S100 | C# | Methods and properties should be named in PascalCase | CODE_SMELL | Minor | convention |
S1006 | C# | Method overrides should not change parameter defaults | CODE_SMELL | Critical | pitfall |
S101 | C# | Types should be named in PascalCase | CODE_SMELL | Minor | convention |
S103 | C# | Lines should not be too long | CODE_SMELL | Major | convention |
S104 | C# | Files should not have too many lines of code | CODE_SMELL | Major | brain-overload |
S1048 | C# | Finalizers should not throw exceptions | BUG | Blocker | |
S105 | C# | Tabulation characters should not be used | CODE_SMELL | Minor | convention |
S106 | C# | Standard outputs should not be used directly to log anything | CODE_SMELL | Major | bad-practice |
S1066 | C# | Mergeable "if" statements should be combined | CODE_SMELL | Major | clumsy |
S1067 | C# | Expressions should not be too complex | CODE_SMELL | Critical | brain-overload |
S107 | C# | Methods should not have too many parameters | CODE_SMELL | Major | brain-overload |
S1075 | C# | URIs should not be hardcoded | CODE_SMELL | Minor | |
S108 | C# | Nested blocks of code should not be left empty | CODE_SMELL | Major | suspicious |
S109 | C# | Magic numbers should not be used | CODE_SMELL | Major | brain-overload |
S110 | C# | Inheritance tree of classes should not be too deep | CODE_SMELL | Major | |
S1104 | C# | Fields should not have public accessibility | CODE_SMELL | Minor | cwe |
S1109 | C# | A close curly brace should be located at the beginning of a line | CODE_SMELL | Minor | convention |
S1110 | C# | Unnecessary parentheses should be removed | CODE_SMELL | Minor | clippy, redundant, readability |
S1116 | C# | Empty statements should be removed | CODE_SMELL | Minor | unused |
S1117 | C# | Local variables should not shadow class fields or properties | CODE_SMELL | Major | suspicious, pitfall |
S1118 | C# | Utility classes should not have public constructors | CODE_SMELL | Major | design |
S112 | C# | General or reserved exceptions should never be thrown | CODE_SMELL | Major | cwe, error-handling |
S1121 | C# | Assignments should not be made from within sub-expressions | CODE_SMELL | Major | cwe, suspicious |
S1123 | C# | "Obsolete" attributes should include explanations | CODE_SMELL | Major | obsolete, bad-practice |
S1125 | C# | Boolean literals should not be redundant | CODE_SMELL | Minor | clumsy |
S1128 | C# | Unnecessary "using" should be removed | CODE_SMELL | Minor | unused |
S113 | C# | Files should end with a newline | CODE_SMELL | Minor | convention |
S1133 | C# | Deprecated code should be removed | CODE_SMELL | Info | obsolete |
S1134 | C# | Track uses of "FIXME" tags | CODE_SMELL | Major | cwe |
S1135 | C# | Track uses of "TODO" tags | CODE_SMELL | Info | cwe |
S1144 | C# | Unused private types or members should be removed | CODE_SMELL | Major | unused |
S1147 | C# | Exit methods should not be called | CODE_SMELL | Blocker | cwe, suspicious |
S1151 | C# | "switch case" clauses should not have too many lines of code | CODE_SMELL | Major | brain-overload |
S1155 | C# | "Any()" should be used to test for emptiness | CODE_SMELL | Minor | performance |
S1163 | C# | Exceptions should not be thrown in finally blocks | CODE_SMELL | Critical | error-handling, suspicious |
S1168 | C# | Empty arrays and collections should be returned instead of null | CODE_SMELL | Major | |
S1172 | C# | Unused method parameters should be removed | CODE_SMELL | Major | unused |
S1185 | C# | Overriding members should do more than simply call the same member in the base class | CODE_SMELL | Minor | redundant, clumsy |
S1186 | C# | Methods should not be empty | CODE_SMELL | Critical | suspicious |
S1192 | C# | String literals should not be duplicated | CODE_SMELL | Minor | design |
S1199 | C# | Nested code blocks should not be used | CODE_SMELL | Minor | bad-practice |
S1200 | C# | Classes should not be coupled to too many other classes | CODE_SMELL | Major | brain-overload |
S1206 | C# | "Equals(Object)" and "GetHashCode()" should be overridden in pairs | BUG | Minor | cwe |
S121 | C# | Control structures should use curly braces | CODE_SMELL | Critical | pitfall |
S1210 | C# | "Equals" and the comparison operators should be overridden when implementing "IComparable" | CODE_SMELL | Minor | |
S1215 | C# | "GC.Collect" should not be called | CODE_SMELL | Critical | performance, unpredictable, bad-practice |
S122 | C# | Statements should be on separate lines | CODE_SMELL | Major | convention |
S1226 | C# | Method parameters, caught exceptions and foreach variables' initial values should not be ignored | BUG | Minor | |
S1227 | C# | break statements should not be used except for switch cases | CODE_SMELL | Minor | |
S1244 | C# | Floating point numbers should not be tested for equality | BUG | Major | |
S125 | C# | Sections of code should not be commented out | CODE_SMELL | Major | unused |
S126 | C# | "if ... else if" constructs should end with "else" clauses | CODE_SMELL | Critical | |
S1264 | C# | A "while" loop should be used instead of a "for" loop | CODE_SMELL | Minor | clumsy |
S127 | C# | "for" loop stop conditions should be invariant | CODE_SMELL | Major | pitfall |
S1301 | C# | "switch" statements should have at least 3 "case" clauses | CODE_SMELL | Minor | bad-practice |
S1309 | C# | Track uses of in-source issue suppressions | CODE_SMELL | Info | |
S131 | C# | "switch/Select" statements should contain a "default/Case Else" clauses | CODE_SMELL | Critical | cwe |
S1312 | C# | Logger fields should be "private static readonly" | CODE_SMELL | Minor | convention, logging |
S1313 | C# | IP addresses should not be hardcoded | CODE_SMELL | Minor | former-hotspot |
S134 | C# | Control flow statements "if", "switch", "for", "foreach", "while", "do" and "try" should not be nested too deeply | CODE_SMELL | Critical | brain-overload |
S138 | C# | Functions should not have too many lines of code | CODE_SMELL | Major | brain-overload |
S1449 | C# | Culture should be specified for "string" operations | CODE_SMELL | Minor | unpredictable |
S1450 | C# | Private fields only used as local variables in methods should become local variables | CODE_SMELL | Minor | pitfall |
S1451 | C# | Track lack of copyright and license headers | CODE_SMELL | Blocker | convention |
S1479 | C# | "switch" statements with many "case" clauses should have only one statement | CODE_SMELL | Major | brain-overload |
S1481 | C# | Unused local variables should be removed | CODE_SMELL | Minor | unused |
S1541 | C# | Methods and properties should not be too complex | CODE_SMELL | Critical | brain-overload |
S1607 | C# | Tests should not be ignored | CODE_SMELL | Major | tests, bad-practice, confusing |
S1643 | C# | Strings should not be concatenated using '+' in a loop | CODE_SMELL | Minor | performance |
S1656 | C# | Variables should not be self-assigned | BUG | Major | |
S1659 | C# | Multiple variables should not be declared on the same line | CODE_SMELL | Minor | convention |
S1694 | C# | An abstract class should have both abstract and concrete methods | CODE_SMELL | Minor | convention |
S1696 | C# | NullReferenceException should not be caught | CODE_SMELL | Major | cwe, error-handling |
S1698 | C# | "==" should not be used when "Equals" is overridden | CODE_SMELL | Minor | cwe, suspicious |
S1699 | C# | Constructors should only call non-overridable methods | CODE_SMELL | Critical | pitfall |
S1751 | C# | Loops with at most one iteration should be refactored | BUG | Major | confusing, bad-practice |
S1764 | C# | Identical expressions should not be used on both sides of operators | BUG | Major | suspicious |
S1821 | C# | "switch" statements should not be nested | CODE_SMELL | Critical | pitfall |
S1848 | C# | Objects should not be created to be dropped immediately without being used | BUG | Major | |
S1854 | C# | Unused assignments should be removed | CODE_SMELL | Major | cwe, unused |
S1858 | C# | "ToString()" calls should not be redundant | CODE_SMELL | Minor | finding, clumsy |
S1862 | C# | Related "if/else if" statements should not have the same condition | BUG | Major | unused, pitfall |
S1871 | C# | Two branches in a conditional structure should not have exactly the same implementation | CODE_SMELL | Major | design, suspicious |
S1905 | C# | Redundant casts should not be used | CODE_SMELL | Minor | redundant, clumsy |
S1939 | C# | Inheritance list should not be redundant | CODE_SMELL | Minor | clumsy |
S1940 | C# | Boolean checks should not be inverted | CODE_SMELL | Minor | pitfall |
S1944 | C# | Invalid casts should be avoided | CODE_SMELL | Critical | cwe, suspicious |
S1994 | C# | "for" loop increment clauses should modify the loops' counters | CODE_SMELL | Critical | confusing |
S2053 | C# | Password hashing functions should use an unpredictable salt | VULNERABILITY | Critical | cwe, symbolic-execution |
S2068 | C# | Credentials should not be hard-coded | VULNERABILITY | Major | cwe, former-hotspot |
S2077 | C# | SQL queries should not be dynamically formatted | VULNERABILITY | Major | cwe, bad-practice, sql, former-hotspot |
S2092 | C# | Cookies should have the "secure" flag | VULNERABILITY | Minor | cwe, former-hotspot, privacy |
S2094 | C# | Classes should not be empty | CODE_SMELL | Minor | clumsy |
S2114 | C# | Collections should not be passed as arguments to their own methods | BUG | Major | |
S2115 | C# | A secure password should be used when connecting to a database | VULNERABILITY | Blocker | cwe |
S2123 | C# | Values should not be uselessly incremented | BUG | Major | unused |
S2139 | C# | Exceptions should be either logged or rethrown but not both | CODE_SMELL | Major | logging, error-handling |
S2148 | C# | Underscores should be used to make large numbers readable | CODE_SMELL | Minor | convention |
S2156 | C# | "sealed" classes should not have "protected" members | CODE_SMELL | Minor | confusing |
S2166 | C# | Classes named like "Exception" should extend "Exception" or a subclass | CODE_SMELL | Major | convention, error-handling, pitfall |
S2178 | C# | Short-circuit logic should be used in boolean contexts | CODE_SMELL | Blocker | |
S2183 | C# | Integral numbers should not be shifted by zero or more than their number of bits-1 | BUG | Minor | |
S2184 | C# | Results of integer division should not be assigned to floating point variables | BUG | Minor | cwe, overflow |
S2187 | C# | Test classes should contain at least one test case | CODE_SMELL | Blocker | tests, unused, confusing |
S2190 | C# | Loops and recursions should not be infinite | BUG | Blocker | suspicious |
S2197 | C# | Modulus results should not be checked for direct equality | CODE_SMELL | Critical | suspicious |
S2198 | C# | Unnecessary mathematical comparisons should not be made | CODE_SMELL | Critical | suspicious |
S2201 | C# | Methods without side effects should not have their return values ignored | BUG | Major | suspicious, confusing |
S2219 | C# | Runtime type checking should be simplified | CODE_SMELL | Minor | clumsy |
S2221 | C# | "Exception" should not be caught | CODE_SMELL | Minor | cwe, error-handling |
S2222 | C# | Locks should be released on all paths | BUG | Critical | cwe, multi-threading, symbolic-execution |
S2223 | C# | Non-constant static fields should not be visible | CODE_SMELL | Critical | pitfall |
S2225 | C# | "ToString()" method should not return null | BUG | Major | cwe |
S2234 | C# | Arguments should be passed in the same order as the method parameters | CODE_SMELL | Major | |
S2245 | C# | Pseudorandom number generators (PRNGs) should not be used in security contexts | VULNERABILITY | Major | cwe, former-hotspot |
S2251 | C# | A "for" loop update clause should move the counter in the right direction | BUG | Major | |
S2252 | C# | For-loop conditions should be true at least once | BUG | Major | |
S2257 | C# | Custom cryptographic algorithms should not be used | VULNERABILITY | Critical | cwe, former-hotspot |
S2259 | C# | Null pointers should not be dereferenced | BUG | Major | cwe, symbolic-execution |
S2275 | C# | Composite format strings should not lead to unexpected behavior at runtime | BUG | Blocker | |
S2290 | C# | Field-like events should not be virtual | CODE_SMELL | Critical | |
S2291 | C# | Overflow checking should not be disabled for "Enumerable.Sum" | CODE_SMELL | Critical | error-handling |
S2292 | C# | Trivial properties should be auto-implemented | CODE_SMELL | Minor | clumsy |
S2302 | C# | "nameof" should be used | CODE_SMELL | Critical | bad-practice |
S2306 | C# | "async" and "await" should not be used as identifiers | CODE_SMELL | Blocker | pitfall |
S2325 | C# | Methods and properties that don't access instance data should be static | CODE_SMELL | Minor | pitfall |
S2326 | C# | Unused type parameters should be removed | CODE_SMELL | Major | unused |
S2327 | C# | "try" statements with identical "catch" and/or "finally" blocks should be merged | CODE_SMELL | Major | clumsy |
S2328 | C# | "GetHashCode" should not reference mutable fields | BUG | Minor | |
S2330 | C# | Array covariance should not be used | CODE_SMELL | Critical | pitfall |
S2333 | C# | Redundant modifiers should not be used | CODE_SMELL | Minor | unused, finding, clumsy |
S2339 | C# | Public constant members should not be used | CODE_SMELL | Critical | pitfall |
S2342 | C# | Enumeration types should comply with a naming convention | CODE_SMELL | Minor | convention |
S2344 | C# | Enumeration type names should not have "Flags" or "Enum" suffixes | CODE_SMELL | Minor | convention |
S2345 | C# | Flags enumerations should explicitly initialize all their members | BUG | Minor | |
S2346 | C# | Flags enumerations zero-value members should be named "None" | CODE_SMELL | Critical | convention |
S2357 | C# | Fields should be private | CODE_SMELL | Major | pitfall |
S2360 | C# | Optional parameters should not be used | CODE_SMELL | Critical | pitfall |
S2365 | C# | Properties should not make collection or array copies | CODE_SMELL | Critical | api-design, performance |
S2368 | C# | Public methods should not have multidimensional array parameters | CODE_SMELL | Blocker | pitfall |
S2372 | C# | Exceptions should not be thrown from property getters | CODE_SMELL | Major | error-handling |
S2376 | C# | Write-only properties should not be used | CODE_SMELL | Major | pitfall |
S2386 | C# | Mutable fields should not be "public static" | CODE_SMELL | Minor | cwe, unpredictable |
S2387 | C# | Child class fields should not shadow parent class fields | CODE_SMELL | Blocker | |
S2436 | C# | Types and methods should not have too many generic parameters | CODE_SMELL | Major | brain-overload |
S2437 | C# | Unnecessary bit operations should not be performed | CODE_SMELL | Blocker | suspicious |
S2445 | C# | Blocks should be synchronized on read-only fields | BUG | Major | cwe, multi-threading |
S2479 | C# | Whitespace and control characters in string literals should be explicit | CODE_SMELL | Critical | pitfall |
S2486 | C# | Generic exceptions should not be ignored | CODE_SMELL | Minor | cwe, error-handling, suspicious |
S2551 | C# | Shared resources should not be used for locking | BUG | Critical | multi-threading |
S2583 | C# | Conditionally executed code should be reachable | BUG | Major | cwe, unused, suspicious, pitfall, symbolic-execution |
S2589 | C# | Boolean expressions should not be gratuitous | CODE_SMELL | Major | cwe, suspicious, redundant, symbolic-execution |
S2612 | C# | File permissions should not be set to world-accessible values | VULNERABILITY | Major | cwe, former-hotspot |
S2629 | C# | Logging templates should be constant | CODE_SMELL | Major | performance, logging |
S2674 | C# | The length returned from a stream read should be checked | BUG | Minor | |
S2681 | C# | Multiline blocks should be enclosed in curly braces | CODE_SMELL | Major | cwe |
S2688 | C# | "NaN" should not be used in comparisons | BUG | Major | |
S2692 | C# | "IndexOf" checks should not be for positive numbers | CODE_SMELL | Critical | suspicious |
S2696 | C# | Instance members should not write to "static" fields | CODE_SMELL | Critical | multi-threading |
S2699 | C# | Tests should include assertions | CODE_SMELL | Blocker | tests |
S2701 | C# | Literal boolean values should not be used in assertions | CODE_SMELL | Critical | tests |
S2737 | C# | "catch" clauses should do more than rethrow | CODE_SMELL | Minor | error-handling, unused, finding, clumsy |
S2743 | C# | Static fields should not be used in generic types | CODE_SMELL | Major | |
S2755 | C# | XML parsers should not be vulnerable to XXE attacks | VULNERABILITY | Blocker | cwe |
S2757 | C# | Non-existent operators like "=+" should not be used | BUG | Major | |
S2760 | C# | Sequential tests should not check the same condition | CODE_SMELL | Minor | suspicious, clumsy |
S2761 | C# | Doubled prefix operators "!!" and "~~" should not be used | BUG | Major | |
S2857 | C# | SQL keywords should be delimited by whitespace | BUG | Blocker | sql |
S2925 | C# | "Thread.Sleep" should not be used in tests | CODE_SMELL | Major | tests, bad-practice |
S2930 | C# | "IDisposables" should be disposed | BUG | Blocker | cwe, denial-of-service |
S2931 | C# | Classes with "IDisposable" members should implement "IDisposable" | BUG | Blocker | cwe, denial-of-service |
S2933 | C# | Fields that are only assigned in the constructor should be "readonly" | CODE_SMELL | Major | confusing |
S2934 | C# | Property assignments should not be made for "readonly" fields not constrained to reference types | BUG | Minor | |
S2952 | C# | Classes should "Dispose" of members from the classes' own "Dispose" methods | BUG | Critical | cwe, denial-of-service |
S2953 | C# | Methods named "Dispose" should implement "IDisposable.Dispose" | CODE_SMELL | Blocker | pitfall |
S2955 | C# | Generic parameters not constrained to reference types should not be compared to "null" | BUG | Minor | |
S2970 | C# | Assertions should be complete | CODE_SMELL | Blocker | tests |
S2971 | C# | LINQ expressions should be simplified | CODE_SMELL | Major | clumsy |
S2995 | C# | "Object.ReferenceEquals" should not be used for value types | BUG | Major | |
S2996 | C# | "ThreadStatic" fields should not be initialized | BUG | Major | multi-threading |
S2997 | C# | "IDisposables" created in a "using" statement should not be returned | BUG | Major | |
S3005 | C# | "ThreadStatic" should not be used on non-static fields | BUG | Major | unused |
S3010 | C# | Static fields should not be updated in constructors | CODE_SMELL | Major | |
S3011 | C# | Reflection should not be used to increase accessibility of classes, methods, or fields | CODE_SMELL | Major | |
S3052 | C# | Members should not be initialized to default values | CODE_SMELL | Minor | convention, finding |
S3059 | C# | Types should not have members with visibility set higher than the type's visibility | CODE_SMELL | Major | confusing |
S3060 | C# | "is" should not be used with "this" | CODE_SMELL | Blocker | api-design, bad-practice |
S3063 | C# | "StringBuilder" data should be used | CODE_SMELL | Major | performance |
S3168 | C# | "async" methods should not return "void" | BUG | Major | multi-threading, async-await |
S3169 | C# | Multiple "OrderBy" calls should not be used | CODE_SMELL | Major | performance |
S3172 | C# | Delegates should not be subtracted | BUG | Major | |
S3215 | C# | "interface" instances should not be cast to concrete types | CODE_SMELL | Critical | design |
S3216 | C# | "ConfigureAwait(false)" should be used | CODE_SMELL | Critical | multi-threading, async-await, suspicious, performance |
S3217 | C# | "Explicit" conversions of "foreach" loops should not be used | CODE_SMELL | Critical | suspicious |
S3218 | C# | Inner class members should not shadow outer class "static" or type members | CODE_SMELL | Critical | design, pitfall |
S3220 | C# | Method calls should not resolve ambiguously to overloads with "params" | CODE_SMELL | Minor | pitfall |
S3234 | C# | "GC.SuppressFinalize" should not be invoked for types without destructors | CODE_SMELL | Minor | unused, confusing |
S3235 | C# | Redundant parentheses should not be used | CODE_SMELL | Minor | unused, finding |
S3236 | C# | Caller information arguments should not be provided explicitly | CODE_SMELL | Minor | suspicious |
S3237 | C# | "value" contextual keyword should be used | CODE_SMELL | Blocker | pitfall |
S3240 | C# | The simplest possible condition syntax should be used | CODE_SMELL | Minor | clumsy |
S3241 | C# | Methods should not return values that are never used | CODE_SMELL | Minor | design, unused |
S3242 | C# | Method parameters should be declared with base types | CODE_SMELL | Minor | api-design |
S3244 | C# | Anonymous delegates should not be used to unsubscribe from Events | BUG | Major | |
S3246 | C# | Generic type parameters should be co/contravariant when possible | CODE_SMELL | Major | api-design |
S3247 | C# | Duplicate casts should not be made | CODE_SMELL | Minor | performance |
S3249 | C# | Classes directly extending "object" should not call "base" in "GetHashCode" or "Equals" | BUG | Major | |
S3251 | C# | Implementations should be provided for "partial" methods | CODE_SMELL | Minor | suspicious |
S3253 | C# | Constructor and destructor declarations should not be redundant | CODE_SMELL | Minor | finding, clumsy |
S3254 | C# | Default parameter values should not be passed as arguments | CODE_SMELL | Minor | finding, clumsy |
S3256 | C# | "string.IsNullOrEmpty" should be used | CODE_SMELL | Minor | clumsy |
S3257 | C# | Declarations and initializations should be as concise as possible | CODE_SMELL | Minor | finding, clumsy |
S3260 | C# | Non-derived "private" classes and records should be "sealed" | CODE_SMELL | Minor | performance |
S3261 | C# | Namespaces should not be empty | CODE_SMELL | Minor | unused |
S3262 | C# | "params" should be used on overrides | CODE_SMELL | Major | confusing |
S3263 | C# | Static fields should appear in the order they must be initialized | BUG | Major | |
S3264 | C# | Events should be invoked | CODE_SMELL | Major | unused |
S3265 | C# | Non-flags enums should not be used in bitwise operations | CODE_SMELL | Critical | convention |
S3267 | C# | Loops should be simplified with "LINQ" expressions | CODE_SMELL | Minor | |
S3329 | C# | Cipher Block Chaining IVs should be unpredictable | VULNERABILITY | Critical | cwe, symbolic-execution |
S3330 | C# | Cookies should have the "HttpOnly" flag | VULNERABILITY | Minor | cwe, privacy, former-hotspot |
S3343 | C# | Caller information parameters should come at the end of the parameter list | BUG | Major | api-design |
S3346 | C# | Expressions used in "Debug.Assert" should not produce side effects | BUG | Major | |
S3353 | C# | Unchanged variables should be marked as "const" | CODE_SMELL | Critical | performance |
S3358 | C# | Ternary operators should not be nested | CODE_SMELL | Major | confusing |
S3363 | C# | Date and time should not be used as a type for primary keys | BUG | Minor | |
S3366 | C# | "this" should not be exposed from constructors | CODE_SMELL | Major | multi-threading, suspicious |
S3376 | C# | Attribute, EventArgs, and Exception type names should end with the type being extended | CODE_SMELL | Minor | convention |
S3397 | C# | "base.Equals" should not be used to check for reference equality in "Equals" if "base" is not "object" | BUG | Minor | |
S3398 | C# | "private" methods called only by inner classes should be moved to those classes | CODE_SMELL | Minor | confusing |
S3400 | C# | Methods should not return constants | CODE_SMELL | Minor | confusing |
S3415 | C# | Assertion arguments should be passed in the correct order | CODE_SMELL | Major | tests, suspicious |
S3416 | C# | Loggers should be named for their enclosing types | CODE_SMELL | Minor | confusing, logging |
S3427 | C# | Method overloads with default parameter values should not overlap | CODE_SMELL | Blocker | unused, pitfall |
S3431 | C# | "[ExpectedException]" should not be used | CODE_SMELL | Major | tests |
S3433 | C# | Test method signatures should be correct | CODE_SMELL | Blocker | tests |
S3440 | C# | Variables should not be checked against the values they're about to be assigned | CODE_SMELL | Minor | confusing |
S3441 | C# | Redundant property names should be omitted in anonymous classes | CODE_SMELL | Minor | finding, clumsy |
S3442 | C# | "abstract" classes should not have "public" constructors | CODE_SMELL | Major | confusing |
S3443 | C# | Type should not be examined on "System.Type" instances | CODE_SMELL | Blocker | suspicious |
S3444 | C# | Interfaces should not simply inherit from base interfaces with colliding members | CODE_SMELL | Minor | design |
S3445 | C# | Exceptions should not be explicitly rethrown | CODE_SMELL | Major | error-handling, confusing |
S3447 | C# | "[Optional]" should not be used on "ref" or "out" parameters | CODE_SMELL | Critical | pitfall |
S3449 | C# | Right operands of shift operators should be integers | BUG | Critical | |
S3450 | C# | Parameters with "[DefaultParameterValue]" attributes should also be marked "[Optional]" | CODE_SMELL | Minor | pitfall |
S3451 | C# | "[DefaultValue]" should not be used when "[DefaultParameterValue]" is meant | CODE_SMELL | Critical | suspicious |
S3453 | C# | Classes should not have only "private" constructors | BUG | Major | design |
S3456 | C# | "string.ToCharArray()" and "ReadOnlySpan<T>.ToArray()" should not be called redundantly | BUG | Minor | clumsy |
S3457 | C# | Composite format strings should be used correctly | CODE_SMELL | Major | confusing |
S3458 | C# | Empty "case" clauses that fall through to the "default" should be omitted | CODE_SMELL | Minor | finding, clumsy |
S3459 | C# | Unassigned members should be removed | CODE_SMELL | Minor | suspicious |
S3464 | C# | Type inheritance should not be recursive | BUG | Blocker | |
S3466 | C# | Optional parameters should be passed to "base" calls | BUG | Major | |
S3532 | C# | Empty "default" clauses should be removed | CODE_SMELL | Minor | unused, finding, clumsy |
S3597 | C# | "ServiceContract" and "OperationContract" attributes should be used together | CODE_SMELL | Major | api-design |
S3598 | C# | One-way "OperationContract" methods should have "void" return type | BUG | Major | |
S3600 | C# | "params" should not be introduced on overrides | CODE_SMELL | Critical | confusing |
S3603 | C# | Methods with "Pure" attribute should return a value | BUG | Major | |
S3604 | C# | Member initializer values should not be redundant | CODE_SMELL | Minor | |
S3610 | C# | Nullable type comparison should not be redundant | BUG | Major | redundant |
S3626 | C# | Jump statements should not be redundant | CODE_SMELL | Minor | redundant, clumsy |
S3655 | C# | Empty nullable value should not be accessed | BUG | Major | cwe, symbolic-execution |
S3717 | C# | Track use of "NotImplementedException" | CODE_SMELL | Minor | |
S3776 | C# | Cognitive Complexity of methods should not be too high | CODE_SMELL | Critical | brain-overload |
S3869 | C# | "SafeHandle.DangerousGetHandle" should not be called | BUG | Blocker | leak, unpredictable |
S3871 | C# | Exception types should be "public" | CODE_SMELL | Critical | error-handling, api-design |
S3872 | C# | Parameter names should not duplicate the names of their methods | CODE_SMELL | Minor | convention, confusing |
S3874 | C# | "out" and "ref" parameters should not be used | CODE_SMELL | Critical | suspicious |
S3875 | C# | "operator==" should not be overloaded on reference types | CODE_SMELL | Blocker | pitfall |
S3876 | C# | Strings or integral types should be used for indexers | CODE_SMELL | Minor | design |
S3877 | C# | Exceptions should not be thrown from unexpected methods | CODE_SMELL | Blocker | pitfall |
S3878 | C# | Arrays should not be created for params parameters | CODE_SMELL | Minor | clumsy |
S3880 | C# | Finalizers should not be empty | CODE_SMELL | Major | performance |
S3881 | C# | "IDisposable" should be implemented correctly | CODE_SMELL | Major | pitfall |
S3884 | C# | "CoSetProxyBlanket" and "CoInitializeSecurity" should not be used | VULNERABILITY | Blocker | |
S3885 | C# | "Assembly.Load" should be used | CODE_SMELL | Major | unpredictable |
S3887 | C# | Mutable, non-private fields should not be "readonly" | BUG | Minor | |
S3889 | C# | "Thread.Resume" and "Thread.Suspend" should not be used | BUG | Blocker | multi-threading, unpredictable |
S3897 | C# | Classes that provide "Equals(<T>)" should implement "IEquatable<T>" | CODE_SMELL | Minor | api-design |
S3898 | C# | Value types should implement "IEquatable<T>" | CODE_SMELL | Major | performance |
S3900 | C# | Arguments of public methods should be validated against null | CODE_SMELL | Major | convention, symbolic-execution |
S3902 | C# | "Assembly.GetExecutingAssembly" should not be called | CODE_SMELL | Major | performance |
S3903 | C# | Types should be defined in named namespaces | BUG | Major | |
S3904 | C# | Assemblies should have version information | CODE_SMELL | Critical | pitfall |
S3906 | C# | Event Handlers should have the correct signature | CODE_SMELL | Major | convention |
S3908 | C# | Generic event handlers should be used | CODE_SMELL | Major | |
S3909 | C# | Collections should implement the generic interface | CODE_SMELL | Major | |
S3923 | C# | All branches in a conditional structure should not have exactly the same implementation | BUG | Major | |
S3925 | C# | "ISerializable" should be implemented correctly | CODE_SMELL | Major | pitfall |
S3926 | C# | Deserialization methods should be provided for "OptionalField" members | BUG | Major | serialization |
S3927 | C# | Serialization event handlers should be implemented correctly | BUG | Major | |
S3928 | C# | Parameter names used into ArgumentException constructors should match an existing one | CODE_SMELL | Major | |
S3937 | C# | Number patterns should be regular | CODE_SMELL | Critical | suspicious |
S3949 | C# | Calculations should not overflow | BUG | Major | overflow, symbolic-execution |
S3956 | C# | "Generic.List" instances should not be part of public APIs | CODE_SMELL | Major | api-design |
S3962 | C# | "static readonly" constants should be "const" instead | CODE_SMELL | Minor | performance |
S3963 | C# | "static" fields should be initialized inline | CODE_SMELL | Minor | |
S3966 | C# | Objects should not be disposed more than once | CODE_SMELL | Major | confusing, pitfall, symbolic-execution |
S3967 | C# | Multidimensional arrays should not be used | CODE_SMELL | Minor | design |
S3971 | C# | "GC.SuppressFinalize" should not be called | CODE_SMELL | Major | |
S3972 | C# | Conditionals should start on new lines | CODE_SMELL | Critical | suspicious |
S3973 | C# | A conditionally executed single line should be denoted by indentation | CODE_SMELL | Critical | confusing, suspicious |
S3981 | C# | Collection sizes and array length comparisons should make sense | BUG | Major | confusing |
S3984 | C# | Exceptions should not be created without being thrown | BUG | Major | error-handling |
S3990 | C# | Assemblies should be marked as CLS compliant | CODE_SMELL | Major | api-design |
S3992 | C# | Assemblies should explicitly specify COM visibility | CODE_SMELL | Major | api-design |
S3993 | C# | Custom attributes should be marked with "System.AttributeUsageAttribute" | CODE_SMELL | Major | api-design |
S3994 | C# | URI Parameters should not be strings | CODE_SMELL | Major | |
S3995 | C# | URI return values should not be strings | CODE_SMELL | Major | |
S3996 | C# | URI properties should not be strings | CODE_SMELL | Major | |
S3997 | C# | String URI overloads should call "System.Uri" overloads | CODE_SMELL | Major | |
S3998 | C# | Threads should not lock on objects with weak identity | CODE_SMELL | Critical | multi-threading, pitfall |
S4000 | C# | Pointers to unmanaged memory should not be visible | CODE_SMELL | Critical | |
S4002 | C# | Disposable types should declare finalizers | CODE_SMELL | Major | |
S4004 | C# | Collection properties should be readonly | CODE_SMELL | Major | |
S4005 | C# | "System.Uri" arguments should be used instead of strings | CODE_SMELL | Major | |
S4015 | C# | Inherited member visibility should not be decreased | CODE_SMELL | Critical | pitfall |
S4016 | C# | Enumeration members should not be named "Reserved" | CODE_SMELL | Major | |
S4017 | C# | Method signatures should not contain nested generic types | CODE_SMELL | Major | confusing |
S4018 | C# | All type parameters should be used in the parameter list to enable type inference | CODE_SMELL | Minor | |
S4019 | C# | Base class methods should not be hidden | CODE_SMELL | Critical | pitfall |
S4022 | C# | Enumerations should have "Int32" storage | CODE_SMELL | Minor | |
S4023 | C# | Interfaces should not be empty | CODE_SMELL | Minor | |
S4025 | C# | Child class fields should not differ from parent class fields only by capitalization | CODE_SMELL | Critical | pitfall |
S4026 | C# | Assemblies should be marked with "NeutralResourcesLanguageAttribute" | CODE_SMELL | Minor | performance |
S4027 | C# | Exceptions should provide standard constructors | CODE_SMELL | Minor | convention |
S4035 | C# | Classes implementing "IEquatable<T>" should be sealed | CODE_SMELL | Major | pitfall |
S4036 | C# | OS commands should not rely on PATH resolution | VULNERABILITY | Minor | cwe, former-hotspot |
S4039 | C# | Interface methods should be callable by derived types | CODE_SMELL | Critical | pitfall |
S4040 | C# | Strings should be normalized to uppercase | CODE_SMELL | Minor | pitfall |
S4041 | C# | Type names should not match namespaces | CODE_SMELL | Minor | convention |
S4047 | C# | Generics should be used when appropriate | CODE_SMELL | Minor | |
S4049 | C# | Properties should be preferred | CODE_SMELL | Minor | convention |
S4050 | C# | Operators should be overloaded consistently | CODE_SMELL | Major | pitfall |
S4052 | C# | Types should not extend outdated base types | CODE_SMELL | Minor | |
S4055 | C# | Literals should not be passed as localized parameters | CODE_SMELL | Major | localisation, pitfall |
S4056 | C# | Overloads with a "CultureInfo" or an "IFormatProvider" parameter should be used | CODE_SMELL | Minor | localisation, pitfall |
S4057 | C# | Locales should be set for data types | CODE_SMELL | Major | localisation |
S4058 | C# | Overloads with a "StringComparison" parameter should be used | CODE_SMELL | Minor | |
S4059 | C# | Property names should not match get methods | CODE_SMELL | Major | confusing |
S4060 | C# | Non-abstract attributes should be sealed | CODE_SMELL | Minor | performance |
S4061 | C# | "params" should be used instead of "varargs" | CODE_SMELL | Minor | |
S4069 | C# | Operator overloads should have named alternatives | CODE_SMELL | Minor | convention |
S4070 | C# | Non-flags enums should not be marked with "FlagsAttribute" | CODE_SMELL | Major | |
S4136 | C# | Method overloads should be grouped together | CODE_SMELL | Minor | convention |
S4143 | C# | Collection elements should not be replaced unconditionally | BUG | Major | suspicious |
S4144 | C# | Methods should not have identical implementations | CODE_SMELL | Major | confusing, duplicate, suspicious |
S4158 | C# | Empty collections should not be accessed or iterated | BUG | Minor | symbolic-execution |
S4159 | C# | Classes should implement their "ExportAttribute" interfaces | BUG | Blocker | mef, pitfall |
S4200 | C# | Native methods should be wrapped | CODE_SMELL | Major | pitfall |
S4201 | C# | Null checks should not be combined with "is" operator checks | CODE_SMELL | Minor | redundant |
S4210 | C# | Windows Forms entry points should be marked with STAThread | BUG | Major | winforms, pitfall |
S4211 | C# | Members should not have conflicting transparency annotations | VULNERABILITY | Major | pitfall |
S4212 | C# | Serialization constructors should be secured | VULNERABILITY | Major | serialization |
S4214 | C# | "P/Invoke" methods should not be visible | CODE_SMELL | Major | |
S4220 | C# | Events should have proper arguments | CODE_SMELL | Major | event, pitfall |
S4225 | C# | Extension methods should not extend "object" | CODE_SMELL | Minor | |
S4226 | C# | Extensions should be in separate namespaces | CODE_SMELL | Minor | confusing |
S4260 | C# | "ConstructorArgument" parameters should exist in constructors | BUG | Major | xaml, wpf |
S4261 | C# | Methods should be named according to their synchronicities | CODE_SMELL | Minor | |
S4275 | C# | Getters and setters should access the expected fields | BUG | Critical | pitfall |
S4277 | C# | "Shared" parts should not be created with "new" | BUG | Critical | mef, pitfall |
S4347 | C# | Secure random number generators should not output predictable values | VULNERABILITY | Critical | cwe, pitfall, symbolic-execution |
S4423 | C# | Weak SSL/TLS protocols should not be used | VULNERABILITY | Critical | cwe, privacy |
S4426 | C# | Cryptographic keys should be robust | VULNERABILITY | Critical | cwe, privacy |
S4428 | C# | "PartCreationPolicyAttribute" should be used with "ExportAttribute" | BUG | Major | mef, pitfall |
S4433 | C# | LDAP connections should be authenticated | VULNERABILITY | Critical | cwe |
S4456 | C# | Parameter validation in yielding methods should be wrapped | CODE_SMELL | Major | yield |
S4457 | C# | Parameter validation in "async"/"await" methods should be wrapped | CODE_SMELL | Major | async-await |
S4462 | C# | Calls to "async" methods should not be blocking | CODE_SMELL | Blocker | async-await, deadlock |
S4487 | C# | Unread "private" fields should be removed | CODE_SMELL | Critical | cwe, unused |
S4502 | C# | CSRF protections should not be disabled | VULNERABILITY | Critical | cwe, former-hotspot |
S4507 | C# | Debugging features should not be enabled in production | VULNERABILITY | Minor | cwe, error-handling, debug, user-experience, former-hotspot |
S4524 | C# | "default" clauses should be first or last | CODE_SMELL | Critical | |
S4545 | C# | "DebuggerDisplayAttribute" strings should reference existing members | CODE_SMELL | Major | |
S4581 | C# | "new Guid()" should not be used | CODE_SMELL | Major | |
S4583 | C# | Calls to delegate's method "BeginInvoke" should be paired with calls to "EndInvoke" | BUG | Critical | |
S4586 | C# | Non-async "Task/Task<T>" methods should not return null | BUG | Critical | async-await |
S4635 | C# | Start index should be used instead of calling Substring | CODE_SMELL | Critical | performance |
S4663 | C# | Comments should not be empty | CODE_SMELL | Minor | |
S4790 | C# | Weak hashing algorithms should not be used | VULNERABILITY | Critical | cwe, former-hotspot |
S4830 | C# | Server certificates should be verified during SSL/TLS connections | VULNERABILITY | Critical | cwe, privacy, ssl |
S5034 | C# | "ValueTask" should be consumed correctly | CODE_SMELL | Critical | async-await |
S5042 | C# | Expanding archive files should not be done without controlling resource consumption | CODE_SMELL | Major | cwe, former-hotspot |
S5122 | C# | Cross-Origin Resource Sharing (CORS) policy should be restricted to trusted origins | VULNERABILITY | Major | cwe, former-hotspot |
S5332 | C# | Clear-text protocols should not be used | VULNERABILITY | Minor | cwe, former-hotspot |
S5344 | C# | Passwords should not be stored in plaintext or with a fast hashing algorithm | VULNERABILITY | Critical | cwe, spring |
S5443 | C# | Temporary files should not be created in publicly writable directories | VULNERABILITY | Critical | cwe, former-hotspot |
S5445 | C# | Insecure temporary file creation methods should not be used | VULNERABILITY | Critical | cwe |
S5542 | C# | Encryption algorithms should be used with secure mode and padding scheme | VULNERABILITY | Critical | cwe, privacy |
S5547 | C# | Cipher algorithms should be robust | VULNERABILITY | Critical | cwe, privacy |
S5659 | C# | JWT should be signed and verified with strong cipher algorithms | VULNERABILITY | Critical | cwe, privacy |
S5693 | C# | HTTP request content length should be limited | VULNERABILITY | Major | cwe, former-hotspot |
S5753 | C# | ASP.NET Request Validation should not be disabled | VULNERABILITY | Major | cwe, former-hotspot |
S5766 | C# | Serializable objects should validate data during deserialization | VULNERABILITY | Major | cwe, former-hotspot |
S5773 | C# | Types allowed to be deserialized should be restricted | VULNERABILITY | Major | cwe, symbolic-execution |
S5856 | C# | Regular expressions should be syntactically valid | BUG | Critical | regex |
S6354 | C# | Use a testable date/time provider | CODE_SMELL | Major | |
S6377 | C# | XML signatures should be validated securely | VULNERABILITY | Major | |
S6418 | C# | Secrets should not be hard-coded | VULNERABILITY | Blocker | cwe, former-hotspot |
S6419 | C# | Azure Functions should be stateless | CODE_SMELL | Major | azure, bad-practice |
S6420 | C# | Client instances should not be recreated on each Azure Function invocation | CODE_SMELL | Major | azure, bad-practice, design |
S6421 | C# | Azure Functions should use Structured Error Handling | CODE_SMELL | Major | azure, error-handling |
S6422 | C# | Calls to "async" methods should not be blocking in Azure Functions | CODE_SMELL | Blocker | azure, async-await |
S6423 | C# | Azure Functions should log all failures | CODE_SMELL | Major | azure, error-handling |
S6424 | C# | Interfaces for durable entities should satisfy the restrictions | CODE_SMELL | Blocker | azure, design |
S6444 | C# | Not specifying a timeout for regular expressions is security-sensitive | SECURITY_HOTSPOT | Major | cwe, regex |
S6507 | C# | Blocks should not be synchronized on local variables | BUG | Major | cwe, multi-threading |
S6513 | C# | "ExcludeFromCodeCoverage" attributes should include a justification | CODE_SMELL | Minor | bad-practice |
S6561 | C# | Avoid using "DateTime.Now" for benchmarking or timing operations | CODE_SMELL | Major | |
S6562 | C# | Always set the "DateTimeKind" when creating new "DateTime" instances | CODE_SMELL | Major | localisation, pitfall |
S6563 | C# | Use UTC when recording DateTime instants | CODE_SMELL | Major | pitfall |
S6566 | C# | Use "DateTimeOffset" instead of "DateTime" | CODE_SMELL | Major | |
S6575 | C# | Use "TimeZoneInfo.FindSystemTimeZoneById" without converting the timezones with "TimezoneConverter" | CODE_SMELL | Major | |
S6580 | C# | Use a format provider when parsing date and time | CODE_SMELL | Major | pitfall, bug |
S6585 | C# | Don't hardcode the format when turning dates and times to strings | CODE_SMELL | Minor | |
S6588 | C# | Use the "UnixEpoch" field instead of creating "DateTime" instances that point to the beginning of the Unix epoch | CODE_SMELL | Minor | |
S6602 | C# | "Find" method should be used instead of the "FirstOrDefault" extension | CODE_SMELL | Minor | performance |
S6603 | C# | The collection-specific "TrueForAll" method should be used instead of the "All" extension | CODE_SMELL | Minor | performance |
S6605 | C# | Collection-specific "Exists" method should be used instead of the "Any" extension | CODE_SMELL | Minor | performance |
S6607 | C# | The collection should be filtered before sorting by using "Where" before "OrderBy" | CODE_SMELL | Minor | performance |
S6608 | C# | Prefer indexing instead of "Enumerable" methods on types implementing "IList" | CODE_SMELL | Minor | performance |
S6609 | C# | "Min/Max" properties of "Set" types should be used instead of the "Enumerable" extension methods | CODE_SMELL | Minor | performance |
S6610 | C# | "StartsWith" and "EndsWith" overloads that take a "char" should be used instead of the ones that take a "string" | CODE_SMELL | Minor | performance |
S6612 | C# | The lambda parameter should be used instead of capturing arguments in "ConcurrentDictionary" methods | CODE_SMELL | Minor | performance |
S6613 | C# | "First" and "Last" properties of "LinkedList" should be used instead of the "First()" and "Last()" extension methods | CODE_SMELL | Minor | performance |
S6617 | C# | "Contains" should be used instead of "Any" for simple equality checks | CODE_SMELL | Minor | performance |
S6618 | C# | "string.Create" should be used instead of "FormattableString" | CODE_SMELL | Minor | performance |
S6640 | C# | Unsafe code blocks should not be used | VULNERABILITY | Major | former-hotspot |
S6664 | C# | The code block contains too many logging calls | CODE_SMELL | Minor | logging |
S6667 | C# | Logging in a catch clause should pass the caught exception as a parameter. | CODE_SMELL | Minor | error-handling, logging |
S6668 | C# | Logging arguments should be passed to the correct parameter | CODE_SMELL | Minor | logging |
S6669 | C# | Logger field or property name should comply with a naming convention | CODE_SMELL | Minor | logging |
S6670 | C# | "Trace.Write" and "Trace.WriteLine" should not be used | CODE_SMELL | Minor | logging |
S6672 | C# | Generic logger injection should match enclosing type | CODE_SMELL | Minor | confusing, logging |
S6673 | C# | Log message template placeholders should be in the right order | CODE_SMELL | Major | logging |
S6674 | C# | Log message template should be syntactically correct | BUG | Critical | logging |
S6675 | C# | "Trace.WriteLineIf" should not be used with "TraceSwitch" levels | CODE_SMELL | Minor | confusing, clumsy, logging |
S6677 | C# | Message template placeholders should be unique | BUG | Major | logging |
S6678 | C# | Use PascalCase for named placeholders | CODE_SMELL | Minor | logging |
S6781 | C# | JWT secret keys should not be disclosed | VULNERABILITY | Blocker | cwe, symbolic-execution |
S6797 | C# | Blazor query parameter type should be supported | BUG | Major | blazor |
S6798 | C# | [JSInvokable] attribute should only be used on public methods | BUG | Major | blazor |
S6800 | C# | Component parameter type should match the route parameter type constraint | BUG | Major | blazor |
S6802 | C# | Using lambda expressions in loops should be avoided in Blazor markup section | CODE_SMELL | Major | blazor |
S6803 | C# | Parameters with SupplyParameterFromQuery attribute should be used only in routable components | CODE_SMELL | Major | blazor |
S6930 | C# | Backslash should be avoided in route templates | BUG | Major | asp.net |
S6931 | C# | ASP.NET controller actions should not have a route template starting with "/" | CODE_SMELL | Major | asp.net |
S6932 | C# | Use model binding instead of reading raw request data | CODE_SMELL | Major | asp.net |
S6934 | C# | A Route attribute should be added to the controller when a route template is specified at the action level | CODE_SMELL | Major | asp.net |
S6960 | C# | Controllers should not have mixed responsibilities | CODE_SMELL | Major | asp.net |
S6961 | C# | API Controllers should derive from ControllerBase instead of Controller | CODE_SMELL | Major | asp.net, performance |
S6962 | C# | You should pool HTTP connections with HttpClientFactory | CODE_SMELL | Major | asp.net |
S6964 | C# | Value type property used as input in a controller action should be nullable, required or annotated with the JsonRequiredAttribute to avoid under-posting. | CODE_SMELL | Major | asp.net |
S6965 | C# | REST API actions should be annotated with an HTTP verb attribute | CODE_SMELL | Major | asp.net |
S6966 | C# | Awaitable method should be used | CODE_SMELL | Major | async-await |
S6967 | C# | ModelState.IsValid should be called in controller actions | CODE_SMELL | Critical | asp.net |
S6968 | C# | Actions that return a value should be annotated with ProducesResponseTypeAttribute containing the return type | CODE_SMELL | Major | asp.net |
S7039 | C# | Content Security Policies should be restrictive | VULNERABILITY | Major | |
S7130 | C# | First/Single should be used instead of FirstOrDefault/SingleOrDefault on collections that are known to be non-empty | CODE_SMELL | Major | symbolic-execution |
S7131 | C# | A write lock should not be released when a read lock has been acquired and vice versa | BUG | Critical | symbolic-execution |
S7133 | C# | Locks should be released within the same method | BUG | Critical | symbolic-execution |
S818 | C# | Literal suffixes should be upper case | CODE_SMELL | Minor | convention, pitfall |
S8367 | C# | Identifiers should not conflict with the C# 14 "field" contextual keyword | CODE_SMELL | Critical | csharp-14, compatibility, upgrade |
S8368 | C# | Identifiers should not conflict with the C# 14 "extension" contextual keyword | CODE_SMELL | Critical | csharp14, breaking-change, contextual-keyword |
S8380 | C# | Return types named "partial" should be escaped with "@" | CODE_SMELL | Critical | breaking-change, csharp14 |
S8381 | C# | "scoped" should be escaped when used as an identifier or type name in parenthesized lambda parameter lists | CODE_SMELL | Critical | csharp14, breaking-change, lambda |
S8717 | C# | Multiple "[Key]" attributes should not be used to define a composite key | BUG | Blocker | entity-framework-core, entity-framework, orm, database |
S881 | C# | Increment (++) and decrement (--) operators should not be used in a method call or mixed with other operators in an expression | CODE_SMELL | Major | |
S907 | C# | "goto" statement should not be used | CODE_SMELL | Major | brain-overload |
S927 | C# | Parameter names should match base declaration and other partial definitions | CODE_SMELL | Critical | suspicious |
S101 | VB.NET | Class names should comply with a naming convention | CODE_SMELL | Minor | convention |
S103 | VB.NET | Lines should not be too long | CODE_SMELL | Major | convention |
S104 | VB.NET | Files should not have too many lines of code | CODE_SMELL | Major | brain-overload |
S1048 | VB.NET | Finalize method should not throw exceptions | BUG | Blocker | |
S105 | VB.NET | Tabulation characters should not be used | CODE_SMELL | Minor | convention |
S1066 | VB.NET | Mergeable "if" statements should be combined | CODE_SMELL | Major | clumsy |
S1067 | VB.NET | Expressions should not be too complex | CODE_SMELL | Critical | brain-overload |
S107 | VB.NET | Procedures should not have too many parameters | CODE_SMELL | Major | brain-overload |
S1075 | VB.NET | URIs should not be hardcoded | CODE_SMELL | Minor | |
S108 | VB.NET | Nested blocks of code should not be left empty | CODE_SMELL | Major | suspicious |
S1110 | VB.NET | Unnecessary parentheses should be removed | CODE_SMELL | Minor | clippy, redundant, readability |
S112 | VB.NET | General or reserved exceptions should never be thrown | CODE_SMELL | Major | cwe, error-handling |
S1123 | VB.NET | "Obsolete" attributes should include explanations | CODE_SMELL | Major | obsolete, bad-practice |
S1125 | VB.NET | Boolean literals should not be redundant | CODE_SMELL | Minor | clumsy |
S1133 | VB.NET | Deprecated code should be removed | CODE_SMELL | Info | obsolete |
S1134 | VB.NET | Track uses of "FIXME" tags | CODE_SMELL | Major | cwe |
S1135 | VB.NET | Track uses of "TODO" tags | CODE_SMELL | Info | cwe |
S114 | VB.NET | Interface names should comply with a naming convention | CODE_SMELL | Minor | convention |
S1147 | VB.NET | "End" statements should not be used | CODE_SMELL | Blocker | cwe, suspicious |
S1151 | VB.NET | "Select...Case" clauses should not have too many lines of code | CODE_SMELL | Major | brain-overload |
S1155 | VB.NET | "Any()" should be used to test for emptiness | CODE_SMELL | Minor | performance |
S1163 | VB.NET | Exceptions should not be thrown in finally blocks | CODE_SMELL | Critical | error-handling, suspicious |
S117 | VB.NET | Local variable names should comply with a naming convention | CODE_SMELL | Minor | convention |
S1172 | VB.NET | Unused procedure parameters should be removed | CODE_SMELL | Major | unused |
S1186 | VB.NET | Methods should not be empty | CODE_SMELL | Critical | suspicious |
S119 | VB.NET | Generic type parameter names should comply with a naming convention | CODE_SMELL | Minor | convention |
S1192 | VB.NET | String literals should not be duplicated | CODE_SMELL | Minor | design |
S1197 | VB.NET | Array designators "()" should be on the type, not the variable | CODE_SMELL | Minor | convention |
S122 | VB.NET | Statements should be on separate lines | CODE_SMELL | Major | convention |
S1226 | VB.NET | Method parameters and caught exceptions should not be reassigned | BUG | Minor | |
S126 | VB.NET | "If ... ElseIf" constructs should end with "Else" clauses | CODE_SMELL | Critical | |
S1301 | VB.NET | "Select" statements should have at least 3 "Case" clauses | CODE_SMELL | Minor | bad-practice |
S131 | VB.NET | "Select" statements should end with a "Case Else" clause | CODE_SMELL | Critical | cwe |
S1313 | VB.NET | IP addresses should not be hardcoded | CODE_SMELL | Minor | former-hotspot |
S134 | VB.NET | Control flow statements "If", "For", "For Each", "Do", "While", "Select" and "Try" should not be nested too deeply | CODE_SMELL | Critical | brain-overload |
S138 | VB.NET | Procedures should not have too many lines of code | CODE_SMELL | Major | brain-overload |
S139 | VB.NET | Comments should not be located at the end of lines of code | CODE_SMELL | Minor | convention |
S1451 | VB.NET | Track lack of copyright and license headers | CODE_SMELL | Blocker | convention |
S1479 | VB.NET | "Select Case" statement with many "Case" clauses should have only one statement | CODE_SMELL | Major | brain-overload |
S1481 | VB.NET | Unused local variables should be removed | CODE_SMELL | Minor | unused |
S1541 | VB.NET | Functions, procedures and properties should not be too complex | CODE_SMELL | Critical | brain-overload |
S1542 | VB.NET | Functions and procedures should comply with a naming convention | CODE_SMELL | Major | convention |
S1643 | VB.NET | Strings should not be concatenated using "+" or "&" in a loop | CODE_SMELL | Minor | performance |
S1645 | VB.NET | The "&" operator should be used to concatenate strings | CODE_SMELL | Critical | suspicious |
S1654 | VB.NET | Method parameters should follow a naming convention | CODE_SMELL | Major | convention |
S1656 | VB.NET | Variables should not be self-assigned | BUG | Major | |
S1659 | VB.NET | Multiple variables should not be declared on the same line | CODE_SMELL | Minor | convention |
S1751 | VB.NET | Loops with at most one iteration should be refactored | BUG | Major | confusing, bad-practice |
S1764 | VB.NET | Identical expressions should not be used on both sides of a binary operator | BUG | Major | suspicious |
S1821 | VB.NET | "Select Case" statements should not be nested | CODE_SMELL | Critical | pitfall |
S1862 | VB.NET | Related "If/ElseIf" statements should not have the same condition | BUG | Major | unused, pitfall |
S1871 | VB.NET | Two branches in a conditional structure should not have exactly the same implementation | CODE_SMELL | Major | design, suspicious |
S1940 | VB.NET | Boolean checks should not be inverted | CODE_SMELL | Minor | pitfall |
S1944 | VB.NET | Invalid casts should be avoided | CODE_SMELL | Major | cwe, suspicious |
S2053 | VB.NET | Password hashing functions should use an unpredictable salt | VULNERABILITY | Critical | cwe, symbolic-execution |
S2068 | VB.NET | Credentials should not be hard-coded | VULNERABILITY | Major | cwe, former-hotspot |
S2077 | VB.NET | SQL queries should not be dynamically formatted | VULNERABILITY | Major | cwe, bad-practice, sql, former-hotspot |
S2094 | VB.NET | Classes should not be empty | CODE_SMELL | Minor | clumsy |
S2166 | VB.NET | Classes named like "Exception" should extend "Exception" or a subclass | CODE_SMELL | Major | convention, error-handling, pitfall |
S2178 | VB.NET | Short-circuit logic should be used in boolean contexts | CODE_SMELL | Blocker | |
S2222 | VB.NET | Locks should be released on all paths | BUG | Critical | cwe, multi-threading, symbolic-execution |
S2225 | VB.NET | "ToString()" method should not return Nothing | BUG | Major | cwe |
S2234 | VB.NET | Arguments should be passed in the same order as the procedure parameters | CODE_SMELL | Major | |
S2257 | VB.NET | Custom cryptographic algorithms should not be used | VULNERABILITY | Critical | cwe, former-hotspot |
S2259 | VB.NET | Null pointers should not be dereferenced | BUG | Major | cwe, symbolic-execution |
S2302 | VB.NET | "NameOf" should be used | CODE_SMELL | Critical | bad-practice |
S2304 | VB.NET | Namespace names should comply with a naming convention | CODE_SMELL | Minor | convention |
S2339 | VB.NET | Public constant members should not be used | CODE_SMELL | Critical | pitfall |
S2340 | VB.NET | "Do" loops should not be used without a "While" or "Until" condition | CODE_SMELL | Critical | pitfall |
S2342 | VB.NET | Enumeration types should comply with a naming convention | CODE_SMELL | Minor | convention |
S2343 | VB.NET | Enumeration values should comply with a naming convention | CODE_SMELL | Minor | convention |
S2344 | VB.NET | Enumeration type names should not have "Flags" or "Enum" suffixes | CODE_SMELL | Minor | convention |
S2345 | VB.NET | Flags enumerations should explicitly initialize all their members | BUG | Minor | |
S2346 | VB.NET | Flags enumerations zero-value members should be named "None" | CODE_SMELL | Critical | convention |
S2347 | VB.NET | Event handlers should comply with a naming convention | CODE_SMELL | Minor | convention |
S2348 | VB.NET | Events should comply with a naming convention | CODE_SMELL | Minor | convention |
S2349 | VB.NET | Event names should not have "Before" or "After" as a prefix or suffix | CODE_SMELL | Minor | convention |
S2352 | VB.NET | Indexed properties with more than one parameter should not be used | CODE_SMELL | Major | clumsy |
S2354 | VB.NET | Line continuations should not be used | CODE_SMELL | Minor | convention |
S2355 | VB.NET | Array literals should be used instead of array creation expressions | CODE_SMELL | Minor | clumsy |
S2357 | VB.NET | Fields should be private | CODE_SMELL | Major | pitfall |
S2358 | VB.NET | "IsNot" should be used instead of "Not ... Is ..." | CODE_SMELL | Major | clumsy |
S2359 | VB.NET | "On Error" statements should not be used | CODE_SMELL | Major | bad-practice |
S2360 | VB.NET | Optional parameters should not be used | CODE_SMELL | Critical | pitfall |
S2362 | VB.NET | Private constants should comply with a naming convention | CODE_SMELL | Minor | convention |
S2363 | VB.NET | "Private Shared ReadOnly" fields should comply with a naming convention | CODE_SMELL | Minor | convention |
S2364 | VB.NET | "Private" fields should comply with a naming convention | CODE_SMELL | Minor | convention |
S2365 | VB.NET | Properties should not make collection or array copies | CODE_SMELL | Critical | api-design, performance |
S2366 | VB.NET | Properties should comply with a naming convention | CODE_SMELL | Minor | convention |
S2367 | VB.NET | Non-private constants should comply with a naming convention | CODE_SMELL | Minor | convention |
S2368 | VB.NET | Public methods should not have multidimensional array parameters | CODE_SMELL | Blocker | pitfall |
S2369 | VB.NET | Non-private fields should comply with a naming convention | CODE_SMELL | Minor | convention |
S2370 | VB.NET | Non-private "Shared ReadOnly" fields should comply with a naming convention | CODE_SMELL | Minor | convention |
S2372 | VB.NET | Exceptions should not be thrown from property getters | CODE_SMELL | Major | error-handling |
S2373 | VB.NET | Generic type parameter names should comply with a naming convention | CODE_SMELL | Minor | |
S2374 | VB.NET | Signed types should be preferred to unsigned ones | CODE_SMELL | Critical | pitfall |
S2375 | VB.NET | "With" statements should be used for a series of calls to the same object | CODE_SMELL | Minor | clumsy |
S2376 | VB.NET | Write-only properties should not be used | CODE_SMELL | Major | pitfall |
S2387 | VB.NET | Child class fields should not shadow parent class fields | CODE_SMELL | Blocker | |
S2429 | VB.NET | Arrays should be initialized using the "... = {}" syntax | CODE_SMELL | Minor | clumsy |
S2437 | VB.NET | Unnecessary bit operations should not be performed | CODE_SMELL | Blocker | suspicious |
S2551 | VB.NET | Shared resources should not be used for locking | BUG | Critical | multi-threading |
S2583 | VB.NET | Conditionally executed code should be reachable | BUG | Major | cwe, unused, suspicious, pitfall, symbolic-execution |
S2589 | VB.NET | Boolean expressions should not be gratuitous | CODE_SMELL | Major | cwe, suspicious, redundant, symbolic-execution |
S2612 | VB.NET | File permissions should not be set to world-accessible values | VULNERABILITY | Major | cwe, former-hotspot |
S2692 | VB.NET | "IndexOf" checks should not be for positive numbers | CODE_SMELL | Critical | suspicious |
S2737 | VB.NET | "catch" clauses should do more than rethrow | CODE_SMELL | Minor | error-handling, unused, finding, clumsy |
S2757 | VB.NET | Non-existent operators like "=+" should not be used | BUG | Major | |
S2761 | VB.NET | 'Not' boolean operator should not be repeated | BUG | Major | |
S2925 | VB.NET | "Thread.Sleep" should not be used in tests | CODE_SMELL | Major | tests, bad-practice |
S2951 | VB.NET | "Exit Select" statements should not be used redundantly | CODE_SMELL | Minor | unused, clumsy |
S3011 | VB.NET | Reflection should not be used to increase accessibility of classes, methods, or fields | CODE_SMELL | Major | |
S3063 | VB.NET | "StringBuilder" data should be used | CODE_SMELL | Major | performance |
S3329 | VB.NET | Cipher Block Chaining IVs should be unpredictable | VULNERABILITY | Critical | cwe, symbolic-execution |
S3358 | VB.NET | If operators should not be nested | CODE_SMELL | Major | confusing |
S3363 | VB.NET | Date and time should not be used as a type for primary keys | BUG | Minor | |
S3385 | VB.NET | "Exit" statements should not be used | CODE_SMELL | Major | brain-overload, bad-practice |
S3431 | VB.NET | "[ExpectedException]" should not be used | CODE_SMELL | Major | tests |
S3449 | VB.NET | Right operands of shift operators should be integers | BUG | Critical | |
S3453 | VB.NET | Classes should not have only "private" constructors | BUG | Major | design |
S3464 | VB.NET | Type inheritance should not be recursive | BUG | Blocker | |
S3466 | VB.NET | Optional parameters should be passed to "base" calls | BUG | Major | |
S3598 | VB.NET | One-way "OperationContract" methods should have "void" return type | BUG | Major | |
S3603 | VB.NET | Methods with "Pure" attribute should return a value | BUG | Major | |
S3655 | VB.NET | Empty nullable value should not be accessed | BUG | Major | cwe, symbolic-execution |
S3776 | VB.NET | Cognitive Complexity of methods should not be too high | CODE_SMELL | Critical | brain-overload |
S3860 | VB.NET | "ByVal" should not be used | CODE_SMELL | Minor | clumsy |
S3866 | VB.NET | "IIf" should not be used | CODE_SMELL | Critical | performance |
S3869 | VB.NET | "SafeHandle.DangerousGetHandle" should not be called | BUG | Blocker | leak, unpredictable |
S3871 | VB.NET | Exception types should be "Public" | CODE_SMELL | Critical | error-handling, api-design |
S3878 | VB.NET | Arrays should not be created for ParamArray parameters | CODE_SMELL | Minor | clumsy |
S3884 | VB.NET | "CoSetProxyBlanket" and "CoInitializeSecurity" should not be used | VULNERABILITY | Blocker | |
S3889 | VB.NET | "Thread.Resume" and "Thread.Suspend" should not be used | BUG | Blocker | multi-threading, unpredictable |
S3898 | VB.NET | Value types should implement "IEquatable<T>" | CODE_SMELL | Major | performance |
S3900 | VB.NET | Arguments of public methods should be validated against Nothing | CODE_SMELL | Major | convention, symbolic-execution |
S3903 | VB.NET | Types should be defined in named namespaces | BUG | Major | |
S3904 | VB.NET | Assemblies should have version information | CODE_SMELL | Critical | pitfall |
S3923 | VB.NET | All branches in a conditional structure should not have exactly the same implementation | BUG | Major | |
S3926 | VB.NET | Deserialization methods should be provided for "OptionalField" members | BUG | Major | serialization |
S3927 | VB.NET | Serialization event handlers should be implemented correctly | BUG | Major | |
S3949 | VB.NET | Calculations should not overflow | BUG | Major | overflow, symbolic-execution |
S3966 | VB.NET | Objects should not be disposed more than once | CODE_SMELL | Major | confusing, pitfall, symbolic-execution |
S3981 | VB.NET | Collection sizes and array length comparisons should make sense | BUG | Major | confusing |
S3990 | VB.NET | Assemblies should be marked as CLS compliant | CODE_SMELL | Major | api-design |
S3992 | VB.NET | Assemblies should explicitly specify COM visibility | CODE_SMELL | Major | api-design |
S3998 | VB.NET | Threads should not lock on objects with weak identity | CODE_SMELL | Critical | multi-threading, pitfall |
S4025 | VB.NET | Child class fields should not differ from parent class fields only by capitalization | CODE_SMELL | Critical | pitfall |
S4036 | VB.NET | OS commands should not rely on PATH resolution | VULNERABILITY | Minor | cwe, former-hotspot |
S4060 | VB.NET | Non-abstract attributes should be sealed | CODE_SMELL | Minor | performance |
S4136 | VB.NET | Method overloads should be grouped together | CODE_SMELL | Minor | convention |
S4143 | VB.NET | Map values should not be replaced unconditionally | BUG | Major | suspicious |
S4144 | VB.NET | Methods should not have identical implementations | CODE_SMELL | Major | confusing, duplicate, suspicious |
S4158 | VB.NET | Empty collections should not be accessed or iterated | BUG | Minor | symbolic-execution |
S4159 | VB.NET | Classes should implement their "ExportAttribute" interfaces | BUG | Blocker | mef, pitfall |
S4201 | VB.NET | Null checks should not be combined with "TypeOf Is" operator checks | CODE_SMELL | Minor | redundant |
S4210 | VB.NET | Windows Forms entry points should be marked with STAThread | BUG | Major | winforms, pitfall |
S4225 | VB.NET | Extension methods should not extend "Object" | CODE_SMELL | Minor | |
S4260 | VB.NET | "ConstructorArgument" parameters should exist in constructors | BUG | Major | xaml, wpf |
S4275 | VB.NET | Property procedures should access the expected fields | BUG | Critical | pitfall |
S4277 | VB.NET | "Shared" parts should not be created with "new" | BUG | Critical | mef, pitfall |
S4423 | VB.NET | Weak SSL/TLS protocols should not be used | VULNERABILITY | Critical | cwe, privacy |
S4428 | VB.NET | "PartCreationPolicyAttribute" should be used with "ExportAttribute" | BUG | Major | mef, pitfall |
S4507 | VB.NET | Debugging features should not be enabled in production | VULNERABILITY | Minor | cwe, error-handling, debug, user-experience, former-hotspot |
S4545 | VB.NET | "DebuggerDisplayAttribute" strings should reference existing members | CODE_SMELL | Major | |
S4581 | VB.NET | "new Guid()" should not be used | CODE_SMELL | Major | |
S4583 | VB.NET | Calls to delegate's method "BeginInvoke" should be paired with calls to "EndInvoke" | BUG | Critical | |
S4586 | VB.NET | Non-async "Task/Task<T>" methods should not return null | BUG | Critical | async-await |
S4663 | VB.NET | Comments should not be empty | CODE_SMELL | Minor | |
S4790 | VB.NET | Weak hashing algorithms should not be used | VULNERABILITY | Critical | cwe, former-hotspot |
S4830 | VB.NET | Server certificates should be verified during SSL/TLS connections | VULNERABILITY | Critical | cwe, privacy, ssl |
S5042 | VB.NET | Expanding archive files should not be done without controlling resource consumption | CODE_SMELL | Major | cwe, former-hotspot |
S5443 | VB.NET | Temporary files should not be created in publicly writable directories | VULNERABILITY | Critical | cwe, former-hotspot |
S5445 | VB.NET | Insecure temporary file creation methods should not be used | VULNERABILITY | Critical | cwe |
S5542 | VB.NET | Encryption algorithms should be used with secure mode and padding scheme | VULNERABILITY | Critical | cwe, privacy |
S5547 | VB.NET | Cipher algorithms should be robust | VULNERABILITY | Critical | cwe, privacy |
S5659 | VB.NET | JWT should be signed and verified with strong cipher algorithms | VULNERABILITY | Critical | cwe, privacy |
S5693 | VB.NET | HTTP request content length should be limited | VULNERABILITY | Major | cwe, former-hotspot |
S5753 | VB.NET | ASP.NET Request Validation should not be disabled | VULNERABILITY | Major | cwe, former-hotspot |
S5773 | VB.NET | Types allowed to be deserialized should be restricted | VULNERABILITY | Major | cwe, symbolic-execution |
S5856 | VB.NET | Regular expressions should be syntactically valid | BUG | Critical | regex |
S5944 | VB.NET | "Return" statements should be used instead of assigning values to function names | CODE_SMELL | Major | bad-practice, confusing |
S6145 | VB.NET | "Option Strict" should be enabled | CODE_SMELL | Major | bad-practice |
S6146 | VB.NET | "Option Explicit" should be enabled | CODE_SMELL | Critical | bad-practice |
S6354 | VB.NET | Use a testable date/time provider | CODE_SMELL | Major | |
S6418 | VB.NET | Secrets should not be hard-coded | VULNERABILITY | Blocker | cwe, former-hotspot |
S6444 | VB.NET | Not specifying a timeout for regular expressions is security-sensitive | SECURITY_HOTSPOT | Major | cwe, regex |
S6513 | VB.NET | "ExcludeFromCodeCoverage" attributes should include a justification | CODE_SMELL | Minor | bad-practice |
S6561 | VB.NET | Avoid using "DateTime.Now" for benchmarking or timing operations | CODE_SMELL | Major | |
S6562 | VB.NET | Always set the "DateTimeKind" when creating new "DateTime" instances | CODE_SMELL | Major | localisation, pitfall |
S6563 | VB.NET | Use UTC when recording DateTime instants | CODE_SMELL | Major | pitfall |
S6566 | VB.NET | Use "DateTimeOffset" instead of "DateTime" | CODE_SMELL | Major | |
S6575 | VB.NET | Use "TimeZoneInfo.FindSystemTimeZoneById" without converting the timezones with "TimezoneConverter" | CODE_SMELL | Major | |
S6580 | VB.NET | Use a format provider when parsing date and time | CODE_SMELL | Major | pitfall, bug |
S6585 | VB.NET | Don't hardcode the format when turning dates and times to strings | CODE_SMELL | Minor | |
S6588 | VB.NET | Use the "UnixEpoch" field instead of creating "DateTime" instances that point to the beginning of the Unix epoch | CODE_SMELL | Minor | |
S6602 | VB.NET | "Find" method should be used instead of the "FirstOrDefault" extension | CODE_SMELL | Minor | performance |
S6603 | VB.NET | The collection-specific "TrueForAll" method should be used instead of the "All" extension | CODE_SMELL | Minor | performance |
S6605 | VB.NET | Collection-specific "Exists" method should be used instead of the "Any" extension | CODE_SMELL | Minor | performance |
S6607 | VB.NET | The collection should be filtered before sorting by using "Where" before "OrderBy" | CODE_SMELL | Minor | performance |
S6608 | VB.NET | Prefer indexing instead of "Enumerable" methods on types implementing "IList" | CODE_SMELL | Minor | performance |
S6609 | VB.NET | "Min/Max" properties of "Set" types should be used instead of the "Enumerable" extension methods | CODE_SMELL | Minor | performance |
S6610 | VB.NET | "StartsWith" and "EndsWith" overloads that take a "char" should be used instead of the ones that take a "string" | CODE_SMELL | Minor | performance |
S6612 | VB.NET | The lambda parameter should be used instead of capturing arguments in "ConcurrentDictionary" methods | CODE_SMELL | Minor | performance |
S6613 | VB.NET | "First" and "Last" properties of "LinkedList" should be used instead of the "First()" and "Last()" extension methods | CODE_SMELL | Minor | performance |
S6617 | VB.NET | "Contains" should be used instead of "Any" for simple equality checks | CODE_SMELL | Minor | performance |
S6930 | VB.NET | Backslash should be avoided in route templates | BUG | Major | asp.net |
S6931 | VB.NET | ASP.NET controller actions should not have a route template starting with "/" | CODE_SMELL | Major | asp.net |
S7130 | VB.NET | First/Single should be used instead of FirstOrDefault/SingleOrDefault on collections that are known to be non-empty | CODE_SMELL | Major | symbolic-execution |
S7131 | VB.NET | A write lock should not be released when a read lock has been acquired and vice versa | BUG | Critical | symbolic-execution |
S7133 | VB.NET | Locks should be released within the same method | BUG | Critical | symbolic-execution |
S907 | VB.NET | "GoTo" statements should not be used | CODE_SMELL | Major | brain-overload |
S927 | VB.NET | Parameter names should match base declaration | CODE_SMELL | Critical | suspicious |