This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "FxCop"

From OWASP
Jump to: navigation, search
(added link to OWASP.NET security rules)
(Tool, Documentation and Community: added link to released version of FxCop 1.36)
 
(One intermediate revision by the same user not shown)
Line 6: Line 6:
 
== Resources ==
 
== Resources ==
 
=== Tool, Documentation and Community ===
 
=== Tool, Documentation and Community ===
 +
* Download - [http://www.microsoft.com/downloads/details.aspx?FamilyID=9aeaa970-f281-4fb0-aba1-d59d7ed09772 FxCop v1.36]
 
* Download - [http://code.msdn.microsoft.com/codeanalysis FxCop v1.35]
 
* Download - [http://code.msdn.microsoft.com/codeanalysis FxCop v1.35]
* Download - [http://www.microsoft.com/downloads/details.aspx?familyid=3389F7E4-0E55-4A4D-BC74-4AEABB17997B&displaylang=en FxCop v1.36 (beta)]
 
 
* Download - [http://web.archive.org/web/*/http://www.gotdotnet.com/team/fxcop/FxCopInstall1.32.EXE FxCop v1.32 (''via archive.org'')] - only necessary if you wish to perform analysis of code written in Visual Studio 2003 or earlier.
 
* Download - [http://web.archive.org/web/*/http://www.gotdotnet.com/team/fxcop/FxCopInstall1.32.EXE FxCop v1.32 (''via archive.org'')] - only necessary if you wish to perform analysis of code written in Visual Studio 2003 or earlier.
 
* Download - [http://code.msdn.microsoft.com/codeanalysis/Release/ProjectReleases.aspx?ReleaseId=556 Rules comparison spreadsheet] - documenting the rules differences between those shipped with FxCop and the Visual Studio Code Analysis feature
 
* Download - [http://code.msdn.microsoft.com/codeanalysis/Release/ProjectReleases.aspx?ReleaseId=556 Rules comparison spreadsheet] - documenting the rules differences between those shipped with FxCop and the Visual Studio Code Analysis feature
 
* Documentation - [http://msdn.microsoft.com/library/bb429476.aspx FxCop] - MSDN documentation for FxCop
 
* Documentation - [http://msdn.microsoft.com/library/bb429476.aspx FxCop] - MSDN documentation for FxCop
* Forum - [http://forums.microsoft.com/MSDN/ShowForum.aspx?ForumID=98&SiteID=1 Visual Studio Code Analysis and Code Metrics] - MSDN forum to discuss issues and ideas regarding FxCop and the Visual Studio Code Analysis feature
+
* Forum - [http://forums.microsoft.com/MSDN/ShowForum.aspx?ForumID=98&SiteID=1 Visual Studio Code Analysis and Code Metrics] - MSDN forum to discuss issues and ideas regarding FxCop and the Visual Studio Code Analysis features
 
* Wikipedia - [http://en.wikipedia.org/wiki/Fxcop FxCop article]
 
* Wikipedia - [http://en.wikipedia.org/wiki/Fxcop FxCop article]
 
* Blog - [http://blogs.msdn.com/fxcop/ Microsoft Code Analysis Team blog] - addresses both the standalone FxCop tool as well as the Visual Studio Code Analysis feature
 
* Blog - [http://blogs.msdn.com/fxcop/ Microsoft Code Analysis Team blog] - addresses both the standalone FxCop tool as well as the Visual Studio Code Analysis feature
Line 26: Line 26:
 
* [http://code.msdn.microsoft.com/InfoXchange CustomFxCop (CodePlex)] - implements "...new rule sets to check variable naming conventions in a project. This will really help projects to automate their code review process."
 
* [http://code.msdn.microsoft.com/InfoXchange CustomFxCop (CodePlex)] - implements "...new rule sets to check variable naming conventions in a project. This will really help projects to automate their code review process."
 
* [http://code.google.com/p/findbugs-fxcop/ findbugs-FxCop (Google Code)] - "This project will produce custom rules for FxCop, that will look for coding mistakes similar to those found by FindBugs, such as infinite recursive loops and ignored return values."
 
* [http://code.google.com/p/findbugs-fxcop/ findbugs-FxCop (Google Code)] - "This project will produce custom rules for FxCop, that will look for coding mistakes similar to those found by FindBugs, such as infinite recursive loops and ignored return values."
* [http://trac2.assembla.com/owaspdotnet/ticket/6 OWASP FxCop rules (OWASP.Net)] - a basic set of rules devised by one of the members of the OWASP.NET project
 
 
* [http://web.archive.org/web/20040724165715/http://tatochip.com/archive/2004/07/19/2678.aspx Custom FxCop rule : checking for IDataReader in method parameters (Archive.org)] - a single FxCop rule in source code form
 
* [http://web.archive.org/web/20040724165715/http://tatochip.com/archive/2004/07/19/2678.aspx Custom FxCop rule : checking for IDataReader in method parameters (Archive.org)] - a single FxCop rule in source code form
 
* [http://web.archive.org/web/20060313113313/www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=14DEFFCB-9C2B-4C38-BEEC-AB860084E372 Custom FxCop rule: demonstrates extracting literal arguments from method call (Archive.org)] - a single FxCop rule in source code form
 
* [http://web.archive.org/web/20060313113313/www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=14DEFFCB-9C2B-4C38-BEEC-AB860084E372 Custom FxCop rule: demonstrates extracting literal arguments from method call (Archive.org)] - a single FxCop rule in source code form

Latest revision as of 18:12, 22 August 2008

What is FxCop?

FxCop is a free code analysis tool developed by Microsoft, use to analyze MSIL (Microsoft Intermediate Language) generated from any managed language (including C# and VB.NET).

FxCop is a standalone .NET 2.0 application, downloadable from the locations referenced below. A modified version of the FxCop codebase is integrated into Microsoft Visual Studio 2005 and 2008. While the rulebase for each is mostly the same, there are notable differences between the two (see the Rules comparison spreadsheet below), and the compiled format for custom rules is different; thus, one cannot generally develop custom rules that can be used natively in both contexts.

Resources

Tool, Documentation and Community

Custom Rules and other third-party Enhancements

Similar Tools for .NET code analysis

  • Agent Smith Plugin - "Agent Smith is C# code style validation plugin for ReSharper (Visual Studio plugin)."
  • Agent Johnson Plugin - "Plugin for JetBrains ReSharper", performing limited code analysis, refactoring and fixups on C# code.
  • Smokey (Google Code) - tool similar to FxCop for analysing managed code; has 220 separate rules.
  • Phoenix - an SDK from MS Research labelled as "...the software optimization and analysis framework that is the basis for all future Microsoft® compiler technologies. The Phoenix framework is an extensible system that can be adapted to read and write binaries and Microsoft Intermediate Language assemblies and represent the input files in an Intermediate Representation, which can be analyzed and manipulated by applications by using the Phoenix API."
  • Gendarme - "Gendarme is a extensible rule-based tool to find problems in .NET applications and libraries. Gendarme inspects programs and libraries that contain code in ECMA CIL format (Mono and .NET) and looks for common problems with the code, problems that compiler do not typically check or have not historically checked."
  • md-codeanalysis - "MonoDevelop.CodeAnalysis is an addin that integrates both Gendarme and Smokey into MonoDevelop."