Skip to content

v3.3.0-beta2.final

Pre-release
Pre-release
Compare
Choose a tag to compare
@mavasani mavasani released this 15 Jul 14:33
v3.3.0-beta2.final
303d517
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Pre-release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 3.3.0 NuGet packages. Works with VS 2019 16.3 or later.

Contains following important changes on top of v3.0.0 release

The new security rules CA2350-CA2356 can help find vulnerabilities related to DataSet and DataTable security guidance.

Feature

Editorconfig based file/directory level options configuration. See details here

Bug Fixes

Many bug fixes, including performance fixes.

Additional analyzers/fixers:

Added

  • Design
    • CA1002: Do not expose generic lists
    • CA1005: Avoid excessive parameters on generic types
    • CA1045: Do not pass types by reference
    • CA1046: Do not overload equality operator on reference types
    • CA1047: Do not declare protected member in sealed type -- Enabled by default
    • CA1070: Do not declare event fields as virtual -- Enabled by default
  • Naming
    • CA1700: Do not name enum values 'Reserved'
    • CA1713: Events should not have 'Before' or 'After' prefix -- Enabled by default
  • Performance
    • CA1805: Do not initialize unnecessarily -- Enabled by default
    • CA1830: Prefer strongly-typed Append and Insert method overloads on StringBuilder. -- Enabled by default
    • CA1831: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default
    • CA1832: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default
    • CA1833: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default
    • CA1834: Consider using 'StringBuilder.Append(char)' when applicable. -- Enabled by default
    • CA1835: Prefer the 'Memory'-based overloads for 'ReadAsync' and 'WriteAsync' -- Enabled by default
    • CA1836: Prefer IsEmpty over Count -- Enabled by default
  • Reliability
    • CA2014: Do not use stackalloc in loops. -- Enabled by default
    • CA2015: Do not define finalizers for types derived from MemoryManager -- Enabled by default
    • CA2016: Forward the 'CancellationToken' parameter to methods that take one -- Enabled by default
  • Security
    • CA2109: Review visible event handlers -- Enabled by default
    • CA2350: Do not use insecure deserialization with DataTable.ReadXml()
    • CA2351: Do not use insecure deserialization with DataSet.ReadXml()
    • CA2352: Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks
    • CA2353: Unsafe DataSet or DataTable in serializable type
    • CA2354: Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attacks
    • CA2355: Unsafe DataSet or DataTable type found in deserializable object graph
    • CA2356: Unsafe DataSet or DataTable type in web deserializable object graph
  • Usage
    • CA2247: Argument passed to TaskCompletionSource constructor should be TaskCreationOptions enum instead of TaskContinuationOptions enum. -- Enabled by default
    • CA2248: Provide correct 'enum' argument to 'Enum.HasFlag' -- Enabled by default
    • CA2249: Consider using 'string.Contains' instead of 'string.IndexOf' -- Enabled by default

Removed

  • Reliability
    • CA2010: Always consume the value returned by methods marked with PreserveSigAttribute -- Enabled by default
Assets 2
Loading