Share via


Fxcop rule port status

If you previously used static code analysis in Visual Studio, you might be wondering which of those rules are available in the current implementation as .NET analyzers. This page lists the rules that have been ported. See Unported rules for those that haven't been ported and whether there are plans to port them.

Ported rules

The autogenerated documentation page in the roslyn-analyzers repo has the most up-to-date list of rules that have been ported to Roslyn analyzers. That page also has additional information, such as whether the rule is enabled by default and if it has an associated code fix. (Code fixes are one-click fixes available in the light bulb icon menu in Visual Studio.)

As of the date on this page, the list of FxCop rules that have been ported to .NET analyzers includes:

Rule ID Title
CA1000 Do not declare static members on generic types
CA1001 Types that own disposable fields should be disposable
CA1002 Do not expose generic lists
CA1003 Use generic event handler instances
CA1005 Avoid excessive parameters on generic types
CA1008 Enums should have zero value
CA1010 Collections should implement generic interface
CA1012 Abstract types should not have constructors
CA1014 Mark assemblies with CLSCompliant
CA1016 Mark assemblies with assembly version
CA1017 Mark assemblies with ComVisible
CA1018 Mark attributes with AttributeUsageAttribute
CA1019 Define accessors for attribute arguments
CA1021 Avoid out parameters
CA1024 Use properties where appropriate
CA1027 Mark enums with FlagsAttribute
CA1028 Enum Storage should be Int32
CA1030 Use events where appropriate
CA1031 Do not catch general exception types
CA1032 Implement standard exception constructors
CA1033 Interface methods should be callable by child types
CA1034 Nested types should not be visible
CA1036 Override methods on comparable types
CA1040 Avoid empty interfaces
CA1041 Provide ObsoleteAttribute message
CA1043 Use Integral Or String Argument For Indexers
CA1044 Properties should not be write only
CA1045 Do not pass types by reference
CA1046 Do not overload operator equals on reference types
CA1047 Do not declare protected members in sealed types
CA1050 Declare types in namespaces
CA1051 Do not declare visible instance fields
CA1052 Static holder types should be static or NotInheritable
CA1053 Static holder types should not have constructors (CA1053 is part of CA1052 for .NET analyzers)
CA1054 Uri parameters should not be strings
CA1055 Uri return values should not be strings
CA1056 Uri properties should not be strings
CA1058 Types should not extend certain base types
CA1060 Move pinvokes to native methods class
CA1061 Do not hide base class methods
CA1062 Validate arguments of public methods
CA1063 Implement IDisposable Correctly
CA1064 Exceptions should be public
CA1065 Do not raise exceptions in unexpected locations
CA1066 Type {0} should implement IEquatable<T> because it overrides Equals
CA1067 Override Object.Equals(object) when implementing IEquatable<T>
CA1303 Do not pass literals as localized parameters
CA1304 Specify CultureInfo
CA1305 Specify IFormatProvider
CA1307 Specify StringComparison for clarity
CA1308 Normalize strings to uppercase
CA1309 Use ordinal string comparison
CA1401 P/Invokes should not be visible
CA1501 Avoid excessive inheritance
CA1502 Avoid excessive complexity
CA1505 Avoid unmaintainable code
CA1506 Avoid excessive class coupling
CA1700 Do not name enum values 'Reserved'
CA1707 Identifiers should not contain underscores
CA1708 Identifiers should differ by more than case
CA1710 Identifiers should have correct suffix
CA1711 Identifiers should not have incorrect suffix
CA1712 Do not prefix enum values with type name
CA1713 Events should not have before or after prefix
CA1714 Flags enums should have plural names
CA1715 Identifiers should have correct prefix
CA1716 Identifiers should not match keywords
CA1717 Only FlagsAttribute enums should have plural names
CA1720 Identifier contains type name
CA1721 Property names should not match get methods
CA1724 Type names should not match namespaces
CA1725 Parameter names should match base declaration
CA1801 Review unused parameters
CA1802 Use literals where appropriate
CA1805 Do not initialize unnecessarily
CA1806 Do not ignore method results
CA1810 Initialize reference type static fields inline
CA1812 Avoid uninstantiated internal classes
CA1813 Avoid unsealed attributes
CA1814 Prefer jagged arrays over multidimensional
CA1815 Override equals and operator equals on value types
CA1816 Dispose methods should call SuppressFinalize
CA1819 Properties should not return arrays
CA1820 Test for empty strings using string length
CA1821 Remove empty Finalizers
CA1822 Mark members as static
CA1823 Avoid unused private fields
CA1824 Mark assemblies with NeutralResourcesLanguageAttribute
CA1825 Avoid zero-length array allocations.
CA2000 Dispose objects before losing scope
CA2002 Do not lock on objects with weak identity
CA2100 Review SQL queries for security vulnerabilities
CA2101 Specify marshaling for P/Invoke string arguments
CA2109 Review visible event handlers
CA2119 Seal methods that satisfy private interfaces
CA2153 Do Not Catch Corrupted State Exceptions
CA2200 Rethrow to preserve stack details.
CA2201 Do not raise reserved exception types
CA2207 Initialize value type static fields inline
CA2208 Instantiate argument exceptions correctly
CA2211 Non-constant fields should not be visible
CA2213 Disposable fields should be disposed
CA2214 Do not call overridable methods in constructors
CA2215 Dispose methods should call base class dispose
CA2216 Disposable types should declare finalizer
CA2217 Do not mark enums with FlagsAttribute
CA2219 Do not raise exceptions in finally clauses
CA2225 Operator overloads have named alternates
CA2226 Operators should have symmetrical overloads
CA2227 Collection properties should be read only
CA2229 Implement serialization constructors
CA2231 Overload operator equals on overriding value type Equals
CA2234 Pass system uri objects instead of strings
CA2235 Mark all non-serializable fields
CA2237 Mark ISerializable types with serializable
CA2241 Provide correct arguments to formatting methods
CA2242 Test for NaN correctly
CA2243 Attribute string literals should parse correctly
CA2300 Do not use insecure deserializer BinaryFormatter
CA2301 Do not call BinaryFormatter.Deserialize without first setting BinaryFormatter.Binder
CA2302 Ensure BinaryFormatter.Binder is set before calling BinaryFormatter.Deserialize
CA2305 Do not use insecure deserializer LosFormatter
CA2310 Do not use insecure deserializer NetDataContractSerializer
CA2311 Do not deserialize without first setting NetDataContractSerializer.Binder
CA2312 Ensure NetDataContractSerializer.Binder is set before deserializing
CA2315 Do not use insecure deserializer ObjectStateFormatter
CA2321 Do not deserialize with JavaScriptSerializer using a SimpleTypeResolver
CA2322 Ensure JavaScriptSerializer is not initialized with SimpleTypeResolver before deserializing
CA3001 Review code for SQL injection vulnerabilities
CA3002 Review code for XSS vulnerabilities
CA3003 Review code for file path injection vulnerabilities
CA3004 Review code for information disclosure vulnerabilities
CA3005 Review code for LDAP injection vulnerabilities
CA3006 Review code for process command injection vulnerabilities
CA3007 Review code for open redirect vulnerabilities
CA3008 Review code for XPath injection vulnerabilities
CA3009 Review code for XML injection vulnerabilities
CA3010 Review code for XAML injection vulnerabilities
CA3011 Review code for DLL injection vulnerabilities
CA3012 Review code for regex injection vulnerabilities
CA3061 Do Not Add Schema By URL
CA3075 Insecure DTD processing in XML
CA3076 Insecure XSLT script processing.
CA3077 Insecure Processing in API Design, XmlDocument, and XmlTextReader
CA3147 Mark Verb Handlers With Validate Antiforgery Token
CA5350 Do Not Use Weak Cryptographic Algorithms
CA5351 Do Not Use Broken Cryptographic Algorithms
CA5358 Do Not Use Unsafe Cipher Modes
CA5359 Do Not Disable Certificate Validation
CA5360 Do Not Call Dangerous Methods In Deserialization
CA5361 Do Not Disable SChannel Use of Strong Crypto
CA5362 Do Not Refer Self In Serializable Class
CA5363 Do Not Disable Request Validation
CA5364 Do Not Use Deprecated Security Protocols
CA5365 Do Not Disable HTTP Header Checking
CA5366 Use XmlReader For DataSet Read Xml
CA5367 Do Not Serialize Types With Pointer Fields
CA5368 Set ViewStateUserKey For Classes Derived From Page
CA5369 Use XmlReader For Deserialize
CA5370 Use XmlReader For Validating Reader
CA5371 Use XmlReader For Schema Read
CA5372 Use XmlReader For XPathDocument
CA5373 Do not use obsolete key derivation function
CA5374 Do Not Use XslTransform
CA5375 Do Not Use Account Shared Access Signature
CA5376 Use SharedAccessProtocol HttpsOnly
CA5377 Use Container Level Access Policy
CA5378 Do not disable ServicePointManagerSecurityProtocols
CA5379 Do Not Use Weak Key Derivation Function Algorithm
CA9999 Analyzer version mismatch

See also