-
-
Notifications
You must be signed in to change notification settings - Fork 27
/
IdentityServer8.DotNet.ruleset
199 lines (199 loc) · 19.2 KB
/
IdentityServer8.DotNet.ruleset
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
<?xml version="1.0"?>
<RuleSet Name="All Rules Disabled" Description="All Rules are disabled." ToolsVersion="15.0">
<Rules AnalyzerId="Microsoft.CodeAnalysis.VersionCheckAnalyzer" RuleNamespace="Microsoft.CodeAnalysis.VersionCheckAnalyzer">
<Rule Id="CA9999" Action="None" /> <!-- Analyzer version mismatch -->
</Rules>
<Rules AnalyzerId="Microsoft.CodeQuality.Analyzers" RuleNamespace="Microsoft.CodeQuality.Analyzers">
<Rule Id="CA1000" Action="None" /> <!-- Do not declare static members on generic types -->
<Rule Id="CA1008" Action="None" /> <!-- Enums should have zero value -->
<Rule Id="CA1010" Action="None" /> <!-- Collections should implement generic interface -->
<Rule Id="CA1012" Action="None" /> <!-- Abstract types should not have constructors -->
<Rule Id="CA1014" Action="None" /> <!-- Mark assemblies with CLSCompliant -->
<Rule Id="CA1016" Action="None" /> <!-- Mark assemblies with assembly version -->
<Rule Id="CA1017" Action="None" /> <!-- Mark assemblies with ComVisible -->
<Rule Id="CA1018" Action="None" /> <!-- Mark attributes with AttributeUsageAttribute -->
<Rule Id="CA1024" Action="None" /> <!-- Use properties where appropriate -->
<Rule Id="CA1027" Action="None" /> <!-- Mark enums with FlagsAttribute -->
<Rule Id="CA1028" Action="None" /> <!-- Enum Storage should be Int32 -->
<Rule Id="CA1030" Action="None" /> <!-- Use events where appropriate -->
<Rule Id="CA1031" Action="None" /> <!-- Do not catch general exception types -->
<Rule Id="CA1033" Action="None" /> <!-- Interface methods should be callable by child types -->
<Rule Id="CA1034" Action="None" /> <!-- Nested types should not be visible -->
<Rule Id="CA1036" Action="None" /> <!-- Override methods on comparable types -->
<Rule Id="CA1040" Action="None" /> <!-- Avoid empty interfaces -->
<Rule Id="CA1041" Action="None" /> <!-- Provide ObsoleteAttribute message -->
<Rule Id="CA1043" Action="None" /> <!-- Use Integral Or String Argument For Indexers -->
<Rule Id="CA1044" Action="None" /> <!-- Properties should not be write only -->
<Rule Id="CA1050" Action="None" /> <!-- Declare types in namespaces -->
<Rule Id="CA1051" Action="None" /> <!-- Do not declare visible instance fields -->
<Rule Id="CA1052" Action="None" /> <!-- Static holder types should be Static or NotInheritable -->
<Rule Id="CA1054" Action="None" /> <!-- Uri parameters should not be strings -->
<Rule Id="CA1055" Action="None" /> <!-- Uri return values should not be strings -->
<Rule Id="CA1056" Action="None" /> <!-- Uri properties should not be strings -->
<Rule Id="CA1060" Action="None" /> <!-- Move pinvokes to native methods class -->
<Rule Id="CA1061" Action="None" /> <!-- Do not hide base class methods -->
<Rule Id="CA1062" Action="None" /> <!-- Validate arguments of public methods -->
<Rule Id="CA1063" Action="None" /> <!-- Implement IDisposable Correctly -->
<Rule Id="CA1064" Action="None" /> <!-- Exceptions should be public -->
<Rule Id="CA1066" Action="None" /> <!-- Type {0} should implement IEquatable<T> because it overrides Equals -->
<Rule Id="CA1067" Action="None" /> <!-- Override Object.Equals(object) when implementing IEquatable<T> -->
<Rule Id="CA1068" Action="None" /> <!-- CancellationToken parameters must come last -->
<Rule Id="CA1501" Action="None" /> <!-- Avoid excessive inheritance -->
<Rule Id="CA1502" Action="None" /> <!-- Avoid excessive complexity -->
<Rule Id="CA1505" Action="None" /> <!-- Avoid unmaintainable code -->
<Rule Id="CA1506" Action="None" /> <!-- Avoid excessive class coupling -->
<Rule Id="CA1508" Action="None" /> <!-- Avoid dead conditional code -->
<Rule Id="CA1509" Action="None" /> <!-- Invalid entry in code metrics rule specification file -->
<Rule Id="CA1707" Action="None" /> <!-- Identifiers should not contain underscores -->
<Rule Id="CA1708" Action="None" /> <!-- Identifiers should differ by more than case -->
<Rule Id="CA1710" Action="None" /> <!-- Identifiers should have correct suffix -->
<Rule Id="CA1711" Action="None" /> <!-- Identifiers should not have incorrect suffix -->
<Rule Id="CA1712" Action="None" /> <!-- Do not prefix enum values with type name -->
<Rule Id="CA1714" Action="None" /> <!-- Flags enums should have plural names -->
<Rule Id="CA1715" Action="None" /> <!-- Identifiers should have correct prefix -->
<Rule Id="CA1716" Action="None" /> <!-- Identifiers should not match keywords -->
<Rule Id="CA1717" Action="None" /> <!-- Only FlagsAttribute enums should have plural names -->
<Rule Id="CA1720" Action="None" /> <!-- Identifier contains type name -->
<Rule Id="CA1721" Action="None" /> <!-- Property names should not match get methods -->
<Rule Id="CA1724" Action="None" /> <!-- Type names should not match namespaces -->
<Rule Id="CA1725" Action="None" /> <!-- Parameter names should match base declaration -->
<Rule Id="CA1801" Action="None" /> <!-- Review unused parameters -->
<Rule Id="CA1802" Action="None" /> <!-- Use literals where appropriate -->
<Rule Id="CA1806" Action="None" /> <!-- Do not ignore method results -->
<Rule Id="CA1812" Action="Warning" /> <!-- Avoid uninstantiated internal classes -->
<Rule Id="CA1814" Action="None" /> <!-- Prefer jagged arrays over multidimensional -->
<Rule Id="CA1815" Action="None" /> <!-- Override equals and operator equals on value types -->
<Rule Id="CA1819" Action="None" /> <!-- Properties should not return arrays -->
<Rule Id="CA1822" Action="None" /> <!-- Mark members as static -->
<Rule Id="CA1823" Action="Warning" /> <!-- Avoid unused private fields -->
<Rule Id="CA2007" Action="Error" /> <!-- Do not directly await a Task -->
<Rule Id="CA2119" Action="None" /> <!-- Seal methods that satisfy private interfaces -->
<Rule Id="CA2211" Action="None" /> <!-- Non-constant fields should not be visible -->
<Rule Id="CA2214" Action="None" /> <!-- Do not call overridable methods in constructors -->
<Rule Id="CA2217" Action="None" /> <!-- Do not mark enums with FlagsAttribute -->
<Rule Id="CA2219" Action="None" /> <!-- Do not raise exceptions in finally clauses -->
<Rule Id="CA2225" Action="None" /> <!-- Operator overloads have named alternates -->
<Rule Id="CA2226" Action="None" /> <!-- Operators should have symmetrical overloads -->
<Rule Id="CA2227" Action="None" /> <!-- Collection properties should be read only -->
<Rule Id="CA2231" Action="None" /> <!-- Overload operator equals on overriding value type Equals -->
<Rule Id="CA2244" Action="None" /> <!-- Do not duplicate indexed element initializations -->
</Rules>
<Rules AnalyzerId="Microsoft.CodeQuality.CSharp.Analyzers" RuleNamespace="Microsoft.CodeQuality.CSharp.Analyzers">
<Rule Id="CA1001" Action="None" /> <!-- Types that own disposable fields should be disposable -->
<Rule Id="CA1003" Action="None" /> <!-- Use generic event handler instances -->
<Rule Id="CA1019" Action="None" /> <!-- Define accessors for attribute arguments -->
<Rule Id="CA1032" Action="None" /> <!-- Implement standard exception constructors -->
<Rule Id="CA1065" Action="None" /> <!-- Do not raise exceptions in unexpected locations -->
<Rule Id="CA1200" Action="None" /> <!-- Avoid using cref tags with a prefix -->
<Rule Id="CA1507" Action="None" /> <!-- Use nameof to express symbol names -->
<Rule Id="CA1821" Action="None" /> <!-- Remove empty Finalizers -->
<Rule Id="CA2200" Action="None" /> <!-- Rethrow to preserve stack details. -->
<Rule Id="CA2234" Action="None" /> <!-- Pass system uri objects instead of strings -->
</Rules>
<Rules AnalyzerId="Microsoft.CodeQuality.VisualBasic.Analyzers" RuleNamespace="Microsoft.CodeQuality.VisualBasic.Analyzers">
<Rule Id="CA1001" Action="None" /> <!-- Types that own disposable fields should be disposable -->
<Rule Id="CA1003" Action="None" /> <!-- Use generic event handler instances -->
<Rule Id="CA1019" Action="None" /> <!-- Define accessors for attribute arguments -->
<Rule Id="CA1032" Action="None" /> <!-- Implement standard exception constructors -->
<Rule Id="CA1065" Action="None" /> <!-- Do not raise exceptions in unexpected locations -->
<Rule Id="CA1200" Action="None" /> <!-- Avoid using cref tags with a prefix -->
<Rule Id="CA1507" Action="None" /> <!-- Use nameof to express symbol names -->
<Rule Id="CA1821" Action="None" /> <!-- Remove empty Finalizers -->
<Rule Id="CA2200" Action="None" /> <!-- Rethrow to preserve stack details. -->
<Rule Id="CA2218" Action="None" /> <!-- Override GetHashCode on overriding Equals -->
<Rule Id="CA2224" Action="None" /> <!-- Override Equals on overloading operator equals -->
<Rule Id="CA2234" Action="None" /> <!-- Pass system uri objects instead of strings -->
</Rules>
<Rules AnalyzerId="Microsoft.NetCore.Analyzers" RuleNamespace="Microsoft.NetCore.Analyzers">
<Rule Id="CA1303" Action="None" /> <!-- Do not pass literals as localized parameters -->
<Rule Id="CA1304" Action="Error" /> <!-- Specify CultureInfo -->
<Rule Id="CA1305" Action="Error" /> <!-- Specify IFormatProvider -->
<Rule Id="CA1307" Action="Error" /> <!-- Specify StringComparison -->
<Rule Id="CA1308" Action="None" /> <!-- Normalize strings to uppercase -->
<Rule Id="CA1401" Action="None" /> <!-- P/Invokes should not be visible -->
<Rule Id="CA1813" Action="None" /> <!-- Avoid unsealed attributes -->
<Rule Id="CA1816" Action="None" /> <!-- Dispose methods should call SuppressFinalize -->
<Rule Id="CA1820" Action="None" /> <!-- Test for empty strings using string length -->
<Rule Id="CA1826" Action="None" /> <!-- Do not use Enumerable methods on indexable collections. Instead use the collection directly -->
<Rule Id="CA2000" Action="None" /> <!-- Dispose objects before losing scope -->
<Rule Id="CA2002" Action="None" /> <!-- Do not lock on objects with weak identity -->
<Rule Id="CA2008" Action="None" /> <!-- Do not create tasks without passing a TaskScheduler -->
<Rule Id="CA2009" Action="None" /> <!-- Do not call ToImmutableCollection on an ImmutableCollection value -->
<Rule Id="CA2100" Action="None" /> <!-- Review SQL queries for security vulnerabilities -->
<Rule Id="CA2101" Action="None" /> <!-- Specify marshaling for P/Invoke string arguments -->
<Rule Id="CA2208" Action="None" /> <!-- Instantiate argument exceptions correctly -->
<Rule Id="CA2213" Action="None" /> <!-- Disposable fields should be disposed -->
<Rule Id="CA2216" Action="None" /> <!-- Disposable types should declare finalizer -->
<Rule Id="CA2229" Action="None" /> <!-- Implement serialization constructors -->
<Rule Id="CA2235" Action="None" /> <!-- Mark all non-serializable fields -->
<Rule Id="CA2237" Action="None" /> <!-- Mark ISerializable types with serializable -->
<Rule Id="CA2241" Action="None" /> <!-- Provide correct arguments to formatting methods -->
<Rule Id="CA2242" Action="None" /> <!-- Test for NaN correctly -->
<Rule Id="CA2243" Action="None" /> <!-- Attribute string literals should parse correctly -->
<Rule Id="CA2300" Action="None" /> <!-- Do not use insecure deserializer BinaryFormatter -->
<Rule Id="CA2301" Action="None" /> <!-- Do not call BinaryFormatter.Deserialize without first setting BinaryFormatter.Binder -->
<Rule Id="CA2302" Action="None" /> <!-- Ensure BinaryFormatter.Binder is set before calling BinaryFormatter.Deserialize -->
<Rule Id="CA2305" Action="None" /> <!-- Do not use insecure deserializer LosFormatter -->
<Rule Id="CA2310" Action="None" /> <!-- Do not use insecure deserializer NetDataContractSerializer -->
<Rule Id="CA2311" Action="None" /> <!-- Do not deserialize without first setting NetDataContractSerializer.Binder -->
<Rule Id="CA2312" Action="None" /> <!-- Ensure NetDataContractSerializer.Binder is set before deserializing -->
<Rule Id="CA2315" Action="None" /> <!-- Do not use insecure deserializer ObjectStateFormatter -->
<Rule Id="CA3001" Action="None" /> <!-- Review code for SQL injection vulnerabilities -->
<Rule Id="CA3002" Action="None" /> <!-- Review code for XSS vulnerabilities -->
<Rule Id="CA3003" Action="None" /> <!-- Review code for file path injection vulnerabilities -->
<Rule Id="CA3004" Action="None" /> <!-- Review code for information disclosure vulnerabilities -->
<Rule Id="CA3005" Action="None" /> <!-- Review code for LDAP injection vulnerabilities -->
<Rule Id="CA3006" Action="None" /> <!-- Review code for process command injection vulnerabilities -->
<Rule Id="CA3007" Action="None" /> <!-- Review code for open redirect vulnerabilities -->
<Rule Id="CA3008" Action="None" /> <!-- Review code for XPath injection vulnerabilities -->
<Rule Id="CA3009" Action="None" /> <!-- Review code for XML injection vulnerabilities -->
<Rule Id="CA3010" Action="None" /> <!-- Review code for XAML injection vulnerabilities -->
<Rule Id="CA3011" Action="None" /> <!-- Review code for DLL injection vulnerabilities -->
<Rule Id="CA3012" Action="None" /> <!-- Review code for regex injection vulnerabilities -->
<Rule Id="CA3061" Action="None" /> <!-- Do Not Add Schema By URL -->
<Rule Id="CA5350" Action="None" /> <!-- Do Not Use Weak Cryptographic Algorithms -->
<Rule Id="CA5351" Action="None" /> <!-- Do Not Use Broken Cryptographic Algorithms -->
<Rule Id="CA5358" Action="None" /> <!-- Do Not Use Unsafe Cipher Modes -->
<Rule Id="CA5359" Action="None" /> <!-- Do Not Disable Certificate Validation -->
<Rule Id="CA5360" Action="None" /> <!-- Do Not Call Dangerous Methods In Deserialization -->
<Rule Id="CA5361" Action="None" /> <!-- Do Not Disable SChannel Use of Strong Crypto -->
<Rule Id="CA5362" Action="None" /> <!-- Do Not Refer Self In Serializable Class -->
<Rule Id="CA5363" Action="None" /> <!-- Do Not Disable Request Validation -->
<Rule Id="CA5364" Action="None" /> <!-- Do Not Use Deprecated Security Protocols -->
<Rule Id="CA5365" Action="None" /> <!-- Do Not Disable HTTP Header Checking -->
<Rule Id="CA5367" Action="None" /> <!-- Do Not Serialize Types With Pointer Fields -->
<Rule Id="CA5368" Action="None" /> <!-- Set ViewStateUserKey For Classes Derived From Page -->
</Rules>
<Rules AnalyzerId="Microsoft.NetCore.CSharp.Analyzers" RuleNamespace="Microsoft.NetCore.CSharp.Analyzers">
<Rule Id="CA1309" Action="Error" /> <!-- Use ordinal stringcomparison -->
<Rule Id="CA1810" Action="None" /> <!-- Initialize reference type static fields inline -->
<Rule Id="CA1824" Action="None" /> <!-- Mark assemblies with NeutralResourcesLanguageAttribute -->
<Rule Id="CA1825" Action="Warning" /> <!-- Avoid zero-length array allocations. -->
<Rule Id="CA2010" Action="None" /> <!-- Always consume the value returned by methods marked with PreserveSigAttribute -->
<Rule Id="CA2201" Action="None" /> <!-- Do not raise reserved exception types -->
<Rule Id="CA2207" Action="None" /> <!-- Initialize value type static fields inline -->
</Rules>
<Rules AnalyzerId="Microsoft.NetCore.VisualBasic.Analyzers" RuleNamespace="Microsoft.NetCore.VisualBasic.Analyzers">
<Rule Id="CA1309" Action="Error" /> <!-- Use ordinal stringcomparison -->
<Rule Id="CA1810" Action="None" /> <!-- Initialize reference type static fields inline -->
<Rule Id="CA1824" Action="None" /> <!-- Mark assemblies with NeutralResourcesLanguageAttribute -->
<Rule Id="CA1825" Action="Warning" /> <!-- Avoid zero-length array allocations. -->
<Rule Id="CA2010" Action="None" /> <!-- Always consume the value returned by methods marked with PreserveSigAttribute -->
<Rule Id="CA2201" Action="None" /> <!-- Do not raise reserved exception types -->
<Rule Id="CA2207" Action="None" /> <!-- Initialize value type static fields inline -->
</Rules>
<Rules AnalyzerId="Microsoft.NetFramework.Analyzers" RuleNamespace="Microsoft.NetFramework.Analyzers">
<Rule Id="CA1058" Action="None" /> <!-- Types should not extend certain base types -->
<Rule Id="CA2153" Action="None" /> <!-- Do Not Catch Corrupted State Exceptions -->
<Rule Id="CA3075" Action="None" /> <!-- Insecure DTD processing in XML -->
<Rule Id="CA3147" Action="None" /> <!-- Mark Verb Handlers With Validate Antiforgery Token -->
</Rules>
<Rules AnalyzerId="Microsoft.NetFramework.CSharp.Analyzers" RuleNamespace="Microsoft.NetFramework.CSharp.Analyzers">
<Rule Id="CA3076" Action="None" /> <!-- Insecure XSLT script processing. -->
<Rule Id="CA3077" Action="None" /> <!-- Insecure Processing in API Design, XmlDocument and XmlTextReader -->
</Rules>
<Rules AnalyzerId="Microsoft.NetFramework.VisualBasic.Analyzers" RuleNamespace="Microsoft.NetFramework.VisualBasic.Analyzers">
<Rule Id="CA3076" Action="None" /> <!-- Insecure XSLT script processing. -->
<Rule Id="CA3077" Action="None" /> <!-- Insecure Processing in API Design, XmlDocument and XmlTextReader -->
</Rules>
</RuleSet>