Microsoft Basic Correctness Rules Code Analysis Rule Set
The Microsoft Basic Correctness Rules rule set focuses on logic errors and common mistakes in the usage of framework APIs. The Basic Correctness Rules include the rules in the Microsoft Minimum Recommended Rules rule set. For more information, see Microsoft Minimum Recommended Rules Code Analysis Rule Set You should include this rule set to expand on the list of warnings that the minimum recommended rules report.
The following table describes all the rules in the Microsoft Basic Correctness Rules rule set.
The default value of an un-initialized enumeration, just as other value types, is zero. A non-flags attributed enumeration should define a member with the value of zero so that the default value is a valid value of the enumeration. If an enumeration that has the FlagsAttribute attribute applied defines a zero-valued member, its name should be "None" to indicate that no values have been set in the enumeration.
A public or protected type implements the addition or subtraction operators without implementing the equality operator.
An externally visible method passes a string literal as a parameter to a constructor or method in the .NET Framework class library, and that string should be localizable.
Strings should be normalized to uppercase. There is a small group of characters that cannot make a round trip when they are converted to lowercase.
A new object is created but never used, or a method that creates and returns a new string is called and the new string is never used, or a COM or P/Invoke method returns an HRESULT or error code that is never used.
A method that is an implementation of Dispose does not call GC.SuppressFinalize, or a method that is not an implementation of Dispose calls GC.SuppressFinalize, or a method calls GC.SuppressFinalize and passes something other than this (Me in Visual Basic).
Arrays returned by properties are not write-protected, even if the property is read-only. To keep the array tamper-proof, the property must return a copy of the array. Typically, users will not understand the adverse performance implications of calling such a property.
Comparing strings by using the String.Length property or the String.IsNullOrEmpty method is significantly faster than using Equals.
A member or type is using a member or type that was introduced in a service pack that was not included with the project's targeted framework.
If converting to SafeHandle usage, remove all calls to GC.KeepAlive (object). In this case, classes should not have to call GC.KeepAlive, assuming they do not have a finalizer but rely on SafeHandle to finalize the OS handle for them.
Use of IntPtr in managed code might indicate a potential security and reliability problem. All uses of IntPtr must be reviewed to determine whether use of a SafeHandle, or similar technology, is required in its place.
A member in an assembly that is not marked with the RuntimeCompatibilityAttribute or is marked RuntimeCompatibility(WrapNonExceptionThrows = false) contains a catch block that handles System.Exception and does not contain an immediately following general catch block.
An externally visible type contains an externally visible read-only field that is a mutable reference type. A mutable type is a type whose instance data can be modified.
When you apply the read-only (ReadOnly in Visual Basic) modifier to a field that contains an array, the field cannot be changed to reference a different array. However, the elements of the array stored in a read-only field can be changed.
A method asserts a permission and no security checks are performed on the caller. Asserting a security permission without performing any security checks can leave an exploitable security weakness in your code.
This rule detects errors that might occur because an unmanaged resource is being finalized while it is still being used in unmanaged code.
An inheritable public type provides an overridable method implementation of an internal (Friend in Visual Basic) interface. To fix a violation of this rule, prevent the method from being overridden outside the assembly.
This type has a constructor that takes a System.Runtime.Serialization.SerializationInfo object and a System.Runtime.Serialization.StreamingContext object (the signature of the serialization constructor). This constructor is not secured by a security check, but one or more of the regular constructors in the type are secured.
The system calls the static constructor before the first instance of the type is created or any static members are referenced. If a static constructor is not private, it can be called by code other than the system. Depending on the operations that are performed in the constructor, this can cause unexpected behavior.
A platform invoke method is defined and a method with the equivalent functionality exists in the .NET Framework class library.
If a type inherits from a disposable type, it must call the Dispose method of the base type from its own Dispose method.
Finalizers must use the family access modifier.
You should not change the access modifier for inherited members. Changing an inherited member to private does not prevent callers from accessing the base class implementation of the method.
Although the common language runtime allows the use of return types to differentiate between otherwise identical members, this feature is not in the Common Language Specification, nor is it a common feature of .NET programming languages.
A public type implements the equality operator, but does not override Object.Equals.
A type implements the equality or inequality operator, and does not implement the opposite operator.
A writable collection property allows a user to replace the collection with a different collection. A read-only property stops the collection from being replaced but still allows the individual members to be set.
A value type overrides Object.Equals but does not implement the equality operator.
A type has a field that is marked with the System.Runtime.Serialization.OptionalFieldAttribute attribute, and the type does not provide de-serialization event handling methods.