FxCop Rules

FxCop

Design Rules

1.            Abstract types should not have constructors

2.            Assemblies should have valid strong names

3.            Avoid empty interfaces

4.            Avoid excessive parameters on generic types

5.            Avoid namespaces with few types

6.            Avoid out parameters

7.            Collections should implement generic interface

8.            Consider passing base types as parameters

9.            Declare event handlers correctly

10.         Declare types in namespaces

11.         Default parameters should not be used

12.         Define accessors for attribute arguments

13.         Do not catch general exception types

14.         Do not declare protected members in sealed types

15.         Do not declare static members on generic types

16.         Do not declare virtual members in sealed types

17.         Do not declare visible instance fields

18.         Do not expose generic lists

19.         Do not hide base class methods

20.         Do not nest generic types in member signatures

21.         Do not override operator equals on reference types

22.         Do not pass types by reference

23.         Enum Storage should be Int32

24.         Enumerators should be strongly typed

25.         Enums should have zero value

26.         Generic methods should provide type parameter

27.         ICollection implementations have strongly typed members

28.         Implement standard exception constructors

29.         Indexers should not be multidimensional

30.         Interface methods should be callable by child types

31.         Lists are strongly typed

32.         Mark assemblies with assembly version

33.         Mark assemblies with CLSCompliant

34.         Mark assemblies with ComVisible

35.         Mark attributes with AttributeUsageAttribute

36.         Mark enums with FlagsAttribute

37.         Members should not expose certain concrete types

38.         Move pinvokes to native methods class

39.         Nested types should not be visible

40.         Override methods on comparable types

41.         Override operator equals on overriding add and subtract

42.         Properties should not be write only

43.         Provide ObsoleteAttribute message

44.         Replace repetitive arguments with params array

45.         Static holder types should be sealed

46.         Static holder types should not have constructors

47.         String uri overloads call system uri overloads

48.         Types should not extend certain base types

49.         Types that own disposable fields should be disposable

50.         Types that own native resources should be disposable

51.         Uri parameters should not be strings

52.         Uri properties should not be strings

53.         Uri return values should not be strings

54.         Use events where appropriate

55.         Use generic event handler instances

56.         Use generics where appropriate

57.         Use integral or string argument for indexers

58.         Use properties where appropriate

59.         Validate arguments of public methods

 

Globalization Rules

1.            Avoid duplicate accelerators

2.            Do not hardcode locale specific strings

3.            Do not pass literals as localized parameters

4.            Set locale for data types

5.            Specify CultureInfo

6.            Specify IFormatProvider

7.            Specify MessageBoxOptions

 

 

 

Interoperability Rules

1.            Auto layout types should not be ComVisible

2.            Avoid int64 arguments for VB6 clients

3.            Avoid non-public fields in ComVisible value types

4.            Avoid overloads in ComVisible interfaces

5.            Avoid static members in ComVisible types

6.            Call GetLastError immediately after pinvoke

7.            Com registration methods should be matched

8.            Com registration methods should not be visible

9.            Com visible type base types should be ComVisible

10.         Com visible types should be creatable

11.         Declare PInvokes correctly

12.         Do not use AutoDual ClassInterfaceType

13.         Mark boolean pinvoke arguments with MarshalAs

14.         Mark ComSource interfaces as IDispatch

15.         PInvoke entry points should exist

16.         PInvokes should not be visible

 

Mobility Rules

1.            Do not use idle process priority

2.            Do not use timers that prevent power state changes

 

Naming Rules

1.            Avoid language specific type names in parameters

2.            Avoid type names in parameters

3.            Compound words should be cased correctly

4.            Do not name enum values 'Reserved'

5.            Do not prefix enum values with type name

6.            Events should not have before or after prefix

7.            Flags enums should have plural names

8.            Identifiers should be cased correctly

9.            Identifiers should be spelled correctly

10.         Identifiers should differ by more than case

11.         Identifiers should have correct prefix

12.         Identifiers should have correct suffix

13.         Identifiers should not contain underscores

14.         Identifiers should not have incorrect prefix

15.         Identifiers should not have incorrect suffix

16.         Identifiers should not match keywords

17.         Long acronyms should be pascal-cased

18.         Only FlagsAttribute enums should have plural names

19.         Parameter names should match base declaration

20.         Parameter names should not match member names

21.         Property names should not match get methods

22.         Resource string compound words should be cased correctly

23.         Resource strings should be spelled correctly

24.         Short acronyms should be uppercase

25.         Type names should not match namespaces

26.         Use preferred terms

 

Performance Rules

1.            Avoid calls that require unboxing

2.            Avoid costly calls where possible

3.            Avoid excessive locals

4.            Avoid uncalled private code

5.            Avoid uninstantiated internal classes

6.            Avoid unnecessary string creation

7.            Avoid unsealed attributes

8.            Avoid unused parameters

9.            Dispose methods should call SuppressFinalize

10.         Do not call properties that clone values in loops

11.         Do not cast unnecessarily

12.         Do not concatenate strings inside loops

13.         Do not ignore method results

14.         Do not initialize unnecessarily

15.         Initialize reference type static fields inline

16.         Override equals and operator equals on value types

17.         Prefer jagged arrays over multidimensional

18.         Properties should not return arrays

19.         Remove empty finalizers

20.         Remove unused locals

21.         Test for empty strings using string length

22.         Use literals where appropriate

 

Portability Rules

1.            Avoid testing for floating point equality

2.            PInvoke declarations should be portable

3.            Value type fields should be portable

 

Security Rules

1.            Aptca methods should only call aptca methods

2.            Aptca types should only extend aptca base types

3.            Array fields should not be read only

4.            Call GC.KeepAlive when using native resources

5.            Catch non-CLSCompliant exceptions in general handlers

6.            Do not declare read only mutable reference types

7.            Do not indirectly expose methods with link demands

8.            Method security should be a superset of type

9.            Override link demands should be identical to base

10.         Pointers should not be visible

11.         Review declarative security on value types

12.         Review deny and permit only usage

13.         Review imperative security

14.         Review sql queries for security vulnerabilities

15.         Review suppress unmanaged code security usage

16.         Review visible event handlers

17.         Seal methods that satisfy private interfaces

18.         Secure asserts

19.         Secure GetObjectData overrides

20.         Secure late-binding methods

21.         Secure serialization constructors

22.         Secured types should not expose fields

23.         Specify marshaling for pinvoke string arguments

24.         Static constructors should be private

25.         Type link demands require inheritance demands

26.         Wrap vulnerable finally clauses in outer try

 

Usage Rules

1.            Assemblies should declare minimum security

2.            Call base class methods on ISerializable types

3.            Collection properties should be read only

4.            Disposable fields should be disposed

5.            Disposable types should declare finalizer

6.            Dispose methods should call base class dispose

7.            Do not call overridable methods in constructors

8.            Do not decrease inherited member visibility

9.            Do not dispose objects multiple times

10.         Do not mark enums with FlagsAttribute

11.         Do not mark serviced components with WebMethod

12.         Do not raise exceptions in filter blocks

13.         Do not raise reserved exception types

14.         Do not ship unreleased resource formats

15.         Finalizers should be protected

16.         Finalizers should call base class finalizer

17.         Implement ISerializable correctly

18.         Implement serialization constructors

19.         Implement serialization methods correctly

20.         Initialize value type static fields inline

21.         Instantiate argument exceptions correctly

22.         Literals should be spelled correctly

23.         Mark all non-serializable fields

24.         Mark ISerializable types with serializable

25.         Mark Windows Forms entry points with STAThread

26.         Members should differ by more than return type

27.         Non-constant fields should not be visible

28.         Operations should not overflow

29.         Operator overloads have named alternates

30.         Operators should have symmetrical overloads

31.         Override equals on overriding operator equals

32.         Override GetHashCode on overriding Equals

33.         Override operator equals on overriding value type equals

34.         Pass system uri objects instead of strings

35.         Provide correct arguments to formatting methods

36.         Provide deserialization methods for optional fields

37.         Rethrow to preserve stack details

38.         Test for NaN correctly

39.         Use managed equivalents of win32 api

40.         Use params for variable arguments