Share via


Basic Correctness Rules rule set for managed code

The Basic Correctness Rules rule set focuses on logic errors and common mistakes in the usage of framework APIs. The Basic Correctness Rules include the rules in the Minimum Recommended Rules rule set. For more information, see Managed Recommended Rules rule set for managed code You should include this rule set to expand on the list of warnings that the minimum recommended rules report.

The following table describes all the rules in the Microsoft Basic Correctness Rules rule set.

Rule

Description

CA1001

Types that own disposable fields should be disposable

CA1009

Declare event handlers correctly

CA1016

Mark assemblies with AssemblyVersionAttribute

CA1033

Interface methods should be callable by child types

CA1049

Types that own native resources should be disposable

CA1060

Move P/Invokes to NativeMethods class

CA1061

Do not hide base class methods

CA1063

Implement IDisposable correctly

CA1065

Do not raise exceptions in unexpected locations

CA1301

Avoid duplicate accelerators

CA1400

P/Invoke entry points should exist

CA1401

P/Invokes should not be visible

CA1403

Auto layout types should not be COM visible

CA1404

Call GetLastError immediately after P/Invoke

CA1405

COM visible type base types should be COM visible

CA1410

COM registration methods should be matched

CA1415

Declare P/Invokes correctly

CA1821

Remove empty finalizers

CA1900

Value type fields should be portable

CA1901

P/Invoke declarations should be portable

CA2002

Do not lock on objects with weak identity

CA2100

Review SQL queries for security vulnerabilities

CA2101

Specify marshaling for P/Invoke string arguments

CA2108

Review declarative security on value types

CA2111

Pointers should not be visible

CA2112

Secured types should not expose fields

CA2114

Method security should be a superset of type

CA2116

APTCA methods should only call APTCA methods

CA2117

APTCA types should only extend APTCA base types

CA2122

Do not indirectly expose methods with link demands

CA2123

Override link demands should be identical to base

CA2124

Wrap vulnerable finally clauses in outer try

CA2126

Type link demands require inheritance demands

CA2131

Security critical types may not participate in type equivalence

CA2132

Default constructors must be at least as critical as base type default constructors

CA2133

Delegates must bind to methods with consistent transparency

CA2134

Methods must keep consistent transparency when overriding base methods

CA2137

Transparent methods must contain only verifiable IL

CA2138

Transparent methods must not call methods with the SuppressUnmanagedCodeSecurity attribute

CA2140

Transparent code must not reference security critical items

CA2141

Transparent methods must not satisfy LinkDemands

CA2146

Types must be at least as critical as their base types and interfaces

CA2147

Transparent methods may not use security asserts

CA2149

Transparent methods must not call into native code

CA2200

Rethrow to preserve stack details

CA2202

Do not dispose objects multiple times

CA2207

Initialize value type static fields inline

CA2212

Do not mark serviced components with WebMethod

CA2213

Disposable fields should be disposed

CA2214

Do not call overridable methods in constructors

CA2216

Disposable types should declare finalizer

CA2220

Finalizers should call base class finalizer

CA2229

Implement serialization constructors

CA2231

Overload operator equals on overriding ValueType.Equals

CA2232

Mark Windows Forms entry points with STAThread

CA2235

Mark all non-serializable fields

CA2236

Call base class methods on ISerializable types

CA2237

Mark ISerializable types with SerializableAttribute

CA2238

Implement serialization methods correctly

CA2240

Implement ISerializable correctly

CA2241

Provide correct arguments to formatting methods

CA2242

Test for NaN correctly

CA1008

Enums should have zero value

CA1013

Overload operator equals on overloading add and subtract

CA1303

Do not pass literals as localized parameters

CA1308

Normalize strings to uppercase

CA1806

Do not ignore method results

CA1816

Call GC.SuppressFinalize correctly

CA1819

Properties should not return arrays

CA1820

Test for empty strings using string length

CA1903

Use only API from targeted framework

CA2004

Remove calls to GC.KeepAlive

CA2006

Use SafeHandle to encapsulate native resources

CA2102

Catch non-CLSCompliant exceptions in general handlers

CA2104

Do not declare read only mutable reference types

CA2105

Array fields should not be read only

CA2106

Secure asserts

CA2115

Call GC.KeepAlive when using native resources

CA2119

Seal methods that satisfy private interfaces

CA2120

Secure serialization constructors

CA2121

Static constructors should be private

CA2130

Security critical constants should be transparent

CA2205

Use managed equivalents of Win32 API

CA2215

Dispose methods should call base class dispose

CA2221

Finalizers should be protected

CA2222

Do not decrease inherited member visibility

CA2223

Members should differ by more than return type

CA2224

Override equals on overloading operator equals

CA2226

Operators should have symmetrical overloads

CA2227

Collection properties should be read only

CA2239

Provide deserialization methods for optional fields