VB.NET Scan rules
Contrast Scan supports these rules for VB.NET.
Severity | Contrast rule | Engine rule ID | Description |
|---|---|---|---|
Critical | Too Much Origins Allowed | OPT.VBNET.TooMuchOriginsAllowed | TooMuchOriginsAllowed: CORS policy (Cross-origin resource sharing) too broad |
Critical | Code Injection | OPT.VBNET.CodeInjection | CodeInjection: Improper Control of Generation of Code ('Code Injection') |
Critical | Code Injection With Deserialization | OPT.VBNET.CodeInjectionWithDeserialization | CodeInjectionWithDeserialization: Dynamic code injection during object deserialization |
Critical | Command Injection | OPT.VBNET.CommandInjection | CommandInjection: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Critical | Cross Site Scripting | OPT.VBNET.CrossSiteScripting | CrossSiteScripting: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
Critical | DoS Regexp | OPT.VBNET.DoSRegexp | DoSRegexp: Prevent denial of service attack through malicious regular expression |
Critical | Ldap Injection | OPT.VBNET.LdapInjection | LdapInjection: Avoid non-neutralized user-controlled input in LDAP search filters |
Critical | Connection String Parameter Pollution | OPT.VBNET.SEC.ConnectionStringParameterPollution | ConnectionStringParameterPollution: Connection string polluted with untrusted input |
Critical | Http Parameter Pollution | OPT.VBNET.SEC.HttpParameterPollution | HttpParameterPollution: HTTP parameter pollution (HPP) |
Critical | Http Splitting Rule | OPT.VBNET.SEC.HttpSplittingRule | HttpSplittingRule: Improper neutralization of CR/LF Sequences in HTTP headers |
Critical | Mail Command Injection | OPT.VBNET.SEC.MailCommandInjection | MailCommandInjection: Mail Command Injection |
Critical | No SQL Injection | OPT.VBNET.SEC.NoSQLInjection | NoSQLInjection: Improper neutralization of special elements in data query logic (NoSQL injection) |
Critical | Process Control | OPT.VBNET.SEC.ProcessControl | ProcessControl: Do not load executables or libraries from untrusted sources |
Critical | Registry Manipulation | OPT.VBNET.SEC.RegistryManipulation | RegistryManipulation: Registry manipulation |
Critical | Server Side Request Forgery | OPT.VBNET.ServerSideRequestForgery | ServerSideRequestForgery: Server-Side Request Forgery (SSRF) |
Critical | SQL Injection | OPT.VBNET.SqlInjection | SqlInjection: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
Critical | Stored Cross Site Scripting | OPT.VBNET.StoredCrossSiteScripting | StoredCrossSiteScripting: Web content generation from improper sanitized database data and escaped output (Stored Cross-site Scripting, XSS) |
Critical | MVC Non Action Public Methods | OPT.VBNET.MVCNonActionPublicMethods | MVCNonActionPublicMethods: Protect public methods that are not action methods in controllers |
Critical | Path Traversal | OPT.VBNET.PathTraversal | PathTraversal: Avoid non-neutralized user-controlled input composed in a pathname to a resource |
Critical | Accessibility Subversion Rule | OPT.VBNET.SEC.AccessibilitySubversionRule | AccessibilitySubversionRule: .Net access restriction subverted (Reflection) |
Critical | Anonymous Ldap Bind | OPT.VBNET.SEC.AnonymousLdapBind | AnonymousLdapBind: Access Control - Anonymous LDAP Bind |
Critical | Dangerous File Upload | OPT.VBNET.SEC.DangerousFileUpload | DangerousFileUpload: Unrestricted Upload of File with Dangerous Type |
Critical | Static Database Connection | OPT.VBNET.SEC.StaticDatabaseConnection | StaticDatabaseConnection: Static database connection / session |
Critical | Temporary Files Left | OPT.VBNET.SEC.TemporaryFilesLeft | TemporaryFilesLeft: Temporary files not deleted |
Critical | COM With Param Constructors | OPT.VBNET.VBnet.COMWithParamConstructors | COMWithParamConstructors: Avoid COM visible attribute in parameterized constructors |
Critical | Dispose Finalize Throws Ex | OPT.VBNET.VBnet.DisposeFinalizeThrowsEx | DisposeFinalizeThrowsEx: Avoid throwing exception in constructors, Dispose or Finalize |
Critical | Dispose Objects Before Losing Scope | OPT.VBNET.VBnet.DisposeObjectsBeforeLosingScope | DisposeObjectsBeforeLosingScope: Dispose objects before losing scope |
Critical | Do Not Dispose Objects Multiple Times | OPT.VBNET.VBnet.DoNotDisposeObjectsMultipleTimes | DoNotDisposeObjectsMultipleTimes: Possible multiple calls to 'Dispose' over an object |
Critical | Do Not Use Idle Process Priority | OPT.VBNET.VBnet.DoNotUseIdleProcessPriority | DoNotUseIdleProcessPriority: Do not use idle process priority |
Critical | Mark I Serializable Types With Serializable | OPT.VBNET.VBnet.MarkISerializableTypesWithSerializable | MarkISerializableTypesWithSerializable: Specify the Serializable attribute in ISerializable classes |
Critical | Mark Windows Forms Entry Points With Sta Thread | OPT.VBNET.VBnet.MarkWindowsFormsEntryPointsWithStaThread | MarkWindowsFormsEntryPointsWithStaThread: Mark Windows Forms entry points with STAThread |
Critical | Weak Cryptographic Hash | OPT.VBNET.WeakCryptographicHash | WeakCryptographicHash: Weak cryptographic hash |
Critical | Weak Key Size | OPT.VBNET.WeakKeySize | WeakKeySize: Weak cryptography, insufficient key length |
Critical | Weak Symmetric Encryption Algorithm | OPT.VBNET.WeakSymmetricEncryptionAlgorithm | WeakSymmetricEncryptionAlgorithm: Weak symmetric encryption algorithm |
Critical | Weak Symmetric Encryption Mode Of Operation | OPT.VBNET.WeakSymmetricEncryptionModeOfOperation | WeakSymmetricEncryptionModeOfOperation: Do not use weak modes of operation with symmetric encryption |
High | Cross Site Request Forgery | OPT.VBNET.CrossSiteRequestForgery | CrossSiteRequestForgery: Cross-Site Request Forgery (CSRF) |
High | JSON Injection | OPT.VBNET.JSONInjection | JSONInjection: Avoid using non-neutralized user-controlled input in JSON entities |
High | MVC Prevent Overposting Model Definition | OPT.VBNET.MVCPreventOverpostingModelDefinition | MVCPreventOverpostingModelDefinition: Prevent over-posting attacks in model definition |
High | MVC Prevent Underposting Model Composition | OPT.VBNET.MVCPreventUnderpostingModelComposition | MVCPreventUnderpostingModelComposition: Prevent under-posting attacks in model composition |
High | MVC Prevent Underposting Model Definition | OPT.VBNET.MVCPreventUnderpostingModelDefinition | MVCPreventUnderpostingModelDefinition: Prevent under-posting attacks in model definition |
High | Open Redirect | OPT.VBNET.OpenRedirect | OpenRedirect: URL Redirection to Untrusted Site ('Open Redirect') |
High | Cross Site History Manipulation | OPT.VBNET.SEC.CrossSiteHistoryManipulation | CrossSiteHistoryManipulation: Cross-Site History Manipulation (XSHM) |
High | Log Forging | OPT.VBNET.SEC.LogForging | LogForging: Improper Output Neutralization for Logs |
High | Resource Injection | OPT.VBNET.SEC.ResourceInjection | ResourceInjection: Improper control of resource identifiers ("Resource Injection") |
High | Trust Boundary Violation | OPT.VBNET.SEC.TrustBoundaryViolation | TrustBoundaryViolation: Trust boundary violation |
High | Unsafe Reflection | OPT.VBNET.SEC.UnsafeReflection | UnsafeReflection: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') |
High | XML Entity Injection | OPT.VBNET.SEC.XMLEntityInjection | XMLEntityInjection: XML entity injection |
High | XML Injection | OPT.VBNET.XMLInjection | XMLInjection: XML Injection (aka Blind XPath Injection) |
High | XPath Injection | OPT.VBNET.XPathInjection | XPathInjection: Improper Neutralization of Data within XPath Expressions ('XPath Injection') |
High | XQuery Injection | OPT.VBNET.XQueryInjection | XQueryInjection: Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') |
High | XSLT Injection | OPT.VBNET.XSLTInjection | XSLTInjection: Avoid using non-neutralized user-controlled input when creating XSL stylesheets |
High | Information Exposure Through Error Message | OPT.VBNET.SEC.InformationExposureThroughErrorMessage | InformationExposureThroughErrorMessage: Avoid sensitive information exposure through error messages |
High | Insecure Email Transport | OPT.VBNET.SEC.InsecureEmailTransport | InsecureEmailTransport: Insecure Mail Transport |
High | Review Visible Event Handlers | OPT.VBNET.VBnet.ReviewVisibleEventHandlers | ReviewVisibleEventHandlers: A public or protected event-handling method was detected |
High | Resource Leak Database | OPT.VBNET.ResourceLeakDatabase | ResourceLeakDatabase: Unreleased database resource |
High | Resource Leak Ldap | OPT.VBNET.ResourceLeakLdap | ResourceLeakLdap: Unreleased LDAP resource |
High | Resource Leak Stream | OPT.VBNET.ResourceLeakStream | ResourceLeakStream: Unreleased stream resource |
High | Resource Leak Unmanaged | OPT.VBNET.ResourceLeakUnmanaged | ResourceLeakUnmanaged: Unreleased unmanaged resource |
High | Avoid Certificate Equals | OPT.VBNET.SEC.AvoidCertificateEquals | AvoidCertificateEquals: Never use X509Certificate.Equals() in a security context |
High | Cookies In Security Decision | OPT.VBNET.SEC.CookiesInSecurityDecision | CookiesInSecurityDecision: Reliance on Cookies without Validation and Integrity Checking in a Security Decision |
High | Improper Authentication | OPT.VBNET.SEC.ImproperAuthentication | ImproperAuthentication: Avoid that a user can perform actions to which he does not have access |
High | Missing Standard Error Handling | OPT.VBNET.SEC.MissingStandardErrorHandling | MissingStandardErrorHandling: Missing Standardized Error Handling Mechanism in ASP.Net |
High | Setting Manipulation | OPT.VBNET.SEC.SettingManipulation | SettingManipulation: Setting Manipulation |
High | Unvalidated Asp Net Model | OPT.VBNET.SEC.UnvalidatedAspNetModel | UnvalidatedAspNetModel: Unvalidated model in MVC controller |
High | User Controlled SQL Primary Key | OPT.VBNET.SEC.UserControlledSQLPrimaryKey | UserControlledSQLPrimaryKey: Avoid using an user controlled Primary Key into a query |
High | Abstract Types Should Not Have Constructors | OPT.VBNET.VBnet.AbstractTypesShouldNotHaveConstructors | AbstractTypesShouldNotHaveConstructors: Public abstract class with public constructor |
High | Attribute Usage | OPT.VBNET.VBnet.AttributeUsage | AttributeUsage: Specify AttributeUsage |
High | Avoid Excessive Complexity | OPT.VBNET.VBnet.AvoidExcessiveComplexity | AvoidExcessiveComplexity: A method has an excessive cyclomatic complexity |
High | Avoid Excessive Locals | OPT.VBNET.VBnet.AvoidExcessiveLocals | AvoidExcessiveLocals: Avoid excessive local variables |
High | Avoid Floating Point Equality | OPT.VBNET.VBnet.AvoidFloatingPointEquality | AvoidFloatingPointEquality: Do not perform (in)equality operations over floating point variables |
High | Avoid Inconditional Recursive Invocation | OPT.VBNET.VBnet.AvoidInconditionalRecursiveInvocation | AvoidInconditionalRecursiveInvocation: Avoid recursive calls without a precondition |
High | Avoid Out Parameters | OPT.VBNET.VBnet.AvoidOutParameters | AvoidOutParameters: Public or protected methods has ByRef parameters |
High | Avoid Overloads In Com Visible Interfaces | OPT.VBNET.VBnet.AvoidOverloadsInComVisibleInterfaces | AvoidOverloadsInComVisibleInterfaces: COM visible interface declares overloaded methods |
High | Avoid Uncalled Private Code | OPT.VBNET.VBnet.AvoidUncalledPrivateCode | AvoidUncalledPrivateCode: Avoid uncalled private code |
High | Avoid Unused Private Fields | OPT.VBNET.VBnet.AvoidUnusedPrivateFields | AvoidUnusedPrivateFields: Avoid unused private fields |
High | Declare Event Handlers Correctly | OPT.VBNET.VBnet.DeclareEventHandlersCorrectly | DeclareEventHandlersCorrectly: Declare Event Handlers Correctly |
High | Do Not Assume Int Ptr Size Rule | OPT.VBNET.VBnet.DoNotAssumeIntPtrSizeRule | DoNotAssumeIntPtrSizeRule: Do not downcast IntPtr or UIntPtr into a 32-bit or smaller value |
High | Do Not Call Overridable Methods In Constructors | OPT.VBNET.VBnet.DoNotCallOverridableMethodsInConstructors | DoNotCallOverridableMethodsInConstructors: Virtual method call from constructor |
High | Do Not Declare Static Members On Generic Types | OPT.VBNET.VBnet.DoNotDeclareStaticMembersOnGenericTypes | DoNotDeclareStaticMembersOnGenericTypes: Do not declare shared members on generic types |
High | Do Not Lock On This Or Types | OPT.VBNET.VBnet.DoNotLockOnThisOrTypes | DoNotLockOnThisOrTypes: Do not lock on 'this' object or over its 'Type' |
High | Do Not Pass Types By Reference | OPT.VBNET.VBnet.DoNotPassTypesByReference | DoNotPassTypesByReference: Do not pass types by reference |
High | Empty Catch | OPT.VBNET.VBnet.EmptyCatch | EmptyCatch: Do not leave empty catch blocks |
High | Exceptions Should Be Public | OPT.VBNET.VBnet.ExceptionsShouldBePublic | ExceptionsShouldBePublic: Exceptions should be public |
High | Get Hash Code Equals | OPT.VBNET.VBnet.GetHashCodeEquals | GetHashCodeEquals: Overload GetHashCode and Equals as a whole |
High | Identifiers Should Not Match Keywords | OPT.VBNET.VBnet.IdentifiersShouldNotMatchKeywords | IdentifiersShouldNotMatchKeywords: The identifiers must not be reserved words |
High | Initialize Reference Type Static Fields Inline | OPT.VBNET.VBnet.InitializeReferenceTypeStaticFieldsInline | InitializeReferenceTypeStaticFieldsInline: Initialize reference type static fields inline |
High | Mark Boolean P Invoke Arguments With Marshal As | OPT.VBNET.VBnet.MarkBooleanPInvokeArgumentsWithMarshalAs | MarkBooleanPInvokeArgumentsWithMarshalAs: Mark boolean P/Invoke arguments with MarshalAs attribute |
High | Max Methods | OPT.VBNET.VBnet.MaxMethods | MaxMethods: Maximum allowed number of methods |
High | Non Constant Fields Should Not Be Visible | OPT.VBNET.VBnet.NonConstantFieldsShouldNotBeVisible | NonConstantFieldsShouldNotBeVisible: A public or protected static field is not constant nor is it read-only |
High | Normalize Strings To Uppercase | OPT.VBNET.VBnet.NormalizeStringsToUppercase | NormalizeStringsToUppercase: Not to convert chains to lower case letters |
High | Obsolete Usages | OPT.VBNET.VBnet.ObsoleteUsages | ObsoleteUsages: Avoid use of deprecated methods or obsolete classes depending of the chosen .NET SDK |
High | Parameter Names Should Not Match Member Names | OPT.VBNET.VBnet.ParameterNamesShouldNotMatchMemberNames | ParameterNamesShouldNotMatchMemberNames: Parameter names should not match member names |
High | Properties Should Not Return Arrays | OPT.VBNET.VBnet.PropertiesShouldNotReturnArrays | PropertiesShouldNotReturnArrays: Properties should not return arrays |
High | Property Names Should Not Match Get Methods | OPT.VBNET.VBnet.PropertyNamesShouldNotMatchGetMethods | PropertyNamesShouldNotMatchGetMethods: Property names should not match get methods |
High | Remove Unused Locals | OPT.VBNET.VBnet.RemoveUnusedLocals | RemoveUnusedLocals: Unused local variable |
High | Insecure Randomness | OPT.VBNET.InsecureRandomness | InsecureRandomness: Standard pseudo-random number generators cannot withstand cryptographic attacks |
High | Review Unused Parameters | OPT.VBNET.VBnet.ReviewUnusedParameters | ReviewUnusedParameters: Method parameter not used |
High | Hardcoded Crypto Key | OPT.VBNET.SEC.HardcodedCryptoKey | HardcodedCryptoKey: Use of Hard-coded Cryptographic Key |
High | Suppress Finalize Correctly | OPT.VBNET.VBnet.SuppressFinalizeCorrectly | SuppressFinalizeCorrectly: Call GC.SuppressFinalize correctly |
High | Use Safe Handle To Encapsulate Native Resources | OPT.VBNET.VBnet.UseSafeHandleToEncapsulateNativeResources | UseSafeHandleToEncapsulateNativeResources: Use of System.IntPtr |
High | Variable Names Should Not Match Field Names | OPT.VBNET.VBnet.VariableNamesShouldNotMatchFieldNames | VariableNamesShouldNotMatchFieldNames: Variable names should not match field names |
High | Hardcoded Salt | OPT.VBNET.SEC.HardcodedSalt | HardcodedSalt: A hardcoded salt can compromise system security |
High | Insecure Transport | OPT.VBNET.SEC.InsecureTransport | InsecureTransport: Insecure transport |
High | Proper Padding With Public Key Crypto | OPT.VBNET.SEC.ProperPaddingWithPublicKeyCrypto | ProperPaddingWithPublicKeyCrypto: Use of RSA Algorithm without Optimal Asymmetric Encryption Padding (OAEP) |
High | Server Insecure Transport | OPT.VBNET.SEC.ServerInsecureTransport | ServerInsecureTransport: Insecure transport in HTTP servers] |
High | Weak Encryption | OPT.VBNET.WeakEncryption | WeakEncryption: Insufficient RSA key length |
Info | Do Not Initialize Unnecessarily | OPT.VBNET.DoNotInitializeUnnecessarily | DoNotInitializeUnnecessarily: Do not initialize variables unnecessarily |
Info | Do Not Prefix Enum Values With Type Name | OPT.VBNET.DoNotPrefixEnumValuesWithTypeName | DoNotPrefixEnumValuesWithTypeName: Names of enumeration members should not start with the enumeration name |
Info | Avoid Unneeded Calls On String | OPT.VBNET.VBnet.AvoidUnneededCallsOnString | AvoidUnneededCallsOnString: Avoid unneeded calls on string objects |
Info | Do Not Hardcode Locale Specific Strings | OPT.VBNET.VBnet.DoNotHardcodeLocaleSpecificStrings | DoNotHardcodeLocaleSpecificStrings: Do not hardcode locale specific strings |
Info | Identifiers Should Have Correct Suffix | OPT.VBNET.VBnet.IdentifiersShouldHaveCorrectSuffix | IdentifiersShouldHaveCorrectSuffix: An identifier does not have the correct suffix |
Info | Identifiers Should Not Contain Underscores | OPT.VBNET.VBnet.IdentifiersShouldNotContainUnderscores | IdentifiersShouldNotContainUnderscores: An identifier contains the underscore character |
Info | Identifiers Should Not Have Incorrect Suffix | OPT.VBNET.VBnet.IdentifiersShouldNotHaveIncorrectSuffix | IdentifiersShouldNotHaveIncorrectSuffix: An identifier has an incorrect suffix |
Info | Interface Naming Conventions | OPT.VBNET.VBnet.InterfaceNamingConventions | InterfaceNamingConventions: Follow naming conventions in interfaces |
Info | Naming Conventions | OPT.VBNET.VBnet.NamingConventions | NamingConventions: Follow naming conventions for classes |
Low | Constants Should Be Transparent | OPT.VBNET.ConstantsShouldBeTransparent | ConstantsShouldBeTransparent: A field constant or an enumeration member should be transparent |
Low | Information Exposure Through Debug Log | OPT.VBNET.SEC.InformationExposureThroughDebugLog | InformationExposureThroughDebugLog: Avoid exposing sensible information through log |
Low | Avoid Language Specific Type Names In Parameters | OPT.VBNET.AvoidLanguageSpecificTypeNamesInParameters | AvoidLanguageSpecificTypeNamesInParameters: Avoid names of parameters that contains language-specific type name, in public methods |
Low | Avoid Unnecessary String Creation | OPT.VBNET.AvoidUnnecessaryStringCreation | AvoidUnnecessaryStringCreation: Avoid create unnecessary strings through a call to System.String.ToLower or System.String.ToUpper |
Low | Collection Properties Should Be Read Only | OPT.VBNET.CollectionPropertiesShouldBeReadOnly | CollectionPropertiesShouldBeReadOnly: Public properties that are of a type that implements System.Collections.ICollection should be read-only |
Low | Consider Converting Method To Property | OPT.VBNET.ConsiderConvertingMethodToProperty | ConsiderConvertingMethodToProperty: Consider converting the method into a property |
Low | Disposable Types Should Declare Finalizer | OPT.VBNET.DisposableTypesShouldDeclareFinalizer | DisposableTypesShouldDeclareFinalizer: A type that implements System.IDisposable and has fields of unmanaged types, should have a finalizer |
Low | Do Not Concatenate Strings Inside Loops | OPT.VBNET.DoNotConcatenateStringsInsideLoops | DoNotConcatenateStringsInsideLoops: Do not concatenate string values inside loops |
Low | Do Not Mark Enums With Flags | OPT.VBNET.DoNotMarkEnumsWithFlags | DoNotMarkEnumsWithFlags: The values of an enumeration that has System.FlagsAttribute attribute, should be powers of two |
Low | Identifiers Should Be Cased Correctly | OPT.VBNET.IdentifiersShouldBeCasedCorrectly | IdentifiersShouldBeCasedCorrectly: Use correctly "pascal-case" and "camel-case" according to the agreement established |
Low | Implement Serialization Constructors | OPT.VBNET.ImplementSerializationConstructors | ImplementSerializationConstructors: A type that implements ISerializable, should implement a serialization constructor |
Low | Implement Serialization Methods Correctly | OPT.VBNET.ImplementSerializationMethodsCorrectly | ImplementSerializationMethodsCorrectly: Implement a correct signature for methods that handle serialization events |
Low | Initialize Value Type Static Fields Inline | OPT.VBNET.InitializeValueTypeStaticFieldsInline | InitializeValueTypeStaticFieldsInline: Avoid explicitly declare a static constructor |
Low | Instantiate Argument Exceptions Correctly | OPT.VBNET.InstantiateArgumentExceptionsCorrectly | InstantiateArgumentExceptionsCorrectly: Avoid calling default constructor of ArgumentExceptions |
Low | Operator Overloads Have Named Alternates | OPT.VBNET.OperatorOverloadsHaveNamedAlternates | OperatorOverloadsHaveNamedAlternates: When a type overrides an operator, it is recommended to also override the alternative method |
Low | Overload Operator Equals On Overriding Equals | OPT.VBNET.OverloadOperatorEqualsOnOverridingEquals | OverloadOperatorEqualsOnOverridingEquals: When a type overrides System.Object.Equals method, it also should override the operator [] {} |
Low | Prefer Jagged Arrays Over Multidimensional | OPT.VBNET.PreferJaggedArraysOverMultidimensional | PreferJaggedArraysOverMultidimensional: Do not declare multidimensional array |
Low | Use Literals Where Appropriate | OPT.VBNET.UseLiteralsWhereAppropriate | UseLiteralsWhereAppropriate: Do not declare shared and readonly fields, that are initialized with a value |
Low | Use Managed Equivalents Of Win32 Api | OPT.VBNET.UseManagedEquivalentsOfWin32Api | UseManagedEquivalentsOfWin32Api: Use alternatives to existing methods for managing the win32 api |
Low | Attribute String Literals Should Parse Correctly | OPT.VBNET.VBnet.AttributeStringLiteralsShouldParseCorrectly | AttributeStringLiteralsShouldParseCorrectly: Attribute's literal value should be correctly written |
Low | Avoid Long Parameter Lists | OPT.VBNET.VBnet.AvoidLongParameterLists | AvoidLongParameterLists: Do not encode methods with too many parameters |
Low | Avoid Namespaces With Few Types | OPT.VBNET.VBnet.AvoidNamespacesWithFewTypes | AvoidNamespacesWithFewTypes: Avoid namespaces with few types |
Low | Avoid Non Stored Procedure Commands | OPT.VBNET.VBnet.AvoidNonStoredProcedureCommands | AvoidNonStoredProcedureCommands: Avoid using non stored-procedure database operations |
Low | Avoid Type Get Type For Constant Strings | OPT.VBNET.VBnet.AvoidTypeGetTypeForConstantStrings | AvoidTypeGetTypeForConstantStrings: Do not call Type.GetType() with constant string values |
Low | Avoid Uninstantiated Internal Classes | OPT.VBNET.VBnet.AvoidUninstantiatedInternalClasses | AvoidUninstantiatedInternalClasses: An instance of an assembly-level type is not created by code in the assembly |
Low | Call Base Class Methods On I Serializable Types | OPT.VBNET.VBnet.CallBaseClassMethodsOnISerializableTypes | CallBaseClassMethodsOnISerializableTypes: Call base class methods on ISerializable types |
Low | Check New Exception Without Throwing | OPT.VBNET.VBnet.CheckNewExceptionWithoutThrowing | CheckNewExceptionWithoutThrowing: Exception instantiation not used |
Low | Consider Custom Accessors For Non Visible Events Rule | OPT.VBNET.Vbnet.ConsiderCustomAccessorsForNonVisibleEventsRule | ConsiderCustomAccessorsForNonVisibleEventsRule: For non visible events, evaluate using custom accessors instead of default ones |
Low | Delegates Passed To Native Code Must Include Exception Handling Rule | OPT.VBNET.VBnet.DelegatesPassedToNativeCodeMustIncludeExceptionHandlingRule | DelegatesPassedToNativeCodeMustIncludeExceptionHandlingRule: Enclose with a catch all handler entire block for delegates passed to native code |
Low | Do Not Cast Unnecessarily | OPT.VBNET.VBnet.DoNotCastUnnecessarily | DoNotCastUnnecessarily: A method performs duplicate casts on one of its arguments or local variables |
Low | Do Not Destroy Stack Trace Rule | OPT.VBNET.VBnet.DoNotDestroyStackTraceRule | DoNotDestroyStackTraceRule: Catch handlers should rethrow original exception instead of throwing the same exception |
Low | Do Not Indirectly Expose Methods With Link Demands | OPT.VBNET.VBnet.DoNotIndirectlyExposeMethodsWithLinkDemands | DoNotIndirectlyExposeMethodsWithLinkDemands: Do not indirectly expose methods with link demands |
Low | Do Not Raise Exceptions In Unexpected Locations | OPT.VBNET.Vbnet.DoNotRaiseExceptionsInUnexpectedLocations | DoNotRaiseExceptionsInUnexpectedLocations: Do not raise exceptions in unexpected locations |
Low | Do Not Use Thread Static With Instance Fields | OPT.VBNET.VBnet.DoNotUseThreadStaticWithInstanceFields | DoNotUseThreadStaticWithInstanceFields: Do not use 'ThreadStatic' with instance fields |
Low | Num Max Class By Namespaces | OPT.VBNET.VBnet.NumMaxClassByNamespaces | NumMaxClassByNamespaces: Avoid an excessive number of classes per package/namespace |
Low | Only Flags Enums Should Have Plural Names | OPT.VBNET.VBnet.OnlyFlagsEnumsShouldHavePluralNames | OnlyFlagsEnumsShouldHavePluralNames: Externally visible enumeration ends in a plural word and is not marked with the Flags attribute |
Low | Operations Should Not Overflow | OPT.VBNET.VBnet.OperationsShouldNotOverflow | OperationsShouldNotOverflow: Operations should not overflow |
Low | Override Equals On Value Types | OPT.VBNET.VBnet.OverrideEqualsOnValueTypes | OverrideEqualsOnValueTypes: A public value type does not override Equals |
Low | Remove Empty Finalizers | OPT.VBNET.VBnet.RemoveEmptyFinalizers | RemoveEmptyFinalizers: Remove empty finalizers |
Low | Test For Empty Strings Using Length | OPT.VBNET.VBnet.TestForEmptyStringsUsingLength | TestForEmptyStringsUsingLength: Comparison with empty string using 'Equals' |
Low | Types That Own Native Resources Should Be Disposable | OPT.VBNET.VBnet.TypesThatOwnNativeResourcesShouldBeDisposable | TypesThatOwnNativeResourcesShouldBeDisposable: Types that own native resources should be disposable |
Low | Write Static Field From Instance Method | OPT.VBNET.VBnet.WriteStaticFieldFromInstanceMethod | WriteStaticFieldFromInstanceMethod: Do not write in static fields from instance methods |
Medium | Unsafe Cookie Rule | OPT.VBNET.SEC.UnsafeCookieRule | UnsafeCookieRule: Generate server-side cookies with adequate security properties |
Medium | Avoid Host Name Checks | OPT.VBNET.SEC.AvoidHostNameChecks | AvoidHostNameChecks: Avoid checks on client-side hostname, that are not reliable due to DNS poisoning |
Medium | MVC Remove Version Header | OPT.VBNET.MVCRemoveVersionHeader | MVCRemoveVersionHeader: Remove ASP.NET MVC version from HTTP headers |
Medium | P Invokes Should Not Be Safe Critical | OPT.VBNET.PInvokesShouldNotBeSafeCritical | PInvokesShouldNotBeSafeCritical: A P/Invoke declaration should not have the SecuritySafeCriticalAttribute attribute |
Medium | Hardcoded Credential | OPT.VBNET.SEC.HardcodedCredential | HardcodedCredential: Use of Hard-coded Credentials |
Medium | Hardcoded Network Address | OPT.VBNET.SEC.HardcodedNetworkAddress | HardcodedNetworkAddress: Network addresses should not be hardcoded |
Medium | Plaintext Storage Of Password | OPT.VBNET.SEC.PlaintextStorageOfPassword | PlaintextStorageOfPassword: Plaintext Storage of a Password |
Medium | Serializable Class Containing Sensitive Data | OPT.VBNET.SEC.SerializableClassContainingSensitiveData | SerializableClassContainingSensitiveData: Serializable Class Containing Sensitive Data |
Medium | Secure Serialization Constructors | OPT.VBNET.SecureSerializationConstructors | SecureSerializationConstructors: Serialization constructors should be protected with security demands |
Medium | Secured Types Should Not Expose Fields | OPT.VBNET.SecuredTypesShouldNotExposeFields | SecuredTypesShouldNotExposeFields: Types secured with Link Demands should not expose fields |
Medium | Transparency Annotations Should Not Conflict | OPT.VBNET.TransparencyAnnotationsShouldNotConflict | TransparencyAnnotationsShouldNotConflict: The security attribute of a type should have the same transparency that the security attributes of the members that it contains |
Medium | Do Not Expose Fields In Secured Type | OPT.VBNET.VBnet.DoNotExposeFieldsInSecuredType | DoNotExposeFieldsInSecuredType: Do not declare public types that are secured but also expose its fields |
Medium | Review Suppress Unmanaged Code Security Usage | OPT.VBNET.VBnet.ReviewSuppressUnmanagedCodeSecurityUsage | ReviewSuppressUnmanagedCodeSecurityUsage: Do not use the 'SuppressUnmanagedCodeSecurity' attribute |
Medium | Avoid Readonly Mutable Types | OPT.VBNET.AvoidReadonlyMutableTypes | AvoidReadonlyMutableTypes: Do not declare externally visible read-only fields with mutable types |
Medium | Call GC Keep Alive When Usinga Ntive Resources | OPT.VBNET.CallGCKeepAliveWhenUsingaNtiveResources | CallGCKeepAliveWhenUsingaNtiveResources: GC.KeepAlive should be called in methods that use unmanaged resources |
Medium | Critical Types Must Not Participate In Type Equivalence | OPT.VBNET.CriticalTypesMustNotParticipateInTypeEquivalence | CriticalTypesMustNotParticipateInTypeEquivalence: SecurityCriticalAttribute should not be used in members, or types that participate in type equivalence |
Medium | Dispose Methods Should Call Suppress Finalize | OPT.VBNET.DisposeMethodsShouldCallSuppressFinalize | DisposeMethodsShouldCallSuppressFinalize: The Dispose method of a class that implements System.IDisposable, should call GC.SuppressFinalize |
Medium | Method Security Should Be Superset Of Type | OPT.VBNET.MethodSecurityShouldBeSupersetOfType | MethodSecurityShouldBeSupersetOfType: Security of methods should be a subset of the security of types |
Medium | MVC Post In Controllers | OPT.VBNET.MVCPostInControllers | MVCPostInControllers: Restrict allowed HTTP verbs for state-change operations in MVC controllers |
Medium | Potential Infinite Loop | OPT.VBNET.PotentialInfiniteLoop | PotentialInfiniteLoop: Loop with Unreachable Exit Condition ('Infinite Loop') |
Medium | Provide Correct Arguments To Formatting Methods | OPT.VBNET.ProvideCorrectArgumentsToFormattingMethods | ProvideCorrectArgumentsToFormattingMethods: The format argument passed to System.String.Format does not match with the objects passed as parameters |
Medium | Provide Deserialization Methods For Optional Fields | OPT.VBNET.ProvideDeserializationMethodsForOptionalFields | ProvideDeserializationMethodsForOptionalFields: Provide methods for the de-serialization of fields marked with OptionalFieldAttribute |
Medium | Review Declarative Security On Value Types | OPT.VBNET.ReviewDeclarativeSecurityOnValueTypes | ReviewDeclarativeSecurityOnValueTypes: Avoid using declarative security in value types |
Medium | Review Imperative Security | OPT.VBNET.ReviewImperativeSecurity | ReviewImperativeSecurity: Avoid using the imperative security whenever possible |
Medium | Http Request Value Shadowing | OPT.VBNET.SEC.HttpRequestValueShadowing | HttpRequestValueShadowing: Request data is accessed in an ambiguous way, which can leave it open to attack |
Medium | Main Method In Web Application | OPT.VBNET.SEC.MainMethodInWebApplication | MainMethodInWebApplication: Main() method not allowed in web application |
Medium | System Information Leak | OPT.VBNET.SystemInformationLeak | SystemInformationLeak: Exposure of System Data to an Unauthorized Control Sphere |
Medium | Test For Na N Correctly | OPT.VBNET.TestForNaNCorrectly | TestForNaNCorrectly: Not use NaN in the expressions for developing equality test |
Medium | Transparent Methods Must Not Call Native Code | OPT.VBNET.TransparentMethodsMustNotCallNativeCode | TransparentMethodsMustNotCallNativeCode: A transparent method should not make calls to native code |
Medium | Transparent Methods Must Not Handle Process Corrupting Exceptions | OPT.VBNET.TransparentMethodsMustNotHandleProcessCorruptingExceptions | TransparentMethodsMustNotHandleProcessCorruptingExceptions: A transparent method must not have HandleProcessCorruptedStateExceptionsAttribute attribute |
Medium | Transparent Methods Should Not Be Protected With Link Demands | OPT.VBNET.TransparentMethodsShouldNotBeProtectedWithLinkDemands | TransparentMethodsShouldNotBeProtectedWithLinkDemands: A transparent method should not require LinkDemand |
Medium | Transparent Methods Should Not Demand | OPT.VBNET.TransparentMethodsShouldNotDemand | TransparentMethodsShouldNotDemand: A transparent method should not require SecurityAction.Demand, and should not call the CodeAccessPermission.Demand method |
Medium | Transparent Methods Should Not Load Assemblies From Byte Arrays | OPT.VBNET.TransparentMethodsShouldNotLoadAssembliesFromByteArrays | TransparentMethodsShouldNotLoadAssembliesFromByteArrays: A transparent method should not load an assembly from a byte array using the Assembly.Load method |
Medium | Transparent Methods Should Not Use Suppress Unmanaged Code Security | OPT.VBNET.TransparentMethodsShouldNotUseSuppressUnmanagedCodeSecurity | TransparentMethodsShouldNotUseSuppressUnmanagedCodeSecurity: A transparent method should not have the attribute SuppressUnmanagedCodeSecurityAttribute |
Medium | Type Link Demands Require Inheritance Demands | OPT.VBNET.TypeLinkDemandsRequireInheritanceDemands | TypeLinkDemandsRequireInheritanceDemands: A public type protected with link demand requires inheritance demand |
Medium | Unchecked Input In Loop Condition | OPT.VBNET.UncheckedInputInLoopCondition | UncheckedInputInLoopCondition: Unchecked input in loop condition |
Medium | Unchecked Return Value | OPT.VBNET.UncheckedReturnValue | UncheckedReturnValue: Unchecked return value. |
Medium | Array Fields Should Not Be Read Only | OPT.VBNET.VBnet.ArrayFieldsShouldNotBeReadOnly | ArrayFieldsShouldNotBeReadOnly: Array fields should not be read only |
Medium | Attribute Suffix | OPT.VBNET.VBnet.AttributeSuffix | AttributeSuffix: Name of an attribute class should be postfixed with 'Attribute' |
Medium | Avoid Calling Problematic Methods | OPT.VBNET.VBnet.AvoidCallingProblematicMethods | AvoidCallingProblematicMethods: Potentially dangerous call |
Medium | Avoid Large Methods | OPT.VBNET.VBnet.AvoidLargeMethods | AvoidLargeMethods: Avoid functions and methods with too many lines of code |
Medium | Avoid Large Structure | OPT.VBNET.VBnet.AvoidLargeStructure | AvoidLargeStructure: Avoid creating structures too large |
Medium | Avoid Protected Instance Fields | OPT.VBNET.VBnet.AvoidProtectedInstanceFields | AvoidProtectedInstanceFields: Avoid Protected or public fields |
Medium | Avoid Static Members In Com Visible Types | OPT.VBNET.VBnet.AvoidStaticMembersInComVisibleTypes | AvoidStaticMembersInComVisibleTypes: Avoid static members in COM visible types |
Medium | Avoid Unsealed Concrete Attributes Rule | OPT.VBNET.VBnet.AvoidUnsealedConcreteAttributesRule | AvoidUnsealedConcreteAttributesRule: Avoid attributes defined as NotInheritable but not abstract |
Medium | Bad Exception Parent | OPT.VBNET.VBnet.BadExceptionParent | BadExceptionParent: Custom Exception should not derive from certain 'not allowed' base exception classes |
Medium | Bad Exception Thrown | OPT.VBNET.VBnet.BadExceptionThrown | BadExceptionThrown: Illegal Exception Throwing : Exceptions must be defined in separated classes |
Medium | Call Get Last Error Immediately After P Invoke | OPT.VBNET.VBnet.CallGetLastErrorImmediatelyAfterPInvoke | CallGetLastErrorImmediatelyAfterPInvoke: Call GetLastError immediately after P/Invoke |
Medium | Check New Thread Without Start | OPT.VBNET.VBnet.CheckNewThreadWithoutStart | CheckNewThreadWithoutStart: Avoid creating unstarted threads |
Medium | Clone Method Should Not Return Null | OPT.VBNET.VBnet.CloneMethodShouldNotReturnNull | CloneMethodShouldNotReturnNull: An overwritten Clone() method should never return null |
Medium | Collection Suffix | OPT.VBNET.VBnet.CollectionSuffix | CollectionSuffix: Classes that implement Collection interfaces should have the 'Collection' suffix |
Medium | Collections Should Implement Generic Interface | OPT.VBNET.VBnet.CollectionsShouldImplementGenericInterface | CollectionsShouldImplementGenericInterface: Collections should implement the generic interface |
Medium | Com Visible Type Base Types Should Be Com Visible | OPT.VBNET.VBnet.ComVisibleTypeBaseTypesShouldBeComVisible | ComVisibleTypeBaseTypesShouldBeComVisible: COM visible type derive from a non COM visible type |
Medium | Common Exception Bases | OPT.VBNET.VBnet.CommonExceptionBases | CommonExceptionBases: Derive Custom Exceptions from allowed classes defined in this rule's properties |
Medium | Consider Passing Base Types As Parameters | OPT.VBNET.VBnet.ConsiderPassingBaseTypesAsParameters | ConsiderPassingBaseTypesAsParameters: Consider passing base types as parameters |
Medium | Declare Types In Namespaces | OPT.VBNET.VBnet.DeclareTypesInNamespaces | DeclareTypesInNamespaces: Declare types in namespaces |
Medium | Default Parameters Should Not Be Used | OPT.VBNET.VBnet.DefaultParametersShouldNotBeUsed | DefaultParametersShouldNotBeUsed: Do not use default parameters |
Medium | Disable Debugging Code Rule | OPT.VBNET.VBnet.DisableDebuggingCodeRule | DisableDebuggingCodeRule: Avoid using Console.WriteLine |
Medium | Disposable Fields Should Be Disposed | OPT.VBNET.VBnet.DisposableFieldsShouldBeDisposed | DisposableFieldsShouldBeDisposed: Call Dispose method of fields that implements IDisposable |
Medium | Dispose Finalize | OPT.VBNET.VBnet.DisposeFinalize | DisposeFinalize: Implement both Finalize and Dispose |
Medium | Do Not Catch General Exception Types | OPT.VBNET.VBnet.DoNotCatchGeneralExceptionTypes | DoNotCatchGeneralExceptionTypes: Do not catch general exception types |
Medium | Do Not Declare Overridable Members In Not Inheritable Types | OPT.VBNET.VBnet.DoNotDeclareOverridableMembersInNotInheritableTypes | DoNotDeclareOverridableMembersInNotInheritableTypes: Do not declare Overridable and not final members in NotInheritable classes |
Medium | Do Not Decrease Inherited Member Visibility | OPT.VBNET.VBnet.DoNotDecreaseInheritedMemberVisibility | DoNotDecreaseInheritedMemberVisibility: Do not decrease inherited member visibility |
Medium | Do Not Ignore Method Results | OPT.VBNET.VBnet.DoNotIgnoreMethodResults | DoNotIgnoreMethodResults: Do not ignore the returning value of methods |
Medium | Do Not Pass Literals As Localized Parameters | OPT.VBNET.VBnet.DoNotPassLiteralsAsLocalizedParameters | DoNotPassLiteralsAsLocalizedParameters: String literal passes as parameter should be localizable |
Medium | Do Not Raise Exceptions In Exception Clauses | OPT.VBNET.VBnet.DoNotRaiseExceptionsInExceptionClauses | DoNotRaiseExceptionsInExceptionClauses: An exception is thrown from a finally, filter, or fault clause |
Medium | Do Not Raise Reserved Exception Types | OPT.VBNET.VBnet.DoNotRaiseReservedExceptionTypes | DoNotRaiseReservedExceptionTypes: Do not raise reserved exception types |
Medium | Do Not Use Timers That Prevent Power State Changes | OPT.VBNET.VBnet.DoNotUseTimersThatPreventPowerStateChanges | DoNotUseTimersThatPreventPowerStateChanges: Avoid timers that prevent power state changes |
Medium | Double Check Locking Rule | OPT.VBNET.VBnet.DoubleCheckLockingRule | DoubleCheckLockingRule: Incorrect usage of double checking when implementing Singleton pattern |
Medium | Equal Op With Add Sub | OPT.VBNET.VBnet.EqualOpWithAddSub | EqualOpWithAddSub: Implement + ,- and {} |
Medium | Equals Throws Ex | OPT.VBNET.VBnet.EqualsThrowsEx | EqualsThrowsEx: Avoid throwing exceptions in Equals method |
Medium | Exception Constructors | OPT.VBNET.VBnet.ExceptionConstructors | ExceptionConstructors: Custom Exception should implement the common Constructors |
Medium | Exception Suffix | OPT.VBNET.VBnet.ExceptionSuffix | ExceptionSuffix: Classes that inherits Exception classes should have the 'Exception' suffix |
Medium | Get Hash Code Throws Ex | OPT.VBNET.VBnet.GetHashCodeThrowsEx | GetHashCodeThrowsEx: Avoid throwring exceptions when overriding GetHashCode |
Medium | I Comparable With Comp Ops | OPT.VBNET.VBnet.IComparableWithCompOps | IComparableWithCompOps: Implement comparaison operators when implementing IComparable |
Medium | Implement I Serializable Correctly | OPT.VBNET.VBnet.ImplementISerializableCorrectly | ImplementISerializableCorrectly: Implement ISerializable correctly |
Medium | Implement Standard Exception Constructors | OPT.VBNET.VBnet.ImplementStandardExceptionConstructors | ImplementStandardExceptionConstructors: Implement standard exception constructors |
Medium | Index With I Collection | OPT.VBNET.VBnet.IndexWithICollection | IndexWithICollection: Avoid indexed properties in classes not extending from System.Collections or Interfaces |
Medium | Level2 Assemblies Should Not Contain Linkdemands | OPT.VBNET.VBnet.Level2AssembliesShouldNotContainLinkdemands | Level2AssembliesShouldNotContainLinkdemands: A class or class member is using a LinkDemand in an application that is using Level 2 security |
Medium | Mark Members As Static | OPT.VBNET.VBnet.MarkMembersAsStatic | MarkMembersAsStatic: A method that only accesses class members should be marked as 'Shared' |
Medium | Members Should Not Expose Certain Concrete Types | OPT.VBNET.VBnet.MembersShouldNotExposeCertainConcreteTypes | MembersShouldNotExposeCertainConcreteTypes: Members should not expose certain concrete types |
Medium | Move P Invokes To Native Methods Class | OPT.VBNET.VBnet.MovePInvokesToNativeMethodsClass | MovePInvokesToNativeMethodsClass: Move P/Invokes to NativeMethods class |
Medium | Nested Types Should Not Be Visible | OPT.VBNET.VBnet.NestedTypesShouldNotBeVisible | NestedTypesShouldNotBeVisible: An externally visible type contains an externally visible type declaration |
Medium | Operator Throws Ex | OPT.VBNET.VBnet.OperatorThrowsEx | OperatorThrowsEx: Overloading a binary operator should not throw exceptions |
Medium | Pass System Obj Instead Of String | OPT.VBNET.VBnet.PassSystemObjInsteadOfString | PassSystemObjInsteadOfString: Method invocation can be improved |
Medium | Pointers Should Not Be Visible | OPT.VBNET.VBnet.PointersShouldNotBeVisible | PointersShouldNotBeVisible: Pointers should not be visible |
Medium | Properties Matched By Constructor Args | OPT.VBNET.VBnet.PropertiesMatchedByConstructorArgs | PropertiesMatchedByConstructorArgs: Constructor parameters set to Properties |
Medium | Properties Should Not Be Write Only | OPT.VBNET.VBnet.PropertiesShouldNotBeWriteOnly | PropertiesShouldNotBeWriteOnly: Avoid write only properties |
Medium | Rethrow To Preserve Stack Details | OPT.VBNET.VBnet.RethrowToPreserveStackDetails | RethrowToPreserveStackDetails: Do not rethrow exceptions explicitly |
Medium | Same Namespace Type | OPT.VBNET.VBnet.SameNamespaceType | SameNamespaceType: Conflict between namespace and class names |
Medium | Set Locale For Data Types | OPT.VBNET.VBnet.SetLocaleForDataTypes | SetLocaleForDataTypes: Set locale property for data types |
Medium | Specify Culture Info | OPT.VBNET.VBnet.SpecifyCultureInfo | SpecifyCultureInfo: Specify CultureInfo |
Medium | Specify Message Box Options | OPT.VBNET.VBnet.SpecifyMessageBoxOptions | SpecifyMessageBoxOptions: Specify MessageBoxOptions |
Medium | Specify String Comparison | OPT.VBNET.VBnet.SpecifyStringComparison | SpecifyStringComparison: Specify StringComparison |
Medium | Static Holder Types Should Be Sealed | OPT.VBNET.VBnet.StaticHolderTypesShouldBeSealed | StaticHolderTypesShouldBeSealed: Class containing only static members should be declared NotInheritable |
Medium | Static Holder Types Should Not Have Constructors | OPT.VBNET.VBnet.StaticHolderTypesShouldNotHaveConstructors | StaticHolderTypesShouldNotHaveConstructors: Static holder types should not have constructors |
Medium | Struct Empty Constructor | OPT.VBNET.VBnet.StructEmptyConstructor | StructEmptyConstructor: Avoid Structures with empty constructors |
Medium | Type Names Should Not Match Namespaces | OPT.VBNET.VBnet.TypeNamesShouldNotMatchNamespaces | TypeNamesShouldNotMatchNamespaces: Type names should not match namespaces |
Medium | Types Should Not Extend Certain Base Types | OPT.VBNET.VBnet.TypesShouldNotExtendCertainBaseTypes | TypesShouldNotExtendCertainBaseTypes: Types should not extend certain base types |
Medium | Uri Parameters Should Not Be Strings | OPT.VBNET.VBnet.UriParametersShouldNotBeStrings | UriParametersShouldNotBeStrings: URI parameters should not be strings |
Medium | Uri Return Values Should Not Be Strings | OPT.VBNET.VBnet.UriReturnValuesShouldNotBeStrings | UriReturnValuesShouldNotBeStrings: The name of a method contains 'uri', 'Uri', 'urn', 'Urn', 'url', or 'Url', and returns a string |
Medium | Use Generic Event Handler Instances | OPT.VBNET.VBnet.UseGenericEventHandlerInstances | UseGenericEventHandlerInstances: Use generic event handler instances |
Medium | Validate Arguments Of Public Methods | OPT.VBNET.VBnet.ValidateArgumentsOfPublicMethods | ValidateArgumentsOfPublicMethods: Check parameters of externally visible methods |