SonarC#

182 Rules

Offering a set of powerful rules, SonarC# is all you need to find bugs, vulnerabilities, and code smells in your C# code. With SonarC#, monitoring your code quality is no longer a daunting task.


Bug
51

Vulnerability
5

Code Smell
126

Bug Detection Rules

Rule ID Name Sonar way Tags In Action
S2190 Recursion should not be infinite~2 issues
S3655 Empty nullable value should not be accessed~2 issues
S2259 Null pointers should not be dereferencedcert, cwe, owasp-a1, owasp-a2, owasp-a6~72 issues
S1697 Short-circuit logic should be used to prevent null pointer dereferences in conditionals
S2234 Parameters should be passed in the correct order~24 issues
S2674 The length returned from a stream read should be checked
S2997 "IDisposables" created in a "using" statement should not be returned
S3263 Static fields should appear in the order they must be initialized
S3449 Right operands of shift operators should be integers
S2930 "IDisposables" should be disposedcwe, denial-of-service~6 issues
S2345 Flags enumerations should explicitly initialize all their members~4 issues
S2583 Conditions should not unconditionally evaluate to "true" or to "false"cert, cwe, misra~84 issues
S1656 Variables should not be self-assignedcert~17 issues
S1944 Inappropriate casts should not be madecert, cwe, misra, pitfall~17 issues
S1764 Identical expressions should not be used on both sides of a binary operatorcert~5 issues
S3598 One-way "OperationContract" methods should have "void" return type
S1862 Related "if/else if" ("If"/"ElseIf") statements should not have the same conditioncert, pitfall, unused~2 issues
S3603 Methods with "Pure" attribute should return a value
S2201 Return values should not be ignored when function calls don't have any side effectscert, misra~65 issues
S3610 Nullable type comparison should not be redundant
S2757 "=+" should not be used instead of "+="
S1244 Floating point numbers should not be tested for equalitymisra~139 issues
S1848 Objects should not be created to be dropped immediately without being used~6 issues
S2123 Values should not be uselessly incremented
S2184 Result of integer division should not be assigned to floating point variablecwe, sans-top25-risky~4 issues
S2225 "ToString()" method should not return nullcwe
S2275 Format strings should be passed the correct number of argumentspitfall~5 issues
S2290 Field-like events should not be virtual
S2328 "GetHashCode" should not reference mutable fields~91 issues
S2551 Types and "this" should not be used for lockingmulti-threading
S2681 Multiline blocks should be enclosed in curly braces~3 issues
S2758 The ternary operator should not return the same value regardless of the condition~3 issues
S2761 Doubled prefix operators "!!" and "~~" should not be used
S2931 Classes with "IDisposable" members should implement "IDisposable"cwe, denial-of-service
S2934 Property assignments should not be made for "readonly" fields not constrained to reference types
S2952 Classes should "Dispose" of members from the classes' own "Dispose" methodscwe, denial-of-service
S2955 Generic parameters not constrained to reference types should not be compared to "null"
S2995 "Object.ReferenceEquals" should not be used for value types~4 issues
S2996 "ThreadStatic" fields should not be initializedmulti-threading~3 issues
S3005 "ThreadStatic" should not be used on non-static fieldsunused
S3168 "async" methods should not return "void"~15 issues
S3169 Multiple "OrderBy" calls should not be usedperformance
S3172 Delegates should not be subtracted
S3237 "value" parameters should be used~58 issues
S3244 Anonymous delegates should not be used to unsubscribe from Events
S3249 Classes directly extending "object" should not call "base" in "GetHashCode" or "Equals"~135 issues
S3397 "base.Equals" should not be used to check for reference equality in "Equals" if "base" is not "object"
S3466 Optional parameters should be passed to "base" calls
S2178 Short-circuit logic should be used in boolean contextscert~17 issues
FailedUn. Failed unit tests should be fixed
S1145 Useless "if(true) {...}" and "if(false){...}" blocks should be removedcwe, misra

Vulnerability Detection Rules

Rule ID Name Sonar way Tags In Action
S2070 SHA-1 and Message-Digest hash algorithms should not be usedcwe, owasp-a6, sans-top25-porous
S2228 Console logging should not be usedowasp-a6
S2278 Neither DES (Data Encryption Standard) nor DESede (3DES) should be usedcwe, owasp-a6~6 issues
S2291 Overflow checking should not be disabled for "Enumerable.Sum"error-handling
S1313 IP addresses should not be hardcodedcert

Code Smell Detection Rules

Rule ID Name Sonar way Tags In Action
S2696 Instance members should not write to "static" fieldsmulti-threading~78 issues
S2692 "IndexOf" checks should not be for positive numberspitfall~6 issues
S2743 Static fields should not be used in generic types~64 issues
S927 "partial" method parameter names should matchcert, misra, pitfall
Insuffic. Lines should have sufficient coverage by testsbad-practice
Insuffic. Branches should have sufficient coverage by testsbad-practice
S1541 Methods and properties should not be too complexbrain-overload
S1854 Dead stores should be removedcert, cwe, suspicious, unused~1,107 issues
S1172 Unused method parameters should be removedmisra, unused~383 issues
S2360 Optional parameters should not be usedpitfall~2,959 issues
S3600 "params" should not be introduced on overridesconfusing
S3445 Exceptions should not be explicitly rethrownconfusing~17 issues
S3264 Events should be invokedunused~1 issue
S1006 Method overrides should not change parameter defaultscert, misra, pitfall~465 issues
S3597 "ServiceContract" and "OperationContract" attributes should be used togethersuspicious~1 issue
S1450 Private fields only used as local variables in methods should become local variablespitfall~219 issues
S3459 Unassigned members should be removedconfusing~4 issues
S1117 Local variables should not shadow class fieldspitfall~121 issues
S1479 "switch" statements should not have too many "case" clausesbrain-overload~20 issues
S1121 Assignments should not be made from within sub-expressionscwe, misra, suspicious~299 issues
S1186 Methods should not be emptysuspicious~368 issues
S3241 Methods should not return values that are never usedcert, design, unused~95 issues
S3453 Classes should not have only "private" constructorsdesign~51 issues
S3217 "Explicit" conversions of "foreach" loops should not be usedsuspicious~95 issues
S2486 Generic exceptions should not be ignoredcwe, error-handling~146 issues
Duplicat. Source files should not have any duplicated blockspitfall
Insuffic. Source files should have a sufficient density of comment linesconvention
SkippedU. Skipped unit tests should be either removed or fixedpitfall
S104 Files should not have too many linesbrain-overload~107 issues
S1066 Collapsible "if" statements should be mergedclumsy~799 issues
S1067 Expressions should not be too complexbrain-overload
S107 Methods should not have too many parametersbrain-overload
S108 Nested blocks of code should not be left emptysuspicious~312 issues
S1118 Utility classes should not have public constructorsdesign~250 issues
S1134 "FIXME" tags should be handled~66 issues
S1144 Unused private types or members should be removedunused~530 issues
S1155 "Any()" should be used to test for emptinessclumsy~251 issues
S121 Control structures should use curly bracescert, cwe, misra, pitfall
S1226 Method parameters and caught exceptions should not be reassignedmisra, pitfall
S1227 break statements should not be used except for switch cases
S125 Sections of code should not be "commented out"misra, unused~2,149 issues
S126 "if ... else if" constructs should end with "else" clausecert, misra
S127 "for" loop stop conditions should be invariantmisra, pitfall
S131 "switch/Select" statements should end with a "default/Case Else" clausecert, cwe, misra
S134 Control flow statements "if", "for", "foreach", "do", "while", "switch" and "try" should not be nested too deeplybrain-overload~1,312 issues
S1449 Culture should be specified for "string" operationscert, unpredictable~927 issues
S1481 Unused local variables should be removedunused~567 issues
S1643 Strings should not be concatenated using "+" in a loopperformance~149 issues
S1698 "==" should not be used when "Equals" is overriddencert, cwe~132 issues
S1699 Constructors should only call non-overridable methodspitfall~19 issues
S1871 Two branches in the same conditional structure should not have exactly the same implementationdesign, suspicious~500 issues
S1994 "for" loop incrementers should modify the variable being tested in the loop's stop conditionsuspicious
S2197 Modulus results should not be checked for direct equalitysuspicious
S2223 Non-constant static fields should not be visiblepitfall~2,400 issues
S2306 "async" and "await" should not be used as identifierspitfall~3 issues
S2326 Unused type parameters should be removedunused~17 issues
S2330 Array covariance should not be usedpitfall
S2339 Public constant members should not be usedconvention
S2357 Fields should be privatepitfall
S2368 Public methods should not have multidimensional array parameterspitfall
S2372 Exceptions should not be thrown from property getterserror-handling~334 issues
S2376 Write-only properties should not be usedpitfall~27 issues
S2387 Child class members should not shadow parent class membersconfusing
S2437 Silly bit operations should not be performedsuspicious~3 issues
S2760 Sequential tests should not check the same conditionclumsy, suspicious
S2933 Fields that are only assigned in the constructor should be "readonly"confusing~2,208 issues
S2953 Methods named "Dispose" should implement "IDisposable.Dispose"pitfall~23 issues
S2971 "IEnumerable" LINQs should be simplifiedclumsy~511 issues
S3215 "interface" instances should not be cast to concrete typesdesign
S3216 "ConfigureAwait(false)" should be usedmulti-threading, suspicious
S3218 Inner class members should not shadow outer class "static" or type membersdesign, pitfall~1,213 issues
S3220 Method calls should not resolve ambiguously to overloads with "params"pitfall~19 issues
S3236 Methods with caller info attributes should not be invoked with explicit argumentssuspicious~97 issues
S3427 Method overloads with default parameter values should not overlappitfall, unused~20 issues
S3443 Type examining methods should be avoided on "System.Type" instancessuspicious
S3444 Interfaces with colliding, inherited members should explicitly redefine interface membersdesign~1 issue
S3447 "[Optional]" should not be used on "ref" or "out" parameterspitfall
S3450 Parameters with "[DefaultParameterValue]" attributes should also be marked with "[Optional]"pitfall
S3451 "[DefaultValue]" should not be used when "[DefaultParameterValue]" is meantsuspicious
S3456 "string.ToCharArray()" should not be called redundantlyclumsy~1 issue
S907 "goto" statement should not be usedbrain-overload, misra~312 issues
S3604 Member initializer values should not be redundantfinding
S1858 "ToString()" calls should not be redundantclumsy, finding
S3626 Jump statements should not be redundantclumsy, finding
S3440 Variables should not be checked against the values they're about to be assignedconfusing~11 issues
S2333 Redundant modifiers should be removedfinding, unused
S2219 Runtime type checking should be simplifiedclumsy~72 issues
S3052 Members should not be initialized to default valuesfinding
S3253 Constructor and destructor declarations should not be redundantclumsy, finding
S101 Types should be named in camel caseconvention~1,486 issues
S100 Methods and properties should be named in camel caseconvention~8,385 issues
S3458 Empty "case" clauses that fall through to the "default" should be omittedclumsy, finding
S818 Literal suffixes should be upper casecert, convention, misra, pitfall
S1905 Redundant casts should not be usedclumsy~310 issues
S103 Lines should not be too longconvention
S105 Tabulation characters should not be usedconvention
S1109 A close curly brace should be located at the beginning of a lineconvention
S1116 Empty statements should be removedcert, misra, unused~77 issues
S1125 Boolean literals should not be redundantclumsy~335 issues
S1185 Overriding members should do more than simply call the same member in the super classclumsy~25 issues
S122 Statements should be on separate linesconvention
S1301 "switch" statements should have at least 3 "case" clausesmisra
S1659 Multiple variables should not be declared on the same lineconvention
S1694 An abstract class should have both abstract and concrete methodsconvention
S1939 Inheritance list should not be redundantclumsy~70 issues
S1940 Boolean checks should not be invertedpitfall~9 issues
S2292 Trivial properties should be auto-implementedclumsy~302 issues
S2344 Enumeration type names should not have "Flags" or "Enum" suffixesconvention~51 issues
S2346 Flags enumerations zero-value members should be named "None"convention~23 issues
S2737 "catch" clauses should do more than rethrowclumsy, finding, unused
S3234 "GC.SuppressFinalize" should not be invoked for types without destructorsconfusing, unused~1 issue
S3235 Redundant parentheses should not be usedfinding, unused
S3240 The simplest possible condition syntax should be usedclumsy
S3251 Implementations should be provided for "partial" methodssuspicious~4 issues
S3254 Default parameter values should not be passed as argumentsclumsy, finding
S3257 Declarations and initializations should be as concise as possibleclumsy, finding
S3262 "params" should be used on overridesconfusing
S3265 Non-flags enums should not be used in bitwise operationsconvention~231 issues
S3376 Attribute, EventArgs, and Exception type names should end with the type being extendedconvention~36 issues
S3441 Redundant property names should be omitted in anonymous classesclumsy, finding
S3457 "string.Format()" should not be called without placeholdersconfusing~6 issues
S3532 Empty "default" clauses in a "switch" should be removedclumsy, finding, unused
S1309 Track uses of in-source issue suppressions
S3246 Generic type parameters should be co/contravariant when possibleapi-design~47 issues
S3261 Namespaces should not be emptycert, unused~5 issues
S1135 "TODO" tags should be handled~1,112 issues

Back to the top