Microsoft Extended Correctness Rules Code Analysis Rule Set

The Microsoft Extended Correctness Rules rule set maximizes the logic and framework usage errors that are reported by code analysis. Extra emphasis is placed on specific scenarios such as COM interoperability and mobile applications. You should consider including this rule set if one of these scenarios applies to your project or to find additional problems in your project.

The Microsoft Extended Correctness Rules rule set includes the rules that are in the Microsoft Basic Correctness Rules rule set. The Basic Correctness Rules include the rules that are in the Microsoft Minimum Recommended Rules rule set. For more information see Microsoft Basic Correctness Rules Code Analysis Rule Set and Microsoft Minimum Recommended Rules Code Analysis Rule Set

The following table describes all of the rules in the Microsoft Extended Correctness Rules rule set.



CA1032: Implement standard exception constructors

Failure to provide the full set of constructors can make it difficult to correctly handle exceptions.

CA1054: URI parameters should not be strings

If a method takes a string representation of a URI, a corresponding overload should be provided that takes an instance of the URI class, which provides these services in a safe and secure manner.

CA1055: URI return values should not be strings

This rule assumes that the method returns a Uniform Resource Identifier (URI). A string representation of a URI is prone to parsing and encoding errors, and can lead to security vulnerabilities. The System.Uri class provides these services in a safe and secure manner.

CA1056: URI properties should not be strings

This rule assumes that the property represents a Uniform Resource Identifier (URI). A string representation of a URI is prone to parsing and encoding errors, and can lead to security vulnerabilities. The System.Uri class provides these services in a safe and secure manner.

CA1057: String URI overloads call System.Uri overloads

A type declares method overloads that differ only by the replacement of a string parameter with a System.Uri parameter. The overload that takes the string parameter does not call the overload that takes the URI parameter.

CA1402: Avoid overloads in COM visible interfaces

When overloaded methods are exposed to COM clients, only the first method overload retains its name. Subsequent overloads are uniquely renamed by appending to the name an underscore character (_) and an integer that corresponds to the order of declaration of the overload.

CA1406: Avoid Int64 arguments for Visual Basic 6 clients

Visual Basic 6 COM clients cannot access 64-bit integers.

CA1407: Avoid static members in COM visible types

COM does not support static methods.

CA1408: Do not use AutoDual ClassInterfaceType

Types that use a dual interface enable clients to bind to a specific interface layout. Any changes in a future version to the layout of the type or any base types will break COM clients that bind to the interface. By default, if the ClassInterfaceAttribute attribute is not specified, a dispatch-only interface is used.

CA1409: Com visible types should be creatable

A reference type that is specifically marked as visible to COM contains a public parameterized constructor but does not contain a public default (parameterless) constructor. A type without a public default constructor is not creatable by COM clients.

CA1411: COM registration methods should not be visible

A method marked with the System.Runtime.InteropServices.ComRegisterFunctionAttribute attribute or the System.Runtime.InteropServices.ComUnregisterFunctionAttribute attribute is externally visible.

CA1412: Mark ComSource Interfaces as IDispatch

A type is marked with the System.Runtime.InteropServices.ComSourceInterfacesAttribute attribute, and at least one of the specified interfaces is not marked with the System.Runtime.InteropServices.InterfaceTypeAttribute attribute set to ComInterfaceType.InterfaceIsIDispatch.

CA1413: Avoid non-public fields in COM visible value types

Non-public instance fields of COM-visible value types are visible to COM clients. Review the content of the fields for information that should not be exposed, or that will have unintended design or security effects.

CA1414: Mark boolean P/Invoke arguments with MarshalAs

The Boolean data type has multiple representations in unmanaged code.

CA1600: Do not use idle process priority

Do not set process priority to Idle. Processes with System.Diagnostics.ProcessPriorityClass.Idle will occupy the CPU when it would otherwise be idle, and therefore block standby.

CA1601: Do not use timers that prevent power state changes

Higher-frequency periodic activity will keep the CPU busy and interfere with power-saving idle timers that turn off the display and hard disks.

CA1821: Remove empty finalizers

Whenever you can, avoid finalizers because of the additional performance overhead involved in tracking object lifetime. An empty finalizer incurs added overhead without any benefit.

CA1824: Mark assemblies with NeutralResourcesLanguageAttribute

The NeutralResourcesLanguage attribute informs the ResourceManager of the language that was used to display the neutral culture's resources for an assembly. This improves lookup performance for the first resource you load and can reduce your working set.

CA2001: Avoid calling problematic methods

A member calls a potentially dangerous or problematic method.

CA2003: Do not treat fibers as threads

A managed thread is being treated as a Win32 thread.

CA2204: Literals should be spelled correctly

A literal string in a method body contains one or more words that are not recognized by the Microsoft spelling checker library.

CA2211: Non-constant fields should not be visible

Static fields that are neither constants nor read-only are not thread-safe. Access to such a field must be carefully controlled and requires advanced programming techniques for synchronizing access to the class object.

CA2217: Do not mark enums with FlagsAttribute

An externally visible enumeration is marked with FlagsAttribute, and it has one or more values that are not powers of two or a combination of the other defined values on the enumeration.

CA2218: Override GetHashCode on overriding Equals

GetHashCode returns a value, based on the current instance, that is suited for hashing algorithms and data structures such as a hash table. Two objects that are the same type and are equal must return the same hash code.

CA2219: Do not raise exceptions in exception clauses

When an exception is raised in a finally or fault clause, the new exception hides the active exception. When an exception is raised in a filter clause, the run time silently catches the exception. This makes the original error hard to detect and debug.

CA2225: Operator overloads have named alternates

An operator overload was detected, and the expected named alternative method was not found. The named alternative member provides access to the same functionality as the operator, and is provided for developers who program in languages that do not support overloaded operators.

CA2228: Do not ship unreleased resource formats

Resource files that were built by using pre-release versions of the .NET Framework might not be usable by supported versions of the .NET Framework.

CA2230: Use params for variable arguments

A public or protected type contains a public or protected method that uses the VarArgs calling convention instead of the params keyword.

CA2233: Operations should not overflow

Arithmetic operations should not be performed without first validating the operands, to make sure that the result of the operation is not outside the range of possible values for the data types involved.

CA2234: Pass System.Uri objects instead of strings

A call is made to a method that has a string parameter whose name contains "uri", "URI", "urn", "URN", "url", or "URL". The declaring type of the method contains a corresponding method overload that has a System.Uri parameter.

CA2243: Attribute string literals should parse correctly

An attribute's string literal parameter does not parse correctly for a URL, a GUID, or a version.

Community Additions