Fxcop tutorial video

Using FxCop: A Short Tutorial

Another positive aspect of code analysis is you can easily identify bugs early in the development cycle before those are identified by testers or even users of the application. Identifying and correcting critical bugs early in the software development cycle mitigates risks like reducing developer productivity, creating unnecessary bottlenecks in the software development lifecycle, increasing software development costs, etc.

In this article I will discuss the integrated static code analysis tool FxCop , introduced with Visual Studio Visual Studio code analysis rules are applicable for five different programming languages.

The Visual Studio static code analyzer is available with premium and ultimate editions only. But you will be able to see the analyze menu in the Visual Studio editor if Fxcop is installed. Plus, in project properties, you will get a code analysis tab. These rules are part of best practices.

c# - Video tutorial on how to create FxCop custom rule? - Stack Overflow

You can open all these rules from the code analysis tab under project properties. You can select specific rule groups that you want to apply for your project.

Code Analysis for Managed Code Overview

To set all code analysis rules select "Microsoft All Rules' from the dropdown. You can also set the code analysis rules at the solution level. All these rule groups are individual XML files found in following path. Following is the source XML of basic correctness rules.

Include this rule set to expand on the list of warnings reported by the minimum recommended rules. All rule sets are uniquely identified by ID value. Code analysis violation results are shown as warnings when you compile your application or run code analysis from the analyze menu. Each code analysis violation displayed in the error list contains detailed information on the violation, like code file name, project name, line number etc. You can either fix the violation or suppress the violation.

Double clicking on the error list will redirect you to the specific line where violation occurred.

How to Use FxCop - CodeProject

You can suppress a violation if that is not applicable for your project either selecting 'In source' or 'In Project' option. Example of Code Analysis Violations and Fixes To demonstrate code analysis violations I have created a MVC test application using visual studio applied "Microsoft All Rules" from code analysis tab under project properties and configured my project file to show code violation warnings as errors.

After running code analysis on my test MVC application I found few code violation errors. Out of these errors I have picked up Error 13, which is "CA Change the type of parameter 'returnUrl' of method 'AccountController.

LogOn LogOnModel, string ' from string to System. Uri, or provide an overload of 'AccountController. LogOn LogOnModel, string ', that allows 'returnUrl' to be passed as a System. CA violation is shown when a string parameter is declared and variable name contains "uri", "Uri", "urn", "Urn", "url", or "Url". This rule splits the parameter name into tokens and checks any of these tokens equals to "uri", "Uri", "urn", "Urn", "url", or "Url". LogOn method of test MVC application I am returning a string URL as ActionResult when user validation is passed.

To fix this code violation warning I have changed the type of returnUrl parameter from string to System. Uri and did necessary modification in the function body. Source code of the modified function is as follows.

AddModelError "", "The user name or password provided is incorrect. Review SQL queries for security vulnerabilities".

As per this rule: An SQL command string that is built from user input is vulnerable to SQL injection attacks.

To fix a violation, use a parameterized query instead of inline SQL query. To fix this code violation warning I have changed the following inline SQL query. You have options to configure customized rules up to the Visual Studio solution level.

He has with seven years of experience, holds Microsoft certifications in. Author Feedback Email Article Print Article Comment on this Article Digg del. Now Javascript is disabled.

You have characters left. Sponsored Research Editorial Research.

The Dawning of a New Standard Going Mobile: Getting Your Apps On the Road Software as a Service: Building On-Demand Applications in the Cloud A New Era for Rich Internet Applications The Road to Ruby Vista's Bounty: Surprising Features Take You Beyond. Bridging Muddled Waters Wireless Special Report: Marching Toward Mobility Home Page for Special Report: Ensuring Successful Web Services Today and Tomorrow How to Create a Disaster Recovery Plan Special Report: The Agile Architecture Revolution DevXtra Blog: Enterprise Issues For Developers.

Specialized Dev Zones Research Center eBook Library. Display of Bit Field on UI.

Capture Errors from a BackGroundWorker Component in the RunWorkerCompleted Event. Merge Two DataTables, Preserving the Old Values.

In today's world, software security is the first and foremost requirement of any customer when you are developing a new application. But you can develop a secure application by mitigating all the risks in the development cycle itself. The best way to mitigate software risks is by doing code reviews and code analysis throughout the development cycle. Tapas Pal is a Microsoft Platform technical professional with Tata Consultancy Services, India.

Thanks for your registration, follow us on our social networks to keep up-to-date. Enterprise Issues For Developers Specialized Dev Zones.

Sign up for e-mail newsletters from DevX. Display of Bit Field on UI Tip: How to Use the Visual Studio Code Analysis Tool FxCop The integrated static code analysis tool an help you find and correct bugs in your software development.