Release Notes - 1.4
1.4.18
Resolved Issues
| Customer Ticket Id |
Details |
| 43359 |
Fixes an issue that was causing a mismatch in the Engineering Dashboard between the total violation count in the main tile and the CSV export report. |
1.4.17
Resolved Issues
| Customer Ticket Id |
Details |
| 41637 |
Corrected the violation count displayed in Engineering Dashboard for the rule (1027024): “Avoid comparing passwords against hard-coded strings” |
Other Updates
| Details |
| Corrected the wrong generic type for nested class or enum of a generic class in extraction files. |
| Corrected the metamodel property of quality rules to correct violation count displayed in Dashboard. |
Rules
| Rule Id |
New Rule |
Details |
| 7198 |
FALSE |
Fixed false positives for the rule: “Avoid String concaténation in loops (.NET)” when the concatenation was done inside the initialization during variable declaration. |
1.4.16
Resolved Issues
| Customer Ticket Id |
Details |
| 41935 |
Fixes a false violation of rule 3612: “Avoid missing release of SQL connection after an effective lifetime (C#, VB.NET)” when using declaration syntax. |
Other Updates
| Details |
| .NET has a new option to disable linking .NET Client code to SQL Database Tables. Not activated by default. |
1.4.15
Resolved Issues
| Customer Ticket Id |
Details |
| 41374 |
Fixes a false violation of the rule 7862: “Avoid catching an exception of type Exception, RuntimeException, or Throwable”. |
| 41802 |
Fixes an issue causing the analysis to fail with the error “System.ArgumentException: An item with the same key has already been added”. |
Other Updates
| Details |
| The analysis behaviour has been updated to ensure that the symbols comparison process is completed with the current project’s .NET version. |
| Avoid argument exception with duplicate key entry in dictionary for AvoidRaisingExceptionsInUnexpectedLocation diag |
1.4.14
Resolved Issues
| Customer Ticket Id |
Details |
| 40482 |
Fixes an issue causing an analysis to fail with the error “DOTNET.0007:Unknown language Unknown. Couldn’t load project.” |
Other Updates
| Details |
| The analyzer has been updated to prevent the analysis of unused source files (e.g with the Content or None tag) such as .cs, .vb, etc. in SDK style projects. |
| The analyzer has been updated to ensure that generated objects (such as classes) are saved with the properties “external” and “generated” (previously these objects were only saved with the property “external). |
| Fixes a false positive in rule 1027042 “Avoid having unmatched contracts for exported interfaces” that is triggered when a class does not implement directly the interface but inherits a class that implements it. |
| Fixes an issue where tags disabling implicit file inclusion in SDK style project files are ignored during an analysis causing unwanted files to be analyzed. |
| Fixes an issue where the analyzer was previously analyzing the same file multiple times (due to the existence of multiple project files specifying the compilation of the file multiple times). |
| Fixes an issue causing the analyzer to create the wrong type of link (accessReadLink) when the assignment of an object is done by a deconstruct operation. The analyzer now creates an accessWriteLink link instead. |
| Fixes a false negative in rule 1027100 “Avoid dangerous File Upload” that is triggered when “HttpPostedFile.SaveAs” is used. |
Rules
| Rule Id |
New Rule |
Details |
| 1027042 |
FALSE |
“Avoid having unmatched contracts for exported interfaces”: removed a false positive that is triggered when a class does not implement directly the interface but inherits a class that implements it. |
| 1027100 |
FALSE |
“Avoid dangerous File Upload”: fixes a false negative that is triggered when “HttpPostedFile.SaveAs” is used. |
1.4.13
Resolved Issues
| Customer Ticket Id |
Details |
| 39034 |
Fixes an issue causing an analysis crash with the error “Unknown exception System.InvalidOperationException: The project already contains the specified reference.” |
| 38601 |
Fixes an issue causing an analysis crash with the error “Unknown exception System.InvalidOperationException: The project already contains the specified reference.” |
| 38362 |
Fixes an issue causing an analysis crash with the error: “Unknown exception System.IO.DirectoryNotFoundException: Could not find a part of the path.” |
| 39086 |
Fixes a false violation of the rule 8108 - “Avoid missing release of stream connection after an effective lifetime”. |
| 37489 |
Fixes an issues where the analysis completed but took a very long time to run. |
| 38509 |
Fixes several incorrect terms in warning messages found in the .NET analysis log file. |
| 38529 |
Fixes an issue where the warning “DOTNET.0012:Could not load assembly” was encountered many times in one analysis. This warning is now not triggered for DLLs that are not .NET assemblies and where there is more than one DLL in a directory of a build of a package, then add all DLLs are added. |
Other Updates
| Details |
| Changes the behaviour to stop and exception being raised when analyzing code with local functions: now the analyzer carefully ignores local function calls in order to avoid exceptions (and so, continue the analysis of the current file). |
| Fixes an exception raised by the Security Analyzer during log forging analysis due to optional arguments encountered in the code. |
| Fixes an issue where the log contained many instances of the entry “An exception occurred while generating code for….” when tuple expressions were being analyzed. |
Rules
| Rule Id |
New Rule |
Details |
| 8108 |
FALSE |
Fixes a false violation of the rule 8108 - “Avoid missing release of stream connection after an effective lifetime”. |
1.4.12
Note
No changes or updates have been made in this release. This is simply a move to LTS (Long Term Support).
1.4.11-funcrel
Resolved Issues
| Customer Ticket Id |
Details |
| 35954 |
Fixes missing links from .NET methods to stored procedures when a string variable is declared in an anonymous function. |
| 38220 |
Fixes a false violation - “Avoid storing passwords in Comments” - 1027046. |
Other Updates
| Details |
| Improved support for databases: Oracle, DB2, MySQL, Microsoft.Data.SqlClient |
Rules
| Rule Id |
New Rule |
Details |
| 1027046 |
FALSE |
Fixes a false violation for “Avoid storing passwords in Comments”. |
New Support
| Summary |
Details |
| Support of C# 9 |
Introduces support for C# 9: record, init-only accessor, top-level statement, target-typed new, covariant return type, … |
1.4.10-funcrel
Note
The release 1.4.10-funcrel replaces 1.4.9-funcrel, which was withdrawn due to an error where snapshots failed after an upgrade to 1.4.9-funcrel.
1.4.10-funcrel contains the same fixes and updates as 1.4.9-funcrel, in addition to a fix for the error introduced in 1.4.9-funcrel.
Resolved Issues
| Customer Ticket Id |
Details |
| 37290 |
Fixes an issue where snapshots fail after an upgrade to 1.4.9-funcrel with the error “Error while executing Procedure: ERROR: function mal_as_allocation_eu_main_local.dss_diag_scope_generic_num(integer, integer, integer, integer) does not exist.” |
| 36406 |
Fixes an issue where .NET analysis failed with error: The process `“D:\CAST\Extensions\com.castsoftware.dotnet.1.4.7-funcrel\DotNetCmd.exe” “R:\Storage\XX\DotNetCmd.xml”’ exited with code -1073740940. |
| 36719 |
Fixes an issue where .NET analysis is missing links to System namespace that should be resolved from .NET framework. |
| 26750 |
Fixes an issue related to All ASMX transactions. A link is missing from “ASMX Source File” to its “C# source file”. But the ASMX object is defined in TCC configuration as entry point. Therefore, All ASMX transactions are empty. The link is missing for all ASMX objects that are entry points for transactions. |
Other Updates
| Details |
| Fixes an issue related to missing assemblies with correct project hintpaths. The features using the hintpath of scproj files were found missing. After the fix, there is no Warning for DOTNET.0142 and DOTNET.0150. |
| Fixes an issue related to third party application. Updating the third party package Microsoft.WindowsDesktop.App.Ref to version 6.0.6 |
| Fixes an issue related to .NET Analysis concurrency. When two applications are launched parallelly with the same Zip file for the source code, first analysis ends successfully and the second one fails with an error. |
Rules
| Rule Id |
New Rule |
Details |
| 1027100 |
TRUE |
Avoid dangerous File Upload. |
New Support
| Summary |
Details |
| Support Dapper/Oracle/NpgSQL framework for .Net |
Support Dapper/Oracle/NpgSQL framework for .Net with blackboxing. |
1.4.9-funcrel
Note
This release has been withdrawn due to an error, where snapshots failed after an upgrade to 1.4.9-funcrel.
1.4.10-funcrel contains the same fixes and updates as 1.4.9-funcrel, in addition to a fix for the error introduced in 1.4.9-funcrel.
1.4.8-funcrel
Resolved Issues
| Customer Ticket Id |
Details |
| 34766 |
Fixed false positive violations for the rule (7266): “Call ‘base.Dispose()’ or ‘MyBase.Finalize()’ in the “finally” block of ‘Dispose(bool)’ methods”. |
| 35114 |
Fixed false positive violations caused by event handler C# methods for the rule (1027098): “Avoid unused private types or members”. |
| 31317 |
Fixed incorrect links in the “Reference” section for the rule (1043010) “Avoid creating cookie without setting httpOnly option (C#)”. |
| 34864 |
Fixed false false positive violations for the rule (1027048): “Avoid returning null from non-async Task/Task<T> method”. |
| 35078 |
Fixed false positive violations for the rule (1027048): “Avoid returning null from non-async Task/Task<T> method”. |
| 34960 |
Fixed false positive violations for the rule (1027074): “Avoid hard-coded URIs (.NET)”. |
| 34773 |
Fixed false positives for rule (8402): “All types of a serializable class must be serializable” in C#. |
Other Updates
| Details |
| Added a new tool “WSDLGenerator”: externalize generated files based on WSDL file in a separate tool. |
| Fixed a bad type link between .NET and SQL synonym. |
| Fixed an unexpected exception, that occurred during step: Dataflow symbol registration. |
| Default links in ‘analysis schema’ decreased by 1730, when comparing analyses run between 8.3.42 and 8.3.43. |
| Added a new tool XSDGenerator: externalize generated files based on XSD file in a separate tool. |
| Correction of the error: “System.IO.DirectoryNotFoundException”, while moving CommandData.json file with folder path containing a space character. |
Rules
| Rule Id |
New Rule |
Details |
| 1027074 |
FALSE |
Fixed false positive violations for the rule: “Avoid hard-coded URIs (.NET)”. |
| 7212 |
FALSE |
Fixed missing violations for the rule: “Avoid instantiations inside loops”. |
| 7266 |
FALSE |
Fixed false positive violations for the rule: “Call ‘base.Dispose()’ or ‘MyBase.Finalize()’ in the “finally” block of ‘Dispose(bool)’ methods”. |
| 1027098 |
FALSE |
Fixed false positive violations caused by event handler C# methods for the rule: “Avoid unused private types or members”. |
| 1027048 |
FALSE |
Fixed false positive violations for the rule: “Avoid returning null from non-async Task/Task<T> method”. |
| 8402 |
TRUE |
Fixed false positives for rule: “All types of a serializable class must be serializable” in C#. |
New Support
| Summary |
Details |
| Support ASP.NET Core 5 and 6 |
Support for Asp.Net Core 5 and 6, libraries are imported as third parties. |
1.4.7-funcrel
Resolved Issues
| Customer Ticket Id |
Details |
| 34381 |
41 projects are not analyzed with Unexpected exception occurred during step: ASTs visit |
| 34654 |
Missing links from .NET SOAP Resource Service to .NET SOAP Operation due to wrong Soap Operation name |
Other Updates
| Details |
| Moving CommandData.json files raised an exception when running the analysis a second time. |
1.4.6-funcrel
Note
Please do not use this version.
Resolved Issues
| Customer Ticket Id |
Details |
| 34467 |
An unexpected exception occured while loading project xxxxx Sequence contains more than one matching element |
| 34572 |
An unexpected exception occured while loading project xxxxx Sequence contains more than one matching element. |
| 33966 |
Rule name: “Avoid using console logging” should be renamed according to technology as: “Avoid using console logging (.NET)”. |
Other Updates
| Details |
| CASTIL generation - Review CastIL generation for fields: Non static fields with initializers are now correctly instantiated and have a bookmark, static field are now initialized in static constructor |
| Generated .json files are analyzed by HTML5 extension, but they should not be analyzed by the extension- this leads to invalid result variation |
| PathTooLongException not catched raised DOTNET.0156 warning. |
| The rule (8108) “Avoid missing release of stream connection after an effective lifetime” has been modified to reduce false positive violations by excluding streams in constructor arguments of classes inheriting from IDisposable. |
Rules
| Rule Id |
New Rule |
Details |
| 8108 |
FALSE |
The rule “Avoid missing release of stream connection after an effective lifetime” has been modified to reduce false positive violations by excluding streams in constructor arguments of classes inheriting from IDisposable. |
| 1020060 |
FALSE |
Rule name: “Avoid using console logging” is renamed according to technology as: “Avoid using console logging (.NET)”. |
New Support
| Summary |
Details |
| Support of .NET Core 5 and 6 |
The .NET Analyzer now supports .NET Core 5 and 6. Syntax support is limited to C# 8.0. |
1.4.5-funcrel
Resolved Issues
| Customer Ticket Id |
Details |
| 31602 |
Net warning: DOTNET.0156: An unexpected exception occured while loading project Net 5 |
| 31022 |
False violation for rule (rule id: 8110): Use dedicated stored procedures when multiple data accesses are needed. |
| 33194 |
Message “Required framework version is 4.8 but version 4.7.2 will be used instead” still displayed, when version 4.8 is installed. |
Other Updates
| Details |
| Bad inherited link between a class and an instanciated: A bad relyon link has been replaced by an inheritance link. |
Rules
| Rule Id |
New Rule |
Details |
| 8110 |
FALSE |
Removed false violation for the rule: Avoid not using dedicated stored procedures when processing multiple data accesses. |
1.4.4-funcrel
Resolved Issues
| Customer Ticket Id |
Details |
| 29725 |
Transaction are deleted due to missing dll file reference: compilation conflicts between extractions and references |
| 33077 |
Missing Reference to Datarow even though the dll is present causing GUID changes between versions |
| 33272 |
DOTNET.0142: No ressource found for package XLabs.IoC version 2.0.5782. Package reference ignored in project: support of Portable Class Library (PCL) for nuget package |
| 33379 |
DOTNET.0142:No ressource found for package XLabs.IoC version 2.0.5782. Package reference ignored in project: Support of Portable Class Library (PCL) for nuget package. |
| 33476 |
False violation for QR “Avoid non-public custom exception types” for partial classes |
| 33518 |
Missing Reference to Datarow even though the dll is present causing GUID changes between versions |
Other Updates
| Details |
| False positive on rule: “Avoid missing release of stream connection after an effective lifetime” with some methods of classes File and Stream. |
| Get rid of useless flagged warning logs. |
Rules
| Rule Id |
New Rule |
Details |
| 1027088 |
FALSE |
False violation for rule: “Avoid non-public custom exception types” for partial classes. |
| 8108 |
FALSE |
False positive on rule: “Avoid missing release of stream connection after an effective lifetime” with some methods of classes File and Stream. |
1.4.3-funcrel
Resolved Issues
| Customer Ticket Id |
Details |
| 32682 |
False violation for rule “Always use System.Uri instead of string to build URLs”: authorize secure method System.Net.WebRequest::Create(System.String). |
| 32708 |
False positive for the rule: “Avoid storing passwords in Comments”. |
| 32823 |
Unknown exception System.AggregateException in method AvoidRaisingExceptionsInUnexpectedLocation.Init |
| 32852 |
False violation for the rule: “Avoid hard-coded network resource names (.NET, VB)”: restrict ipv4 to 4 numbers pattern. |
| 32978 |
False violation for the rule: “Avoid comparing passwords against hard-coded strings”. |
Other Updates
| Details |
| Update the analyzer, to provide a list of the .NET frameworks managed by default in a .json file. |
Rules
| Rule Id |
New Rule |
Details |
| 1027054 |
FALSE |
False violation for rule “ Always use System.Uri instead of string to build URLs”: authorize secure method System.Net.WebRequest::Create(System.String). |
| 1027046 |
FALSE |
False positive for the rule: “Avoid storing passwords in Comments”. |
| 1027032 |
FALSE |
False violation for the rule: “Avoid hard-coded network resource names (.NET, VB)”: restrict ipv4 to 4 numbers pattern. |
| 1027024 |
FALSE |
False violation for the rule: “Avoid comparing passwords against hard-coded strings”. |
1.4.2-funcrel
Resolved Issues
| Customer Ticket Id |
Details |
| 32444 |
Onboarding: Csproj project excluded due to System.IndexOutOfRangeException: Index was outside the bounds of the array. |
| 32585 |
Onboarding: Csproj project excluded due to System.IndexOutOfRangeException: Index was outside the bounds of the array. |
Other Updates
| Details |
| False positives in rule “Avoid hardcoded URIs”. |
| Unknown exception System.ArgumentException raised in rule “Avoid unused private types or members”. |
| General Protection Fault crash on code “QUAL_SACS”. |
| Correction for initialization of plugins inside component. |
Rules
| Rule Id |
New Rule |
Details |
| 1027074 |
FALSE |
False positives in rule “Avoid hardcoded URIs”. |
| 1027098 |
FALSE |
Unknown exception System.ArgumentException raised in rule “Avoid unused private types or members”. |
1.4.1-funcrel
Resolved Issues
| Customer Ticket Id |
Details |
| 30747 |
Drop in FP, due to changes in .NET TCCSetup file. |
| 30762 |
Mismatch in violation count for the rule (7198): “Avoid String concatenation in loops (.NET)”. |
| 30482 |
False negative for the rule: “Avoid storing Non-Serializable Object as HttpSessionState attributes”. Rule does not consider Property objects. |
| 31611 |
False negative for the rule Avoid storing Non-Serializable Object as HttpSessionState attributes.’ Rule does not consider Property objects. |
Other Updates
| Details |
| Analysis too long for file initializing, extremely big dictionary. |
| 8108: False positive for method System.IO.File::Exists. |
| TFP decreased by 4858.0 when migrating 8.3.37 -> 8.3.38 (upgraded dotnet extension). |
| Generalized the string evaluation. |
Rules
| Rule Id |
New Rule |
Details |
| 1027012 |
FALSE |
False negative for the rule: “Avoid storing Non-Serializable Object as HttpSessionState attributes”. Rule does not consider Property objects. |
| 8108 |
FALSE |
False positive for method System.IO.File::Exists |
1.4.0-funcrel
Resolved Issues
| Customer Ticket Id |
Details |
| 28876 |
.NET Analysis crash — com.castsoftware.dotnet.1.3.1-funcrel\DotNetCmd.exe exited with code -1073741571 |
Other Updates
| Details |
| Exception occurred while loading a project: “System.ArgumentException: Version string portion was too short or too long”. |
Rules
| Rule Id |
New Rule |
Details |
| 1027096 |
TRUE |
Avoid raising exceptions in unexpected location |
| 1027098 |
TRUE |
Avoid unused private types or members |
1.4.0-beta1
Other Updates
| Details |
| TCC config delivered by .NET extension is referring to package=“Dotnet_Extension” instead of package=“Base_DotNet”. |
Rules
| Rule Id |
New Rule |
Details |
| 1027008 |
FALSE |
False violation for “Always Revert After Impersonation” on stored instances of classes implementing IDisposable. |
| 1027058 |
FALSE |
False positive for “Avoid blocking async methods” in “main” method and missing violation on property “Task<TResult>.Result”. |
| 1027096 |
TRUE |
“Avoid raising exceptions in unexpected location”: a method that is not expected to throw exceptions throws an exception. Currently limited to C#. |
| 1027098 |
TRUE |
“Avoid unused private types or members”: private or internal types or private members that are never executed or referenced are dead code. Currently limited to C#. |
1.4.0-alpha5
Resolved Issues
| Customer Ticket Id |
Details |
| 28888 |
Modified Transactions due to links alternating to objects with same fullname in different folders. |
| 28054 |
False violation (rule id:1027012): Avoid storing Non-Serializable Object as HttpSessionState attributes. |
| 29262 |
The rule (rule id: 8156): “Persistent classes should implement GetHashCode() and Equals()” should not apply for Entity Framework. |
Other Updates
| Details |
| “System.Threading.Task” should be exception to the QR (rule id: 8086) “Avoid types that own disposable fields and are not disposable”. |
| Fixed System.NullReferenceException raised in RawProjectBuilder.setProjectOutputKind. |
Rules
| Rule Id |
New Rule |
Details |
| 1027012 |
FALSE |
Fixed false positive due to wrong resolution of symbol (compiler error BC30560) |
| 8156 |
FALSE |
Fixed false positive due to rule formerly applied to entities of EF |
| 8086 |
FALSE |
Fixed false positive due to rule formerly applied to “System.Threading.Task” |
1.4.0-alpha4
Rules
| Rule Id |
New Rule |
Details |
| 1027050 |
TRUE |
New rule: Avoid throwing ArgumentException from yielding method. |
| 1027042 |
FALSE |
Bookmark only the attribute declaration. |
| 1027070 |
FALSE |
Variable declared and initialized against a LINQ query when compare to ’null’ is always false. |
| 1027020 |
FALSE |
When comparison is done using “==” operator, as in “1 == aThrow.Children.Count()”, violation should not be set. |
| 1027088 |
FALSE |
Declaring a C# class without any access modifier (“public” or others) should raise a violation. |
1.4.0-alpha3
Resolved Issues
| Customer Ticket Id |
Details |
| 27762 |
False positive in the rule: “Close the outermost stream ASAP (Avoid missing release of stream connection after an effective lifetime)” |
| 24427 |
Wrong Violations for the rule: “Avoid missing release of stream connection after an effective lifetime” in .NET |
| 26766 |
False violation for the rule: “Avoid missing release of stream connection after an effective lifetime” |
| 28276 |
The Metric Rule: “Avoid missing release of stream connection after an effective lifetime” produces false positives |
| 26749 |
ASPX Transactions deleted |
| 27617 |
Objects not coming part of module causing transactions to be “Deleted” |
Other Updates
| Details |
| False positives on QR “Avoid missing release of stream connection after an effective lifetime” when “using declaration” syntax is used |
| Correct bookmark for rule “Avoid missing release of stream connection after an effective lifetime” |
| False positives on QR “Avoid missing release of stream connection after an effective lifetime” when “using” syntax is used |
| False positives on QR “Avoid missing release of stream connection after an effective lifetime” when “using” syntax is used |
| improvement of the rule Avoid weak encryption providing insufficient key size (.NET) |
| improvement of the rule “Avoid returning null from ToString()” to non override method |
| increase pattern supported for rule “Avoid hardcoded URIs (.NET)” |
| increase of the scope of the rule “Avoid using Obsolete attributes without message” |
| improve support of nuget extractor |
| Summary |
| Improve performance to compute Metrics and CRC |
1.4.0-alpha2
Resolved Issues
| Customer Ticket Id |
Details |
| 27654 |
DOTNET.0156: An unexpected exception occurred while loading project xxxx. Project excluded from analysis. |
| 26398 |
DOTNET warning: DOTNET.0142: No resource found for package and DOTNET.0150: No definition found for the name |
| 27291 |
DOTNET analysis stuck at End Compute Metrics for symbols |
| 26465 |
DOTNET analysis stuck at End Compute Metrics for symbols |
| 27061 |
DOTNET warning: DOTNET.0142: No resource found for package and DOTNET.0150: No definition found for the name |
Rules
| Rule Id |
New Rule |
Details |
| 1027088 |
TRUE |
Avoid non-public custom exception types |
| 1027090 |
TRUE |
Avoid improper instantiation of argument exceptions |
| 1027092 |
TRUE |
Always pass optional parameters too, when making ‘base’ calls |
| 1027094 |
TRUE |
Always provide deserialization methods for optional fields |
1.4.0-alpha1
Note
A significant number of new rules have been added in this release of the extension which will have a significant impact on any existing analysis results generated with a previous release of the extension. When re-analyzing existing and unchanged source code with this new extension, you should therefore expect grade and violation changes. When using AIP Console, if you do not want this extension to be used, you should ensure that you implement an extension strategy to prevent the automatic download and installation of the extension. If you are onboarding a new application, CAST actively encourages you to use this new release to take advantage of the improvements that have been implemented.
Resolved Issues
| Customer Ticket Id |
Details |
| 25822 |
QR: Avoid having lock on this object - False Positive |
| 26801 |
Dotnet analysis is failing with error : The solution does not contain the specified project. (The problem was when analyzer try to search dependencies, but it does not find or dupplicate reference) |
Other Updates
| Details |
| Diags may put violations on fields while fields are not part of the rule’s scope |
| Unknown exception System.InvalidOperationException in PathUtils.FindCommonPath method |
Rules
| Rule Id |
New Rule |
Details |
| 1027014 |
TRUE |
Avoid using Thread API to manage activities of threads |
| 1027016 |
TRUE |
Avoid throwing exceptions in destructors |
| 1027018 |
TRUE |
Avoid throwing exceptions in finally block |
| 1027030 |
TRUE |
Avoid using Obsolete attributes without message |
| 1027020 |
TRUE |
Avoid using Count or LongCount where Any can be used |
| 1027022 |
TRUE |
Avoid using “new Guid()” |
| 1027024 |
TRUE |
Avoid comparing passwords against hard-coded strings |
| 1027032 |
TRUE |
Avoid hardcoded network resource names (.NET, VB) |
| 1027034 |
TRUE |
Never catch NullReferenceException |
| 1027038 |
TRUE |
Avoid if … else if constructs not terminated with an else clause (.NET, VB) |
| 1027036 |
TRUE |
Avoid rethrow exception explicitly |
| 1027042 |
TRUE |
Avoid having unmatched contracts for exported interfaces |
| 1027040 |
TRUE |
Avoid using multiple OrderBy calls |
| 1027046 |
TRUE |
Avoid storing passwords in Comments |
| 1027044 |
TRUE |
Avoid using SafeHandle.DangerousGetHandle |
| 1027048 |
TRUE |
Avoid returning null from non-async Task/Task<T> method |
| 1027086 |
TRUE |
Avoid having the same implementation in a conditional structure |
| 1027054 |
TRUE |
Always use System.Uri instead of string to build URLs |
| 1027058 |
TRUE |
Avoid blocking async methods |
| 1027070 |
TRUE |
Avoid if statements and blocks that are always TRUE or FALSE |
| 1027076 |
TRUE |
Avoid allowing File IO unrestricted access |
| 1027078 |
TRUE |
Always mark Windows Forms starting point as STAThread |
| 1027084 |
TRUE |
Avoid calling CoSetProxyBlanket and CoInitializeSecurity |
| 1027082 |
TRUE |
Avoid using console logging |
| 1027080 |
TRUE |
Always use ConfigureAwait(false) in library code awaited tasks |
| 1027074 |
TRUE |
Avoid hardcoded URIs |
| 1027068 |
TRUE |
Avoid returning null from ToString() |
| 1027066 |
TRUE |
Avoid throwing exception from property getters |
| 1027064 |
TRUE |
Always override ‘Equals’ and Comparison operators with IComparable implementation |