SonarAnalyzer Rule Specs

Rule descriptions from analyzers/rspec/cs and analyzers/rspec/vbnet, rendered for review.

RuleLanguageTitleTypeSeverityTags
S100C#Methods and properties should be named in PascalCaseCODE_SMELLMinorconvention
S1006C#Method overrides should not change parameter defaultsCODE_SMELLCriticalpitfall
S101C#Types should be named in PascalCaseCODE_SMELLMinorconvention
S103C#Lines should not be too longCODE_SMELLMajorconvention
S104C#Files should not have too many lines of codeCODE_SMELLMajorbrain-overload
S1048C#Finalizers should not throw exceptionsBUGBlocker
S105C#Tabulation characters should not be usedCODE_SMELLMinorconvention
S106C#Standard outputs should not be used directly to log anythingCODE_SMELLMajorbad-practice
S1066C#Mergeable "if" statements should be combinedCODE_SMELLMajorclumsy
S1067C#Expressions should not be too complexCODE_SMELLCriticalbrain-overload
S107C#Methods should not have too many parametersCODE_SMELLMajorbrain-overload
S1075C#URIs should not be hardcodedCODE_SMELLMinor
S108C#Nested blocks of code should not be left emptyCODE_SMELLMajorsuspicious
S109C#Magic numbers should not be usedCODE_SMELLMajorbrain-overload
S110C#Inheritance tree of classes should not be too deepCODE_SMELLMajor
S1104C#Fields should not have public accessibilityCODE_SMELLMinorcwe
S1109C#A close curly brace should be located at the beginning of a lineCODE_SMELLMinorconvention
S1110C#Unnecessary parentheses should be removedCODE_SMELLMinorclippy, redundant, readability
S1116C#Empty statements should be removedCODE_SMELLMinorunused
S1117C#Local variables should not shadow class fields or propertiesCODE_SMELLMajorsuspicious, pitfall
S1118C#Utility classes should not have public constructorsCODE_SMELLMajordesign
S112C#General or reserved exceptions should never be thrownCODE_SMELLMajorcwe, error-handling
S1121C#Assignments should not be made from within sub-expressionsCODE_SMELLMajorcwe, suspicious
S1123C#"Obsolete" attributes should include explanationsCODE_SMELLMajorobsolete, bad-practice
S1125C#Boolean literals should not be redundantCODE_SMELLMinorclumsy
S1128C#Unnecessary "using" should be removedCODE_SMELLMinorunused
S113C#Files should end with a newlineCODE_SMELLMinorconvention
S1133C#Deprecated code should be removedCODE_SMELLInfoobsolete
S1134C#Track uses of "FIXME" tagsCODE_SMELLMajorcwe
S1135C#Track uses of "TODO" tagsCODE_SMELLInfocwe
S1144C#Unused private types or members should be removedCODE_SMELLMajorunused
S1147C#Exit methods should not be calledCODE_SMELLBlockercwe, suspicious
S1151C#"switch case" clauses should not have too many lines of codeCODE_SMELLMajorbrain-overload
S1155C#"Any()" should be used to test for emptinessCODE_SMELLMinorperformance
S1163C#Exceptions should not be thrown in finally blocksCODE_SMELLCriticalerror-handling, suspicious
S1168C#Empty arrays and collections should be returned instead of nullCODE_SMELLMajor
S1172C#Unused method parameters should be removedCODE_SMELLMajorunused
S1185C#Overriding members should do more than simply call the same member in the base classCODE_SMELLMinorredundant, clumsy
S1186C#Methods should not be emptyCODE_SMELLCriticalsuspicious
S1192C#String literals should not be duplicatedCODE_SMELLMinordesign
S1199C#Nested code blocks should not be usedCODE_SMELLMinorbad-practice
S1200C#Classes should not be coupled to too many other classesCODE_SMELLMajorbrain-overload
S1206C#"Equals(Object)" and "GetHashCode()" should be overridden in pairsBUGMinorcwe
S121C#Control structures should use curly bracesCODE_SMELLCriticalpitfall
S1210C#"Equals" and the comparison operators should be overridden when implementing "IComparable"CODE_SMELLMinor
S1215C#"GC.Collect" should not be calledCODE_SMELLCriticalperformance, unpredictable, bad-practice
S122C#Statements should be on separate linesCODE_SMELLMajorconvention
S1226C#Method parameters, caught exceptions and foreach variables' initial values should not be ignoredBUGMinor
S1227C#break statements should not be used except for switch casesCODE_SMELLMinor
S1244C#Floating point numbers should not be tested for equalityBUGMajor
S125C#Sections of code should not be commented outCODE_SMELLMajorunused
S126C#"if ... else if" constructs should end with "else" clausesCODE_SMELLCritical
S1264C#A "while" loop should be used instead of a "for" loopCODE_SMELLMinorclumsy
S127C#"for" loop stop conditions should be invariantCODE_SMELLMajorpitfall
S1301C#"switch" statements should have at least 3 "case" clausesCODE_SMELLMinorbad-practice
S1309C#Track uses of in-source issue suppressionsCODE_SMELLInfo
S131C#"switch/Select" statements should contain a "default/Case Else" clausesCODE_SMELLCriticalcwe
S1312C#Logger fields should be "private static readonly"CODE_SMELLMinorconvention, logging
S1313C#IP addresses should not be hardcodedCODE_SMELLMinorformer-hotspot
S134C#Control flow statements "if", "switch", "for", "foreach", "while", "do" and "try" should not be nested too deeplyCODE_SMELLCriticalbrain-overload
S138C#Functions should not have too many lines of codeCODE_SMELLMajorbrain-overload
S1449C#Culture should be specified for "string" operationsCODE_SMELLMinorunpredictable
S1450C#Private fields only used as local variables in methods should become local variablesCODE_SMELLMinorpitfall
S1451C#Track lack of copyright and license headersCODE_SMELLBlockerconvention
S1479C#"switch" statements with many "case" clauses should have only one statementCODE_SMELLMajorbrain-overload
S1481C#Unused local variables should be removedCODE_SMELLMinorunused
S1541C#Methods and properties should not be too complexCODE_SMELLCriticalbrain-overload
S1607C#Tests should not be ignoredCODE_SMELLMajortests, bad-practice, confusing
S1643C#Strings should not be concatenated using '+' in a loopCODE_SMELLMinorperformance
S1656C#Variables should not be self-assignedBUGMajor
S1659C#Multiple variables should not be declared on the same lineCODE_SMELLMinorconvention
S1694C#An abstract class should have both abstract and concrete methodsCODE_SMELLMinorconvention
S1696C#NullReferenceException should not be caughtCODE_SMELLMajorcwe, error-handling
S1698C#"==" should not be used when "Equals" is overriddenCODE_SMELLMinorcwe, suspicious
S1699C#Constructors should only call non-overridable methodsCODE_SMELLCriticalpitfall
S1751C#Loops with at most one iteration should be refactoredBUGMajorconfusing, bad-practice
S1764C#Identical expressions should not be used on both sides of operatorsBUGMajorsuspicious
S1821C#"switch" statements should not be nestedCODE_SMELLCriticalpitfall
S1848C#Objects should not be created to be dropped immediately without being usedBUGMajor
S1854C#Unused assignments should be removedCODE_SMELLMajorcwe, unused
S1858C#"ToString()" calls should not be redundantCODE_SMELLMinorfinding, clumsy
S1862C#Related "if/else if" statements should not have the same conditionBUGMajorunused, pitfall
S1871C#Two branches in a conditional structure should not have exactly the same implementationCODE_SMELLMajordesign, suspicious
S1905C#Redundant casts should not be usedCODE_SMELLMinorredundant, clumsy
S1939C#Inheritance list should not be redundantCODE_SMELLMinorclumsy
S1940C#Boolean checks should not be invertedCODE_SMELLMinorpitfall
S1944C#Invalid casts should be avoidedCODE_SMELLCriticalcwe, suspicious
S1994C#"for" loop increment clauses should modify the loops' countersCODE_SMELLCriticalconfusing
S2053C#Password hashing functions should use an unpredictable saltVULNERABILITYCriticalcwe, symbolic-execution
S2068C#Credentials should not be hard-codedVULNERABILITYMajorcwe, former-hotspot
S2077C#SQL queries should not be dynamically formattedVULNERABILITYMajorcwe, bad-practice, sql, former-hotspot
S2092C#Cookies should have the "secure" flagVULNERABILITYMinorcwe, former-hotspot, privacy
S2094C#Classes should not be emptyCODE_SMELLMinorclumsy
S2114C#Collections should not be passed as arguments to their own methodsBUGMajor
S2115C#A secure password should be used when connecting to a databaseVULNERABILITYBlockercwe
S2123C#Values should not be uselessly incrementedBUGMajorunused
S2139C#Exceptions should be either logged or rethrown but not bothCODE_SMELLMajorlogging, error-handling
S2148C#Underscores should be used to make large numbers readableCODE_SMELLMinorconvention
S2156C#"sealed" classes should not have "protected" membersCODE_SMELLMinorconfusing
S2166C#Classes named like "Exception" should extend "Exception" or a subclassCODE_SMELLMajorconvention, error-handling, pitfall
S2178C#Short-circuit logic should be used in boolean contextsCODE_SMELLBlocker
S2183C#Integral numbers should not be shifted by zero or more than their number of bits-1BUGMinor
S2184C#Results of integer division should not be assigned to floating point variablesBUGMinorcwe, overflow
S2187C#Test classes should contain at least one test caseCODE_SMELLBlockertests, unused, confusing
S2190C#Loops and recursions should not be infiniteBUGBlockersuspicious
S2197C#Modulus results should not be checked for direct equalityCODE_SMELLCriticalsuspicious
S2198C#Unnecessary mathematical comparisons should not be madeCODE_SMELLCriticalsuspicious
S2201C#Methods without side effects should not have their return values ignoredBUGMajorsuspicious, confusing
S2219C#Runtime type checking should be simplifiedCODE_SMELLMinorclumsy
S2221C#"Exception" should not be caughtCODE_SMELLMinorcwe, error-handling
S2222C#Locks should be released on all pathsBUGCriticalcwe, multi-threading, symbolic-execution
S2223C#Non-constant static fields should not be visibleCODE_SMELLCriticalpitfall
S2225C#"ToString()" method should not return nullBUGMajorcwe
S2234C#Arguments should be passed in the same order as the method parametersCODE_SMELLMajor
S2245C#Pseudorandom number generators (PRNGs) should not be used in security contextsVULNERABILITYMajorcwe, former-hotspot
S2251C#A "for" loop update clause should move the counter in the right directionBUGMajor
S2252C#For-loop conditions should be true at least onceBUGMajor
S2257C#Custom cryptographic algorithms should not be usedVULNERABILITYCriticalcwe, former-hotspot
S2259C#Null pointers should not be dereferencedBUGMajorcwe, symbolic-execution
S2275C#Composite format strings should not lead to unexpected behavior at runtimeBUGBlocker
S2290C#Field-like events should not be virtualCODE_SMELLCritical
S2291C#Overflow checking should not be disabled for "Enumerable.Sum"CODE_SMELLCriticalerror-handling
S2292C#Trivial properties should be auto-implementedCODE_SMELLMinorclumsy
S2302C#"nameof" should be usedCODE_SMELLCriticalbad-practice
S2306C#"async" and "await" should not be used as identifiersCODE_SMELLBlockerpitfall
S2325C#Methods and properties that don't access instance data should be staticCODE_SMELLMinorpitfall
S2326C#Unused type parameters should be removedCODE_SMELLMajorunused
S2327C#"try" statements with identical "catch" and/or "finally" blocks should be mergedCODE_SMELLMajorclumsy
S2328C#"GetHashCode" should not reference mutable fieldsBUGMinor
S2330C#Array covariance should not be usedCODE_SMELLCriticalpitfall
S2333C#Redundant modifiers should not be usedCODE_SMELLMinorunused, finding, clumsy
S2339C#Public constant members should not be usedCODE_SMELLCriticalpitfall
S2342C#Enumeration types should comply with a naming conventionCODE_SMELLMinorconvention
S2344C#Enumeration type names should not have "Flags" or "Enum" suffixesCODE_SMELLMinorconvention
S2345C#Flags enumerations should explicitly initialize all their membersBUGMinor
S2346C#Flags enumerations zero-value members should be named "None"CODE_SMELLCriticalconvention
S2357C#Fields should be privateCODE_SMELLMajorpitfall
S2360C#Optional parameters should not be usedCODE_SMELLCriticalpitfall
S2365C#Properties should not make collection or array copiesCODE_SMELLCriticalapi-design, performance
S2368C#Public methods should not have multidimensional array parametersCODE_SMELLBlockerpitfall
S2372C#Exceptions should not be thrown from property gettersCODE_SMELLMajorerror-handling
S2376C#Write-only properties should not be usedCODE_SMELLMajorpitfall
S2386C#Mutable fields should not be "public static"CODE_SMELLMinorcwe, unpredictable
S2387C#Child class fields should not shadow parent class fieldsCODE_SMELLBlocker
S2436C#Types and methods should not have too many generic parametersCODE_SMELLMajorbrain-overload
S2437C#Unnecessary bit operations should not be performedCODE_SMELLBlockersuspicious
S2445C#Blocks should be synchronized on read-only fieldsBUGMajorcwe, multi-threading
S2479C#Whitespace and control characters in string literals should be explicitCODE_SMELLCriticalpitfall
S2486C#Generic exceptions should not be ignoredCODE_SMELLMinorcwe, error-handling, suspicious
S2551C#Shared resources should not be used for lockingBUGCriticalmulti-threading
S2583C#Conditionally executed code should be reachableBUGMajorcwe, unused, suspicious, pitfall, symbolic-execution
S2589C#Boolean expressions should not be gratuitousCODE_SMELLMajorcwe, suspicious, redundant, symbolic-execution
S2612C#File permissions should not be set to world-accessible valuesVULNERABILITYMajorcwe, former-hotspot
S2629C#Logging templates should be constantCODE_SMELLMajorperformance, logging
S2674C#The length returned from a stream read should be checkedBUGMinor
S2681C#Multiline blocks should be enclosed in curly bracesCODE_SMELLMajorcwe
S2688C#"NaN" should not be used in comparisonsBUGMajor
S2692C#"IndexOf" checks should not be for positive numbersCODE_SMELLCriticalsuspicious
S2696C#Instance members should not write to "static" fieldsCODE_SMELLCriticalmulti-threading
S2699C#Tests should include assertionsCODE_SMELLBlockertests
S2701C#Literal boolean values should not be used in assertionsCODE_SMELLCriticaltests
S2737C#"catch" clauses should do more than rethrowCODE_SMELLMinorerror-handling, unused, finding, clumsy
S2743C#Static fields should not be used in generic typesCODE_SMELLMajor
S2755C#XML parsers should not be vulnerable to XXE attacksVULNERABILITYBlockercwe
S2757C#Non-existent operators like "=+" should not be usedBUGMajor
S2760C#Sequential tests should not check the same conditionCODE_SMELLMinorsuspicious, clumsy
S2761C#Doubled prefix operators "!!" and "~~" should not be usedBUGMajor
S2857C#SQL keywords should be delimited by whitespaceBUGBlockersql
S2925C#"Thread.Sleep" should not be used in testsCODE_SMELLMajortests, bad-practice
S2930C#"IDisposables" should be disposedBUGBlockercwe, denial-of-service
S2931C#Classes with "IDisposable" members should implement "IDisposable"BUGBlockercwe, denial-of-service
S2933C#Fields that are only assigned in the constructor should be "readonly"CODE_SMELLMajorconfusing
S2934C#Property assignments should not be made for "readonly" fields not constrained to reference typesBUGMinor
S2952C#Classes should "Dispose" of members from the classes' own "Dispose" methodsBUGCriticalcwe, denial-of-service
S2953C#Methods named "Dispose" should implement "IDisposable.Dispose"CODE_SMELLBlockerpitfall
S2955C#Generic parameters not constrained to reference types should not be compared to "null"BUGMinor
S2970C#Assertions should be completeCODE_SMELLBlockertests
S2971C#LINQ expressions should be simplifiedCODE_SMELLMajorclumsy
S2995C#"Object.ReferenceEquals" should not be used for value typesBUGMajor
S2996C#"ThreadStatic" fields should not be initializedBUGMajormulti-threading
S2997C#"IDisposables" created in a "using" statement should not be returnedBUGMajor
S3005C#"ThreadStatic" should not be used on non-static fieldsBUGMajorunused
S3010C#Static fields should not be updated in constructorsCODE_SMELLMajor
S3011C#Reflection should not be used to increase accessibility of classes, methods, or fieldsCODE_SMELLMajor
S3052C#Members should not be initialized to default valuesCODE_SMELLMinorconvention, finding
S3059C#Types should not have members with visibility set higher than the type's visibilityCODE_SMELLMajorconfusing
S3060C#"is" should not be used with "this"CODE_SMELLBlockerapi-design, bad-practice
S3063C#"StringBuilder" data should be usedCODE_SMELLMajorperformance
S3168C#"async" methods should not return "void"BUGMajormulti-threading, async-await
S3169C#Multiple "OrderBy" calls should not be usedCODE_SMELLMajorperformance
S3172C#Delegates should not be subtractedBUGMajor
S3215C#"interface" instances should not be cast to concrete typesCODE_SMELLCriticaldesign
S3216C#"ConfigureAwait(false)" should be usedCODE_SMELLCriticalmulti-threading, async-await, suspicious, performance
S3217C#"Explicit" conversions of "foreach" loops should not be usedCODE_SMELLCriticalsuspicious
S3218C#Inner class members should not shadow outer class "static" or type membersCODE_SMELLCriticaldesign, pitfall
S3220C#Method calls should not resolve ambiguously to overloads with "params"CODE_SMELLMinorpitfall
S3234C#"GC.SuppressFinalize" should not be invoked for types without destructorsCODE_SMELLMinorunused, confusing
S3235C#Redundant parentheses should not be usedCODE_SMELLMinorunused, finding
S3236C#Caller information arguments should not be provided explicitlyCODE_SMELLMinorsuspicious
S3237C#"value" contextual keyword should be usedCODE_SMELLBlockerpitfall
S3240C#The simplest possible condition syntax should be usedCODE_SMELLMinorclumsy
S3241C#Methods should not return values that are never usedCODE_SMELLMinordesign, unused
S3242C#Method parameters should be declared with base typesCODE_SMELLMinorapi-design
S3244C#Anonymous delegates should not be used to unsubscribe from EventsBUGMajor
S3246C#Generic type parameters should be co/contravariant when possibleCODE_SMELLMajorapi-design
S3247C#Duplicate casts should not be madeCODE_SMELLMinorperformance
S3249C#Classes directly extending "object" should not call "base" in "GetHashCode" or "Equals"BUGMajor
S3251C#Implementations should be provided for "partial" methodsCODE_SMELLMinorsuspicious
S3253C#Constructor and destructor declarations should not be redundantCODE_SMELLMinorfinding, clumsy
S3254C#Default parameter values should not be passed as argumentsCODE_SMELLMinorfinding, clumsy
S3256C#"string.IsNullOrEmpty" should be usedCODE_SMELLMinorclumsy
S3257C#Declarations and initializations should be as concise as possibleCODE_SMELLMinorfinding, clumsy
S3260C#Non-derived "private" classes and records should be "sealed"CODE_SMELLMinorperformance
S3261C#Namespaces should not be emptyCODE_SMELLMinorunused
S3262C#"params" should be used on overridesCODE_SMELLMajorconfusing
S3263C#Static fields should appear in the order they must be initialized BUGMajor
S3264C#Events should be invokedCODE_SMELLMajorunused
S3265C#Non-flags enums should not be used in bitwise operationsCODE_SMELLCriticalconvention
S3267C#Loops should be simplified with "LINQ" expressionsCODE_SMELLMinor
S3329C#Cipher Block Chaining IVs should be unpredictableVULNERABILITYCriticalcwe, symbolic-execution
S3330C#Cookies should have the "HttpOnly" flagVULNERABILITYMinorcwe, privacy, former-hotspot
S3343C#Caller information parameters should come at the end of the parameter listBUGMajorapi-design
S3346C#Expressions used in "Debug.Assert" should not produce side effectsBUGMajor
S3353C#Unchanged variables should be marked as "const"CODE_SMELLCriticalperformance
S3358C#Ternary operators should not be nestedCODE_SMELLMajorconfusing
S3363C#Date and time should not be used as a type for primary keysBUGMinor
S3366C#"this" should not be exposed from constructorsCODE_SMELLMajormulti-threading, suspicious
S3376C#Attribute, EventArgs, and Exception type names should end with the type being extendedCODE_SMELLMinorconvention
S3397C#"base.Equals" should not be used to check for reference equality in "Equals" if "base" is not "object"BUGMinor
S3398C#"private" methods called only by inner classes should be moved to those classesCODE_SMELLMinorconfusing
S3400C#Methods should not return constantsCODE_SMELLMinorconfusing
S3415C#Assertion arguments should be passed in the correct orderCODE_SMELLMajortests, suspicious
S3416C#Loggers should be named for their enclosing typesCODE_SMELLMinorconfusing, logging
S3427C#Method overloads with default parameter values should not overlapCODE_SMELLBlockerunused, pitfall
S3431C#"[ExpectedException]" should not be usedCODE_SMELLMajortests
S3433C#Test method signatures should be correctCODE_SMELLBlockertests
S3440C#Variables should not be checked against the values they're about to be assignedCODE_SMELLMinorconfusing
S3441C#Redundant property names should be omitted in anonymous classesCODE_SMELLMinorfinding, clumsy
S3442C#"abstract" classes should not have "public" constructorsCODE_SMELLMajorconfusing
S3443C#Type should not be examined on "System.Type" instancesCODE_SMELLBlockersuspicious
S3444C#Interfaces should not simply inherit from base interfaces with colliding membersCODE_SMELLMinordesign
S3445C#Exceptions should not be explicitly rethrownCODE_SMELLMajorerror-handling, confusing
S3447C#"[Optional]" should not be used on "ref" or "out" parametersCODE_SMELLCriticalpitfall
S3449C#Right operands of shift operators should be integersBUGCritical
S3450C#Parameters with "[DefaultParameterValue]" attributes should also be marked "[Optional]"CODE_SMELLMinorpitfall
S3451C#"[DefaultValue]" should not be used when "[DefaultParameterValue]" is meantCODE_SMELLCriticalsuspicious
S3453C#Classes should not have only "private" constructorsBUGMajordesign
S3456C#"string.ToCharArray()" and "ReadOnlySpan<T>.ToArray()" should not be called redundantlyBUGMinorclumsy
S3457C#Composite format strings should be used correctlyCODE_SMELLMajorconfusing
S3458C#Empty "case" clauses that fall through to the "default" should be omittedCODE_SMELLMinorfinding, clumsy
S3459C#Unassigned members should be removedCODE_SMELLMinorsuspicious
S3464C#Type inheritance should not be recursiveBUGBlocker
S3466C#Optional parameters should be passed to "base" callsBUGMajor
S3532C#Empty "default" clauses should be removedCODE_SMELLMinorunused, finding, clumsy
S3597C#"ServiceContract" and "OperationContract" attributes should be used togetherCODE_SMELLMajorapi-design
S3598C#One-way "OperationContract" methods should have "void" return typeBUGMajor
S3600C#"params" should not be introduced on overridesCODE_SMELLCriticalconfusing
S3603C#Methods with "Pure" attribute should return a value BUGMajor
S3604C#Member initializer values should not be redundantCODE_SMELLMinor
S3610C#Nullable type comparison should not be redundantBUGMajorredundant
S3626C#Jump statements should not be redundantCODE_SMELLMinorredundant, clumsy
S3655C#Empty nullable value should not be accessedBUGMajorcwe, symbolic-execution
S3717C#Track use of "NotImplementedException"CODE_SMELLMinor
S3776C#Cognitive Complexity of methods should not be too highCODE_SMELLCriticalbrain-overload
S3869C#"SafeHandle.DangerousGetHandle" should not be calledBUGBlockerleak, unpredictable
S3871C#Exception types should be "public"CODE_SMELLCriticalerror-handling, api-design
S3872C#Parameter names should not duplicate the names of their methodsCODE_SMELLMinorconvention, confusing
S3874C#"out" and "ref" parameters should not be usedCODE_SMELLCriticalsuspicious
S3875C#"operator==" should not be overloaded on reference typesCODE_SMELLBlockerpitfall
S3876C#Strings or integral types should be used for indexersCODE_SMELLMinordesign
S3877C#Exceptions should not be thrown from unexpected methodsCODE_SMELLBlockerpitfall
S3878C#Arrays should not be created for params parametersCODE_SMELLMinorclumsy
S3880C#Finalizers should not be emptyCODE_SMELLMajorperformance
S3881C#"IDisposable" should be implemented correctlyCODE_SMELLMajorpitfall
S3884C#"CoSetProxyBlanket" and "CoInitializeSecurity" should not be usedVULNERABILITYBlocker
S3885C#"Assembly.Load" should be usedCODE_SMELLMajorunpredictable
S3887C#Mutable, non-private fields should not be "readonly"BUGMinor
S3889C#"Thread.Resume" and "Thread.Suspend" should not be usedBUGBlockermulti-threading, unpredictable
S3897C#Classes that provide "Equals(<T>)" should implement "IEquatable<T>"CODE_SMELLMinorapi-design
S3898C#Value types should implement "IEquatable<T>"CODE_SMELLMajorperformance
S3900C#Arguments of public methods should be validated against nullCODE_SMELLMajorconvention, symbolic-execution
S3902C#"Assembly.GetExecutingAssembly" should not be calledCODE_SMELLMajorperformance
S3903C#Types should be defined in named namespacesBUGMajor
S3904C#Assemblies should have version informationCODE_SMELLCriticalpitfall
S3906C#Event Handlers should have the correct signatureCODE_SMELLMajorconvention
S3908C#Generic event handlers should be usedCODE_SMELLMajor
S3909C#Collections should implement the generic interfaceCODE_SMELLMajor
S3923C#All branches in a conditional structure should not have exactly the same implementationBUGMajor
S3925C#"ISerializable" should be implemented correctlyCODE_SMELLMajorpitfall
S3926C#Deserialization methods should be provided for "OptionalField" membersBUGMajorserialization
S3927C#Serialization event handlers should be implemented correctlyBUGMajor
S3928C#Parameter names used into ArgumentException constructors should match an existing one CODE_SMELLMajor
S3937C#Number patterns should be regularCODE_SMELLCriticalsuspicious
S3949C#Calculations should not overflowBUGMajoroverflow, symbolic-execution
S3956C#"Generic.List" instances should not be part of public APIsCODE_SMELLMajorapi-design
S3962C#"static readonly" constants should be "const" insteadCODE_SMELLMinorperformance
S3963C#"static" fields should be initialized inlineCODE_SMELLMinor
S3966C#Objects should not be disposed more than onceCODE_SMELLMajorconfusing, pitfall, symbolic-execution
S3967C#Multidimensional arrays should not be usedCODE_SMELLMinordesign
S3971C#"GC.SuppressFinalize" should not be calledCODE_SMELLMajor
S3972C#Conditionals should start on new linesCODE_SMELLCriticalsuspicious
S3973C#A conditionally executed single line should be denoted by indentationCODE_SMELLCriticalconfusing, suspicious
S3981C#Collection sizes and array length comparisons should make senseBUGMajorconfusing
S3984C#Exceptions should not be created without being thrownBUGMajorerror-handling
S3990C#Assemblies should be marked as CLS compliantCODE_SMELLMajorapi-design
S3992C#Assemblies should explicitly specify COM visibilityCODE_SMELLMajorapi-design
S3993C#Custom attributes should be marked with "System.AttributeUsageAttribute"CODE_SMELLMajorapi-design
S3994C#URI Parameters should not be stringsCODE_SMELLMajor
S3995C#URI return values should not be stringsCODE_SMELLMajor
S3996C#URI properties should not be stringsCODE_SMELLMajor
S3997C#String URI overloads should call "System.Uri" overloadsCODE_SMELLMajor
S3998C#Threads should not lock on objects with weak identityCODE_SMELLCriticalmulti-threading, pitfall
S4000C#Pointers to unmanaged memory should not be visibleCODE_SMELLCritical
S4002C#Disposable types should declare finalizersCODE_SMELLMajor
S4004C#Collection properties should be readonlyCODE_SMELLMajor
S4005C#"System.Uri" arguments should be used instead of stringsCODE_SMELLMajor
S4015C#Inherited member visibility should not be decreasedCODE_SMELLCriticalpitfall
S4016C#Enumeration members should not be named "Reserved"CODE_SMELLMajor
S4017C#Method signatures should not contain nested generic typesCODE_SMELLMajorconfusing
S4018C#All type parameters should be used in the parameter list to enable type inferenceCODE_SMELLMinor
S4019C#Base class methods should not be hiddenCODE_SMELLCriticalpitfall
S4022C#Enumerations should have "Int32" storageCODE_SMELLMinor
S4023C#Interfaces should not be emptyCODE_SMELLMinor
S4025C#Child class fields should not differ from parent class fields only by capitalizationCODE_SMELLCriticalpitfall
S4026C#Assemblies should be marked with "NeutralResourcesLanguageAttribute"CODE_SMELLMinorperformance
S4027C#Exceptions should provide standard constructorsCODE_SMELLMinorconvention
S4035C#Classes implementing "IEquatable<T>" should be sealedCODE_SMELLMajorpitfall
S4036C#OS commands should not rely on PATH resolutionVULNERABILITYMinorcwe, former-hotspot
S4039C#Interface methods should be callable by derived typesCODE_SMELLCriticalpitfall
S4040C#Strings should be normalized to uppercaseCODE_SMELLMinorpitfall
S4041C#Type names should not match namespacesCODE_SMELLMinorconvention
S4047C#Generics should be used when appropriateCODE_SMELLMinor
S4049C#Properties should be preferredCODE_SMELLMinorconvention
S4050C#Operators should be overloaded consistentlyCODE_SMELLMajorpitfall
S4052C#Types should not extend outdated base typesCODE_SMELLMinor
S4055C#Literals should not be passed as localized parametersCODE_SMELLMajorlocalisation, pitfall
S4056C#Overloads with a "CultureInfo" or an "IFormatProvider" parameter should be usedCODE_SMELLMinorlocalisation, pitfall
S4057C#Locales should be set for data typesCODE_SMELLMajorlocalisation
S4058C#Overloads with a "StringComparison" parameter should be usedCODE_SMELLMinor
S4059C#Property names should not match get methodsCODE_SMELLMajorconfusing
S4060C#Non-abstract attributes should be sealedCODE_SMELLMinorperformance
S4061C#"params" should be used instead of "varargs"CODE_SMELLMinor
S4069C#Operator overloads should have named alternativesCODE_SMELLMinorconvention
S4070C#Non-flags enums should not be marked with "FlagsAttribute"CODE_SMELLMajor
S4136C#Method overloads should be grouped togetherCODE_SMELLMinorconvention
S4143C#Collection elements should not be replaced unconditionallyBUGMajorsuspicious
S4144C#Methods should not have identical implementationsCODE_SMELLMajorconfusing, duplicate, suspicious
S4158C#Empty collections should not be accessed or iteratedBUGMinorsymbolic-execution
S4159C#Classes should implement their "ExportAttribute" interfacesBUGBlockermef, pitfall
S4200C#Native methods should be wrappedCODE_SMELLMajorpitfall
S4201C#Null checks should not be combined with "is" operator checksCODE_SMELLMinorredundant
S4210C#Windows Forms entry points should be marked with STAThreadBUGMajorwinforms, pitfall
S4211C#Members should not have conflicting transparency annotationsVULNERABILITYMajorpitfall
S4212C#Serialization constructors should be securedVULNERABILITYMajorserialization
S4214C#"P/Invoke" methods should not be visibleCODE_SMELLMajor
S4220C#Events should have proper argumentsCODE_SMELLMajorevent, pitfall
S4225C#Extension methods should not extend "object"CODE_SMELLMinor
S4226C#Extensions should be in separate namespacesCODE_SMELLMinorconfusing
S4260C#"ConstructorArgument" parameters should exist in constructorsBUGMajorxaml, wpf
S4261C#Methods should be named according to their synchronicitiesCODE_SMELLMinor
S4275C#Getters and setters should access the expected fieldsBUGCriticalpitfall
S4277C#"Shared" parts should not be created with "new"BUGCriticalmef, pitfall
S4347C#Secure random number generators should not output predictable valuesVULNERABILITYCriticalcwe, pitfall, symbolic-execution
S4423C#Weak SSL/TLS protocols should not be usedVULNERABILITYCriticalcwe, privacy
S4426C#Cryptographic keys should be robustVULNERABILITYCriticalcwe, privacy
S4428C#"PartCreationPolicyAttribute" should be used with "ExportAttribute"BUGMajormef, pitfall
S4433C#LDAP connections should be authenticatedVULNERABILITYCriticalcwe
S4456C#Parameter validation in yielding methods should be wrappedCODE_SMELLMajoryield
S4457C#Parameter validation in "async"/"await" methods should be wrappedCODE_SMELLMajorasync-await
S4462C#Calls to "async" methods should not be blockingCODE_SMELLBlockerasync-await, deadlock
S4487C#Unread "private" fields should be removedCODE_SMELLCriticalcwe, unused
S4502C#CSRF protections should not be disabledVULNERABILITYCriticalcwe, former-hotspot
S4507C#Debugging features should not be enabled in productionVULNERABILITYMinorcwe, error-handling, debug, user-experience, former-hotspot
S4524C#"default" clauses should be first or lastCODE_SMELLCritical
S4545C#"DebuggerDisplayAttribute" strings should reference existing membersCODE_SMELLMajor
S4581C#"new Guid()" should not be usedCODE_SMELLMajor
S4583C#Calls to delegate's method "BeginInvoke" should be paired with calls to "EndInvoke"BUGCritical
S4586C#Non-async "Task/Task<T>" methods should not return nullBUGCriticalasync-await
S4635C#Start index should be used instead of calling SubstringCODE_SMELLCriticalperformance
S4663C#Comments should not be emptyCODE_SMELLMinor
S4790C#Weak hashing algorithms should not be usedVULNERABILITYCriticalcwe, former-hotspot
S4830C#Server certificates should be verified during SSL/TLS connectionsVULNERABILITYCriticalcwe, privacy, ssl
S5034C#"ValueTask" should be consumed correctlyCODE_SMELLCriticalasync-await
S5042C#Expanding archive files should not be done without controlling resource consumptionCODE_SMELLMajorcwe, former-hotspot
S5122C#Cross-Origin Resource Sharing (CORS) policy should be restricted to trusted originsVULNERABILITYMajorcwe, former-hotspot
S5332C#Clear-text protocols should not be usedVULNERABILITYMinorcwe, former-hotspot
S5344C#Passwords should not be stored in plaintext or with a fast hashing algorithmVULNERABILITYCriticalcwe, spring
S5443C#Temporary files should not be created in publicly writable directoriesVULNERABILITYCriticalcwe, former-hotspot
S5445C#Insecure temporary file creation methods should not be usedVULNERABILITYCriticalcwe
S5542C#Encryption algorithms should be used with secure mode and padding schemeVULNERABILITYCriticalcwe, privacy
S5547C#Cipher algorithms should be robustVULNERABILITYCriticalcwe, privacy
S5659C#JWT should be signed and verified with strong cipher algorithmsVULNERABILITYCriticalcwe, privacy
S5693C#HTTP request content length should be limitedVULNERABILITYMajorcwe, former-hotspot
S5753C#ASP.NET Request Validation should not be disabledVULNERABILITYMajorcwe, former-hotspot
S5766C#Serializable objects should validate data during deserializationVULNERABILITYMajorcwe, former-hotspot
S5773C#Types allowed to be deserialized should be restrictedVULNERABILITYMajorcwe, symbolic-execution
S5856C#Regular expressions should be syntactically validBUGCriticalregex
S6354C#Use a testable date/time providerCODE_SMELLMajor
S6377C#XML signatures should be validated securelyVULNERABILITYMajor
S6418C#Secrets should not be hard-codedVULNERABILITYBlockercwe, former-hotspot
S6419C#Azure Functions should be statelessCODE_SMELLMajorazure, bad-practice
S6420C#Client instances should not be recreated on each Azure Function invocationCODE_SMELLMajorazure, bad-practice, design
S6421C#Azure Functions should use Structured Error HandlingCODE_SMELLMajorazure, error-handling
S6422C#Calls to "async" methods should not be blocking in Azure FunctionsCODE_SMELLBlockerazure, async-await
S6423C#Azure Functions should log all failuresCODE_SMELLMajorazure, error-handling
S6424C#Interfaces for durable entities should satisfy the restrictionsCODE_SMELLBlockerazure, design
S6444C#Not specifying a timeout for regular expressions is security-sensitiveSECURITY_HOTSPOTMajorcwe, regex
S6507C#Blocks should not be synchronized on local variablesBUGMajorcwe, multi-threading
S6513C#"ExcludeFromCodeCoverage" attributes should include a justificationCODE_SMELLMinorbad-practice
S6561C#Avoid using "DateTime.Now" for benchmarking or timing operationsCODE_SMELLMajor
S6562C#Always set the "DateTimeKind" when creating new "DateTime" instancesCODE_SMELLMajorlocalisation, pitfall
S6563C#Use UTC when recording DateTime instantsCODE_SMELLMajorpitfall
S6566C#Use "DateTimeOffset" instead of "DateTime"CODE_SMELLMajor
S6575C#Use "TimeZoneInfo.FindSystemTimeZoneById" without converting the timezones with "TimezoneConverter"CODE_SMELLMajor
S6580C#Use a format provider when parsing date and timeCODE_SMELLMajorpitfall, bug
S6585C#Don't hardcode the format when turning dates and times to stringsCODE_SMELLMinor
S6588C#Use the "UnixEpoch" field instead of creating "DateTime" instances that point to the beginning of the Unix epochCODE_SMELLMinor
S6602C#"Find" method should be used instead of the "FirstOrDefault" extensionCODE_SMELLMinorperformance
S6603C#The collection-specific "TrueForAll" method should be used instead of the "All" extensionCODE_SMELLMinorperformance
S6605C#Collection-specific "Exists" method should be used instead of the "Any" extensionCODE_SMELLMinorperformance
S6607C#The collection should be filtered before sorting by using "Where" before "OrderBy"CODE_SMELLMinorperformance
S6608C#Prefer indexing instead of "Enumerable" methods on types implementing "IList"CODE_SMELLMinorperformance
S6609C#"Min/Max" properties of "Set" types should be used instead of the "Enumerable" extension methodsCODE_SMELLMinorperformance
S6610C#"StartsWith" and "EndsWith" overloads that take a "char" should be used instead of the ones that take a "string"CODE_SMELLMinorperformance
S6612C#The lambda parameter should be used instead of capturing arguments in "ConcurrentDictionary" methodsCODE_SMELLMinorperformance
S6613C#"First" and "Last" properties of "LinkedList" should be used instead of the "First()" and "Last()" extension methodsCODE_SMELLMinorperformance
S6617C#"Contains" should be used instead of "Any" for simple equality checksCODE_SMELLMinorperformance
S6618C#"string.Create" should be used instead of "FormattableString"CODE_SMELLMinorperformance
S6640C#Unsafe code blocks should not be usedVULNERABILITYMajorformer-hotspot
S6664C#The code block contains too many logging callsCODE_SMELLMinorlogging
S6667C#Logging in a catch clause should pass the caught exception as a parameter.CODE_SMELLMinorerror-handling, logging
S6668C#Logging arguments should be passed to the correct parameterCODE_SMELLMinorlogging
S6669C#Logger field or property name should comply with a naming conventionCODE_SMELLMinorlogging
S6670C#"Trace.Write" and "Trace.WriteLine" should not be usedCODE_SMELLMinorlogging
S6672C#Generic logger injection should match enclosing typeCODE_SMELLMinorconfusing, logging
S6673C#Log message template placeholders should be in the right orderCODE_SMELLMajorlogging
S6674C#Log message template should be syntactically correctBUGCriticallogging
S6675C#"Trace.WriteLineIf" should not be used with "TraceSwitch" levelsCODE_SMELLMinorconfusing, clumsy, logging
S6677C#Message template placeholders should be uniqueBUGMajorlogging
S6678C#Use PascalCase for named placeholdersCODE_SMELLMinorlogging
S6781C#JWT secret keys should not be disclosedVULNERABILITYBlockercwe, symbolic-execution
S6797C#Blazor query parameter type should be supportedBUGMajorblazor
S6798C#[JSInvokable] attribute should only be used on public methodsBUGMajorblazor
S6800C#Component parameter type should match the route parameter type constraintBUGMajorblazor
S6802C#Using lambda expressions in loops should be avoided in Blazor markup sectionCODE_SMELLMajorblazor
S6803C#Parameters with SupplyParameterFromQuery attribute should be used only in routable componentsCODE_SMELLMajorblazor
S6930C#Backslash should be avoided in route templatesBUGMajorasp.net
S6931C#ASP.NET controller actions should not have a route template starting with "/"CODE_SMELLMajorasp.net
S6932C#Use model binding instead of reading raw request dataCODE_SMELLMajorasp.net
S6934C#A Route attribute should be added to the controller when a route template is specified at the action levelCODE_SMELLMajorasp.net
S6960C#Controllers should not have mixed responsibilitiesCODE_SMELLMajorasp.net
S6961C#API Controllers should derive from ControllerBase instead of ControllerCODE_SMELLMajorasp.net, performance
S6962C#You should pool HTTP connections with HttpClientFactoryCODE_SMELLMajorasp.net
S6964C#Value type property used as input in a controller action should be nullable, required or annotated with the JsonRequiredAttribute to avoid under-posting.CODE_SMELLMajorasp.net
S6965C#REST API actions should be annotated with an HTTP verb attributeCODE_SMELLMajorasp.net
S6966C#Awaitable method should be usedCODE_SMELLMajorasync-await
S6967C#ModelState.IsValid should be called in controller actionsCODE_SMELLCriticalasp.net
S6968C#Actions that return a value should be annotated with ProducesResponseTypeAttribute containing the return typeCODE_SMELLMajorasp.net
S7039C#Content Security Policies should be restrictiveVULNERABILITYMajor
S7130C#First/Single should be used instead of FirstOrDefault/SingleOrDefault on collections that are known to be non-emptyCODE_SMELLMajorsymbolic-execution
S7131C#A write lock should not be released when a read lock has been acquired and vice versaBUGCriticalsymbolic-execution
S7133C#Locks should be released within the same methodBUGCriticalsymbolic-execution
S818C#Literal suffixes should be upper caseCODE_SMELLMinorconvention, pitfall
S8367C#Identifiers should not conflict with the C# 14 "field" contextual keywordCODE_SMELLCriticalcsharp-14, compatibility, upgrade
S8368C#Identifiers should not conflict with the C# 14 "extension" contextual keywordCODE_SMELLCriticalcsharp14, breaking-change, contextual-keyword
S8380C#Return types named "partial" should be escaped with "@"CODE_SMELLCriticalbreaking-change, csharp14
S8381C#"scoped" should be escaped when used as an identifier or type name in parenthesized lambda parameter listsCODE_SMELLCriticalcsharp14, breaking-change, lambda
S8717C#Multiple "[Key]" attributes should not be used to define a composite keyBUGBlockerentity-framework-core, entity-framework, orm, database
S881C#Increment (++) and decrement (--) operators should not be used in a method call or mixed with other operators in an expressionCODE_SMELLMajor
S907C#"goto" statement should not be usedCODE_SMELLMajorbrain-overload
S927C#Parameter names should match base declaration and other partial definitionsCODE_SMELLCriticalsuspicious
S101VB.NETClass names should comply with a naming conventionCODE_SMELLMinorconvention
S103VB.NETLines should not be too longCODE_SMELLMajorconvention
S104VB.NETFiles should not have too many lines of codeCODE_SMELLMajorbrain-overload
S1048VB.NETFinalize method should not throw exceptionsBUGBlocker
S105VB.NETTabulation characters should not be usedCODE_SMELLMinorconvention
S1066VB.NETMergeable "if" statements should be combinedCODE_SMELLMajorclumsy
S1067VB.NETExpressions should not be too complexCODE_SMELLCriticalbrain-overload
S107VB.NETProcedures should not have too many parametersCODE_SMELLMajorbrain-overload
S1075VB.NETURIs should not be hardcodedCODE_SMELLMinor
S108VB.NETNested blocks of code should not be left emptyCODE_SMELLMajorsuspicious
S1110VB.NETUnnecessary parentheses should be removedCODE_SMELLMinorclippy, redundant, readability
S112VB.NETGeneral or reserved exceptions should never be thrownCODE_SMELLMajorcwe, error-handling
S1123VB.NET"Obsolete" attributes should include explanationsCODE_SMELLMajorobsolete, bad-practice
S1125VB.NETBoolean literals should not be redundantCODE_SMELLMinorclumsy
S1133VB.NETDeprecated code should be removedCODE_SMELLInfoobsolete
S1134VB.NETTrack uses of "FIXME" tagsCODE_SMELLMajorcwe
S1135VB.NETTrack uses of "TODO" tagsCODE_SMELLInfocwe
S114VB.NETInterface names should comply with a naming conventionCODE_SMELLMinorconvention
S1147VB.NET"End" statements should not be usedCODE_SMELLBlockercwe, suspicious
S1151VB.NET"Select...Case" clauses should not have too many lines of codeCODE_SMELLMajorbrain-overload
S1155VB.NET"Any()" should be used to test for emptinessCODE_SMELLMinorperformance
S1163VB.NETExceptions should not be thrown in finally blocksCODE_SMELLCriticalerror-handling, suspicious
S117VB.NETLocal variable names should comply with a naming conventionCODE_SMELLMinorconvention
S1172VB.NETUnused procedure parameters should be removedCODE_SMELLMajorunused
S1186VB.NETMethods should not be emptyCODE_SMELLCriticalsuspicious
S119VB.NETGeneric type parameter names should comply with a naming conventionCODE_SMELLMinorconvention
S1192VB.NETString literals should not be duplicatedCODE_SMELLMinordesign
S1197VB.NETArray designators "()" should be on the type, not the variableCODE_SMELLMinorconvention
S122VB.NETStatements should be on separate linesCODE_SMELLMajorconvention
S1226VB.NETMethod parameters and caught exceptions should not be reassignedBUGMinor
S126VB.NET"If ... ElseIf" constructs should end with "Else" clausesCODE_SMELLCritical
S1301VB.NET"Select" statements should have at least 3 "Case" clausesCODE_SMELLMinorbad-practice
S131VB.NET"Select" statements should end with a "Case Else" clauseCODE_SMELLCriticalcwe
S1313VB.NETIP addresses should not be hardcodedCODE_SMELLMinorformer-hotspot
S134VB.NETControl flow statements "If", "For", "For Each", "Do", "While", "Select" and "Try" should not be nested too deeplyCODE_SMELLCriticalbrain-overload
S138VB.NETProcedures should not have too many lines of codeCODE_SMELLMajorbrain-overload
S139VB.NETComments should not be located at the end of lines of codeCODE_SMELLMinorconvention
S1451VB.NETTrack lack of copyright and license headersCODE_SMELLBlockerconvention
S1479VB.NET"Select Case" statement with many "Case" clauses should have only one statementCODE_SMELLMajorbrain-overload
S1481VB.NETUnused local variables should be removedCODE_SMELLMinorunused
S1541VB.NETFunctions, procedures and properties should not be too complexCODE_SMELLCriticalbrain-overload
S1542VB.NETFunctions and procedures should comply with a naming conventionCODE_SMELLMajorconvention
S1643VB.NETStrings should not be concatenated using "+" or "&" in a loopCODE_SMELLMinorperformance
S1645VB.NETThe "&" operator should be used to concatenate stringsCODE_SMELLCriticalsuspicious
S1654VB.NETMethod parameters should follow a naming conventionCODE_SMELLMajorconvention
S1656VB.NETVariables should not be self-assignedBUGMajor
S1659VB.NETMultiple variables should not be declared on the same lineCODE_SMELLMinorconvention
S1751VB.NETLoops with at most one iteration should be refactoredBUGMajorconfusing, bad-practice
S1764VB.NETIdentical expressions should not be used on both sides of a binary operatorBUGMajorsuspicious
S1821VB.NET"Select Case" statements should not be nestedCODE_SMELLCriticalpitfall
S1862VB.NETRelated "If/ElseIf" statements should not have the same conditionBUGMajorunused, pitfall
S1871VB.NETTwo branches in a conditional structure should not have exactly the same implementationCODE_SMELLMajordesign, suspicious
S1940VB.NETBoolean checks should not be invertedCODE_SMELLMinorpitfall
S1944VB.NETInvalid casts should be avoidedCODE_SMELLMajorcwe, suspicious
S2053VB.NETPassword hashing functions should use an unpredictable saltVULNERABILITYCriticalcwe, symbolic-execution
S2068VB.NETCredentials should not be hard-codedVULNERABILITYMajorcwe, former-hotspot
S2077VB.NETSQL queries should not be dynamically formattedVULNERABILITYMajorcwe, bad-practice, sql, former-hotspot
S2094VB.NETClasses should not be emptyCODE_SMELLMinorclumsy
S2166VB.NETClasses named like "Exception" should extend "Exception" or a subclassCODE_SMELLMajorconvention, error-handling, pitfall
S2178VB.NETShort-circuit logic should be used in boolean contextsCODE_SMELLBlocker
S2222VB.NETLocks should be released on all pathsBUGCriticalcwe, multi-threading, symbolic-execution
S2225VB.NET"ToString()" method should not return NothingBUGMajorcwe
S2234VB.NETArguments should be passed in the same order as the procedure parametersCODE_SMELLMajor
S2257VB.NETCustom cryptographic algorithms should not be usedVULNERABILITYCriticalcwe, former-hotspot
S2259VB.NETNull pointers should not be dereferencedBUGMajorcwe, symbolic-execution
S2302VB.NET"NameOf" should be usedCODE_SMELLCriticalbad-practice
S2304VB.NETNamespace names should comply with a naming conventionCODE_SMELLMinorconvention
S2339VB.NETPublic constant members should not be usedCODE_SMELLCriticalpitfall
S2340VB.NET"Do" loops should not be used without a "While" or "Until" conditionCODE_SMELLCriticalpitfall
S2342VB.NETEnumeration types should comply with a naming conventionCODE_SMELLMinorconvention
S2343VB.NETEnumeration values should comply with a naming conventionCODE_SMELLMinorconvention
S2344VB.NETEnumeration type names should not have "Flags" or "Enum" suffixesCODE_SMELLMinorconvention
S2345VB.NETFlags enumerations should explicitly initialize all their membersBUGMinor
S2346VB.NETFlags enumerations zero-value members should be named "None"CODE_SMELLCriticalconvention
S2347VB.NETEvent handlers should comply with a naming conventionCODE_SMELLMinorconvention
S2348VB.NETEvents should comply with a naming conventionCODE_SMELLMinorconvention
S2349VB.NETEvent names should not have "Before" or "After" as a prefix or suffixCODE_SMELLMinorconvention
S2352VB.NETIndexed properties with more than one parameter should not be usedCODE_SMELLMajorclumsy
S2354VB.NETLine continuations should not be usedCODE_SMELLMinorconvention
S2355VB.NETArray literals should be used instead of array creation expressionsCODE_SMELLMinorclumsy
S2357VB.NETFields should be privateCODE_SMELLMajorpitfall
S2358VB.NET"IsNot" should be used instead of "Not ... Is ..."CODE_SMELLMajorclumsy
S2359VB.NET"On Error" statements should not be usedCODE_SMELLMajorbad-practice
S2360VB.NETOptional parameters should not be usedCODE_SMELLCriticalpitfall
S2362VB.NETPrivate constants should comply with a naming conventionCODE_SMELLMinorconvention
S2363VB.NET"Private Shared ReadOnly" fields should comply with a naming conventionCODE_SMELLMinorconvention
S2364VB.NET"Private" fields should comply with a naming conventionCODE_SMELLMinorconvention
S2365VB.NETProperties should not make collection or array copiesCODE_SMELLCriticalapi-design, performance
S2366VB.NETProperties should comply with a naming conventionCODE_SMELLMinorconvention
S2367VB.NETNon-private constants should comply with a naming conventionCODE_SMELLMinorconvention
S2368VB.NETPublic methods should not have multidimensional array parametersCODE_SMELLBlockerpitfall
S2369VB.NETNon-private fields should comply with a naming conventionCODE_SMELLMinorconvention
S2370VB.NETNon-private "Shared ReadOnly" fields should comply with a naming conventionCODE_SMELLMinorconvention
S2372VB.NETExceptions should not be thrown from property gettersCODE_SMELLMajorerror-handling
S2373VB.NETGeneric type parameter names should comply with a naming conventionCODE_SMELLMinor
S2374VB.NETSigned types should be preferred to unsigned onesCODE_SMELLCriticalpitfall
S2375VB.NET"With" statements should be used for a series of calls to the same objectCODE_SMELLMinorclumsy
S2376VB.NETWrite-only properties should not be usedCODE_SMELLMajorpitfall
S2387VB.NETChild class fields should not shadow parent class fieldsCODE_SMELLBlocker
S2429VB.NETArrays should be initialized using the "... = {}" syntaxCODE_SMELLMinorclumsy
S2437VB.NETUnnecessary bit operations should not be performedCODE_SMELLBlockersuspicious
S2551VB.NETShared resources should not be used for lockingBUGCriticalmulti-threading
S2583VB.NETConditionally executed code should be reachableBUGMajorcwe, unused, suspicious, pitfall, symbolic-execution
S2589VB.NETBoolean expressions should not be gratuitousCODE_SMELLMajorcwe, suspicious, redundant, symbolic-execution
S2612VB.NETFile permissions should not be set to world-accessible valuesVULNERABILITYMajorcwe, former-hotspot
S2692VB.NET"IndexOf" checks should not be for positive numbersCODE_SMELLCriticalsuspicious
S2737VB.NET"catch" clauses should do more than rethrowCODE_SMELLMinorerror-handling, unused, finding, clumsy
S2757VB.NETNon-existent operators like "=+" should not be usedBUGMajor
S2761VB.NET'Not' boolean operator should not be repeatedBUGMajor
S2925VB.NET"Thread.Sleep" should not be used in testsCODE_SMELLMajortests, bad-practice
S2951VB.NET"Exit Select" statements should not be used redundantlyCODE_SMELLMinorunused, clumsy
S3011VB.NETReflection should not be used to increase accessibility of classes, methods, or fieldsCODE_SMELLMajor
S3063VB.NET"StringBuilder" data should be usedCODE_SMELLMajorperformance
S3329VB.NETCipher Block Chaining IVs should be unpredictableVULNERABILITYCriticalcwe, symbolic-execution
S3358VB.NETIf operators should not be nestedCODE_SMELLMajorconfusing
S3363VB.NETDate and time should not be used as a type for primary keysBUGMinor
S3385VB.NET"Exit" statements should not be usedCODE_SMELLMajorbrain-overload, bad-practice
S3431VB.NET"[ExpectedException]" should not be usedCODE_SMELLMajortests
S3449VB.NETRight operands of shift operators should be integersBUGCritical
S3453VB.NETClasses should not have only "private" constructorsBUGMajordesign
S3464VB.NETType inheritance should not be recursiveBUGBlocker
S3466VB.NETOptional parameters should be passed to "base" callsBUGMajor
S3598VB.NETOne-way "OperationContract" methods should have "void" return typeBUGMajor
S3603VB.NETMethods with "Pure" attribute should return a value BUGMajor
S3655VB.NETEmpty nullable value should not be accessedBUGMajorcwe, symbolic-execution
S3776VB.NETCognitive Complexity of methods should not be too highCODE_SMELLCriticalbrain-overload
S3860VB.NET"ByVal" should not be usedCODE_SMELLMinorclumsy
S3866VB.NET"IIf" should not be usedCODE_SMELLCriticalperformance
S3869VB.NET"SafeHandle.DangerousGetHandle" should not be calledBUGBlockerleak, unpredictable
S3871VB.NETException types should be "Public"CODE_SMELLCriticalerror-handling, api-design
S3878VB.NETArrays should not be created for ParamArray parametersCODE_SMELLMinorclumsy
S3884VB.NET"CoSetProxyBlanket" and "CoInitializeSecurity" should not be usedVULNERABILITYBlocker
S3889VB.NET"Thread.Resume" and "Thread.Suspend" should not be usedBUGBlockermulti-threading, unpredictable
S3898VB.NETValue types should implement "IEquatable<T>"CODE_SMELLMajorperformance
S3900VB.NETArguments of public methods should be validated against NothingCODE_SMELLMajorconvention, symbolic-execution
S3903VB.NETTypes should be defined in named namespacesBUGMajor
S3904VB.NETAssemblies should have version informationCODE_SMELLCriticalpitfall
S3923VB.NETAll branches in a conditional structure should not have exactly the same implementationBUGMajor
S3926VB.NETDeserialization methods should be provided for "OptionalField" membersBUGMajorserialization
S3927VB.NETSerialization event handlers should be implemented correctlyBUGMajor
S3949VB.NETCalculations should not overflowBUGMajoroverflow, symbolic-execution
S3966VB.NETObjects should not be disposed more than onceCODE_SMELLMajorconfusing, pitfall, symbolic-execution
S3981VB.NETCollection sizes and array length comparisons should make senseBUGMajorconfusing
S3990VB.NETAssemblies should be marked as CLS compliantCODE_SMELLMajorapi-design
S3992VB.NETAssemblies should explicitly specify COM visibilityCODE_SMELLMajorapi-design
S3998VB.NETThreads should not lock on objects with weak identityCODE_SMELLCriticalmulti-threading, pitfall
S4025VB.NETChild class fields should not differ from parent class fields only by capitalizationCODE_SMELLCriticalpitfall
S4036VB.NETOS commands should not rely on PATH resolutionVULNERABILITYMinorcwe, former-hotspot
S4060VB.NETNon-abstract attributes should be sealedCODE_SMELLMinorperformance
S4136VB.NETMethod overloads should be grouped togetherCODE_SMELLMinorconvention
S4143VB.NETMap values should not be replaced unconditionallyBUGMajorsuspicious
S4144VB.NETMethods should not have identical implementationsCODE_SMELLMajorconfusing, duplicate, suspicious
S4158VB.NETEmpty collections should not be accessed or iteratedBUGMinorsymbolic-execution
S4159VB.NETClasses should implement their "ExportAttribute" interfacesBUGBlockermef, pitfall
S4201VB.NETNull checks should not be combined with "TypeOf Is" operator checksCODE_SMELLMinorredundant
S4210VB.NETWindows Forms entry points should be marked with STAThreadBUGMajorwinforms, pitfall
S4225VB.NETExtension methods should not extend "Object"CODE_SMELLMinor
S4260VB.NET"ConstructorArgument" parameters should exist in constructorsBUGMajorxaml, wpf
S4275VB.NETProperty procedures should access the expected fieldsBUGCriticalpitfall
S4277VB.NET"Shared" parts should not be created with "new"BUGCriticalmef, pitfall
S4423VB.NETWeak SSL/TLS protocols should not be usedVULNERABILITYCriticalcwe, privacy
S4428VB.NET"PartCreationPolicyAttribute" should be used with "ExportAttribute"BUGMajormef, pitfall
S4507VB.NETDebugging features should not be enabled in productionVULNERABILITYMinorcwe, error-handling, debug, user-experience, former-hotspot
S4545VB.NET"DebuggerDisplayAttribute" strings should reference existing membersCODE_SMELLMajor
S4581VB.NET"new Guid()" should not be usedCODE_SMELLMajor
S4583VB.NETCalls to delegate's method "BeginInvoke" should be paired with calls to "EndInvoke"BUGCritical
S4586VB.NETNon-async "Task/Task<T>" methods should not return nullBUGCriticalasync-await
S4663VB.NETComments should not be emptyCODE_SMELLMinor
S4790VB.NETWeak hashing algorithms should not be usedVULNERABILITYCriticalcwe, former-hotspot
S4830VB.NETServer certificates should be verified during SSL/TLS connectionsVULNERABILITYCriticalcwe, privacy, ssl
S5042VB.NETExpanding archive files should not be done without controlling resource consumptionCODE_SMELLMajorcwe, former-hotspot
S5443VB.NETTemporary files should not be created in publicly writable directoriesVULNERABILITYCriticalcwe, former-hotspot
S5445VB.NETInsecure temporary file creation methods should not be usedVULNERABILITYCriticalcwe
S5542VB.NETEncryption algorithms should be used with secure mode and padding schemeVULNERABILITYCriticalcwe, privacy
S5547VB.NETCipher algorithms should be robustVULNERABILITYCriticalcwe, privacy
S5659VB.NETJWT should be signed and verified with strong cipher algorithmsVULNERABILITYCriticalcwe, privacy
S5693VB.NETHTTP request content length should be limitedVULNERABILITYMajorcwe, former-hotspot
S5753VB.NETASP.NET Request Validation should not be disabledVULNERABILITYMajorcwe, former-hotspot
S5773VB.NETTypes allowed to be deserialized should be restrictedVULNERABILITYMajorcwe, symbolic-execution
S5856VB.NETRegular expressions should be syntactically validBUGCriticalregex
S5944VB.NET"Return" statements should be used instead of assigning values to function namesCODE_SMELLMajorbad-practice, confusing
S6145VB.NET"Option Strict" should be enabledCODE_SMELLMajorbad-practice
S6146VB.NET"Option Explicit" should be enabledCODE_SMELLCriticalbad-practice
S6354VB.NETUse a testable date/time providerCODE_SMELLMajor
S6418VB.NETSecrets should not be hard-codedVULNERABILITYBlockercwe, former-hotspot
S6444VB.NETNot specifying a timeout for regular expressions is security-sensitiveSECURITY_HOTSPOTMajorcwe, regex
S6513VB.NET"ExcludeFromCodeCoverage" attributes should include a justificationCODE_SMELLMinorbad-practice
S6561VB.NETAvoid using "DateTime.Now" for benchmarking or timing operationsCODE_SMELLMajor
S6562VB.NETAlways set the "DateTimeKind" when creating new "DateTime" instancesCODE_SMELLMajorlocalisation, pitfall
S6563VB.NETUse UTC when recording DateTime instantsCODE_SMELLMajorpitfall
S6566VB.NETUse "DateTimeOffset" instead of "DateTime"CODE_SMELLMajor
S6575VB.NETUse "TimeZoneInfo.FindSystemTimeZoneById" without converting the timezones with "TimezoneConverter"CODE_SMELLMajor
S6580VB.NETUse a format provider when parsing date and timeCODE_SMELLMajorpitfall, bug
S6585VB.NETDon't hardcode the format when turning dates and times to stringsCODE_SMELLMinor
S6588VB.NETUse the "UnixEpoch" field instead of creating "DateTime" instances that point to the beginning of the Unix epochCODE_SMELLMinor
S6602VB.NET"Find" method should be used instead of the "FirstOrDefault" extensionCODE_SMELLMinorperformance
S6603VB.NETThe collection-specific "TrueForAll" method should be used instead of the "All" extensionCODE_SMELLMinorperformance
S6605VB.NETCollection-specific "Exists" method should be used instead of the "Any" extensionCODE_SMELLMinorperformance
S6607VB.NETThe collection should be filtered before sorting by using "Where" before "OrderBy"CODE_SMELLMinorperformance
S6608VB.NETPrefer indexing instead of "Enumerable" methods on types implementing "IList"CODE_SMELLMinorperformance
S6609VB.NET"Min/Max" properties of "Set" types should be used instead of the "Enumerable" extension methodsCODE_SMELLMinorperformance
S6610VB.NET"StartsWith" and "EndsWith" overloads that take a "char" should be used instead of the ones that take a "string"CODE_SMELLMinorperformance
S6612VB.NETThe lambda parameter should be used instead of capturing arguments in "ConcurrentDictionary" methodsCODE_SMELLMinorperformance
S6613VB.NET"First" and "Last" properties of "LinkedList" should be used instead of the "First()" and "Last()" extension methodsCODE_SMELLMinorperformance
S6617VB.NET"Contains" should be used instead of "Any" for simple equality checksCODE_SMELLMinorperformance
S6930VB.NETBackslash should be avoided in route templatesBUGMajorasp.net
S6931VB.NETASP.NET controller actions should not have a route template starting with "/"CODE_SMELLMajorasp.net
S7130VB.NETFirst/Single should be used instead of FirstOrDefault/SingleOrDefault on collections that are known to be non-emptyCODE_SMELLMajorsymbolic-execution
S7131VB.NETA write lock should not be released when a read lock has been acquired and vice versaBUGCriticalsymbolic-execution
S7133VB.NETLocks should be released within the same methodBUGCriticalsymbolic-execution
S907VB.NET"GoTo" statements should not be usedCODE_SMELLMajorbrain-overload
S927VB.NETParameter names should match base declarationCODE_SMELLCriticalsuspicious