Rule | Description | Example | KPI |
---|---|---|---|
ArithmeticExpressionsMustDeclarePrecedence | This statement contains a complex arithmetic expression which omits parenthesis around operations | Non-complaint Code: int x = 5 + y * b / 6 % z – 2; Complaint Code: int x = 5 + (y * ((b / 6) % z)) – 2; This rule is intended to increase the readability and maintainability of this type of code, and to reduce the risk of introducing bugs later, by forcing the developer to insert parenthesis to explicitly declare the operator precedence. | Robustness |
AvoidExceptionsInsideStaticConstructors | If any exception is thrown from within a static constructor, the type is unusable for the lifetime of the program | Cause: Static constructor are called before the first time a class is used but the caller doesn’t control when exactly. The exception is thrown in this context force callers to use ‘try’ block around any usage of the class and should be avoided. Non-complaint Code: public class MyClass Complaint Code: public class MyClass | Robustness |
ConditionalExpressionsMustDeclarePrecedence | A C# statement contains a complex conditional expression which omits parenthesis around operations | Cause: This rule is intended to increase the readability and maintainability of this type of code, and to reduce the risk of introducing bugs later, by forcing the developer to insert parenthesis to explicitly declare the operator precedence. Non-Complaint Code: if (x || y && z && a || b) Complaint Code: if ((x || y) && z && (a || b)) Inserting parenthesis makes the code more obvious and easy to understand and removes the need for the reader to make assumptions about the code. | Robustness |
EmptyCatchBlock | An empty catch block suppress all errors and shouldn’t be used | Analyzability | |
RegexExpressionIsIncorrect | The regular expression is invalid and will fail at run-time | Cause: The regular expression pattern is invalid and will fail at run-time. Non-complaint Code: string input = “/content/Somefile.cs”; Complaint code: string input = “/content/Somefile.cs”; | Robustness |
VirtualMethodCalledOnConstructor | If you make a virtual method call in a constructor, and it is not the most derived type in its inheritance hierarchy, then it might be called on a class whose constructor has not been run | Non-complaint Code:public class VirtualMethodOnConstructorTests Solution: There are 2 options: 1. This problem can be mitigated by marking the class as sealed to ensure that it is the most derived type in the inheritance hierarchy – in which case it is perfectly safe to call the virtual method. 2. Remove the call from the constructor. | Robustness |
VulnerableEncryption | Secure the encryption mode by combining Cipher Block Chaining with an authenticity check (HMAC-SHA256 for example) on the cipher text. | Example For Issue Occurrence:AesManaged aes = new AesManaged | Security |
WeakEncryption | Weak encryption algorithms provide very less security and insufficient protection for sensitive data hence its recommended to use a more secure encryption algorithm, such as AES. | Non-complaint Code: using (var tripleDES = new TripleDESCryptoServiceProvider()) //Noncompliant Complaint Code: AesManaged aes = new AesManaged | Security |