Security Rules rule set for managed code


For the latest documentation on Visual Studio 2017 RC, see Visual Studio 2017 RC Documentation.

You should include the Microsoft Security Rules rule set to maximize the number of potential security issues that are reported.

CA2100Review SQL queries for security vulnerabilities
CA2102Catch non-CLSCompliant exceptions in general handlers
CA2103Review imperative security
CA2104Do not declare read only mutable reference types
CA2105Array fields should not be read only
CA2106Secure asserts
CA2107Review deny and permit only usage
CA2108Review declarative security on value types
CA2109Review visible event handlers
CA2111Pointers should not be visible
CA2112Secured types should not expose fields
CA2114Method security should be a superset of type
CA2115Call GC.KeepAlive when using native resources
CA2116APTCA methods should only call APTCA methods
CA2117APTCA types should only extend APTCA base types
CA2118Review SuppressUnmanagedCodeSecurityAttribute usage
CA2119Seal methods that satisfy private interfaces
CA2120Secure serialization constructors
CA2121Static constructors should be private
CA2122Do not indirectly expose methods with link demands
CA2123Override link demands should be identical to base
CA2124Wrap vulnerable finally clauses in outer try
CA2126Type link demands require inheritance demands
CA2130Security critical constants should be transparent
CA2131Security critical types may not participate in type equivalence
CA2132Default constructors must be at least as critical as base type default constructors
CA2133Delegates must bind to methods with consistent transparency
CA2134Methods must keep consistent transparency when overriding base methods
CA2135Level 2 assemblies should not contain LinkDemands
CA2136Members should not have conflicting transparency annotations
CA2137Transparent methods must contain only verifiable IL
CA2138Transparent methods must not call methods with the SuppressUnmanagedCodeSecurity attribute
CA2139Transparent methods may not use the HandleProcessCorruptingExceptions attribute
CA2140Transparent code must not reference security critical items
CA2141Transparent methods must not satisfy LinkDemands
CA2142Transparent code should not be protected with LinkDemands
CA2143Transparent methods should not use security demands
CA2144Transparent code should not load assemblies from byte arrays
CA2145Transparent methods should not be decorated with the SuppressUnmanagedCodeSecurityAttribute
CA2146Types must be at least as critical as their base types and interfaces
CA2147Transparent methods may not use security asserts
CA2149Transparent methods must not call into native code
CA2210Assemblies should have valid strong names