Extended Correctness Rules rule set for managed code
The Microsoft Extended Correctness Rules rule set maximizes the logic and framework usage errors that are reported by code analysis. Extra emphasis is placed on specific scenarios such as COM interoperability and mobile applications. You should consider including this rule set if one of these scenarios applies to your project or to find additional problems in your project.
The Microsoft Extended Correctness Rules rule set includes the rules that are in the Microsoft Basic Correctness Rules rule set. The Basic Correctness Rules include the rules that are in the Microsoft Minimum Recommended Rules rule set. For more information see Basic Correctness Rules rule set for managed code and Managed Recommended Rules rule set for managed code
The following table describes all of the rules in the Microsoft Extended Correctness Rules rule set.
Rule |
Description |
|---|---|
Types that own disposable fields should be disposable |
|
Declare event handlers correctly |
|
Mark assemblies with AssemblyVersionAttribute |
|
Interface methods should be callable by child types |
|
Types that own native resources should be disposable |
|
Move P/Invokes to NativeMethods class |
|
Do not hide base class methods |
|
Implement IDisposable correctly |
|
Do not raise exceptions in unexpected locations |
|
Avoid duplicate accelerators |
|
P/Invoke entry points should exist |
|
P/Invokes should not be visible |
|
Auto layout types should not be COM visible |
|
Call GetLastError immediately after P/Invoke |
|
COM visible type base types should be COM visible |
|
COM registration methods should be matched |
|
Declare P/Invokes correctly |
|
Remove empty finalizers |
|
Value type fields should be portable |
|
P/Invoke declarations should be portable |
|
Do not lock on objects with weak identity |
|
Review SQL queries for security vulnerabilities |
|
Specify marshaling for P/Invoke string arguments |
|
Review declarative security on value types |
|
Pointers should not be visible |
|
Secured types should not expose fields |
|
Method security should be a superset of type |
|
APTCA methods should only call APTCA methods |
|
APTCA types should only extend APTCA base types |
|
Do not indirectly expose methods with link demands |
|
Override link demands should be identical to base |
|
Wrap vulnerable finally clauses in outer try |
|
Type link demands require inheritance demands |
|
Security critical types may not participate in type equivalence |
|
Default constructors must be at least as critical as base type default constructors |
|
Delegates must bind to methods with consistent transparency |
|
Methods must keep consistent transparency when overriding base methods |
|
Transparent methods must contain only verifiable IL |
|
Transparent methods must not call methods with the SuppressUnmanagedCodeSecurity attribute |
|
Transparent code must not reference security critical items |
|
Transparent methods must not satisfy LinkDemands |
|
Types must be at least as critical as their base types and interfaces |
|
Transparent methods may not use security asserts |
|
Transparent methods must not call into native code |
|
Rethrow to preserve stack details |
|
Do not dispose objects multiple times |
|
Initialize value type static fields inline |
|
Do not mark serviced components with WebMethod |
|
Disposable fields should be disposed |
|
Do not call overridable methods in constructors |
|
Disposable types should declare finalizer |
|
Finalizers should call base class finalizer |
|
Implement serialization constructors |
|
Overload operator equals on overriding ValueType.Equals |
|
Mark Windows Forms entry points with STAThread |
|
Mark all non-serializable fields |
|
Call base class methods on ISerializable types |
|
Mark ISerializable types with SerializableAttribute |
|
Implement serialization methods correctly |
|
Implement ISerializable correctly |
|
Provide correct arguments to formatting methods |
|
Test for NaN correctly |
|
Enums should have zero value |
|
Overload operator equals on overloading add and subtract |
|
Do not pass literals as localized parameters |
|
Normalize strings to uppercase |
|
Do not ignore method results |
|
Call GC.SuppressFinalize correctly |
|
Properties should not return arrays |
|
Test for empty strings using string length |
|
Use only API from targeted framework |
|
Remove calls to GC.KeepAlive |
|
Use SafeHandle to encapsulate native resources |
|
Catch non-CLSCompliant exceptions in general handlers |
|
Do not declare read only mutable reference types |
|
Array fields should not be read only |
|
Secure asserts |
|
Call GC.KeepAlive when using native resources |
|
Seal methods that satisfy private interfaces |
|
Secure serialization constructors |
|
Static constructors should be private |
|
Security critical constants should be transparent |
|
Use managed equivalents of Win32 API |
|
Dispose methods should call base class dispose |
|
Finalizers should be protected |
|
Do not decrease inherited member visibility |
|
Members should differ by more than return type |
|
Override equals on overloading operator equals |
|
Operators should have symmetrical overloads |
|
Collection properties should be read only |
|
Provide deserialization methods for optional fields |
|
Implement standard exception constructors |
|
URI parameters should not be strings |
|
URI return values should not be strings |
|
URI properties should not be strings |
|
String URI overloads call System.Uri overloads |
|
Avoid overloads in COM visible interfaces |
|
Avoid Int64 arguments for Visual Basic 6 clients |
|
Avoid static members in COM visible types |
|
Do not use AutoDual ClassInterfaceType |
|
Com visible types should be creatable |
|
COM registration methods should not be visible |
|
Mark ComSource Interfaces as IDispatch |
|
Avoid non-public fields in COM visible value types |
|
Mark boolean P/Invoke arguments with MarshalAs |
|
Do not use idle process priority |
|
Do not use timers that prevent power state changes |
|
Mark assemblies with NeutralResourcesLanguageAttribute |
|
Avoid calling problematic methods |
|
Do not treat fibers as threads |
|
Level 2 assemblies should not contain LinkDemands |
|
Members should not have conflicting transparency annotations |
|
Transparent methods may not use the HandleProcessCorruptingExceptions attribute |
|
Transparent code should not be protected with LinkDemands |
|
Transparent methods should not use security demands |
|
Transparent code should not load assemblies from byte arrays |
|
Transparent methods should not be decorated with the SuppressUnmanagedCodeSecurityAttribute |
|
Literals should be spelled correctly |
|
Non-constant fields should not be visible |
|
Do not mark enums with FlagsAttribute |
|
Override GetHashCode on overriding Equals |
|
Do not raise exceptions in exception clauses |
|
Operator overloads have named alternates |
|
Do not ship unreleased resource formats |
|
Use params for variable arguments |
|
Operations should not overflow |
|
Pass System.Uri objects instead of strings |
|
Attribute string literals should parse correctly |