Fxcop rule port status
If you previously used static code analysis in Visual Studio, you might be wondering which of those rules are available in the current implementation as .NET analyzers. This page lists the rules that have been ported. See Unported rules for those that haven't been ported and whether there are plans to port them.
Ported rules
The autogenerated documentation page in the roslyn-analyzers repo has the most up-to-date list of rules that have been ported to Roslyn analyzers. That page also has additional information, such as whether the rule is enabled by default and if it has an associated code fix. (Code fixes are one-click fixes available in the light bulb icon menu in Visual Studio.)
As of the date on this page, the list of FxCop rules that have been ported to .NET analyzers includes:
| Rule ID | Title |
|---|---|
| CA1000 | Do not declare static members on generic types |
| CA1001 | Types that own disposable fields should be disposable |
| CA1002 | Do not expose generic lists |
| CA1003 | Use generic event handler instances |
| CA1005 | Avoid excessive parameters on generic types |
| CA1008 | Enums should have zero value |
| CA1010 | Collections should implement generic interface |
| CA1012 | Abstract types should not have constructors |
| CA1014 | Mark assemblies with CLSCompliant |
| CA1016 | Mark assemblies with assembly version |
| CA1017 | Mark assemblies with ComVisible |
| CA1018 | Mark attributes with AttributeUsageAttribute |
| CA1019 | Define accessors for attribute arguments |
| CA1021 | Avoid out parameters |
| CA1024 | Use properties where appropriate |
| CA1027 | Mark enums with FlagsAttribute |
| CA1028 | Enum Storage should be Int32 |
| CA1030 | Use events where appropriate |
| CA1031 | Do not catch general exception types |
| CA1032 | Implement standard exception constructors |
| CA1033 | Interface methods should be callable by child types |
| CA1034 | Nested types should not be visible |
| CA1036 | Override methods on comparable types |
| CA1040 | Avoid empty interfaces |
| CA1041 | Provide ObsoleteAttribute message |
| CA1043 | Use Integral Or String Argument For Indexers |
| CA1044 | Properties should not be write only |
| CA1045 | Do not pass types by reference |
| CA1046 | Do not overload operator equals on reference types |
| CA1047 | Do not declare protected members in sealed types |
| CA1050 | Declare types in namespaces |
| CA1051 | Do not declare visible instance fields |
| CA1052 | Static holder types should be static or NotInheritable |
| CA1053 | Static holder types should not have constructors (CA1053 is part of CA1052 for .NET analyzers) |
| CA1054 | Uri parameters should not be strings |
| CA1055 | Uri return values should not be strings |
| CA1056 | Uri properties should not be strings |
| CA1058 | Types should not extend certain base types |
| CA1060 | Move pinvokes to native methods class |
| CA1061 | Do not hide base class methods |
| CA1062 | Validate arguments of public methods |
| CA1063 | Implement IDisposable Correctly |
| CA1064 | Exceptions should be public |
| CA1065 | Do not raise exceptions in unexpected locations |
| CA1066 | Type {0} should implement IEquatable<T> because it overrides Equals |
| CA1067 | Override Object.Equals(object) when implementing IEquatable<T> |
| CA1303 | Do not pass literals as localized parameters |
| CA1304 | Specify CultureInfo |
| CA1305 | Specify IFormatProvider |
| CA1307 | Specify StringComparison for clarity |
| CA1308 | Normalize strings to uppercase |
| CA1309 | Use ordinal string comparison |
| CA1401 | P/Invokes should not be visible |
| CA1501 | Avoid excessive inheritance |
| CA1502 | Avoid excessive complexity |
| CA1505 | Avoid unmaintainable code |
| CA1506 | Avoid excessive class coupling |
| CA1700 | Do not name enum values 'Reserved' |
| CA1707 | Identifiers should not contain underscores |
| CA1708 | Identifiers should differ by more than case |
| CA1710 | Identifiers should have correct suffix |
| CA1711 | Identifiers should not have incorrect suffix |
| CA1712 | Do not prefix enum values with type name |
| CA1713 | Events should not have before or after prefix |
| CA1714 | Flags enums should have plural names |
| CA1715 | Identifiers should have correct prefix |
| CA1716 | Identifiers should not match keywords |
| CA1717 | Only FlagsAttribute enums should have plural names |
| CA1720 | Identifier contains type name |
| CA1721 | Property names should not match get methods |
| CA1724 | Type names should not match namespaces |
| CA1725 | Parameter names should match base declaration |
| CA1801 | Review unused parameters |
| CA1802 | Use literals where appropriate |
| CA1805 | Do not initialize unnecessarily |
| CA1806 | Do not ignore method results |
| CA1810 | Initialize reference type static fields inline |
| CA1812 | Avoid uninstantiated internal classes |
| CA1813 | Avoid unsealed attributes |
| CA1814 | Prefer jagged arrays over multidimensional |
| CA1815 | Override equals and operator equals on value types |
| CA1816 | Dispose methods should call SuppressFinalize |
| CA1819 | Properties should not return arrays |
| CA1820 | Test for empty strings using string length |
| CA1821 | Remove empty Finalizers |
| CA1822 | Mark members as static |
| CA1823 | Avoid unused private fields |
| CA1824 | Mark assemblies with NeutralResourcesLanguageAttribute |
| CA1825 | Avoid zero-length array allocations. |
| CA2000 | Dispose objects before losing scope |
| CA2002 | Do not lock on objects with weak identity |
| CA2100 | Review SQL queries for security vulnerabilities |
| CA2101 | Specify marshaling for P/Invoke string arguments |
| CA2109 | Review visible event handlers |
| CA2119 | Seal methods that satisfy private interfaces |
| CA2153 | Do Not Catch Corrupted State Exceptions |
| CA2200 | Rethrow to preserve stack details. |
| CA2201 | Do not raise reserved exception types |
| CA2207 | Initialize value type static fields inline |
| CA2208 | Instantiate argument exceptions correctly |
| CA2211 | Non-constant fields should not be visible |
| CA2213 | Disposable fields should be disposed |
| CA2214 | Do not call overridable methods in constructors |
| CA2215 | Dispose methods should call base class dispose |
| CA2216 | Disposable types should declare finalizer |
| CA2217 | Do not mark enums with FlagsAttribute |
| CA2219 | Do not raise exceptions in finally clauses |
| CA2225 | Operator overloads have named alternates |
| CA2226 | Operators should have symmetrical overloads |
| CA2227 | Collection properties should be read only |
| CA2229 | Implement serialization constructors |
| CA2231 | Overload operator equals on overriding value type Equals |
| CA2234 | Pass system uri objects instead of strings |
| CA2235 | Mark all non-serializable fields |
| CA2237 | Mark ISerializable types with serializable |
| CA2241 | Provide correct arguments to formatting methods |
| CA2242 | Test for NaN correctly |
| CA2243 | Attribute string literals should parse correctly |
| CA2300 | Do not use insecure deserializer BinaryFormatter |
| CA2301 | Do not call BinaryFormatter.Deserialize without first setting BinaryFormatter.Binder |
| CA2302 | Ensure BinaryFormatter.Binder is set before calling BinaryFormatter.Deserialize |
| CA2305 | Do not use insecure deserializer LosFormatter |
| CA2310 | Do not use insecure deserializer NetDataContractSerializer |
| CA2311 | Do not deserialize without first setting NetDataContractSerializer.Binder |
| CA2312 | Ensure NetDataContractSerializer.Binder is set before deserializing |
| CA2315 | Do not use insecure deserializer ObjectStateFormatter |
| CA2321 | Do not deserialize with JavaScriptSerializer using a SimpleTypeResolver |
| CA2322 | Ensure JavaScriptSerializer is not initialized with SimpleTypeResolver before deserializing |
| CA3001 | Review code for SQL injection vulnerabilities |
| CA3002 | Review code for XSS vulnerabilities |
| CA3003 | Review code for file path injection vulnerabilities |
| CA3004 | Review code for information disclosure vulnerabilities |
| CA3005 | Review code for LDAP injection vulnerabilities |
| CA3006 | Review code for process command injection vulnerabilities |
| CA3007 | Review code for open redirect vulnerabilities |
| CA3008 | Review code for XPath injection vulnerabilities |
| CA3009 | Review code for XML injection vulnerabilities |
| CA3010 | Review code for XAML injection vulnerabilities |
| CA3011 | Review code for DLL injection vulnerabilities |
| CA3012 | Review code for regex injection vulnerabilities |
| CA3061 | Do Not Add Schema By URL |
| CA3075 | Insecure DTD processing in XML |
| CA3076 | Insecure XSLT script processing. |
| CA3077 | Insecure Processing in API Design, XmlDocument, and XmlTextReader |
| CA3147 | Mark Verb Handlers With Validate Antiforgery Token |
| CA5350 | Do Not Use Weak Cryptographic Algorithms |
| CA5351 | Do Not Use Broken Cryptographic Algorithms |
| CA5358 | Do Not Use Unsafe Cipher Modes |
| CA5359 | Do Not Disable Certificate Validation |
| CA5360 | Do Not Call Dangerous Methods In Deserialization |
| CA5361 | Do Not Disable SChannel Use of Strong Crypto |
| CA5362 | Do Not Refer Self In Serializable Class |
| CA5363 | Do Not Disable Request Validation |
| CA5364 | Do Not Use Deprecated Security Protocols |
| CA5365 | Do Not Disable HTTP Header Checking |
| CA5366 | Use XmlReader For DataSet Read Xml |
| CA5367 | Do Not Serialize Types With Pointer Fields |
| CA5368 | Set ViewStateUserKey For Classes Derived From Page |
| CA5369 | Use XmlReader For Deserialize |
| CA5370 | Use XmlReader For Validating Reader |
| CA5371 | Use XmlReader For Schema Read |
| CA5372 | Use XmlReader For XPathDocument |
| CA5373 | Do not use obsolete key derivation function |
| CA5374 | Do Not Use XslTransform |
| CA5375 | Do Not Use Account Shared Access Signature |
| CA5376 | Use SharedAccessProtocol HttpsOnly |
| CA5377 | Use Container Level Access Policy |
| CA5378 | Do not disable ServicePointManagerSecurityProtocols |
| CA5379 | Do Not Use Weak Key Derivation Function Algorithm |
| CA9999 | Analyzer version mismatch |