FxCop Rules
- 1 minute to read
- edit
Earlier this month, the Code Analysis Team talked about which code analysis rules shipped in what version of Visual Studio and FxCop. There is a great spreadsheet that shows all of the rules and in which versions they are available. Here is the list of rules that are different or removed in Visual Studio 2008 and FxCop 1.36:
Removed due to removal of data flow engine:
- CA1062 ValidateArgumentsOfPublicMethods
- CA1303 DoNotPassLiteralsAsLocalizedParameters
- CA2100 ReviewSqlQueriesForSecurityVulnerabilities
- CA2202 DoNotDisposeObjectsMultipleTimes
- CA2204 LiteralsShouldBeSpelledCorrectly
- CA2215 DisposeMethodsShouldCallBaseClassDispose
- CA2241 ProvideCorrectArgumentsToFormattingMethods
- CA2000 DisposeObjectsBeforeLosingScope
Removed due to high noise or no longer applicable analysis:
- CA1807 AvoidUnnecessaryStringCreation
- CA1817 DoNotCallPropertiesThatCloneValuesInLoops
- CA1818 DoNotConcatenateStringsInsideLoops
Analysis in this rule was moved to IdentifiersShouldBeCasedCorrectly:
Analysis in this rule was moved to IdentifiersShouldNotContainTypeNames:
Analysis in this rule was moved to OverrideLinkDemandsShouldBeIdenticalToBase:
- CA2110 SecureGetObjectDataOverrides
The part that I find most surprising and troubling are the rules that were removed because of the removal of the data flow engine. I understand the reasoning and look forward to seeing the new engine based on the Phoenix technology.
The other interesting thing is how similar the rules are between the integrated code analysis in Visual Studio and the stand-alone FxCop 1.36 release. It’s good to see Microsoft continuing to keep these in sync, although it would be good if the code metrics related rules were also included in FxCop.