This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "FxCop"
From OWASP
ParanoidMike (talk | contribs) (added link to OWASP.NET security rules) |
ParanoidMike (talk | contribs) |
||
| Line 26: | Line 26: | ||
* [http://code.msdn.microsoft.com/InfoXchange CustomFxCop (CodePlex)] - implements "...new rule sets to check variable naming conventions in a project. This will really help projects to automate their code review process." | * [http://code.msdn.microsoft.com/InfoXchange CustomFxCop (CodePlex)] - implements "...new rule sets to check variable naming conventions in a project. This will really help projects to automate their code review process." | ||
* [http://code.google.com/p/findbugs-fxcop/ findbugs-FxCop (Google Code)] - "This project will produce custom rules for FxCop, that will look for coding mistakes similar to those found by FindBugs, such as infinite recursive loops and ignored return values." | * [http://code.google.com/p/findbugs-fxcop/ findbugs-FxCop (Google Code)] - "This project will produce custom rules for FxCop, that will look for coding mistakes similar to those found by FindBugs, such as infinite recursive loops and ignored return values." | ||
| − | |||
* [http://web.archive.org/web/20040724165715/http://tatochip.com/archive/2004/07/19/2678.aspx Custom FxCop rule : checking for IDataReader in method parameters (Archive.org)] - a single FxCop rule in source code form | * [http://web.archive.org/web/20040724165715/http://tatochip.com/archive/2004/07/19/2678.aspx Custom FxCop rule : checking for IDataReader in method parameters (Archive.org)] - a single FxCop rule in source code form | ||
* [http://web.archive.org/web/20060313113313/www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=14DEFFCB-9C2B-4C38-BEEC-AB860084E372 Custom FxCop rule: demonstrates extracting literal arguments from method call (Archive.org)] - a single FxCop rule in source code form | * [http://web.archive.org/web/20060313113313/www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=14DEFFCB-9C2B-4C38-BEEC-AB860084E372 Custom FxCop rule: demonstrates extracting literal arguments from method call (Archive.org)] - a single FxCop rule in source code form | ||
Revision as of 18:08, 22 August 2008
What is FxCop?
FxCop is a free code analysis tool developed by Microsoft, use to analyze MSIL (Microsoft Intermediate Language) generated from any managed language (including C# and VB.NET).
FxCop is a standalone .NET 2.0 application, downloadable from the locations referenced below. A modified version of the FxCop codebase is integrated into Microsoft Visual Studio 2005 and 2008. While the rulebase for each is mostly the same, there are notable differences between the two (see the Rules comparison spreadsheet below), and the compiled format for custom rules is different; thus, one cannot generally develop custom rules that can be used natively in both contexts.
Resources
Tool, Documentation and Community
- Download - FxCop v1.35
- Download - FxCop v1.36 (beta)
- Download - FxCop v1.32 (via archive.org) - only necessary if you wish to perform analysis of code written in Visual Studio 2003 or earlier.
- Download - Rules comparison spreadsheet - documenting the rules differences between those shipped with FxCop and the Visual Studio Code Analysis feature
- Documentation - FxCop - MSDN documentation for FxCop
- Forum - Visual Studio Code Analysis and Code Metrics - MSDN forum to discuss issues and ideas regarding FxCop and the Visual Studio Code Analysis feature
- Wikipedia - FxCop article
- Blog - Microsoft Code Analysis Team blog - addresses both the standalone FxCop tool as well as the Visual Studio Code Analysis feature
- Blog - Dave's Box - personal blog written by a member of Microsoft's Code Analysis team
- Article - Run FxCop from Code
- Article - Writing Real Unit Tests for your Custom FxCop Rules
- Article - FxCop and Code Analysis: Writing Your Own Custom Rules - the definitive tutorial by Jason Kresowaty
Custom Rules and other third-party Enhancements
- JSL FxCop (CodePlex) - open-source utility to help build custom FxCop rules, as well as many custom rules.
- Community Static Analysis Rules (CodePlex) - "a community-based project for creating a set of static analysis rules to extend those provided by the FxCop team."
- TeachNaGeamhradh FxCop Rules (SourceForge) - "A growing collection of rules and experimentation with FxCop to provide a comprehensive list of rules that are useful against the .Net assemblies."
- Lephone FxCop Rules (CodePlex) - a small set of custom rules
- CustomFxCop (CodePlex) - implements "...new rule sets to check variable naming conventions in a project. This will really help projects to automate their code review process."
- findbugs-FxCop (Google Code) - "This project will produce custom rules for FxCop, that will look for coding mistakes similar to those found by FindBugs, such as infinite recursive loops and ignored return values."
- Custom FxCop rule : checking for IDataReader in method parameters (Archive.org) - a single FxCop rule in source code form
- Custom FxCop rule: demonstrates extracting literal arguments from method call (Archive.org) - a single FxCop rule in source code form
- Custom FxCop rules: No Numerals in Variable Names, Naming Constants (Archive.org) - two FxCop rules in source code form
- Custom FxCop 1.32 rule: detects calls to specific API (Archive.org) - a single FxCop 1.32 rule in source code form
- Custom FxCop 1.32 rule: detects calls to specific API (Archive.org) - a single FxCop 1.32 rule in source code form
- Custom FxCop 1.32 rules (Archive.org) - some FxCop 1.32 rules in source code form
- Custom FxCop rules "My FxCop rules" (Archive.org) - some FxCop rules [broken link]
- TechEd 2004 presentation & samples by Michael Murray (Archive.org) - "Code Correctness with FxCop 1.30" [broken link]
- FxDeputy (SourceForge) - "This project is of use to anyone writing rules for the FxCop checker for .NET. This provides a framework that will allow you to tag tests with attributes that will provide you with control of what tests are run against your rules."
- FxCopUnit (ASP.NET blogs) - "A framework for integrated FxCop rule testing"
- FxCop Delta (CodePlex) - "a custom check-in policy for Visual Studio Team System that runs FxCop rules before performing a check-in."
- FinRad Statistics Collector for FxCop (CodePlex) - "...intended to help development teams to track the progress of an FxCop backlog cleanup effort."
- FxCopReportAll.xsl (Archive.org) - GotDotNet sample "style sheet for report that shows all Active and Excluded Messages."
- (CustomRules in FxCop - DEAD CodePlex project)
Similar Tools for .NET code analysis
- Agent Smith Plugin - "Agent Smith is C# code style validation plugin for ReSharper (Visual Studio plugin)."
- Agent Johnson Plugin - "Plugin for JetBrains ReSharper", performing limited code analysis, refactoring and fixups on C# code.
- Smokey (Google Code) - tool similar to FxCop for analysing managed code; has 220 separate rules.
- Phoenix - an SDK from MS Research labelled as "...the software optimization and analysis framework that is the basis for all future Microsoft® compiler technologies. The Phoenix framework is an extensible system that can be adapted to read and write binaries and Microsoft Intermediate Language assemblies and represent the input files in an Intermediate Representation, which can be analyzed and manipulated by applications by using the Phoenix API."
- Gendarme - "Gendarme is a extensible rule-based tool to find problems in .NET applications and libraries. Gendarme inspects programs and libraries that contain code in ECMA CIL format (Mono and .NET) and looks for common problems with the code, problems that compiler do not typically check or have not historically checked."
- md-codeanalysis - "MonoDevelop.CodeAnalysis is an addin that integrates both Gendarme and Smokey into MonoDevelop."
