This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "FxCop"

From OWASP
Jump to: navigation, search
m (Custom Rules and other third-party Enhancements: added a couple of links to custom rules)
(added link to OWASP.NET security rules)
Line 26: Line 26:
 
* [http://code.msdn.microsoft.com/InfoXchange CustomFxCop (CodePlex)] - implements "...new rule sets to check variable naming conventions in a project. This will really help projects to automate their code review process."
 
* [http://code.msdn.microsoft.com/InfoXchange CustomFxCop (CodePlex)] - implements "...new rule sets to check variable naming conventions in a project. This will really help projects to automate their code review process."
 
* [http://code.google.com/p/findbugs-fxcop/ findbugs-FxCop (Google Code)] - "This project will produce custom rules for FxCop, that will look for coding mistakes similar to those found by FindBugs, such as infinite recursive loops and ignored return values."
 
* [http://code.google.com/p/findbugs-fxcop/ findbugs-FxCop (Google Code)] - "This project will produce custom rules for FxCop, that will look for coding mistakes similar to those found by FindBugs, such as infinite recursive loops and ignored return values."
 +
* [http://trac2.assembla.com/owaspdotnet/ticket/6 OWASP FxCop rules (OWASP.Net)] - a basic set of rules devised by one of the members of the OWASP.NET project
 
* [http://web.archive.org/web/20040724165715/http://tatochip.com/archive/2004/07/19/2678.aspx Custom FxCop rule : checking for IDataReader in method parameters (Archive.org)] - a single FxCop rule in source code form
 
* [http://web.archive.org/web/20040724165715/http://tatochip.com/archive/2004/07/19/2678.aspx Custom FxCop rule : checking for IDataReader in method parameters (Archive.org)] - a single FxCop rule in source code form
 
* [http://web.archive.org/web/20060313113313/www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=14DEFFCB-9C2B-4C38-BEEC-AB860084E372 Custom FxCop rule: demonstrates extracting literal arguments from method call (Archive.org)] - a single FxCop rule in source code form
 
* [http://web.archive.org/web/20060313113313/www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=14DEFFCB-9C2B-4C38-BEEC-AB860084E372 Custom FxCop rule: demonstrates extracting literal arguments from method call (Archive.org)] - a single FxCop rule in source code form

Revision as of 20:58, 19 August 2008

What is FxCop?

FxCop is a free code analysis tool developed by Microsoft, use to analyze MSIL (Microsoft Intermediate Language) generated from any managed language (including C# and VB.NET).

FxCop is a standalone .NET 2.0 application, downloadable from the locations referenced below. A modified version of the FxCop codebase is integrated into Microsoft Visual Studio 2005 and 2008. While the rulebase for each is mostly the same, there are notable differences between the two (see the Rules comparison spreadsheet below), and the compiled format for custom rules is different; thus, one cannot generally develop custom rules that can be used natively in both contexts.

Resources

Tool, Documentation and Community

Custom Rules and other third-party Enhancements

Similar Tools for .NET code analysis

  • Agent Smith Plugin - "Agent Smith is C# code style validation plugin for ReSharper (Visual Studio plugin)."
  • Agent Johnson Plugin - "Plugin for JetBrains ReSharper", performing limited code analysis, refactoring and fixups on C# code.
  • Smokey (Google Code) - tool similar to FxCop for analysing managed code; has 220 separate rules.
  • Phoenix - an SDK from MS Research labelled as "...the software optimization and analysis framework that is the basis for all future Microsoft® compiler technologies. The Phoenix framework is an extensible system that can be adapted to read and write binaries and Microsoft Intermediate Language assemblies and represent the input files in an Intermediate Representation, which can be analyzed and manipulated by applications by using the Phoenix API."
  • Gendarme - "Gendarme is a extensible rule-based tool to find problems in .NET applications and libraries. Gendarme inspects programs and libraries that contain code in ECMA CIL format (Mono and .NET) and looks for common problems with the code, problems that compiler do not typically check or have not historically checked."
  • md-codeanalysis - "MonoDevelop.CodeAnalysis is an addin that integrates both Gendarme and Smokey into MonoDevelop."