What rules do Microsoft have turned on internally?
I've recently received a few requests asking about the Code Analysis rules we run internally against Microsoft's own code. While it might come as a surprise, we do not actually run every single rule against our own binaries. There are many reasons for this:
- Applicability. Not every rule is applicable to every project, for example, the Design rules might be turned off if you are writing a Windows Application
- Noise rate. Some rules have a low signal-to-noise ratio. While we try remove as much noise as possible from a rule, some rules, due to limitations in our analysis engine, still remain to be too noisy to be run regularly over large code bases. For example, some of the performance rules lack real context to make a good judge of whether a particular issue will really affect the performance of an application.
- Time. We have to ship eventually - attempting to fix every single violation, for every single binary is just not feasible nor advisable. Therefore we make calls to turn off some rules that may lack value and do not impact the security of the product.
Please note that the following rule sets are applicable only to the Developer Division (although Windows does actually follow the same bar), other divisions, such as MSN, Office, etc each have their own set of enabled rules that may or may not be match what is shown below.
There are two rule sets; the first, Public Rule Set, is for assemblies that design for public consumption. That is, assemblies that are designed to have user take a reference to them in their own projects (such as System.Core.dll). The second, Non-Public Rule Set, is for assemblies are not designed to be consumed by users (such as FxCopCmd.exe). Both sets are listed below:
Public Rule Set:
Design | |
CA1008 | EnumsShouldHaveZeroValue |
CA1009 | DeclareEventHandlersCorrectly |
CA1011 | ConsiderPassingBaseTypesAsParameters |
CA1012 | AbstractTypesShouldNotHaveConstructors |
CA1014 | MarkAssembliesWithClsCompliant |
CA1017 | MarkAssembliesWithComVisible |
CA1018 | MarkAttributesWithAttributeUsage |
CA1019 | DefineAccessorsForAttributeArguments |
CA1023 | IndexersShouldNotBeMultidimensional |
CA1025 | ReplaceRepetitiveArgumentsWithParamsArray |
CA1026 | DefaultParametersShouldNotBeUsed |
CA1027 | MarkEnumsWithFlags |
CA1028 | EnumStorageShouldBeInt32 |
CA1030 | UseEventsWhereAppropriate |
CA1032 | ImplementStandardExceptionConstructors |
CA1034 | NestedTypesShouldNotBeVisible |
CA1036 | OverrideMethodsOnComparableTypes |
CA1038 | EnumeratorsShouldBeStronglyTyped |
CA1039 | ListsAreStronglyTyped |
CA1040 | AvoidEmptyInterfaces |
CA1041 | ProvideObsoleteAttributeMessage |
CA1043 | UseIntegralOrStringArgumentForIndexers |
CA1044 | PropertiesShouldNotBeWriteOnly |
CA1045 | DoNotPassTypesByReference |
CA1046 | DoNotOverloadOperatorEqualsOnReferenceTypes |
CA1050 | DeclareTypesInNamespaces |
CA1051 | DoNotDeclareVisibleInstanceFields |
CA1052 | StaticHolderTypesShouldBeSealed |
CA1053 | StaticHolderTypesShouldNotHaveConstructors |
CA1054 | UriParametersShouldNotBeStrings |
CA1055 | UriReturnValuesShouldNotBeStrings |
CA1056 | UriPropertiesShouldNotBeStrings |
CA1057 | StringUriOverloadsCallSystemUriOverloads |
CA1058 | TypesShouldNotExtendCertainBaseTypes |
CA1059 | MembersShouldNotExposeCertainConcreteTypes |
Globalization | |
CA1300 | SpecifyMessageBoxOptions |
CA1301 | AvoidDuplicateAccelerators |
CA1304 | SpecifyCultureInfo |
CA1305 | SpecifyIFormatProvider |
CA1306 | SetLocaleForDataTypes |
CA1307 | SpecifyStringComparison |
CA1309 | UseOrdinalStringComparison |
CA2101 | SpecifyMarshalingForPInvokeStringArguments |
Interoperability | |
CA1401 | PInvokesShouldNotBeVisible |
CA1402 | AvoidOverloadsInComVisibleInterfaces |
CA1403 | AutoLayoutTypesShouldNotBeComVisible |
CA1404 | CallGetLastErrorImmediatelyAfterPInvoke |
CA1405 | ComVisibleTypeBaseTypesShouldBeComVisible |
CA1406 | AvoidInt64ArgumentsForVB6Clients |
CA1408 | DoNotUseAutoDualClassInterfaceType |
CA1413 | AvoidNonpublicFieldsInComVisibleValueTypes |
Naming | |
CA1700 | DoNotNameEnumValuesReserved |
CA1701 | ResourceStringCompoundWordsShouldBeCasedCorrectly |
CA1702 | CompoundWordsShouldBeCasedCorrectly |
CA1703 | ResourceStringsShouldBeSpelledCorrectly |
CA1704 | IdentifiersShouldBeSpelledCorrectly |
CA1707 | IdentifiersShouldNotContainUnderscores |
CA1708 | IdentifiersShouldDifferByMoreThanCase |
CA1709 | IdentifiersShouldBeCasedCorrectly |
CA1710 | IdentifiersShouldHaveCorrectSuffix |
CA1711 | IdentifiersShouldNotHaveIncorrectSuffix |
CA1712 | DoNotPrefixEnumValuesWithTypeName |
CA1713 | EventsShouldNotHaveBeforeOrAfterPrefix |
CA1714 | FlagsEnumsShouldHavePluralNames |
CA1715 | IdentifiersShouldHaveCorrectPrefix |
CA1716 | IdentifiersShouldNotMatchKeywords |
CA1719 | ParameterNamesShouldNotMatchMemberNames |
CA1720 | IdentifiersShouldNotContainTypeNames |
CA1721 | PropertyNamesShouldNotMatchGetMethods |
CA1722 | IdentifiersShouldNotHaveIncorrectPrefix |
CA1724 | TypeNamesShouldNotMatchNamespaces |
Performance | |
CA1811 | AvoidUncalledPrivateCode |
CA1812 | AvoidUninstantiatedInternalClasses |
CA1813 | AvoidUnsealedAttributes |
CA1815 | OverrideEqualsAndOperatorEqualsOnValueTypes |
CA1816 | DisposeMethodsShouldCallSuppressFinalize |
CA1819 | PropertiesShouldNotReturnArrays |
Portability | |
CA1900 | ValueTypeFieldsShouldBePortable |
CA1901 | PInvokeDeclarationsShouldBePortable |
Reliability | |
CA2001 | AvoidCallingProblematicMethods |
CA2002 | DoNotLockOnObjectsWithWeakIdentity |
CA2004 | RemoveCallsToGCKeepAlive |
CA2006 | UseSafeHandleToEncapsulateNativeResources |
Security | |
CA2102 | CatchNonClsCompliantExceptionsInGeneralHandlers |
CA2103 | ReviewImperativeSecurity |
CA2104 | DoNotDeclareReadOnlyMutableReferenceTypes |
CA2105 | ArrayFieldsShouldNotBeReadOnly |
CA2106 | SecureAsserts |
CA2107 | ReviewDenyAndPermitOnlyUsage |
CA2108 | ReviewDeclarativeSecurityOnValueTypes |
CA2109 | ReviewVisibleEventHandlers |
CA2111 | PointersShouldNotBeVisible |
CA2112 | SecuredTypesShouldNotExposeFields |
CA2114 | MethodSecurityShouldBeASupersetOfType |
CA2115 | CallGCKeepAliveWhenUsingNativeResources |
CA2116 | AptcaMethodsShouldOnlyCallAptcaMethods |
CA2117 | AptcaTypesShouldOnlyExtendAptcaBaseTypes |
CA2118 | ReviewSuppressUnmanagedCodeSecurityUsage |
CA2119 | SealMethodsThatSatisfyPrivateInterfaces |
CA2120 | SecureSerializationConstructors |
CA2121 | StaticConstructorsShouldBePrivate |
CA2122 | DoNotIndirectlyExposeMethodsWithLinkDemands |
CA2123 | OverrideLinkDemandsShouldBeIdenticalToBase |
CA2124 | WrapVulnerableFinallyClausesInOuterTry |
CA2126 | TypeLinkDemandsRequireInheritanceDemands |
CA2127 | SecurityTransparentAssembliesShouldNotContainSecurityCriticalCode |
CA2128 | SecurityTransparentCodeShouldNotAssert |
CA2129 | SecurityTransparentCodeShouldNotReferenceNonpublicSecurityCriticalCode |
Usage | |
CA1806 | DoNotIgnoreMethodResults |
CA2207 | InitializeValueTypeStaticFieldsInline |
CA2208 | InstantiateArgumentExceptionsCorrectly |
CA2209 | AssembliesShouldDeclareMinimumSecurity |
CA2211 | NonConstantFieldsShouldNotBeVisible |
CA2213 | DisposableFieldsShouldBeDisposed |
CA2214 | DoNotCallOverridableMethodsInConstructors |
CA2216 | DisposableTypesShouldDeclareFinalizer |
CA2217 | DoNotMarkEnumsWithFlags |
CA2218 | OverrideGetHashCodeOnOverridingEquals |
CA2220 | FinalizersShouldCallBaseClassFinalizer |
CA2221 | FinalizersShouldBeProtected |
CA2224 | OverrideEqualsOnOverloadingOperatorEquals |
CA2225 | OperatorOverloadsHaveNamedAlternates |
CA2227 | CollectionPropertiesShouldBeReadOnly |
CA2228 | DoNotShipUnreleasedResourceFormats |
CA2229 | ImplementSerializationConstructors |
CA2230 | UseParamsForVariableArguments |
CA2233 | OperationsShouldNotOverflow |
CA2234 | PassSystemUriObjectsInsteadOfStrings |
CA2235 | MarkAllNonSerializableFields |
CA2236 | CallBaseClassMethodsOnISerializableTypes |
CA2237 | MarkISerializableTypesWithSerializable |
CA2240 | ImplementISerializableCorrectly |
Non-Public Rule Set:
Globalization | |
CA2101 | SpecifyMarshalingForPInvokeStringArguments |
Portability | |
CA1900 | ValueTypeFieldsShouldBePortable |
CA1901 | PInvokeDeclarationsShouldBePortable |
Reliability | |
CA2002 | DoNotLockOnObjectsWithWeakIdentity |
Security | |
CA2100 | ReviewSqlQueriesForSecurityVulnerabilities |
CA2102 | CatchNonClsCompliantExceptionsInGeneralHandlers |
CA2103 | ReviewImperativeSecurity |
CA2104 | DoNotDeclareReadOnlyMutableReferenceTypes |
CA2105 | ArrayFieldsShouldNotBeReadOnly |
CA2106 | SecureAsserts |
CA2107 | ReviewDenyAndPermitOnlyUsage |
CA2108 | ReviewDeclarativeSecurityOnValueTypes |
CA2109 | ReviewVisibleEventHandlers |
CA2111 | PointersShouldNotBeVisible |
CA2112 | SecuredTypesShouldNotExposeFields |
CA2114 | MethodSecurityShouldBeASupersetOfType |
CA2115 | CallGCKeepAliveWhenUsingNativeResources |
CA2116 | AptcaMethodsShouldOnlyCallAptcaMethods |
CA2117 | AptcaTypesShouldOnlyExtendAptcaBaseTypes |
CA2118 | ReviewSuppressUnmanagedCodeSecurityUsage |
CA2119 | SealMethodsThatSatisfyPrivateInterfaces |
CA2120 | SecureSerializationConstructors |
CA2121 | StaticConstructorsShouldBePrivate |
CA2122 | DoNotIndirectlyExposeMethodsWithLinkDemands |
CA2123 | OverrideLinkDemandsShouldBeIdenticalToBase |
CA2124 | WrapVulnerableFinallyClausesInOuterTry |
CA2126 | TypeLinkDemandsRequireInheritanceDemands |
CA2127 | SecurityTransparentAssembliesShouldNotContainSecurityCriticalCode |
CA2128 | SecurityTransparentCodeShouldNotAssert |
CA2129 | SecurityTransparentCodeShouldNotReferenceNonpublicSecurityCriticalCode |
Usage | |
CA2233 | OperationsShouldNotOverflow |
Now, while the above rules are set and mandated at the Division-level, individual teams can (and do) add additional rules. For example, most assemblies, whether public or not, at a minimum follow the Public Rule Set. The Code Analysis team itself actually turns on every single rule to run over the binaries that we release.
Also note that because they are set at the start of a product cycle and are not changed again until the start of the next cycle, rule sets do not include rules that are new to Visual Studio 2008 (with exception to security rules). This is prevent the situation of the introduction of a new rule causing existing code to be no longer be Code Analysis clean (ie moving the basket).
These rule sets will be revisited for Rosario and beyond.