dispose objects before losing scope |
Critical | Do Not Dispose Objects Multiple Times | OPT.CSHARP.Csharp.DoNotDisposeObjectsMultipleTimes | DoNotDisposeObjectsMultipleTimes: Possible multiple calls to Dispose over an object |
Critical | Do Not Use Idle Process Priority | OPT.CSHARP.Csharp.DoNotUseIdleProcessPriority | DoNotUseIdleProcessPriority: Do not use idle process priority |
Critical | Mark I Serializable Types With Serializable | OPT.CSHARP.Csharp.MarkISerializableTypesWithSerializable | MarkISerializableTypesWithSerializable: Specify the Serializable attribute in ISerializable classes |
Critical | Mark Windows Forms Entry Points With Sta Thread | OPT.CSHARP.Csharp.MarkWindowsFormsEntryPointsWithStaThread | MarkWindowsFormsEntryPointsWithStaThread: Mark Windows Forms entry points with STAThread |
Critical | Overriding Equal And Distinct Operators | OPT.CSHARP.Csharp.OverridingEqualAndDistinctOperators | OverridingEqualAndDistinctOperators: Any type that overloads operator Code Quality [] {} |
Critical | Overriding Equals And Get Hash Code | OPT.CSHARP.Csharp.OverridingEqualsAndGetHashCode | OverridingEqualsAndGetHashCode: Any type that overrides GetHashCode method should also override Equals method |
Critical | Null Dereference | OPT.CSHARP.NullDereference | NullDereference: NULL Pointer Dereference |
Critical | Path Traversal | OPT.CSHARP.PathTraversal | PathTraversal: Avoid non-neutralized user-controlled input composed in a pathname to a resource |
Critical | Reference Self Assigned | OPT.CSHARP.ReferenceSelfAssigned | ReferenceSelfAssigned: Reference is self assigned in assignment statement |
Critical | Same Conditional In If Else If | OPT.CSHARP.SameConditionalInIfElseIf | SameConditionalInIfElseIf: Duplicated condition in if-else if statements |
Critical | Same Implementation In Conditional | OPT.CSHARP.SameImplementationInConditional | SameImplementationInConditional: Same implementation for different branches in a conditional statement |
Critical | Same Subexpression In Logical Expression | OPT.CSHARP.SameSubexpressionInLogicalExpression | SameSubexpressionInLogicalExpression: Duplicated subexpression in logical expression |
Critical | Accessibility Subversion Rule | OPT.CSHARP.SEC.AccessibilitySubversionRule | AccessibilitySubversionRule: .Net access restriction subverted (Reflection) |
Critical | Anonymous Ldap Bind | OPT.CSHARP.SEC.AnonymousLdapBind | AnonymousLdapBind: Access Control - Anonymous LDAP Bind |
Critical | Dangerous File Upload | OPT.CSHARP.SEC.DangerousFileUpload | DangerousFileUpload: Unrestricted Upload of File with Dangerous Type |
Critical | Code Injection | OPT.CSHARP.CodeInjection | CodeInjection: Improper Control of Generation of Code ('Code Injection') |
Critical | Code Injection With Deserialization | OPT.CSHARP.CodeInjectionWithDeserialization | CodeInjectionWithDeserialization: Dynamic code injection during object deserialization |
Critical | Command Injection | OPT.CSHARP.CommandInjection | CommandInjection: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Critical | Static Database Connection | OPT.CSHARP.SEC.StaticDatabaseConnection | StaticDatabaseConnection: Static database connection / session |
Critical | Temporary Files Left | OPT.CSHARP.SEC.TemporaryFilesLeft | TemporaryFilesLeft: Temporary files not deleted |
Critical | Cross Site Scripting | OPT.CSHARP.CrossSiteScripting | CrossSiteScripting: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
Critical | DoS Regexp | OPT.CSHARP.DoSRegexp | DoSRegexp: Prevent denial of service attack through malicious regular expression |
Critical | Ldap Injection | OPT.CSHARP.LdapInjection | LdapInjection: Avoid non-neutralized user-controlled input in LDAP search filters |
Critical | Connection String Parameter Pollution | OPT.CSHARP.SEC.ConnectionStringParameterPollution | ConnectionStringParameterPollution: Connection string polluted with untrusted input |
Critical | Http Parameter Pollution | OPT.CSHARP.SEC.HttpParameterPollution | HttpParameterPollution: HTTP parameter pollution (HPP) |
Critical | Http Splitting Rule | OPT.CSHARP.SEC.HttpSplittingRule | HttpSplittingRule: Improper neutralization of CR/LF Sequences in HTTP headers |
Critical | Mail Command Injection | OPT.CSHARP.SEC.MailCommandInjection | MailCommandInjection: Mail Command Injection |
Critical | No SQL Injection | OPT.CSHARP.SEC.NoSQLInjection | NoSQLInjection: Improper neutralization of special elements in data query logic (NoSQL injection) |
Critical | Wrong Lock Usage | OPT.CSHARP.WrongLockUsage | WrongLockUsage: Wrong lock acquisition/release |
Critical | Process Control | OPT.CSHARP.SEC.ProcessControl | ProcessControl: Do not load executables or libraries from untrusted sources |
Critical | Registry Manipulation | OPT.CSHARP.SEC.RegistryManipulation | RegistryManipulation: Registry manipulation |
Critical | Server Side Request Forgery | OPT.CSHARP.ServerSideRequestForgery | ServerSideRequestForgery: Server-Side Request Forgery (SSRF) |
Critical | SQL Injection | OPT.CSHARP.SqlInjection | SqlInjection: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
Critical | Stored Cross Site Scripting | OPT.CSHARP.StoredCrossSiteScripting | StoredCrossSiteScripting: Web content generation from improper sanitized database data and escaped output (Stored Cross-site Scripting, XSS) |
Critical | MVC Non Action Public Methods | OPT.CSHARP.MVCNonActionPublicMethods | MVCNonActionPublicMethods: Protect public methods that are not action methods in controllers |
Critical | Weak Cryptographic Hash | OPT.CSHARP.WeakCryptographicHash | WeakCryptographicHash: Weak cryptographic hash |
Critical | Weak Key Size | OPT.CSHARP.WeakKeySize | WeakKeySize: Weak cryptography, insufficient key length |
Critical | Weak Symmetric Encryption Algorithm | OPT.CSHARP.WeakSymmetricEncryptionAlgorithm | WeakSymmetricEncryptionAlgorithm: Weak symmetric encryption algorithm |
Critical | Weak Symmetric Encryption Mode Of Operation | OPT.CSHARP.WeakSymmetricEncryptionModeOfOperation | WeakSymmetricEncryptionModeOfOperation: Do not use weak modes of operation with symmetric encryption |
High | Plaintext Storage In A Cookie | OPT.CSHARP.PlaintextStorageInACookie | PlaintextStorageInACookie: Cleartext Storage of Sensitive Information in a Cookie |
High | Abstract Types Should Not Have Constructors | OPT.CSHARP.Csharp.AbstractTypesShouldNotHaveConstructors | AbstractTypesShouldNotHaveConstructors: Public abstract class with public constructor |
High | Avoid Com Parameterized Constructors | OPT.CSHARP.Csharp.AvoidComParameterizedConstructors | AvoidComParameterizedConstructors: COM does not support parameterized constructors |
High | Avoid Com Static Methods | OPT.CSHARP.Csharp.AvoidComStaticMethods | AvoidComStaticMethods: COM does not support static methods |
High | Avoid Empty Catch Block | OPT.CSHARP.Csharp.AvoidEmptyCatchBlock | AvoidEmptyCatchBlock: Avoid empty catch blocks |
High | Avoid Excessive Complexity | OPT.CSHARP.Csharp.AvoidExcessiveComplexity | AvoidExcessiveComplexity: A method has an excessive cyclomatic complexity |
High | Avoid Excessive Locals | OPT.CSHARP.Csharp.AvoidExcessiveLocals | AvoidExcessiveLocals: To avoid to declare excessive local variables |
High | Avoid Floating Point Equality | OPT.CSHARP.Csharp.AvoidFloatingPointEquality | AvoidFloatingPointEquality: Do not perform (in)equality operations over floating point variables |
High | Avoid Inconditional Recursive Invocation | OPT.CSHARP.Csharp.AvoidInconditionalRecursiveInvocation | AvoidInconditionalRecursiveInvocation: Avoid recursive calls without a precondition |
High | Avoid Out Parameters | OPT.CSHARP.Csharp.AvoidOutParameters | AvoidOutParameters: Public or protected methods must avoid ref/out parameters |
High | Avoid Overloads In Com Visible Interfaces | OPT.CSHARP.Csharp.AvoidOverloadsInComVisibleInterfaces | AvoidOverloadsInComVisibleInterfaces: COM visible interface declares overloaded methods |
High | Avoid Uncalled Private Code | OPT.CSHARP.Csharp.AvoidUncalledPrivateCode | AvoidUncalledPrivateCode: Avoid uncalled private code |
High | Avoid Unused Private Fields | OPT.CSHARP.Csharp.AvoidUnusedPrivateFields | AvoidUnusedPrivateFields: Avoid unused private fields |
High | Declare Event Handlers Correctly | OPT.CSHARP.Csharp.DeclareEventHandlersCorrectly | DeclareEventHandlersCorrectly: Declare Event Handlers Correctly |
High | Do Not Assume Int Ptr Size Rule | OPT.CSHARP.Csharp.DoNotAssumeIntPtrSizeRule | DoNotAssumeIntPtrSizeRule: Do not downcast IntPtr or UIntPtr into a 32-bit or smaller value |
High | Do Not Declare Static Members On Generic Types | OPT.CSHARP.Csharp.DoNotDeclareStaticMembersOnGenericTypes | DoNotDeclareStaticMembersOnGenericTypes: Do not declare static members on generic types |
High | Do Not Declare Visible Instance Fields | OPT.CSHARP.Csharp.DoNotDeclareVisibleInstanceFields | DoNotDeclareVisibleInstanceFields: Avoid externally visible instance fields |
High | Do Not Lock On This Or Types | OPT.CSHARP.Csharp.DoNotLockOnThisOrTypes | DoNotLockOnThisOrTypes: Do not lock on this, types, or string literals |
High | Do Not Pass Types By Reference | OPT.CSHARP.Csharp.DoNotPassTypesByReference | DoNotPassTypesByReference: Do not pass types by reference |
High | Exceptions Should Be Public | OPT.CSHARP.Csharp.ExceptionsShouldBePublic | ExceptionsShouldBePublic: Exceptions should be public |
High | I Comparable Overriding Methods | OPT.CSHARP.Csharp.IComparableOverridingMethods | IComparableOverridingMethods: Override methods on comparable types |
High | Identifiers Should Not Match Keywords | OPT.CSHARP.Csharp.IdentifiersShouldNotMatchKeywords | IdentifiersShouldNotMatchKeywords: The identifiers must not be reserved words |
High | Initialize Reference Type Static Fields Inline | OPT.CSHARP.Csharp.InitializeReferenceTypeStaticFieldsInline | InitializeReferenceTypeStaticFieldsInline: Initialize reference type static fields inline |
High | Mark Boolean P Invoke Arguments With Marshal As | OPT.CSHARP.Csharp.MarkBooleanPInvokeArgumentsWithMarshalAs | MarkBooleanPInvokeArgumentsWithMarshalAs: Mark boolean P/Invoke arguments with MarshalAs attribute |
High | Max Methods | OPT.CSHARP.Csharp.MaxMethods | MaxMethods: Maximum allowed number of methods |
High | Move P Invokes To Native Methods Class | OPT.CSHARP.Csharp.MovePInvokesToNativeMethodsClass | MovePInvokesToNativeMethodsClass: Move P/Invokes to NativeMethods class |
High | Nested Namespace Dependency | OPT.CSHARP.Csharp.NestedNamespaceDependency | NestedNamespaceDependency: Type dependency in nested namespace |
High | Non Constant Fields Should Not Be Visible | OPT.CSHARP.Csharp.NonConstantFieldsShouldNotBeVisible | NonConstantFieldsShouldNotBeVisible: A public or protected static field is not constant nor is it read-only |
High | Overloading Equals Value Types | OPT.CSHARP.Csharp.OverloadingEqualsValueTypes | OverloadingEqualsValueTypes: Overload Equals() method on value types |
High | Remove Unused Locals | OPT.CSHARP.Csharp.RemoveUnusedLocals | RemoveUnusedLocals: Unused local variable |
High | Review Useless Control Flow Rule | OPT.CSHARP.Csharp.ReviewUselessControlFlowRule | ReviewUselessControlFlowRule: Avoid empty code blocks |
High | Specify Attribute Usage | OPT.CSHARP.Csharp.SpecifyAttributeUsage | SpecifyAttributeUsage: Specify AttributeUsage on your attributes |
High | Suppress Finalize Correctly | OPT.CSHARP.Csharp.SuppressFinalizeCorrectly | SuppressFinalizeCorrectly: Call GC.SuppressFinalize correctly |
High | Variable Names Should Not Match Field Names | OPT.CSHARP.Csharp.VariableNamesShouldNotMatchFieldNames | VariableNamesShouldNotMatchFieldNames: Variable names should not match field names |
High | Hardcoded Absolute Path | OPT.CSHARP.HardcodedAbsolutePath | HardcodedAbsolutePath: Do not hardcode absolute paths |
High | Null Arg In Equals | OPT.CSHARP.NullArgInEquals | NullArgInEquals: Null argument to object.Equals() |
High | Resource Leak Database | OPT.CSHARP.ResourceLeakDatabase | ResourceLeakDatabase: Unreleased database resource |
High | Resource Leak Ldap | OPT.CSHARP.ResourceLeakLdap | ResourceLeakLdap: Unreleased LDAP resource |
High | Resource Leak Stream | OPT.CSHARP.ResourceLeakStream | ResourceLeakStream: Unreleased stream resource |
High | Resource Leak Unmanaged | OPT.CSHARP.ResourceLeakUnmanaged | ResourceLeakUnmanaged: Unreleased unmanaged resource |
High | Avoid Certificate Equals | OPT.CSHARP.SEC.AvoidCertificateEquals | AvoidCertificateEquals: Never use X509Certificate.Equals() in a security context |
High | Buffer Overflow | OPT.CSHARP.SEC.BufferOverflow | BufferOverflow: Potential memory corruption |
High | Cookies In Security Decision | OPT.CSHARP.SEC.CookiesInSecurityDecision | CookiesInSecurityDecision: Reliance on Cookies without Validation and Integrity Checking in a Security Decision |
High | Improper Authentication | OPT.CSHARP.SEC.ImproperAuthentication | ImproperAuthentication: Avoid that a user can perform actions to which he does not have access |
High | Missing Standard Error Handling | OPT.CSHARP.SEC.MissingStandardErrorHandling | MissingStandardErrorHandling: Missing Standardized Error Handling Mechanism in ASP.Net |
High | Cross Site Request Forgery | OPT.CSHARP.CrossSiteRequestForgery | CrossSiteRequestForgery: Cross-Site Request Forgery (CSRF) |
High | Setting Manipulation | OPT.CSHARP.SEC.SettingManipulation | SettingManipulation: Setting Manipulation |
High | JSON Injection | OPT.CSHARP.JSONInjection | JSONInjection: Avoid using non-neutralized user-controlled input in JSON entities |
High | Unvalidated Asp Net Model | OPT.CSHARP.SEC.UnvalidatedAspNetModel | UnvalidatedAspNetModel: Unvalidated model in MVC controller |
High | User Controlled SQL Primary Key | OPT.CSHARP.SEC.UserControlledSQLPrimaryKey | UserControlledSQLPrimaryKey: Avoid using an user controlled Primary Key into a query |
High | MVC Prevent Overposting Model Definition | OPT.CSHARP.MVCPreventOverpostingModelDefinition | MVCPreventOverpostingModelDefinition: Prevent over-posting attacks in model definition |
High | MVC Prevent Underposting Model Composition | OPT.CSHARP.MVCPreventUnderpostingModelComposition | MVCPreventUnderpostingModelComposition: Prevent under-posting attacks in model composition |
High | MVC Prevent Underposting Model Definition | OPT.CSHARP.MVCPreventUnderpostingModelDefinition | MVCPreventUnderpostingModelDefinition: Prevent under-posting attacks in model definition |
High | Open Redirect | OPT.CSHARP.OpenRedirect | OpenRedirect: URL Redirection to Untrusted Site ('Open Redirect') |
High | Test For Na N Correctly | OPT.CSHARP.TestForNaNCorrectly | TestForNaNCorrectly: Test for NaN correctly |
High | Cross Site History Manipulation | OPT.CSHARP.SEC.CrossSiteHistoryManipulation | CrossSiteHistoryManipulation: Cross-Site History Manipulation (XSHM) |
High | Transparent Methods Should Not Use Suppress Unmanaged Code Security | OPT.CSHARP.TransparentMethodsShouldNotUseSuppressUnmanagedCodeSecurity | TransparentMethodsShouldNotUseSuppressUnmanagedCodeSecurity: A transparent method should not have the attribute SuppressUnmanagedCodeSecurity |
High | Use Params For Variable Arguments | OPT.CSHARP.UseParamsForVariableArguments | UseParamsForVariableArguments: A public or protected type contains a public or protected method that uses the VarArgs calling convention |
High | Log Forging | OPT.CSHARP.SEC.LogForging | LogForging: Improper Output Neutralization for Logs |
High | Resource Injection | OPT.CSHARP.SEC.ResourceInjection | ResourceInjection: Improper control of resource identifiers ("Resource Injection") |
High | Trust Boundary Violation | OPT.CSHARP.SEC.TrustBoundaryViolation | TrustBoundaryViolation: Trust boundary violation |
High | Unsafe Reflection | OPT.CSHARP.SEC.UnsafeReflection | UnsafeReflection: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') |
High | XML Entity Injection | OPT.CSHARP.SEC.XMLEntityInjection | XMLEntityInjection: XML entity injection |
High | XML Injection | OPT.CSHARP.XMLInjection | XMLInjection: XML Injection (aka Blind XPath Injection) |
High | XPath Injection | OPT.CSHARP.XPathInjection | XPathInjection: Improper Neutralization of Data within XPath Expressions ('XPath Injection') |
High | XQuery Injection | OPT.CSHARP.XQueryInjection | XQueryInjection: Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') |
High | XSLT Injection | OPT.CSHARP.XSLTInjection | XSLTInjection: Avoid using non-neutralized user-controlled input when creating XSL stylesheets |
High | Review Visible Event Handlers | OPT.CSHARP.Csharp.ReviewVisibleEventHandlers | ReviewVisibleEventHandlers: A public or protected event-handling method was detected |
High | Information Exposure Through Error Message | OPT.CSHARP.SEC.InformationExposureThroughErrorMessage | InformationExposureThroughErrorMessage: Avoid sensitive information exposure through error messages |
High | Insecure Email Transport | OPT.CSHARP.SEC.InsecureEmailTransport | InsecureEmailTransport: Insecure Mail Transport |
High | Insecure Randomness | OPT.CSHARP.InsecureRandomness | InsecureRandomness: Standard pseudo-random number generators cannot withstand cryptographic attacks |
High | Hardcoded Crypto Key | OPT.CSHARP.SEC.HardcodedCryptoKey | HardcodedCryptoKey: Use of Hard-coded Cryptographic Key |
High | Hardcoded Salt | OPT.CSHARP.SEC.HardcodedSalt | HardcodedSalt: A hardcoded salt can compromise system security |
High | Insecure Transport | OPT.CSHARP.SEC.InsecureTransport | InsecureTransport: Insecure transport |
High | Proper Padding With Public Key Crypto | OPT.CSHARP.SEC.ProperPaddingWithPublicKeyCrypto | ProperPaddingWithPublicKeyCrypto: Use of RSA Algorithm without Optimal Asymmetric Encryption Padding (OAEP) |
High | Server Insecure Transport | OPT.CSHARP.SEC.ServerInsecureTransport | ServerInsecureTransport: Insecure transport in HTTP servers] |
High | Weak Encryption | OPT.CSHARP.WeakEncryption | WeakEncryption: Insufficient RSA key length |
Info | Avoid Unneeded Calls On String | OPT.CSHARP.Csharp.AvoidUnneededCallsOnString | AvoidUnneededCallsOnString: Avoid unneeded calls on string objects |
Info | Identifiers Should Have Correct Suffix | OPT.CSHARP.Csharp.IdentifiersShouldHaveCorrectSuffix | IdentifiersShouldHaveCorrectSuffix: An identifier does not have the correct suffix |
Info | Identifiers Should Not Contain Underscores | OPT.CSHARP.Csharp.IdentifiersShouldNotContainUnderscores | IdentifiersShouldNotContainUnderscores: An identifier contains the underscore character |
Info | Identifiers Should Not Have Incorrect Suffix | OPT.CSHARP.Csharp.IdentifiersShouldNotHaveIncorrectSuffix | IdentifiersShouldNotHaveIncorrectSuffix: An identifier has an incorrect suffix |
Info | Normalize Strings To Uppercase | OPT.CSHARP.Csharp.NormalizeStringsToUppercase | NormalizeStringsToUppercase: Do not convert strings to lower-case |
Info | Parameter Names Should Not Match Member Names | OPT.CSHARP.Csharp.ParameterNamesShouldNotMatchMemberNames | ParameterNamesShouldNotMatchMemberNames: Parameter names should not match member names |
Info | Property Type | OPT.CSHARP.Csharp.PropertyType | PropertyType: A property must have a name similar to its type |
Info | Use Exception Constructor | OPT.CSHARP.Csharp.UseExceptionConstructor | UseExceptionConstructor: Illegal exception throw: Exceptions must be created in separate methods |
Info | Do Not Initialize Unnecessarily | OPT.CSHARP.DoNotInitializeUnnecessarily | DoNotInitializeUnnecessarily: Do not initialize variables unnecessarily |
Info | Use Literals Where Appropriate | OPT.CSHARP.UseLiteralsWhereAppropriate | UseLiteralsWhereAppropriate: Do not declare static and readonly fields, that are initialized with a value |
Low | Avoid Language Specific Type Names In Parameters | OPT.CSHARP.AvoidLanguageSpecificTypeNamesInParameters | AvoidLanguageSpecificTypeNamesInParameters: Avoid names of parameters that contains language-specific type name, in public methods |
Low | Avoid System Output Stream | OPT.CSHARP.AvoidSystemOutputStream | AvoidSystemOutputStream: Using Console.Out or Console.Error rather than a dedicated log interface, makes it more difficult to monitor the behavior of the software |
Low | Avoid Type Names In Parameters | OPT.CSHARP.AvoidTypeNamesInParameters | AvoidTypeNamesInParameters: Avoid names of parameters that contains type's names, in public methods |
Low | Avoid Unnecessary String Creation | OPT.CSHARP.AvoidUnnecessaryStringCreation | AvoidUnnecessaryStringCreation: Avoid create unnecessary strings through a call to System.String.ToLower or System.String.ToUpper |
Low | Collection Properties Should Be Read Only | OPT.CSHARP.CollectionPropertiesShouldBeReadOnly | CollectionPropertiesShouldBeReadOnly: Collection properties should be read-only |
Low | Consider Converting Method To Property | OPT.CSHARP.ConsiderConvertingMethodToProperty | ConsiderConvertingMethodToProperty: Consider converting getter/setter methods into properties |
Low | Attribute String Literals Should Parse Correctly | OPT.CSHARP.Csharp.AttributeStringLiteralsShouldParseCorrectly | AttributeStringLiteralsShouldParseCorrectly: Attribute's literal value should be correctly written |
Low | Avoid Exceptions In Implicit Transformation | OPT.CSHARP.Csharp.AvoidExceptionsInImplicitTransformation | AvoidExceptionsInImplicitTransformation: Avoid throwing exceptions in implicit operators |
Low | Avoid Long Methods | OPT.CSHARP.Csharp.AvoidLongMethods | AvoidLongMethods: Do not encode large methods |
Low | Avoid Long Parameter Lists | OPT.CSHARP.Csharp.AvoidLongParameterLists | AvoidLongParameterLists: Do not encode methods with too many parameters |
Low | Avoid Namespaces With Few Types | OPT.CSHARP.Csharp.AvoidNamespacesWithFewTypes | AvoidNamespacesWithFewTypes: Avoid namespaces with few types |
Low | Avoid Non Stored Procedure Commands | OPT.CSHARP.Csharp.AvoidNonStoredProcedureCommands | AvoidNonStoredProcedureCommands: Avoid using non stored-procedure database operations |
Low | Avoid Type Get Type For Constant Strings | OPT.CSHARP.Csharp.AvoidTypeGetTypeForConstantStrings | AvoidTypeGetTypeForConstantStrings: Do not call Type.GetType() with constant string values |
Low | Call Base Class Methods On I Serializable Types | OPT.CSHARP.Csharp.CallBaseClassMethodsOnISerializableTypes | CallBaseClassMethodsOnISerializableTypes: Call base class methods on ISerializable types |
Low | Check New Exception Without Throwing | OPT.CSHARP.Csharp.CheckNewExceptionWithoutThrowing | CheckNewExceptionWithoutThrowing: Exception instantiation not used |
Low | Consider Custom Accessors For Non Visible Events Rule | OPT.CSHARP.Csharp.ConsiderCustomAccessorsForNonVisibleEventsRule | ConsiderCustomAccessorsForNonVisibleEventsRule: For non visible events, evaluate using custom accessors instead of default ones |
Low | Delegates Passed To Native Code Must Include Exception Handling Rule | OPT.CSHARP.Csharp.DelegatesPassedToNativeCodeMustIncludeExceptionHandlingRule | DelegatesPassedToNativeCodeMustIncludeExceptionHandlingRule: Enclose with a catch all handler entire block for delegates passed to native code |
Low | Do Not Cast Unnecessarily | OPT.CSHARP.Csharp.DoNotCastUnnecessarily | DoNotCastUnnecessarily: A method performs duplicate casts on one of its arguments or local variables |
Low | Do Not Destroy Stack Trace Rule | OPT.CSHARP.Csharp.DoNotDestroyStackTraceRule | DoNotDestroyStackTraceRule: Catch handlers should rethrow original exception instead of throwing the same exception |
Low | Do Not Hardcode Locale Specific Strings | OPT.CSHARP.Csharp.DoNotHardcodeLocaleSpecificStrings | DoNotHardcodeLocaleSpecificStrings: Do not hardcode locale specific strings |
Low | Do Not Indirectly Expose Methods With Link Demands | OPT.CSHARP.Csharp.DoNotIndirectlyExposeMethodsWithLinkDemands | DoNotIndirectlyExposeMethodsWithLinkDemands: Do not indirectly expose methods with link demands |
Low | Do Not Pass Literals As Localized Parameters | OPT.CSHARP.Csharp.DoNotPassLiteralsAsLocalizedParameters | DoNotPassLiteralsAsLocalizedParameters: String literal passed as parameter should be localizable |
Low | Do Not Raise Exceptions In Unexpected Locations | OPT.CSHARP.Csharp.DoNotRaiseExceptionsInUnexpectedLocations | DoNotRaiseExceptionsInUnexpectedLocations: Do not raise exceptions in unexpected locations |
Low | Do Not Use Thread Static With Instance Fields | OPT.CSHARP.Csharp.DoNotUseThreadStaticWithInstanceFields | DoNotUseThreadStaticWithInstanceFields: Do not use 'ThreadStatic' with instance fields |
Low | Overloading Equals Reference Types | OPT.CSHARP.Csharp.OverloadingEqualsReferenceTypes | OverloadingEqualsReferenceTypes: Do not overload equality operator on reference types |
Low | Override Equals On Value Types | OPT.CSHARP.Csharp.OverrideEqualsOnValueTypes | OverrideEqualsOnValueTypes: A public value type does not override Equals |
Low | Properties Should Not Return Arrays | OPT.CSHARP.Csharp.PropertiesShouldNotReturnArrays | PropertiesShouldNotReturnArrays: Properties should not return arrays |
Low | Property Names Should Not Match Get Methods | OPT.CSHARP.Csharp.PropertyNamesShouldNotMatchGetMethods | PropertyNamesShouldNotMatchGetMethods: Property names should not match get methods |
Low | Review Unused Parameters | OPT.CSHARP.Csharp.ReviewUnusedParameters | ReviewUnusedParameters: Method parameter not used |
Low | Specify Message Box Options | OPT.CSHARP.Csharp.SpecifyMessageBoxOptions | SpecifyMessageBoxOptions: Specify MessageBoxOptions |
Low | Test For Empty Strings Using Length | OPT.CSHARP.Csharp.TestForEmptyStringsUsingLength | TestForEmptyStringsUsingLength: Comparison with empty string using 'Equals' |
Low | Type Names Should Not Match Namespaces | OPT.CSHARP.Csharp.TypeNamesShouldNotMatchNamespaces | TypeNamesShouldNotMatchNamespaces: Type names should not match namespaces |
Low | Types That Own Native Resources Should Be Disposable | OPT.CSHARP.Csharp.TypesThatOwnNativeResourcesShouldBeDisposable | TypesThatOwnNativeResourcesShouldBeDisposable: Types that own native resources should be disposable |
Low | Use Constructors To Initialize Properties | OPT.CSHARP.Csharp.UseConstructorsToInitializeProperties | UseConstructorsToInitializeProperties: Initialize properties by using constructors |
Low | Use Constructors To Set Properties | OPT.CSHARP.Csharp.UseConstructorsToSetProperties | UseConstructorsToSetProperties: Set properties by using constructors with parameters |
Low | Write Static Field From Instance Method | OPT.CSHARP.Csharp.WriteStaticFieldFromInstanceMethod | WriteStaticFieldFromInstanceMethod: Do not write in static fields from instance methods |
Low | Disposable Types Should Declare Finalizer | OPT.CSHARP.DisposableTypesShouldDeclareFinalizer | DisposableTypesShouldDeclareFinalizer: A type that implements System.IDisposable and has fields of unmanaged types, should have a finalizer |
Low | Do Not Assign Params Not Out Or Ref | OPT.CSHARP.DoNotAssignParamsNotOutOrRef | DoNotAssignParamsNotOutOrRef: Do not assign method parameters which are not marked as 'out' or 'ref' |
Low | Do Not Concatenate Strings Inside Loops | OPT.CSHARP.DoNotConcatenateStringsInsideLoops | DoNotConcatenateStringsInsideLoops: Do not concatenate string values inside loops |
Low | Do Not Mark Enums With Flags | OPT.CSHARP.DoNotMarkEnumsWithFlags | DoNotMarkEnumsWithFlags: The values of an enumeration that has System.FlagsAttribute attribute, should be powers of two |
Low | Do Not Prefix Enum Values With Type Name | OPT.CSHARP.DoNotPrefixEnumValuesWithTypeName | DoNotPrefixEnumValuesWithTypeName: Names of enumeration's members should not start with the enumeration's name |
Low | Identifiers Should Be Cased Correctly | OPT.CSHARP.IdentifiersShouldBeCasedCorrectly | IdentifiersShouldBeCasedCorrectly: Use correctly "pascal-case" and "camel-case" according to the agreement established |
Low | Implement Serialization Constructors | OPT.CSHARP.ImplementSerializationConstructors | ImplementSerializationConstructors: A type that implements ISerializable, should implement a serialization constructor |
Low | Implement Serialization Methods Correctly | OPT.CSHARP.ImplementSerializationMethodsCorrectly | ImplementSerializationMethodsCorrectly: Implement a correct signature for methods that handle serialization events |
Low | Initialize Value Type Static Fields Inline | OPT.CSHARP.InitializeValueTypeStaticFieldsInline | InitializeValueTypeStaticFieldsInline: Avoid explicitly declare a static constructor |
Low | Instantiate Argument Exceptions Correctly | OPT.CSHARP.InstantiateArgumentExceptionsCorrectly | InstantiateArgumentExceptionsCorrectly: Avoid calling default constructor of ArgumentExceptions |
Low | Operator Overloads Have Named Alternates | OPT.CSHARP.OperatorOverloadsHaveNamedAlternates | OperatorOverloadsHaveNamedAlternates: When a type overrides an operator, it is recommended to also override the alternative method |
Low | Overload Operator Equals On Overriding Equals | OPT.CSHARP.OverloadOperatorEqualsOnOverridingEquals | OverloadOperatorEqualsOnOverridingEquals: When a type overrides System.Object.Equals method, it also should override the operator [] {} |
Low | Prefer Jagged Arrays Over Multidimensional | OPT.CSHARP.PreferJaggedArraysOverMultidimensional | PreferJaggedArraysOverMultidimensional: Do not declare multidimensional array |
Low | Use Managed Equivalents Of Win32 Api | OPT.CSHARP.UseManagedEquivalentsOfWin32Api | UseManagedEquivalentsOfWin32Api: Use managed equivalents of Win32 API |
Low | Constants Should Be Transparent | OPT.CSHARP.ConstantsShouldBeTransparent | ConstantsShouldBeTransparent: A field constant or an enumeration member should be transparent |
Low | Information Exposure Through Debug Log | OPT.CSHARP.SEC.InformationExposureThroughDebugLog | InformationExposureThroughDebugLog: Avoid exposing sensible information through log |
Medium | Unsafe Cookie Rule | OPT.CSHARP.SEC.UnsafeCookieRule | UnsafeCookieRule: Generate server-side cookies with adequate security properties |
Medium | Avoid Null Reference Exception | OPT.CSHARP.AvoidNullReferenceException | AvoidNullReferenceException: Use of NullPointerException Catch to Detect NULL Pointer Dereference |
Medium | Avoid Readonly Mutable Types | OPT.CSHARP.AvoidReadonlyMutableTypes | AvoidReadonlyMutableTypes: Do not declare externally visible read-only fields with mutable types |
Medium | Call GC Keep Alive When Usinga Ntive Resources | OPT.CSHARP.CallGCKeepAliveWhenUsingaNtiveResources | CallGCKeepAliveWhenUsingaNtiveResources: GC.KeepAlive should be called in methods that use unmanaged resources |
Medium | Critical Types Must Not Participate In Type Equivalence | OPT.CSHARP.CriticalTypesMustNotParticipateInTypeEquivalence | CriticalTypesMustNotParticipateInTypeEquivalence: SecurityCriticalAttribute should not be used in members, or types that participate in type equivalence |
Medium | Array Fields Should Not Be Read Only | OPT.CSHARP.Csharp.ArrayFieldsShouldNotBeReadOnly | ArrayFieldsShouldNotBeReadOnly: Array fields should not be read only |
Medium | Attribute Class Suffix | OPT.CSHARP.Csharp.AttributeClassSuffix | AttributeClassSuffix: Attribute classes names must contain the 'Attribute' suffix |
Medium | Avoid Calling Problematic Methods | OPT.CSHARP.Csharp.AvoidCallingProblematicMethods | AvoidCallingProblematicMethods: Potentially dangerous call |
Medium | Avoid Custom Application Exceptions | OPT.CSHARP.Csharp.AvoidCustomApplicationExceptions | AvoidCustomApplicationExceptions: Classes that extend ApplicationException should not be used |
Medium | Avoid Empty Constructors In Structs | OPT.CSHARP.Csharp.AvoidEmptyConstructorsInStructs | AvoidEmptyConstructorsInStructs: Avoid empty constructors in structures |
Medium | Avoid Indexers In Non Collection Classes | OPT.CSHARP.Csharp.AvoidIndexersInNonCollectionClasses | AvoidIndexersInNonCollectionClasses: Avoid indexers in non-collections classes |
Medium | Avoid Large Methods | OPT.CSHARP.Csharp.AvoidLargeMethods | AvoidLargeMethods: Avoid functions and methods with too many lines of code |
Medium | Avoid Large Structure | OPT.CSHARP.Csharp.AvoidLargeStructure | AvoidLargeStructure: Avoid creating too-large structures |
Medium | Avoid Uninstantiated Internal Classes | OPT.CSHARP.Csharp.AvoidUninstantiatedInternalClasses | AvoidUninstantiatedInternalClasses: Avoid uninstantiated internal classes |
Medium | Avoid Unsealed Concrete Attributes Rule | OPT.CSHARP.Csharp.AvoidUnsealedConcreteAttributesRule | AvoidUnsealedConcreteAttributesRule: Avoid attributes defined as unsealed but not abstract |
Medium | Call Get Last Error Immediately After P Invoke | OPT.CSHARP.Csharp.CallGetLastErrorImmediatelyAfterPInvoke | CallGetLastErrorImmediatelyAfterPInvoke: Call GetLastError immediately after P/Invoke |
Medium | Check New Thread Without Start | OPT.CSHARP.Csharp.CheckNewThreadWithoutStart | CheckNewThreadWithoutStart: Avoid creating unstarted threads |
Medium | Clone Method Should Not Return Null | OPT.CSHARP.Csharp.CloneMethodShouldNotReturnNull | CloneMethodShouldNotReturnNull: An overwritten Clone() method should never return null |
Medium | Collection Class Suffix | OPT.CSHARP.Csharp.CollectionClassSuffix | CollectionClassSuffix: Collections classes names must end with the 'Collection' suffix |
Medium | Collections Should Implement Generic Interface | OPT.CSHARP.Csharp.CollectionsShouldImplementGenericInterface | CollectionsShouldImplementGenericInterface: Collections should implement the generic interface |
Medium | Com Visible Type Base Types Should Be Com Visible | OPT.CSHARP.Csharp.ComVisibleTypeBaseTypesShouldBeComVisible | ComVisibleTypeBaseTypesShouldBeComVisible: COM visible type derive from a non COM visible type |
Medium | Consider Passing Base Types As Parameters | OPT.CSHARP.Csharp.ConsiderPassingBaseTypesAsParameters | ConsiderPassingBaseTypesAsParameters: Consider passing base types as parameters |
Medium | Declare Types In Namespaces | OPT.CSHARP.Csharp.DeclareTypesInNamespaces | DeclareTypesInNamespaces: Declare types in namespaces |
Medium | Default Parameters Should Not Be Used | OPT.CSHARP.Csharp.DefaultParametersShouldNotBeUsed | DefaultParametersShouldNotBeUsed: Do not use default parameters |
Medium | Disable Debugging Code Rule | OPT.CSHARP.Csharp.DisableDebuggingCodeRule | DisableDebuggingCodeRule: Avoid using Console.WriteLine |
Medium | Disposable Fields Should Be Disposed | OPT.CSHARP.Csharp.DisposableFieldsShouldBeDisposed | DisposableFieldsShouldBeDisposed: Call Dispose method of fields that implements System.IDisposable |
Medium | Do Not Call Overridable Methods In Constructors | OPT.CSHARP.Csharp.DoNotCallOverridableMethodsInConstructors | DoNotCallOverridableMethodsInConstructors: Virtual method call from constructor |
Medium | Do Not Catch General Exception Types | OPT.CSHARP.Csharp.DoNotCatchGeneralExceptionTypes | DoNotCatchGeneralExceptionTypes: Declaration of Catch for Generic Exception |
Medium | Do Not Declare Virtual Members In Sealed Types | OPT.CSHARP.Csharp.DoNotDeclareVirtualMembersInSealedTypes | DoNotDeclareVirtualMembersInSealedTypes: Do not declare virtual and not final members in sealed classes |
Medium | Do Not Decrease Inherited Member Visibility | OPT.CSHARP.Csharp.DoNotDecreaseInheritedMemberVisibility | DoNotDecreaseInheritedMemberVisibility: Do not decrease inherited member visibility |
Medium | Do Not Ignore Method Results | OPT.CSHARP.Csharp.DoNotIgnoreMethodResults | DoNotIgnoreMethodResults: Do not ignore the returning value of methods |
Medium | Do Not Nest Generic Types In Member Signatures | OPT.CSHARP.Csharp.DoNotNestGenericTypesInMemberSignatures | DoNotNestGenericTypesInMemberSignatures: Do not nest generic types in externally visible member signatures |
Medium | Do Not Raise Exceptions In Exception Clauses | OPT.CSHARP.Csharp.DoNotRaiseExceptionsInExceptionClauses | DoNotRaiseExceptionsInExceptionClauses: Do not raise exceptions in exception clauses |
Medium | Do Not Raise Reserved Exception Types | OPT.CSHARP.Csharp.DoNotRaiseReservedExceptionTypes | DoNotRaiseReservedExceptionTypes: Do not raise reserved exception types |
Medium | Do Not Use Timers That Prevent Power State Changes | OPT.CSHARP.Csharp.DoNotUseTimersThatPreventPowerStateChanges | DoNotUseTimersThatPreventPowerStateChanges: Avoid timers that prevent power state changes |
Medium | Double Check Locking Rule | OPT.CSHARP.Csharp.DoubleCheckLockingRule | DoubleCheckLockingRule: Incorrect usage of double checking when implementing Singleton pattern |
Medium | Equality Operator If Plus Or Minus | OPT.CSHARP.Csharp.EqualityOperatorIfPlusOrMinus | EqualityOperatorIfPlusOrMinus: Override equality operator if addition and subtraction operators are overrided |
Medium | Exception Class Suffix | OPT.CSHARP.Csharp.ExceptionClassSuffix | ExceptionClassSuffix: Exception classes names must end with the 'Exception' suffix |
Medium | Exception Constructors | OPT.CSHARP.Csharp.ExceptionConstructors | ExceptionConstructors: Classes that extend Exception must implement all standard constructors |
Medium | Implement I Disposable Correctly | OPT.CSHARP.Csharp.ImplementIDisposableCorrectly | ImplementIDisposableCorrectly: Implement IDisposable correctly |
Medium | Implement I Disposable With Finalize | OPT.CSHARP.Csharp.ImplementIDisposableWithFinalize | ImplementIDisposableWithFinalize: Implement Dispose method provided by IDisposable interface |
Medium | Implement I Serializable Correctly | OPT.CSHARP.Csharp.ImplementISerializableCorrectly | ImplementISerializableCorrectly: Implement ISerializable correctly |
Medium | Implement Standard Exception Constructors | OPT.CSHARP.Csharp.ImplementStandardExceptionConstructors | ImplementStandardExceptionConstructors: Implement standard exception constructors |
Medium | Interface Name | OPT.CSHARP.Csharp.InterfaceName | InterfaceName: Interface name format convention |
Medium | Level2 Assemblies Should Not Contain Linkdemands | OPT.CSHARP.Csharp.Level2AssembliesShouldNotContainLinkdemands | Level2AssembliesShouldNotContainLinkdemands: A class or class member is using a LinkDemand in an application that is using Level 2 security |
Medium | Mark Members As Static | OPT.CSHARP.Csharp.MarkMembersAsStatic | MarkMembersAsStatic: A method that only accesses class members should be marked as 'static' |
Medium | Members Should Not Expose Certain Concrete Types | OPT.CSHARP.Csharp.MembersShouldNotExposeCertainConcreteTypes | MembersShouldNotExposeCertainConcreteTypes: Members should not expose certain concrete types |
Medium | Method Case | OPT.CSHARP.Csharp.MethodCase | MethodCase: Method names differ only in case within the same class |
Medium | Namespace Case | OPT.CSHARP.Csharp.NamespaceCase | NamespaceCase: Namespace names differ only in case |
Medium | Naming Class Namespace | OPT.CSHARP.Csharp.NamingClassNamespace | NamingClassNamespace: Namespace name cannot match the name of one of its contained classes |
Medium | Nested Types Should Not Be Visible | OPT.CSHARP.Csharp.NestedTypesShouldNotBeVisible | NestedTypesShouldNotBeVisible: An externally visible type contains an externally visible type declaration |
Medium | Num Max Class By Namespace | OPT.CSHARP.Csharp.NumMaxClassByNamespace | NumMaxClassByNamespace: Avoid an excessive number of classes per package/namespace |
Medium | Only Flags Enums Should Have Plural Names | OPT.CSHARP.Csharp.OnlyFlagsEnumsShouldHavePluralNames | OnlyFlagsEnumsShouldHavePluralNames: Externally visible enumeration ends in a plural word and is not marked with the Flags attribute |
Medium | Operations Should Not Overflow | OPT.CSHARP.Csharp.OperationsShouldNotOverflow | OperationsShouldNotOverflow: Operations should not overflow |
Medium | Parameter Case | OPT.CSHARP.Csharp.ParameterCase | ParameterCase: Parameter names differ only in case in a method declaration |
Medium | Pass System Obj Instead Of String | OPT.CSHARP.Csharp.PassSystemObjInsteadOfString | PassSystemObjInsteadOfString: Pass System.Uri objects instead of strings |
Medium | Pointers Should Not Be Visible | OPT.CSHARP.Csharp.PointersShouldNotBeVisible | PointersShouldNotBeVisible: Pointers should not be visible |
Medium | Properties Should Not Be Write Only | OPT.CSHARP.Csharp.PropertiesShouldNotBeWriteOnly | PropertiesShouldNotBeWriteOnly: Avoid write only properties |
Medium | Property Case | OPT.CSHARP.Csharp.PropertyCase | PropertyCase: Property names within the same class differ only in case |
Medium | Rethrow To Preserve Stack Details | OPT.CSHARP.Csharp.RethrowToPreserveStackDetails | RethrowToPreserveStackDetails: Do not rethrow exceptions explicitly |
Medium | Set Locale For Data Types | OPT.CSHARP.Csharp.SetLocaleForDataTypes | SetLocaleForDataTypes: Set locale property for data types |
Medium | Specify Culture Info | OPT.CSHARP.Csharp.SpecifyCultureInfo | SpecifyCultureInfo: Specify CultureInfo |
Medium | Specify String Comparison | OPT.CSHARP.Csharp.SpecifyStringComparison | SpecifyStringComparison: Specify StringComparison |
Medium | Static Holder Types Should Be Sealed | OPT.CSHARP.Csharp.StaticHolderTypesShouldBeSealed | StaticHolderTypesShouldBeSealed: Class containing only static members should be declared sealed |
Medium | Static Holder Types Should Not Have Constructors | OPT.CSHARP.Csharp.StaticHolderTypesShouldNotHaveConstructors | StaticHolderTypesShouldNotHaveConstructors: Static holder types should not have constructors |
Medium | Type Case | OPT.CSHARP.Csharp.TypeCase | TypeCase: Type names differ only in case |
Medium | Types Should Not Extend Certain Base Types | OPT.CSHARP.Csharp.TypesShouldNotExtendCertainBaseTypes | TypesShouldNotExtendCertainBaseTypes: Types should not extend certain base types |
Medium | Uri Parameters Should Not Be Strings | OPT.CSHARP.Csharp.UriParametersShouldNotBeStrings | UriParametersShouldNotBeStrings: URI parameters should not be strings |
Medium | Uri Return Values Should Not Be Strings | OPT.CSHARP.Csharp.UriReturnValuesShouldNotBeStrings | UriReturnValuesShouldNotBeStrings: The name of a method contains 'uri', 'Uri', 'urn', 'Urn', 'url', or 'Url', and returns a string |
Medium | Use Generic Event Handler Instances | OPT.CSHARP.Csharp.UseGenericEventHandlerInstances | UseGenericEventHandlerInstances: Use generic event handler instances |
Medium | Use Safe Handle To Encapsulate Native Resources | OPT.CSHARP.Csharp.UseSafeHandleToEncapsulateNativeResources | UseSafeHandleToEncapsulateNativeResources: Use of System.IntPtr |
Medium | Validate Arguments Of Public Methods | OPT.CSHARP.Csharp.ValidateArgumentsOfPublicMethods | ValidateArgumentsOfPublicMethods: Check parameters of externally visible methods |
Medium | Warn Of Assignations In Conditional Statements | OPT.CSHARP.Csharp.WarnOfAssignationsInConditionalStatements | WarnOfAssignationsInConditionalStatements: Assignment expression in an if condition |
Medium | Classes Are Strongly Internally Coupled | OPT.CSHARP.ClassesAreStronglyInternallyCoupled | ClassesAreStronglyInternallyCoupled: Classes internally strongly coupled must be avoided |
Medium | Dispose Methods Should Call Suppress Finalize | OPT.CSHARP.DisposeMethodsShouldCallSuppressFinalize | DisposeMethodsShouldCallSuppressFinalize: The Dispose method of a class that implements System.IDisposable should call GC.SuppressFinalize |
Medium | Method Security Should Be Superset Of Type | OPT.CSHARP.MethodSecurityShouldBeSupersetOfType | MethodSecurityShouldBeSupersetOfType: Security of methods should be a subset of the security of types |
Medium | MVC Post In Controllers | OPT.CSHARP.MVCPostInControllers | MVCPostInControllers: Restrict allowed HTTP verbs for state-change operations in MVC controllers |
Medium | Potential Infinite Loop | OPT.CSHARP.PotentialInfiniteLoop | PotentialInfiniteLoop: Loop with Unreachable Exit Condition ('Infinite Loop') |
Medium | Provide Correct Arguments To Formatting Methods | OPT.CSHARP.ProvideCorrectArgumentsToFormattingMethods | ProvideCorrectArgumentsToFormattingMethods: The format argument passed to System.String.Format does not match with the objects passed as parameters |
Medium | Provide Deserialization Methods For Optional Fields | OPT.CSHARP.ProvideDeserializationMethodsForOptionalFields | ProvideDeserializationMethodsForOptionalFields: Provide methods for the de-serialization of fields marked with OptionalFieldAttribute |
Medium | Review Declarative Security On Value Types | OPT.CSHARP.ReviewDeclarativeSecurityOnValueTypes | ReviewDeclarativeSecurityOnValueTypes: Avoid using declarative security in value types |
Medium | Review Imperative Security | OPT.CSHARP.ReviewImperativeSecurity | ReviewImperativeSecurity: Avoid using the imperative security whenever possible |
Medium | Http Request Value Shadowing | OPT.CSHARP.SEC.HttpRequestValueShadowing | HttpRequestValueShadowing: Request data is accessed in an ambiguous way, which can leave it open to attack |
Medium | Main Method In Web Application | OPT.CSHARP.SEC.MainMethodInWebApplication | MainMethodInWebApplication: Main() method not allowed in web application |
Medium | Avoid Host Name Checks | OPT.CSHARP.SEC.AvoidHostNameChecks | AvoidHostNameChecks: Avoid checks on client-side hostname, that are not reliable due to DNS poisoning |
Medium | System Information Leak | OPT.CSHARP.SystemInformationLeak | SystemInformationLeak: Exposure of System Data to an Unauthorized Control Sphere |
Medium | Transparent Methods Must Not Call Native Code | OPT.CSHARP.TransparentMethodsMustNotCallNativeCode | TransparentMethodsMustNotCallNativeCode: A transparent method should not make calls to native code |
Medium | Transparent Methods Must Not Handle Process Corrupting Exceptions | OPT.CSHARP.TransparentMethodsMustNotHandleProcessCorruptingExceptions | TransparentMethodsMustNotHandleProcessCorruptingExceptions: A transparent method must not have HandleProcessCorruptedStateExceptions attribute |
Medium | Transparent Methods Should Not Be Protected With Link Demands | OPT.CSHARP.TransparentMethodsShouldNotBeProtectedWithLinkDemands | TransparentMethodsShouldNotBeProtectedWithLinkDemands: A transparent method should not require LinkDemand |
Medium | Transparent Methods Should Not Demand | OPT.CSHARP.TransparentMethodsShouldNotDemand | TransparentMethodsShouldNotDemand: A transparent method should not require SecurityAction.Demand, and should not call the CodeAccessPermission.Demand method |
Medium | Transparent Methods Should Not Load Assemblies From Byte Arrays | OPT.CSHARP.TransparentMethodsShouldNotLoadAssembliesFromByteArrays | TransparentMethodsShouldNotLoadAssembliesFromByteArrays: A transparent method should not load an assembly from a byte array using the Assembly.Load method |
Medium | Type Link Demands Require Inheritance Demands | OPT.CSHARP.TypeLinkDemandsRequireInheritanceDemands | TypeLinkDemandsRequireInheritanceDemands: A public type protected with link demand requires inheritance demand |
Medium | Unchecked Return Value | OPT.CSHARP.UncheckedReturnValue | UncheckedReturnValue: Unchecked return value. |
Medium | Unchecked Input In Loop Condition | OPT.CSHARP.UncheckedInputInLoopCondition | UncheckedInputInLoopCondition: Unchecked input in loop condition |
Medium | Unused Private Method | OPT.CSHARP.UnusedPrivateMethod | UnusedPrivateMethod: Avoid unused private methods and constructors |
Medium | Do Not Expose Fields In Secured Type | OPT.CSHARP.Csharp.DoNotExposeFieldsInSecuredType | DoNotExposeFieldsInSecuredType: Do not declare public types that are secured but also expose its fields |
Medium | Review Suppress Unmanaged Code Security Usage | OPT.CSHARP.Csharp.ReviewSuppressUnmanagedCodeSecurityUsage | ReviewSuppressUnmanagedCodeSecurityUsage: Do not use the 'SuppressUnmanagedCodeSecurity' attribute |
Medium | MVC Remove Version Header | OPT.CSHARP.MVCRemoveVersionHeader | MVCRemoveVersionHeader: Remove ASP.NET MVC version from HTTP headers |
Medium | P Invokes Should Not Be Safe Critical | OPT.CSHARP.PInvokesShouldNotBeSafeCritical | PInvokesShouldNotBeSafeCritical: A P/Invoke declaration should not have the SecuritySafeCritical attribute |
Medium | Hardcoded Credential | OPT.CSHARP.SEC.HardcodedCredential | HardcodedCredential: Use of Hard-coded Credentials |
Medium | Hardcoded Network Address | OPT.CSHARP.SEC.HardcodedNetworkAddress | HardcodedNetworkAddress: Network addresses should not be hardcoded |
Medium | Plaintext Storage Of Password | OPT.CSHARP.SEC.PlaintextStorageOfPassword | PlaintextStorageOfPassword: Plaintext Storage of a Password |
Medium | Serializable Class Containing Sensitive Data | OPT.CSHARP.SEC.SerializableClassContainingSensitiveData | SerializableClassContainingSensitiveData: Serializable Class Containing Sensitive Data |
Medium | Secured Types Should Not Expose Fields | OPT.CSHARP.SecuredTypesShouldNotExposeFields | SecuredTypesShouldNotExposeFields: Types secured with Link Demands should not expose fields |
Medium | Secure Serialization Constructors | OPT.CSHARP.SecureSerializationConstructors | SecureSerializationConstructors: Serialization constructors should be protected with security demands |
Medium | Transparency Annotations Should Not Conflict | OPT.CSHARP.TransparencyAnnotationsShouldNotConflict | TransparencyAnnotationsShouldNotConflict: The security attribute of a type should have the same transparency that the security attributes of the members that it contains |