Security Rules rule set for managed code
Note
This article applies to Visual Studio 2015. If you're looking for the latest Visual Studio documentation, see Visual Studio documentation. We recommend upgrading to the latest version of Visual Studio. Download it here
You should include the Microsoft Security Rules rule set to maximize the number of potential security issues that are reported.
| Rule | Description |
|---|---|
| CA2100 | Review SQL queries for security vulnerabilities |
| CA2102 | Catch non-CLSCompliant exceptions in general handlers |
| CA2103 | Review imperative security |
| CA2104 | Do not declare read only mutable reference types |
| CA2105 | Array fields should not be read only |
| CA2106 | Secure asserts |
| CA2107 | Review deny and permit only usage |
| CA2108 | Review declarative security on value types |
| CA2109 | Review visible event handlers |
| CA2111 | Pointers should not be visible |
| CA2112 | Secured types should not expose fields |
| CA2114 | Method security should be a superset of type |
| CA2115 | Call GC.KeepAlive when using native resources |
| CA2116 | APTCA methods should only call APTCA methods |
| CA2117 | APTCA types should only extend APTCA base types |
| CA2118 | Review SuppressUnmanagedCodeSecurityAttribute usage |
| CA2119 | Seal methods that satisfy private interfaces |
| CA2120 | Secure serialization constructors |
| CA2121 | Static constructors should be private |
| CA2122 | Do not indirectly expose methods with link demands |
| CA2123 | Override link demands should be identical to base |
| CA2124 | Wrap vulnerable finally clauses in outer try |
| CA2126 | Type link demands require inheritance demands |
| CA2130 | Security critical constants should be transparent |
| CA2131 | Security critical types may not participate in type equivalence |
| CA2132 | Default constructors must be at least as critical as base type default constructors |
| CA2133 | Delegates must bind to methods with consistent transparency |
| CA2134 | Methods must keep consistent transparency when overriding base methods |
| CA2135 | Level 2 assemblies should not contain LinkDemands |
| CA2136 | Members should not have conflicting transparency annotations |
| CA2137 | Transparent methods must contain only verifiable IL |
| CA2138 | Transparent methods must not call methods with the SuppressUnmanagedCodeSecurity attribute |
| CA2139 | Transparent methods may not use the HandleProcessCorruptingExceptions attribute |
| CA2140 | Transparent code must not reference security critical items |
| CA2141 | Transparent methods must not satisfy LinkDemands |
| CA2142 | Transparent code should not be protected with LinkDemands |
| CA2143 | Transparent methods should not use security demands |
| CA2144 | Transparent code should not load assemblies from byte arrays |
| CA2145 | Transparent methods should not be decorated with the SuppressUnmanagedCodeSecurityAttribute |
| CA2146 | Types must be at least as critical as their base types and interfaces |
| CA2147 | Transparent methods may not use security asserts |
| CA2149 | Transparent methods must not call into native code |
| CA2210 | Assemblies should have valid strong names |