SonarC#

323 Rules

Offering a set of powerful rules, SonarC# is all you need to find bugs, vulnerabilities, and code smells in your C# code. With SonarC#, monitoring your code quality is no longer a daunting task.


Bug
67

Vulnerability
10

Code Smell
246

Bug Detection Rules

Rule ID Name Sonar way Tags In Action
S2275 Composite format strings should not lead to unexpected behavior at runtimecert, pitfall~15 issues
S3464 Type inheritance should not be recursive
S4159 Classes should implement their "ExportAttribute" interfaces
S2190 Recursion should not be infinite~25 issues
S2930 "IDisposables" should be disposedcwe, denial-of-service~35 issues
S2931 Classes with "IDisposable" members or native resources should implement "IDisposable"cwe, denial-of-service
S3693 Exception constructors should not throw exceptions~3 issues
S3869 "SafeHandle.DangerousGetHandle" should not be calledleak, unpredictable~28 issues
S3889 Neither "Thread.Resume" nor "Thread.Suspend" should be usedmulti-threading, unpredictable~11 issues
S2551 Types and "this" should not be used for lockingmulti-threading
S2952 Classes should "Dispose" of members from the classes' own "Dispose" methodscwe, denial-of-service
S3449 Right operands of shift operators should be integers
S2583 Conditionally executed blocks should be reachablecert, cwe, misra, pitfall, unused~367 issues
S1862 Related "if/else if" statements should not have the same conditioncert, pitfall, unused~9 issues
S4210 Windows Forms entry points should be marked with STAThreadpitfall
S3343 Caller information parameters should come at the end of the parameter listapi-design~1 issue
S1656 Variables should not be self-assignedcert~86 issues
S1764 Identical expressions should not be used on both sides of a binary operatorcert~55 issues
FailedUn. Failed unit tests should be fixed
S1145 Useless "if(true) {...}" and "if(false){...}" blocks should be removedcwe, misra~15 issues
S1244 Floating point numbers should not be tested for equalitymisra~987 issues
S1697 Short-circuit logic should be used to prevent null pointer dereferences in conditionals
S1848 Objects should not be created to be dropped immediately without being used~43 issues
S2114 Collections should not be passed as arguments to their own methods
S2123 Values should not be uselessly incrementedunused~3 issues
S2201 Return values from functions without side effects should not be ignoredcert, misra~131 issues
S2225 "ToString()" method should not return nullcert, cwe~19 issues
S2259 Null pointers should not be dereferencedcert, cwe~418 issues
S2688 "NaN" should not be used in comparisonscert
S2757 "=+" should not be used instead of "+="~37 issues
S2758 The ternary operator should not return the same value regardless of the condition~11 issues
S2761 Doubled prefix operators "!!" and "~~" should not be used
S2995 "Object.ReferenceEquals" should not be used for value types
S2996 "ThreadStatic" fields should not be initializedmulti-threading
S2997 "IDisposables" created in a "using" statement should not be returned~25 issues
S3005 "ThreadStatic" should not be used on non-static fieldsunused~2 issues
S3168 "async" methods should not return "void"multi-threading~247 issues
S3172 Delegates should not be subtracted
S3244 Anonymous delegates should not be used to unsubscribe from Events
S3249 Classes directly extending "object" should not call "base" in "GetHashCode" or "Equals"~44 issues
S3263 Static fields should appear in the order they must be initialized~6 issues
S3346 Expressions used in "Debug.Assert" should not produce side effectscert~1 issue
S3453 Classes should not have only "private" constructorsdesign~66 issues
S3466 Optional parameters should be passed to "base" calls~2 issues
S3598 One-way "OperationContract" methods should have "void" return type
S3603 Methods with "Pure" attribute should return a value
S3610 Nullable type comparison should not be redundantredundant
S3655 Empty nullable value should not be accessedcwe~11 issues
S3903 Types should be defined in named namespaces~270 issues
S3926 Deserialization methods should be provided for "OptionalField" membersserialization~1 issue
S3927 Serialization event handlers should be implemented correctly~4 issues
S3981 Collection sizes and array length comparisons should make sense
S3984 Exception should not be created without being thrown~2 issues
S4260 "ConstructorArgument" parameters should exist in constructors
S2184 Results of integer division should not be assigned to floating point variablescert, cwe, misra, overflow, sans-top25-risky~20 issues
S2183 Ints and longs should not be shifted by zero or more than their number of bits-1cert~40 issues
S1206 "Equals(Object)" and "GetHashCode()" should be overridden in pairscert, cwe~40 issues
S1226 Method parameters, caught exceptions and foreach variables' initial values should not be ignoredmisra~2 issues
S2328 "GetHashCode" should not reference mutable fields~202 issues
S2345 Flags enumerations should explicitly initialize all their members~17 issues
S2674 The length returned from a stream read should be checkedcert
S2934 Property assignments should not be made for "readonly" fields not constrained to reference types
S2955 Generic parameters not constrained to reference types should not be compared to "null"~1 issue
S3397 "base.Equals" should not be used to check for reference equality in "Equals" if "base" is not "object"
S3456 "string.ToCharArray()" should not be called redundantlyclumsy~6 issues
S3887 Mutable, non-private fields should not be "readonly"~266 issues
S4158 Empty collections should not be accessed or iterated~72 issues

Vulnerability Detection Rules

Rule ID Name Sonar way Tags In Action
S2278 Neither DES (Data Encryption Standard) nor DESede (3DES) should be usedcert, cwe, owasp-a6, sans-top25-porous~40 issues
S2068 Credentials should not be hard-codedcert, cwe, owasp-a2, sans-top25-porous~57 issues
S3649 User-provided values should be sanitized before use in SQL statementscert, cwe, owasp-a1, sans-top25-insecure, sql~95 issues
S3884 "CoSetProxyBlanket" and "CoInitializeSecurity" should not be used
S4212 Serialization constructors should be secured
S2070 SHA-1 and Message-Digest hash algorithms should not be usedcwe, owasp-a6, sans-top25-porous
S1313 IP addresses should not be hardcodedcert
S2228 Console logging should not be usedowasp-a6~23 issues
S1104 Fields should not have public accessibilitycwe~10,900 issues
S2386 Mutable fields should not be "public static"cert, cwe, unpredictable~2,380 issues

Code Smell Detection Rules

Rule ID Name Sonar way Tags In Action
S1147 Exit methods should not be calledcert, cwe, suspicious
S3060 "is" should not be used with "this"api-design, bad-practice~15 issues
S1451 Track lack of copyright and license headers~8 issues
S2178 Short-circuit logic should be used in boolean contextscert~125 issues
S2187 TestCases should contain testsconfusing, tests, unused~45 issues
S2306 "async" and "await" should not be used as identifierspitfall~18 issues
S2368 Public methods should not have multidimensional array parameterspitfall~8 issues
S2387 Child class fields should not shadow parent class fieldsconfusing
S2437 Silly bit operations should not be performedsuspicious~4 issues
S2699 Tests should include assertionstests~1 issue
S2953 Methods named "Dispose" should implement "IDisposable.Dispose"pitfall~65 issues
S3237 "value" parameters should be usedpitfall~198 issues
S3427 Method overloads with default parameter values should not overlappitfall, unused~2,590 issues
S3433 Test method signatures should be correcttests~46 issues
S3443 Type should not be examined on "System.Type" instancessuspicious~7 issues
S3875 "operator==" should not be overloaded on reference typespitfall~84 issues
S3877 Exceptions should not be thrown from unexpected methodspitfall~29 issues
S3776 Cognitive Complexity of methods should not be too highbrain-overload~7,377 issues
S1006 Method overrides should not change parameter defaultscert, misra, pitfall~646 issues
S3353 Unchanged local variables should be "const"
S131 "switch/Select" statements should end with "default/Case Else" clausescert, cwe, misra~3 issues
S126 "if ... else if" constructs should end with "else" clausescert, misra
S2197 Modulus results should not be checked for direct equalitycert, suspicious
S2302 "nameof" should be usedc#6
S1067 Expressions should not be too complexbrain-overload~1 issue
S1163 Exceptions should not be thrown in finally blockscert, error-handling, suspicious
S1186 Methods should not be emptysuspicious~2,493 issues
S121 Control structures should use curly bracescert, misra, pitfall~15 issues
S1215 "GC.Collect" should not be calledbad-practice, performance, unpredictable~77 issues
S134 Control flow statements "if", "switch", "for", "foreach", "while", "do" and "try" should not be nested too deeplybrain-overload~3,712 issues
S1541 Methods and properties should not be too complexbrain-overload~5 issues
S1699 Constructors should only call non-overridable methodscert, pitfall~105 issues
S1944 Inappropriate casts should not be madecert, cwe, misra, suspicious~118 issues
S1994 "for" loop increment clauses should modify the loops' countersconfusing
S2223 Non-constant static fields should not be visiblepitfall~4,594 issues
S2290 Field-like events should not be virtual~3 issues
S2291 Overflow checking should not be disabled for "Enumerable.Sum"error-handling
S2330 Array covariance should not be usedpitfall
S2339 Public constant members should not be usedpitfall
S2346 Flags enumerations zero-value members should be named "None"convention~71 issues
S2360 Optional parameters should not be usedpitfall~5,269 issues
S2365 Properties should not make collection or array copiesapi-design, performance~74 issues
S2692 "IndexOf" checks should not be for positive numberssuspicious~25 issues
S2696 Instance members should not write to "static" fieldsmulti-threading~1,055 issues
S2701 Literal boolean values should not be used in assertionstests
S3215 "interface" instances should not be cast to concrete typesdesign
S3216 "ConfigureAwait(false)" should be usedmulti-threading, suspicious
S3217 "Explicit" conversions of "foreach" loops should not be usedsuspicious~184 issues
S3218 Inner class members should not shadow outer class "static" or type memberscert, design, pitfall~1,345 issues
S3265 Non-flags enums should not be used in bitwise operationsconvention~270 issues
S3447 "[Optional]" should not be used on "ref" or "out" parameterspitfall
S3451 "[DefaultValue]" should not be used when "[DefaultParameterValue]" is meantsuspicious
S3600 "params" should not be introduced on overridesconfusing
S3871 Exception types should be "public"api-design, error-handling, owasp-a10~56 issues
S3874 "out" and "ref" parameters should not be usedsuspicious
S3904 Assemblies should have version informationpitfall~942 issues
S3966 Objects should not be disposed more than oncepitfall~93 issues
S3972 Conditionals should start on new linessuspicious
S3998 Threads should not lock on objects with weak identitymulti-threading, pitfall
S4000 Pointers to unmanaged memory should not be visible
S4015 Inherited member visibility should not be decreasedpitfall~21 issues
S4019 Base class methods should not be hiddenpitfall~1 issue
S4025 Child class fields should not differ from parent class fields only by capitalizationpitfall
S4039 Interface methods should be callable by derived typespitfall
S927 parameter names should match base declaration and other partial definitionscert, misra, suspicious~3,473 issues
S2589 Boolean expressions should not be gratuitouscert, cwe, misra, redundant~565 issues
S1144 Unused private types or members should be removedcert, unused~3,211 issues
S2326 Unused type parameters should be removedcert, unused~70 issues
S1121 Assignments should not be made from within sub-expressionscert, cwe, misra, suspicious~1,160 issues
S3358 Ternary operators should not be nestedconfusing~130 issues
S4200 Native methods should be wrappedpitfall~6 issues
S1854 Dead stores should be removedcert, cwe, unused~3,287 issues
S1172 Unused method parameters should be removedcert, misra, unused~1,051 issues
S3366 "this" should not be exposed from constructorscert, multi-threading, suspicious
S3457 Composite format strings should be used correctlycert, confusing~173 issues
S138 Functions should not have too many lines of codebrain-overload
S1751 Jump statements should not be used unconditionallycert, misra, unused~86 issues
S2971 "IEnumerable" LINQs should be simplifiedclumsy~1,827 issues
S4277 "Shared" parts should not be created with "new"pitfall
Duplicat. Source files should not have any duplicated blockspitfall~841 issues
Insuffic. Branches should have sufficient coverage by testsbad-practice
Insuffic. Source files should have a sufficient density of comment linesconvention~7,114 issues
Insuffic. Lines should have sufficient coverage by testsbad-practice~1,886 issues
SkippedU. Skipped unit tests should be either removed or fixedpitfall
S103 Lines should not be too longconvention
S104 Files should not have too many lines of codebrain-overload~168 issues
S1066 Collapsible "if" statements should be mergedclumsy~4,125 issues
S107 Methods should not have too many parametersbrain-overload~3,143 issues
S108 Nested blocks of code should not be left emptysuspicious~1,501 issues
S110 Inheritance tree of classes should not be too deepdesign~625 issues
S1110 Redundant pairs of parentheses should be removedconfusing~20 issues
S1117 Local variables should not shadow class fieldscert, pitfall~728 issues
S1118 Utility classes should not have public constructorsdesign~2,114 issues
S112 General exceptions should never be throwncert, cwe, error-handling~4,518 issues
S1123 "Obsolete" attributes should include explanationsbad-practice, obsolete~70 issues
S1134 Track uses of "FIXME" tagscwe~141 issues
S1168 Empty arrays and collections should be returned instead of nullcert~475 issues
S1200 Classes should not be coupled to too many other classes (Single Responsibility Principle)brain-overload~18 issues
S122 Statements should be on separate linesstyle~15 issues
S125 Sections of code should not be "commented out"misra, unused~14,717 issues
S127 "for" loop stop conditions should be invariantmisra, pitfall~1 issue
S1479 "switch" statements should not have too many "case" clausesbrain-overload~35 issues
S1607 Tests should not be ignoredsuspicious, tests~1 issue
S1696 NullReferenceException should not be caughtcert, cwe, error-handling
S1871 Two branches in a conditional structure should not have exactly the same implementationdesign, suspicious~1,770 issues
S2234 Parameters should be passed in the correct order~68 issues
S2357 Fields should be privatepitfall
S2372 Exceptions should not be thrown from property getterserror-handling~590 issues
S2376 Write-only properties should not be usedpitfall~151 issues
S2436 Classes and methods should not have too many generic parametersbrain-overload~171 issues
S2681 Multiline blocks should be enclosed in curly bracescert, cwe~183 issues
S2743 Static fields should not be used in generic types~125 issues
S2933 Fields that are only assigned in the constructor should be "readonly"confusing~11,390 issues
S3010 Static fields should not be updated in constructors~162 issues
S3169 Multiple "OrderBy" calls should not be usedperformance~4 issues
S3246 Generic type parameters should be co/contravariant when possibleapi-design~219 issues
S3262 "params" should be used on overridesconfusing
S3264 Events should be invokedunused~24 issues
S3415 Assertion arguments should be passed in the correct ordersuspicious, tests~1,739 issues
S3431 "[ExpectedException]" should not be usedtests
S3442 "abstract" classes should not have "public" constructorsconfusing~484 issues
S3445 Exceptions should not be explicitly rethrownconfusing, error-handling~1,482 issues
S3597 "ServiceContract" and "OperationContract" attributes should be used togetherapi-design~4 issues
S3880 Finalizers should not be emptyperformance
S3881 "IDisposable" should be implemented correctlypitfall~682 issues
S3885 "Assembly.Load" should be usedunpredictable~89 issues
S3898 Value types should implement "IEquatable<T>"performance
S3900 Arguments of public methods should be validated against nullconvention
S3902 "Assembly.GetExecutingAssembly" should not be calledperformance
S3906 Event Handlers should have the correct signatureconvention
S3908 Generic event handlers should be used
S3909 Collections should implement the generic interface
S3925 "ISerializable" should be implemented correctlypitfall~589 issues
S3928 Parameter names used into ArgumentException constructors should match an existing one~433 issues
S3956 "Generic.List" instances should not be part of public APIsapi-design~124 issues
S3971 "GC.SuppressFinalize" should not be called~18 issues
S3990 Assemblies should be marked as CLS compliantapi-design~3 issues
S3992 Assemblies should explicitly specify COM visibilityapi-design~2 issues
S3993 Custom attributes should be marked with "System.AttributeUsageAttribute"api-design~1 issue
S3994 URI Parameters should not be strings
S3995 URI return values should not be strings
S3996 URI properties should not be strings
S3997 String URI overloads should call "System.Uri" overloads
S4002 Disposable types should declare finalizers
S4004 Collection properties should be readonly
S4005 "System.Uri" arguments should be used instead of strings
S4016 Enumeration members should not be named "Reserved"~9 issues
S4017 Method signatures should not contain nested generic typesconfusing~1 issue
S4035 Classes implementing "IEquatable<T>" should be sealedpitfall~411 issues
S4050 Operators should be overloaded consistentlypitfall
S4055 Literals should not be passed as localized parameterslocalisation, pitfall~5 issues
S4057 Locales should be set for data typeslocalisation
S4059 Property names should not match get methodsconfusing
S4070 Non-flags enums should not be marked with "FlagsAttribute"
S4142 Duplicate values should not be passed as argumentssuspicious~355 issues
S4144 Methods should not have identical implementationsconfusing, duplicate, suspicious~317 issues
S4214 "P/Invoke" methods should not be visible~29 issues
S4220 Events should have proper argumentspitfall~4 issues
S907 "goto" statement should not be usedbrain-overload, misra~411 issues
S3440 Variables should not be checked against the values they're about to be assignedconfusing~50 issues
S3532 Empty "default" clauses should be removedclumsy, finding, unused
S1116 Empty statements should be removedcert, misra, unused~331 issues
S3235 Redundant parentheses should not be usedcert, finding, unused~99 issues
S3241 Methods should not return values that are never usedcert, design, unused~133 issues
S3459 Unassigned members should be removedsuspicious~248 issues
S818 Literal suffixes should be upper casecert, convention, misra, pitfall~1 issue
S1659 Multiple variables should not be declared on the same linecert, convention, misra
S2737 "catch" clauses should do more than rethrowcert, clumsy, finding, unused~272 issues
S3261 Namespaces should not be emptycert, unused~104 issues
S100 Methods and properties should be named in camel caseconvention~14,379 issues
S101 Types should be named in camel caseconvention~5,065 issues
S105 Tabulation characters should not be usedconvention
S1075 URIs should not be hardcodedcert~1,800 issues
S1109 A close curly brace should be located at the beginning of a lineconvention
S1125 Boolean literals should not be redundantclumsy~2,717 issues
S113 Files should contain an empty newline at the endconvention
S1155 "Any()" should be used to test for emptinessclumsy~591 issues
S1185 Overriding members should do more than simply call the same member in the base classclumsy, redundant~266 issues
S1210 "Equals" and the comparison operators should be overridden when implementing "IComparable"~81 issues
S1227 break statements should not be used except for switch cases
S1301 "switch" statements should have at least 3 "case" clausesbad-practice, misra~2 issues
S1449 Culture should be specified for "string" operationscert, unpredictable~2,190 issues
S1450 Private fields only used as local variables in methods should become local variablespitfall~6,532 issues
S1481 Unused local variables should be removedunused~5,139 issues
S1643 Strings should not be concatenated using '+' in a loopperformance~1,011 issues
S1694 An abstract class should have both abstract and concrete methodsconvention
S1698 "==" should not be used when "Equals" is overriddencert, cwe, suspicious~154 issues
S1858 "ToString()" calls should not be redundantclumsy, finding
S1905 Redundant casts should not be usedclumsy, redundant~1,123 issues
S1939 Inheritance list should not be redundantclumsy~394 issues
S1940 Boolean checks should not be invertedpitfall~522 issues
S2156 "sealed" classes should not have "protected" membersconfusing
S2219 Runtime type checking should be simplifiedclumsy~272 issues
S2221 "Exception" should not be caught when not required by called methodscwe, error-handling~2 issues
S2292 Trivial properties should be auto-implementedclumsy~2,981 issues
S2325 Methods and properties that don't access instance data should be staticpitfall~49 issues
S2333 Redundant modifiers should not be usedclumsy, finding, unused
S2342 Enumeration types should comply with a naming conventionconvention~419 issues
S2344 Enumeration type names should not have "Flags" or "Enum" suffixesconvention~175 issues
S2486 Generic exceptions should not be ignoredcwe, error-handling, owasp-a10, suspicious~679 issues
S2760 Sequential tests should not check the same conditionclumsy, suspicious
S3052 Members should not be initialized to default valuesconvention, finding~1 issue
S3220 Method calls should not resolve ambiguously to overloads with "params"pitfall~264 issues
S3234 "GC.SuppressFinalize" should not be invoked for types without destructorsconfusing, unused~1 issue
S3236 Caller information arguments should not be provided explicitlysuspicious~112 issues
S3240 The simplest possible condition syntax should be usedclumsy~10 issues
S3242 Method parameters should be declared with base typesapi-design~38,234 issues
S3247 Duplicate casts should not be madeperformance~385 issues
S3251 Implementations should be provided for "partial" methodssuspicious~796 issues
S3253 Constructor and destructor declarations should not be redundantclumsy, finding~3 issues
S3254 Default parameter values should not be passed as argumentsclumsy, finding
S3256 "string.IsNullOrEmpty" should be usedclumsy~129 issues
S3257 Declarations and initializations should be as concise as possibleclumsy, finding~1 issue
S3376 Attribute, EventArgs, and Exception type names should end with the type being extendedconvention~221 issues
S3441 Redundant property names should be omitted in anonymous classesclumsy, finding~4 issues
S3444 Interfaces should not simply inherit from base interfaces with colliding membersdesign~6 issues
S3450 Parameters with "[DefaultParameterValue]" attributes should also be marked "[Optional]"pitfall
S3458 Empty "case" clauses that fall through to the "default" should be omittedclumsy, finding~183 issues
S3604 Member initializer values should not be redundant~199 issues
S3626 Jump statements should not be redundantclumsy, redundant~393 issues
S3717 Track use of "NotImplementedException"~6 issues
S3872 Parameter names should not duplicate the names of their methodsconfusing, convention~1 issue
S3876 Strings or integral types should be used for indexersdesign
S3897 Classes that provide "Equals(<T>)" should implement "IEquatable<T>"api-design~137 issues
S3962 "static readonly" constants should be "const" insteadperformance
S3963 "static" fields should be initialized inline~1 issue
S3967 Multidimensional arrays should not be useddesign
S4018 Generic methods should provide type parameters
S4022 Enumerations should have "Int32" storage
S4023 Interfaces should not be empty
S4026 Assemblies should be marked with "NeutralResourcesLanguageAttribute"performance
S4027 Exceptions should provide standard constructorsconvention
S4040 Strings should be normalized to uppercasepitfall
S4041 Type names should not match namespacesconvention
S4047 Generics should be used when appropriate
S4049 Properties should be preferredconvention
S4052 Types should not extend outdated base types
S4056 Overloads with a "CultureInfo" or an "IFormatProvider" parameter should be usedlocalisation, pitfall
S4058 Overloads with a "StringComparison" parameter should be used~3 issues
S4060 Non-abstract attributes should be sealedperformance
S4061 "params" should be used instead of "varargs"
S4069 Operator overloads should have named alternativesconvention
S4225 Extension methods should not extend "object"
S4226 Extensions should be in separate namespacesconfusing
S1135 Track uses of "TODO" tagscwe~4,006 issues
S1309 Track uses of in-source issue suppressions~6 issues

Back to the top