Dela via


Code Analysis Warnings for Managed Code by CheckId

The following table lists Code Analysis warnings for managed code by the CheckId identifier of the warning.

Warnings

CheckId

Warning

Description

CA1000

CA1000: Do not declare static members on generic types

When a static member of a generic type is called, the type argument must be specified for the type. When a generic instance member that does not support inference is called, the type argument must be specified for the member. In these two cases, the syntax for specifying the type argument is different and easily confused.

CA1001

CA1001: Types that own disposable fields should be disposable

A class declares and implements an instance field that is a System.IDisposable type, and the class does not implement IDisposable. A class that declares an IDisposable field indirectly owns an unmanaged resource and should implement the IDisposable interface.

CA1002

CA1002: Do not expose generic lists

System.Collections.Generic.List<(Of <(T>)>) is a generic collection that is designed for performance, not inheritance. Therefore, List does not contain any virtual members. The generic collections that are designed for inheritance should be exposed instead.

CA1003

CA1003: Use generic event handler instances

A type contains a delegate that returns void, whose signature contains two parameters (the first an object and the second a type that is assignable to EventArgs), and the containing assembly targets Microsoft .NET Framework 2.0.

CA1004

CA1004: Generic methods should provide type parameter

Inference is how the type argument of a generic method is determined by the type of argument that is passed to the method, instead of by the explicit specification of the type argument. To enable inference, the parameter signature of a generic method must include a parameter that is of the same type as the type parameter for the method. In this case, the type argument does not have to be specified. When using inference for all type parameters, the syntax for calling generic and non-generic instance methods is identical; this simplifies the usability of generic methods.

CA1005

CA1005: Avoid excessive parameters on generic types

The more type parameters a generic type contains, the more difficult it is to know and remember what each type parameter represents. It is usually obvious with one type parameter, as in List<T>, and in certain cases that have two type parameters, as in Dictionary<TKey, TValue>. However, if more than two type parameters exist, the difficulty becomes too great for most users.

CA1006

CA1006: Do not nest generic types in member signatures

A nested type argument is a type argument that is also a generic type. To call a member whose signature contains a nested type argument, the user must instantiate one generic type and pass this type to the constructor of a second generic type. The required procedure and syntax are complex and should be avoided.

CA1007

CA1007: Use generics where appropriate

An externally visible method contains a reference parameter of type System.Object. Use of a generic method enables all types, subject to constraints, to be passed to the method without first casting the type to the reference parameter type.

CA1008

CA1008: Enums should have zero value

The default value of an uninitialized enumeration, just as other value types, is zero. A nonflags-attributed enumeration should define a member by using the value of zero so that the default value is a valid value of the enumeration. If an enumeration that has the FlagsAttribute attribute applied defines a zero-valued member, its name should be "None" to indicate that no values have been set in the enumeration.

CA1009

CA1009: Declare event handlers correctly

Event handler methods take two parameters. The first is of type System.Object and is named "sender". This is the object that raised the event. The second parameter is of type System.EventArgs and is named "e". This is the data that is associated with the event. Event handler methods should not return a value; in the C# programming language, this is indicated by the return type void.

CA1010

CA1010: Collections should implement generic interface

To broaden the usability of a collection, implement one of the generic collection interfaces. Then the collection can be used to populate generic collection types.

CA1011

CA1011: Consider passing base types as parameters

When a base type is specified as a parameter in a method declaration, any type that is derived from the base type can be passed as the corresponding argument to the method. If the additional functionality that is provided by the derived parameter type is not required, use of the base type enables wider use of the method.

CA1012

CA1012: Abstract types should not have constructors

Constructors on abstract types can be called only by derived types. Because public constructors create instances of a type, and you cannot create instances of an abstract type, an abstract type that has a public constructor is incorrectly designed.

CA1013

CA1013: Overload operator equals on overloading add and subtract

A public or protected type implements the addition or subtraction operators without implementing the equality operator.

CA1014

CA1014: Mark assemblies with CLSCompliantAttribute

The Common Language Specification (CLS) defines naming restrictions, data types, and rules to which assemblies must conform if they will be used across programming languages. Good design dictates that all assemblies explicitly indicate CLS compliance by using CLSCompliantAttribute . If this attribute is not present on an assembly, the assembly is not compliant.

CA1016

CA1016: Mark assemblies with AssemblyVersionAttribute

The .NET Framework uses the version number to uniquely identify an assembly, and to bind to types in strongly named assemblies. The version number is used together with version and publisher policy. By default, applications run only with the assembly version with which they were built.

CA1017

CA1017: Mark assemblies with ComVisibleAttribute

ComVisibleAttribute determines how COM clients access managed code. Good design dictates that assemblies explicitly indicate COM visibility. COM visibility can be set for the whole assembly and then overridden for individual types and type members. If this attribute is not present, the contents of the assembly are visible to COM clients.

CA1018

CA1018: Mark attributes with AttributeUsageAttribute

When you define a custom attribute, mark it by using AttributeUsageAttribute to indicate where in the source code the custom attribute can be applied. The meaning and intended usage of an attribute will determine its valid locations in code.

CA1019

CA1019: Define accessors for attribute arguments

Attributes can define mandatory arguments that must be specified when you apply the attribute to a target. These are also known as positional arguments because they are supplied to attribute constructors as positional parameters. For every mandatory argument, the attribute should also provide a corresponding read-only property so that the value of the argument can be retrieved at execution time. Attributes can also define optional arguments, which are also known as named arguments. These arguments are supplied to attribute constructors by name and should have a corresponding read/write property.

CA1020

CA1020: Avoid namespaces with few types

Make sure that each of your namespaces has a logical organization, and that a valid reason exists for putting types in a sparsely populated namespace.

CA1021

CA1021: Avoid out parameters

Passing types by reference (using out or ref) requires experience with pointers, understanding how value types and reference types differ, and handling methods with multiple return values. Also, the difference between out and ref parameters is not widely understood.

CA1023

CA1023: Indexers should not be multidimensional

Indexers (that is, indexed properties) should use a single index. Multidimensional indexers can significantly reduce the usability of the library.

CA1024

CA1024: Use properties where appropriate

A public or protected method has a name that starts with "Get", takes no parameters, and returns a value that is not an array. The method might be a good candidate to become a property.

CA1025

CA1025: Replace repetitive arguments with params array

Use a parameter array instead of repeated arguments when the exact number of arguments is unknown and when the variable arguments are the same type or can be passed as the same type.

CA1026

CA1026: Default parameters should not be used

Methods that use default parameters are allowed under the CLS; however, the CLS lets compilers ignore the values that are assigned to these parameters. To maintain the behavior that you want across programming languages, methods that use default parameters should be replaced by method overloads that provide the default parameters.

CA1027

CA1027: Mark enums with FlagsAttribute

An enumeration is a value type that defines a set of related named constants. Apply FlagsAttribute to an enumeration when its named constants can be meaningfully combined.

CA1028

CA1028: Enum storage should be Int32

An enumeration is a value type that defines a set of related named constants. By default, the System.Int32 data type is used to store the constant value. Although you can change this underlying type, it is not required or recommended for most scenarios.

CA1030

CA1030: Use events where appropriate

This rule detects methods that have names that ordinarily would be used for events. If a method is called in response to a clearly defined state change, the method should be invoked by an event handler. Objects that call the method should raise events instead of calling the method directly.

CA1031

CA1031: Do not catch general exception types

General exceptions should not be caught. Catch a more specific exception, or rethrow the general exception as the last statement in the catch block.

CA1032

CA1032: Implement standard exception constructors

Failure to provide the full set of constructors can make it difficult to correctly handle exceptions.

CA1033

CA1033: Interface methods should be callable by child types

An unsealed externally visible type provides an explicit method implementation of a public interface and does not provide an alternative externally visible method that has the same name.

CA1034

CA1034: Nested types should not be visible

A nested type is a type that is declared in the scope of another type. Nested types are useful to encapsulate private implementation details of the containing type. Used for this purpose, nested types should not be externally visible.

CA1035

CA1035: ICollection implementations have strongly typed members

This rule requires ICollection implementations to provide strongly typed members so that users are not required to cast arguments to the Object type when they use the functionality that is provided by the interface. This rule assumes that the type that implements ICollection does so to manage a collection of instances of a type that is stronger than Object.

CA1036

CA1036: Override methods on comparable types

A public or protected type implements the System.IComparable interface. It does not override Object.Equals nor does it overload the language-specific operator for equality, inequality, less than, or greater than.

CA1038

CA1038: Enumerators should be strongly typed

This rule requires IEnumerator implementations to also provide a strongly typed version of the Current property so that users are not required to cast the return value to the strong type when they use the functionality that is provided by the interface.

CA1039

CA1039: Lists are strongly typed

This rule requires IList implementations to provide strongly typed members so that users are not required to cast arguments to the System.Object type when they use the functionality that is provided by the interface.

CA1040

CA1040: Avoid empty interfaces

Interfaces define members that provide a behavior or usage contract. The functionality that is described by the interface can be adopted by any type, regardless of where the type appears in the inheritance hierarchy. A type implements an interface by providing implementations for the members of the interface. An empty interface does not define any members; therefore, it does not define a contract that can be implemented.

CA1041

CA1041: Provide ObsoleteAttribute message

A type or member is marked by using a System.ObsoleteAttribute attribute that does not have its ObsoleteAttribute.Message property specified. When a type or member that is marked by using ObsoleteAttribute is compiled, the Message property of the attribute is displayed. This gives the user information about the obsolete type or member.

CA1043

CA1043: Use integral or string argument for indexers

Indexers (that is, indexed properties) should use integral or string types for the index. These types are typically used for indexing data structures and they increase the usability of the library. Use of the Object type should be restricted to those cases where the specific integral or string type cannot be specified at design time.

CA1044

CA1044: Properties should not be write only

Although it is acceptable and often necessary to have a read-only property, the design guidelines prohibit the use of write-only properties. This is because letting a user set a value, and then preventing the user from viewing that value, does not provide any security. Also, without read access, the state of shared objects cannot be viewed, which limits their usefulness.

CA1045

CA1045: Do not pass types by reference

Passing types by reference (using out or ref) requires experience with pointers, understanding how value types and reference types differ, and handling methods that have multiple return values. Library architects who design for a general audience should not expect users to master working with out or ref parameters.

CA1046

CA1046: Do not overload operator equals on reference types

For reference types, the default implementation of the equality operator is almost always correct. By default, two references are equal only if they point to the same object.

CA1047

CA1047: Do not declare protected members in sealed types

Types declare protected members so that inheriting types can access or override the member. By definition, sealed types cannot be inherited, which means that protected methods on sealed types cannot be called.

CA1048

CA1048: Do not declare virtual members in sealed types

Types declare methods as virtual so that inheriting types can override the implementation of the virtual method. By definition, a sealed type cannot be inherited. This makes a virtual method on a sealed type meaningless.

CA1049

CA1049: Types that own native resources should be disposable

Types that allocate unmanaged resources should implement IDisposable to enable callers to release those resources on demand and to shorten the lifetimes of the objects that hold the resources.

CA1050

CA1050: Declare types in namespaces

Types are declared in namespaces to prevent name collisions and as a way to organize related types in an object hierarchy.

CA1051

CA1051: Do not declare visible instance fields

The primary use of a field should be as an implementation detail. Fields should be private or internal and should be exposed by using properties.

CA1052

CA1052: Static holder types should be sealed

A public or protected type contains only static members and is not declared by using the sealed (C# Reference) (NotInheritable) modifier. A type that is not meant to be inherited should be marked by using the sealed modifier to prevent its use as a base type.

CA1053

CA1053: Static holder types should not have constructors

A public or nested public type declares only static members and has a public or protected default constructor. The constructor is unnecessary because calling static members does not require an instance of the type. The string overload should call the uniform resource identifier (URI) overload by using the string argument for safety and security.

CA1054

CA1054: URI parameters should not be strings

If a method takes a string representation of a URI, a corresponding overload should be provided that takes an instance of the URI class, which provides these services in a safe and secure manner.

CA1055

CA1055: URI return values should not be strings

This rule assumes that the method returns a URI. A string representation of a URI is prone to parsing and encoding errors, and can lead to security vulnerabilities. The System.Uri class provides these services in a safe and secure manner.

CA1056

CA1056: URI properties should not be strings

This rule assumes that the property represents a Uniform Resource Identifier (URI). A string representation of a URI is prone to parsing and encoding errors, and can lead to security vulnerabilities. The System.Uri class provides these services in a safe and secure manner.

CA1057

CA1057: String URI overloads call System.Uri overloads

A type declares method overloads that differ only by the replacement of a string parameter with a System.Uri parameter. The overload that takes the string parameter does not call the overload that takes the URI parameter.

CA1058

CA1058: Types should not extend certain base types

An externally visible type extends certain base types. Use one of the alternatives.

CA1059

CA1059: Members should not expose certain concrete types

A concrete type is a type that has a complete implementation and therefore can be instantiated. To enable widespread use of the member, replace the concrete type by using the suggested interface.

CA1060

CA1060: Move P/Invokes to NativeMethods class

Platform Invocation methods, such as those that are marked by using the System.Runtime.InteropServices.DllImportAttribute attribute, or methods that are defined by using the Declare keyword in Visual Basic, access unmanaged code. These methods should be of the NativeMethods, SafeNativeMethods, or UnsafeNativeMethods class.

CA1061

CA1061: Do not hide base class methods

A method in a base type is hidden by an identically named method in a derived type, when the parameter signature of the derived method differs only by types that are more weakly derived than the corresponding types in the parameter signature of the base method.

CA1062

CA1062: Validate arguments of public methods

All reference arguments that are passed to externally visible methods should be checked against null.

CA1063

CA1063: Implement IDisposable correctly

All IDisposable types should implement the Dispose pattern correctly.

CA1064

CA1064: Exceptions should be public

An internal exception is visible only inside its own internal scope. After the exception falls outside the internal scope, only the base exception can be used to catch the exception. If the internal exception is inherited from T:System.Exception, T:System.SystemException, or T:System.ApplicationException, the external code will not have sufficient information to know what to do with the exception.

CA1065

CA1065: Do not raise exceptions in unexpected locations

A method that is not expected to throw exceptions throws an exception.

CA1300

CA1300: Specify MessageBoxOptions

To correctly display a message box for cultures that use a right-to-left reading order, the RightAlign and RtlReading members of the MessageBoxOptions enumeration must be passed to the Show method.

CA1301

CA1301: Avoid duplicate accelerators

An access key, also known as an accelerator, enables keyboard access to a control by using the ALT key. When multiple controls have duplicate access keys, the behavior of the access key is not well defined.

CA1302

CA1302: Do not hardcode locale specific strings

The System.Environment.SpecialFolder enumeration contains members that refer to special system folders. The locations of these folders can have different values on different operating systems; the user can change some of the locations; and the locations are localized. The Environment.GetFolderPath method returns the locations that are associated with the Environment.SpecialFolder enumeration, localized and appropriate for the currently running computer.

CA1303

CA1303: Do not pass literals as localized parameters

An externally visible method passes a string literal as a parameter to a constructor or method in the .NET Framework class library, and that string should be localizable.

CA1304

CA1304: Specify CultureInfo

A method or constructor calls a member that has an overload that accepts a System.Globalization.CultureInfo parameter, and the method or constructor does not call the overload that takes the CultureInfo parameter. When a CultureInfo or System.IFormatProvider object is not supplied, the default value that is supplied by the overloaded member might not have the effect that you want in all locales.

CA1305

CA1305: Specify IFormatProvider

A method or constructor calls one or more members that have overloads that accept a System.IFormatProvider parameter, and the method or constructor does not call the overload that takes the IFormatProvider parameter. When a System.Globalization.CultureInfo or IFormatProvider object is not supplied, the default value that is supplied by the overloaded member might not have the effect that you want in all locales.

CA1306

CA1306: Set locale for data types

The locale determines culture-specific presentation elements for data, such as formatting that is used for numeric values, currency symbols, and sort order. When you create a DataTable or DataSet, you should explicitly set the locale.

CA1307

CA1307: Specify StringComparison

A string comparison operation uses a method overload that does not set a StringComparison parameter.

CA1308

CA1308: Normalize strings to uppercase

Strings should be normalized to uppercase. A small group of characters cannot make a round trip when they are converted to lowercase.

CA1309

CA1309: Use ordinal StringComparison

A string comparison operation that is nonlinguistic does not set the StringComparison parameter to either Ordinal or OrdinalIgnoreCase. By explicitly setting the parameter to either StringComparison.Ordinal or StringComparison.OrdinalIgnoreCase, your code often gains speed, becomes more correct, and becomes more reliable.

CA1400

CA1400: P/Invoke entry points should exist

A public or protected method is marked by using the System.Runtime.InteropServices.DllImportAttribute attribute. Either the unmanaged library could not be located or the method could not be matched to a function in the library.

CA1401

CA1401: P/Invokes should not be visible

A public or protected method in a public type has the System.Runtime.InteropServices.DllImportAttribute attribute (also implemented by the Declare keyword in Visual Basic). Such methods should not be exposed.

CA1402

CA1402: Avoid overloads in COM visible interfaces

When overloaded methods are exposed to COM clients, only the first method overload retains its name. Subsequent overloads are uniquely renamed by appending to the name an underscore character (_) and an integer that corresponds to the order of declaration of the overload.

CA1403

CA1403: Auto layout types should not be COM visible

A COM-visible value type is marked by using the System.Runtime.InteropServices.StructLayoutAttribute attribute set to LayoutKind.Auto. The layout of these types can change between versions of the .NET Framework, which will break COM clients that expect a specific layout.

CA1404

CA1404: Call GetLastError immediately after P/Invoke

A call is made to the Marshal.GetLastWin32Error method or the equivalent Win32 GetLastError function, and the immediately previous call is not to an operating system invoke method.

CA1405

CA1405: COM visible type base types should be COM visible

A COM-visible type derives from a type that is not COM-visible.

CA1406

CA1406: Avoid Int64 arguments for Visual Basic 6 clients

Visual Basic 6 COM clients cannot access 64-bit integers.

CA1407

CA1407: Avoid static members in COM visible types

COM does not support static methods.

CA1408

CA1408: Do not use AutoDual ClassInterfaceType

Types that use a dual interface enable clients to bind to a specific interface layout. Any changes in a future version to the layout of the type or any base types will break COM clients that bind to the interface. By default, if the ClassInterfaceAttribute attribute is not specified, a dispatch-only interface is used.

CA1409

CA1409: Com visible types should be creatable

A reference type that is specifically marked as visible to COM contains a public parameterized constructor but does not contain a public default (parameterless) constructor. A type without a public default constructor is not creatable by COM clients.

CA1410

CA1410: COM registration methods should be matched

A type declares a method that is marked by using the System.Runtime.InteropServices.ComRegisterFunctionAttribute attribute but does not declare a method marked by using the System.Runtime.InteropServices.ComUnregisterFunctionAttribute attribute, or vice versa.

CA1411

CA1411: COM registration methods should not be visible

A method marked by using the System.Runtime.InteropServices.ComRegisterFunctionAttribute attribute or the System.Runtime.InteropServices.ComUnregisterFunctionAttribute attribute is externally visible.

CA1412

CA1412: Mark ComSource Interfaces as IDispatch

A type is marked by using the System.Runtime.InteropServices.ComSourceInterfacesAttribute attribute, and at least one of the specified interfaces is not marked by using the System.Runtime.InteropServices.InterfaceTypeAttribute attribute set to ComInterfaceType.InterfaceIsIDispatch.

CA1413

CA1413: Avoid non-public fields in COM visible value types

Nonpublic instance fields of COM-visible value types are visible to COM clients. Review the content of the fields for information that should not be exposed, or that will have unintended design or security effects.

CA1414

CA1414: Mark boolean P/Invoke arguments with MarshalAs

The Boolean data type has multiple representations in unmanaged code.

CA1415

CA1415: Declare P/Invokes correctly

This rule looks for operating system invoke method declarations that target Win32 functions that have a pointer to an OVERLAPPED structure parameter and the corresponding managed parameter is not a pointer to a System.Threading.NativeOverlapped structure.

CA1500

CA1500: Variable names should not match field names

An instance method declares a parameter or a local variable whose name matches an instance field of the declaring type, leading to errors.

CA1501

CA1501: Avoid excessive inheritance

A type is more than four levels deep in its inheritance hierarchy. Deeply nested type hierarchies can be difficult to follow, understand, and maintain.

CA1502

CA1502: Avoid excessive complexity

This rule measures the number of linearly independent paths through the method, which is determined by the number and complexity of conditional branches.

CA1504

CA1504: Review misleading field names

The name of an instance field starts with "s_", or the name of a static (Shared in Visual Basic) field starts with "m_".

CA1505

CA1505: Avoid unmaintainable code

A type or method has a low maintainability index value. A low maintainability index indicates that a type or method is probably difficult to maintain and would be a good candidate for redesign.

CA1506

CA1506: Avoid excessive class coupling

This rule measures class coupling by counting the number of unique type references that a type or method contains.

CA1600

CA1600: Do not use idle process priority

Do not set process priority to Idle. Processes that have System.Diagnostics.ProcessPriorityClass.Idle will occupy the CPU when it would otherwise be idle, and will therefore block standby.

CA1601

CA1601: Do not use timers that prevent power state changes

Higher-frequency periodic activity will keep the CPU busy and interfere with power-saving idle timers that turn off the display and hard disks.

CA1700

CA1700: Do not name enum values 'Reserved'

This rule assumes that an enumeration member that has a name that contains "reserved" is not currently used but is a placeholder to be renamed or removed in a future version. Renaming or removing a member is a breaking change.

CA1701

CA1701: Resource string compound words should be cased correctly

Each word in the resource string is split into tokens based on the casing. Each contiguous two-token combination is checked by the Microsoft spelling checker library. If recognized, the word produces a violation of the rule.

CA1702

CA1702: Compound words should be cased correctly

The name of an identifier contains multiple words, and at least one of the words appears to be a compound word that is not cased correctly.

CA1703

CA1703: Resource strings should be spelled correctly

A resource string contains one or more words that are not recognized by the Microsoft spelling checker library.

CA1704

CA1704: Identifiers should be spelled correctly

The name of an externally visible identifier contains one or more words that are not recognized by the Microsoft spelling checker library.

CA1707

CA1707: Identifiers should not contain underscores

By convention, identifier names do not contain the underscore (_) character. This rule checks namespaces, types, members, and parameters.

CA1708

CA1708: Identifiers should differ by more than case

Identifiers for namespaces, types, members, and parameters cannot differ only by case because languages that target the common language runtime are not required to be case-sensitive.

CA1709

CA1709: Identifiers should be cased correctly

By convention, parameter names use camel casing and namespace, type, and member names use Pascal casing.

CA1710

CA1710: Identifiers should have correct suffix

By convention, the names of types that extend certain base types or that implement certain interfaces, or types that are derived from these types, have a suffix that is associated with the base type or interface.

CA1711

CA1711: Identifiers should not have incorrect suffix

By convention, only the names of types that extend certain base types or that implement certain interfaces, or types that are derived from these types, should end with specific reserved suffixes. Other type names should not use these reserved suffixes.

CA1712

CA1712: Do not prefix enum values with type name

Names of enumeration members are not prefixed by using the type name because development tools are expected to provide type information.

CA1713

CA1713: Events should not have before or after prefix

The name of an event starts with "Before" or "After". To name related events that are raised in a specific sequence, use the present or past tense to indicate the relative position in the sequence of actions.

CA1714

CA1714: Flags enums should have plural names

A public enumeration has the System.FlagsAttribute attribute, and its name does not end in "s". Types that are marked by using FlagsAttribute have names that are plural because the attribute indicates that more than one value can be specified.

CA1715

CA1715: Identifiers should have correct prefix

The name of an externally visible interface does not start with an uppercase "I". The name of a generic type parameter on an externally visible type or method does not start with an uppercase "T".

CA1716

CA1716: Identifiers should not match keywords

A namespace name or a type name matches a reserved keyword in a programming language. Identifiers for namespaces and types should not match keywords that are defined by languages that target the common language runtime.

CA1717

CA1717: Only FlagsAttribute enums should have plural names

Naming conventions dictate that a plural name for an enumeration indicates that more than one value of the enumeration can be specified at the same time.

CA1719

CA1719: Parameter names should not match member names

A parameter name should communicate the meaning of a parameter and a member name should communicate the meaning of a member. It would be a rare design where these were the same. Naming a parameter the same as its member name is unintuitive and makes the library difficult to use.

CA1720

CA1720: Identifiers should not contain type names

The name of a parameter in an externally visible member contains a data type name, or the name of an externally visible member contains a language-specific data type name.

CA1721

CA1721: Property names should not match get methods

The name of a public or protected member starts with "Get" and otherwise matches the name of a public or protected property. "Get" methods and properties should have names that clearly distinguish their function.

CA1722

CA1722: Identifiers should not have incorrect prefix

By convention, only certain programming elements have names that begin with a specific prefix.

CA1724

CA1724: Type Names Should Not Match Namespaces

Type names should not match the names of namespaces that are defined in the .NET Framework class library. Violating this rule can reduce the usability of the library.

CA1725

CA1725: Parameter names should match base declaration

Consistent naming of parameters in an override hierarchy increases the usability of the method overrides. A parameter name in a derived method that differs from the name in the base declaration can cause confusion about whether the method is an override of the base method or a new overload of the method.

CA1726

CA1726: Use preferred terms

The name of an externally visible identifier includes a term for which an alternative, preferred term exists. Alternatively, the name includes the term "Flag" or "Flags".

CA1800

CA1800: Do not cast unnecessarily

Duplicate casts decrease performance, especially when the casts are performed in compact iteration statements.

CA1801

CA1801: Review unused parameters

A method signature includes a parameter that is not used in the method body.

CA1802

CA1802: Use Literals Where Appropriate

A field is declared static and read-only (Shared and ReadOnly in Visual Basic), and is initialized by using a value that is computable at compile time. Because the value that is assigned to the targeted field is computable at compile time, change the declaration to a const (Const in Visual Basic) field so that the value is computed at compile time instead of at run time.

CA1804

CA1804: Remove unused locals

Unused local variables and unnecessary assignments increase the size of an assembly and decrease performance.

CA1806

CA1806: Do not ignore method results

A new object is created but never used; or a method that creates and returns a new string is called and the new string is never used; or a COM or P/Invoke method returns an HRESULT or error code that is never used.

CA1809

CA1809: Avoid excessive locals

A common performance optimization is to store a value in a processor register instead of memory, which is referred to as "enregistering the value". To increase the chance that all local variables are enregistered, limit the number of local variables to 64.

CA1810

CA1810: Initialize reference type static fields inline

When a type declares an explicit static constructor, the just-in-time (JIT) compiler adds a check to each static method and instance constructor of the type to make sure that the static constructor was previously called. Static constructor checks can decrease performance.

CA1811

CA1811: Avoid uncalled private code

A private or internal (assembly-level) member does not have callers in the assembly; it is not invoked by the common language runtime; and it is not invoked by a delegate.

CA1812

CA1812: Avoid uninstantiated internal classes

An instance of an assembly-level type is not created by code in the assembly.

CA1813

CA1813: Avoid unsealed attributes

The .NET Framework class library provides methods for retrieving custom attributes. By default, these methods search the attribute inheritance hierarchy. Sealing the attribute eliminates the search through the inheritance hierarchy and can improve performance.

CA1814

CA1814: Prefer jagged arrays over multidimensional

A jagged array is an array whose elements are arrays. The arrays that make up the elements can be of different sizes, leading to less wasted space for some sets of data.

CA1815

CA1815: Override equals and operator equals on value types

For value types, the inherited implementation of Equals uses the Reflection library and compares the contents of all fields. Reflection is computationally expensive, and comparing every field for equality might be unnecessary. If you expect users to compare or sort instances, or to use instances as hash table keys, your value type should implement Equals.

CA1816

CA1816: Call GC.SuppressFinalize correctly

A method that is an implementation of Dispose does not call GC.SuppressFinalize; or a method that is not an implementation of Dispose calls GC.SuppressFinalize; or a method calls GC.SuppressFinalize and passes something other than this (Me in Visual Basic).

CA1819

CA1819: Properties should not return arrays

Arrays that are returned by properties are not write-protected, even when the property is read-only. To keep the array tamper-proof, the property must return a copy of the array. Typically, users will not understand the adverse performance implications of calling such a property.

CA1820

CA1820: Test for empty strings using string length

Comparing strings by using the String.Length property or the String.IsNullOrEmpty method is significantly faster than using Equals.

CA1821

CA1821: Remove empty finalizers

Whenever you can, avoid finalizers because of the additional performance overhead that is involved in tracking object lifetime. An empty finalizer incurs added overhead and delivers no benefit.

CA1822

CA1822: Mark members as static

Members that do not access instance data or call instance methods can be marked as static (Shared in Visual Basic). After you mark the methods as static, the compiler will emit nonvirtual call sites to these members. This can give you a measurable performance gain for performance-sensitive code.

CA1823

CA1823: Avoid unused private fields

Private fields were detected that do not appear to be accessed in the assembly.

CA1824

CA1824: Mark assemblies with NeutralResourcesLanguageAttribute

The NeutralResourcesLanguage attribute informs the ResourceManager of the language that was used to display the resources of a neutral culture for an assembly. This improves lookup performance for the first resource that you load and can reduce your working set.

CA1900

CA1900: Value type fields should be portable

This rule checks that structures that are declared by using explicit layout will align correctly when marshaled to unmanaged code on 64-bit operating systems.

CA1901

CA1901: P/Invoke declarations should be portable

This rule evaluates the size of each parameter and the return value of a P/Invoke, and verifies that the size of the parameter is correct when marshaled to unmanaged code on 32-bit and 64-bit operating systems.

CA1903

CA1903: Use only API from targeted framework

A member or type is using a member or type that was introduced in a service pack that was not included together with the targeted framework of the project.

CA2000

CA2000: Dispose objects before losing scope

Because an exceptional event might occur that will prevent the finalizer of an object from running, the object should be explicitly disposed before all references to it are out of scope.

CA2001

CA2001: Avoid calling problematic methods

A member calls a potentially dangerous or problematic method.

CA2002

CA2002: Do not lock on objects with weak identity

An object is said to have a weak identity when it can be directly accessed across application domain boundaries. A thread that tries to acquire a lock on an object that has a weak identity can be blocked by a second thread in a different application domain that has a lock on the same object.

CA2003

CA2003: Do not treat fibers as threads

A managed thread is being treated as a Win32 thread.

CA2004

CA2004: Remove calls to GC.KeepAlive

If you convert to SafeHandle usage, remove all calls to GC.KeepAlive (object). In this case, classes should not have to call GC.KeepAlive. This assumes they do not have a finalizer but rely on SafeHandle to finalize the OS handle for them.

CA2006

CA2006: Use SafeHandle to encapsulate native resources

Use of IntPtr in managed code might indicate a potential security and reliability problem. All uses of IntPtr must be reviewed to determine whether use of a SafeHandle, or similar technology, is required in its place.

CA2100

CA2100: Review SQL queries for security vulnerabilities

A method sets the System.Data.IDbCommand.CommandText property by using a string that is built from a string argument to the method. This rule assumes that the string argument contains user input. A SQL command string that is built from user input is vulnerable to SQL injection attacks.

CA2101

CA2101: Specify marshaling for P/Invoke string arguments

A platform invoke member allows partially trusted callers, has a string parameter, and does not explicitly marshal the string. This can cause a potential security vulnerability.

CA2102

CA2102: Catch non-CLSCompliant exceptions in general handlers

A member in an assembly that is not marked by using the RuntimeCompatibilityAttribute or is marked RuntimeCompatibility(WrapNonExceptionThrows = false) contains a catch block that handles System.Exception and does not contain an immediately following general catch block.

CA2103

CA2103: Review imperative security

A method uses imperative security and might be constructing the permission by using state information or return values that can change as long as the demand is active. Use declarative security whenever possible.

CA2104

CA2104: Do not declare read only mutable reference types

An externally visible type contains an externally visible read-only field that is a mutable reference type. A mutable type is a type whose instance data can be modified.

CA2105

CA2105: Array fields should not be read only

When you apply the read-only (ReadOnly in Visual Basic) modifier to a field that contains an array, the field cannot be changed to reference a different array. However, the elements of the array that are stored in a read-only field can be changed.

CA2106

CA2106: Secure asserts

A method asserts a permission and no security checks are performed on the caller. Asserting a security permission without performing any security checks can leave an exploitable security weakness in your code.

CA2107

CA2107: Review deny and permit only usage

The PermitOnly method and CodeAccessPermission.Deny security actions should be used only by those who have an advanced knowledge of .NET Framework security. Code that uses these security actions should undergo a security review.

CA2108

CA2108: Review declarative security on value types

A public or protected value type is secured by Data Access or Link Demands.

CA2109

CA2109: Review visible event handlers

A public or protected event-handling method was detected. Event-handling methods should not be exposed unless absolutely necessary.

CA2111

CA2111: Pointers should not be visible

A pointer is not private, internal, or read-only. Malicious code can change the value of the pointer, which potentially gives access to arbitrary locations in memory or causes application or system failures.

CA2112

CA2112: Secured types should not expose fields

A public or protected type contains public fields and is secured by Link Demands. If code has access to an instance of a type that is secured by a link demand, the code does not have to satisfy the link demand to access the fields of the type.

CA2114

CA2114: Method security should be a superset of type

A method should not have both method-level and type-level declarative security for the same action.

CA2115

CA2115: Call GC.KeepAlive when using native resources

This rule detects errors that might occur because an unmanaged resource is being finalized while it is still being used in unmanaged code.

CA2116

CA2116: APTCA methods should only call APTCA methods

When the APTCA (AllowPartiallyTrustedCallersAttribute) is present on a fully trusted assembly, and the assembly executes code in another assembly that does not allow for partially trusted callers, a security exploit is possible.

CA2117

CA2117: APTCA types should only extend APTCA base types

When the APTCA is present on a fully trusted assembly, and a type in the assembly inherits from a type that does not allow for partially trusted callers, a security exploit is possible.

CA2118

CA2118: Review SuppressUnmanagedCodeSecurityAttribute usage

SuppressUnmanagedCodeSecurityAttribute changes the default security system behavior for members that execute unmanaged code that uses COM interop or operating system invocation. This attribute is primarily used to increase performance; however, the performance gains come together with significant security risks.

CA2119

CA2119: Seal methods that satisfy private interfaces

An inheritable public type provides an overridable method implementation of an internal (Friend in Visual Basic) interface. To fix a violation of this rule, prevent the method from being overridden outside the assembly.

CA2120

CA2120: Secure serialization constructors

This type has a constructor that takes a System.Runtime.Serialization.SerializationInfo object and a System.Runtime.Serialization.StreamingContext object (the signature of the serialization constructor). This constructor is not secured by a security check, but one or more of the regular constructors in the type are secured.

CA2121

CA2121: Static constructors should be private

The system calls the static constructor before the first instance of the type is created or any static members are referenced. If a static constructor is not private, it can be called by code other than the system. Depending on the operations that are performed in the constructor, this can cause unexpected behavior.

CA2122

CA2122: Do not indirectly expose methods with link demands

A public or protected member has Link Demands and is called by a member that does not perform any security checks. A link demand checks the permissions of the immediate caller only.

CA2123

CA2123: Override link demands should be identical to base

This rule matches a method to its base method, which is either an interface or a virtual method in another type, and then compares the link demands on each. If this rule is violated, a malicious caller can bypass the link demand just by calling the unsecured method.

CA2124

CA2124: Wrap vulnerable finally clauses in outer try

A public or protected method contains a try/finally block. The finally block appears to reset the security state and is not itself enclosed in a finally block.

CA2126

CA2126: Type link demands require inheritance demands

A public unsealed type is protected by using a link demand and has an overridable method. Neither the type nor the method is protected by using an inheritance demand.

CA2127

CA2136: Members should not have conflicting transparency annotations

Critical code cannot occur in a 100 percent−transparent assembly. This rule analyzes 100 percent−transparent assemblies for any SecurityCritical annotations at the type, field, and method levels.

CA2128

CA2147: Transparent methods may not use security asserts

This rule analyzes all methods and types in an assembly that is either 100 percent−transparent or mixed transparent/critical, and flags any declarative or imperative use of Assert.

CA2129

CA2140: Transparent code must not reference security critical items

Methods that are marked by SecurityTransparentAttribute call nonpublic members that are marked as SecurityCritical. This rule analyzes all methods and types in an assembly that is mixed transparent/critical, and flags any calls from transparent code to nonpublic critical code that are not marked as SecurityTreatAsSafe.

CA2130

CA2130: Security critical constants should be transparent

Transparency enforcement is not enforced for constant values because compilers inline constant values so that no lookup is required at run time. Constant fields should be security transparent so that code reviewers do not assume that transparent code cannot access the constant.

CA2131

CA2131: Security critical types may not participate in type equivalence

A type participates in type equivalence and either the type itself, or a member or field of the type, is marked by using the SecurityCriticalAttribute attribute. This rule occurs on any critical types or types that contain critical methods or fields that are participating in type equivalence. When the CLR detects such a type, it does not load it with a TypeLoadException at run time. Typically, this rule is raised only when users implement type equivalence manually instead of in by relying on tlbimp and the compilers to do the type equivalence.

CA2132

CA2132: Default constructors must be at least as critical as base type default constructors

Types and members that have the SecurityCriticalAttribute cannot be used by Silverlight application code. Security-critical types and members can be used only by trusted code in the .NET Framework for Silverlight class library. Because a public or protected construction in a derived class must have the same or greater transparency than its base class, a class in an application cannot be derived from a class marked as SecurityCritical.

CA2133

CA2133: Delegates must bind to methods with consistent transparency

This warning is raised on a method that binds a delegate that is marked by using the SecurityCriticalAttribute to a method that is transparent or that is marked by using the SecuritySafeCriticalAttribute. The warning also is raised on a method that binds a delegate that is transparent or safe-critical to a critical method.

CA2134

CA2134: Methods must keep consistent transparency when overriding base methods

This rule is raised when a method marked by using the SecurityCriticalAttribute overrides a method that is transparent or marked by using the SecuritySafeCriticalAttribute. The rule also is raised when a method that is transparent or marked by using the SecuritySafeCriticalAttribute overrides a method that is marked by using a SecurityCriticalAttribute. The rule is applied when overriding a virtual method or implementing an interface.

CA2135

CA2135: Level 2 assemblies should not contain LinkDemands

LinkDemands are deprecated in the level 2 security rule set. Instead of using LinkDemands to enforce security at JIT compilation time, mark the methods, types, and fields by using the SecurityCriticalAttribute attribute.

CA2136

CA2136: Members should not have conflicting transparency annotations

Transparency attributes are applied from code elements of larger scope to elements of smaller scope. The transparency attributes of code elements that have larger scope take precedence over transparency attributes of code elements that are contained in the first element. For example, a class that is marked by using the SecurityCriticalAttribute attribute cannot contain a method that is marked by using the SecuritySafeCriticalAttribute attribute.

CA2137

CA2137: Transparent methods must contain only verifiable IL

A method contains unverifiable code or returns a type by reference. This rule is raised on attempts by security transparent code to execute unverifiable microsoft intermediate language (MISL). However, the rule does not contain a full IL verifier, and instead uses heuristics to catch most violations of MSIL verification.

CA2138

CA2138: Transparent methods must not call methods with the SuppressUnmanagedCodeSecurity attribute

A security transparent method calls a method that is marked by using the SuppressUnmanagedCodeSecurityAttribute attribute.

CA2139

CA2139: Transparent methods may not use the HandleProcessCorruptingExceptions attribute

This rule is raised by any method that is transparent and attempts to handle a process corrupting exception by using the HandleProcessCorruptedStateExceptionsAttribute attribute. A process corrupting exception is a CLR version 4.0 exception classification of exceptions such as AccessViolationException. The HandleProcessCorruptedStateExceptionsAttribute attribute may be used only by security critical methods, and will be ignored if it is applied to a transparent method.

CA2140

CA2140: Transparent code must not reference security critical items

A code element that is marked by using the SecurityCriticalAttribute attribute is security critical. A transparent method cannot use a security critical element. If a transparent type attempts to use a security critical type, a TypeAccessException, MethodAccessException, or FieldAccessException is raised.

CA2141

CA2141:Transparent methods must not satisfy LinkDemands

A security transparent method calls a method in an assembly that is not marked by using the APTCA, or a security transparent method satisfies a LinkDemand for a type or a method.

CA2142

CA2142: Transparent code should not be protected with LinkDemands

This rule is raised on transparent methods that require LinkDemands to access them. Security transparent code should not be responsible for verifying the security of an operation, and therefore should not demand permissions.

CA2143

CA2143: Transparent methods should not use security demands

Security transparent code should not be responsible for verifying the security of an operation, and therefore should not demand permissions. Security transparent code should use full demands to make security decisions and safe-critical code should not rely on transparent code to have made the full demand.

CA2144

CA2144: Transparent code should not load assemblies from byte arrays

The security review for transparent code is not as complete as the security review for critical code because transparent code cannot perform security sensitive actions. Assemblies that are loaded from a byte array might not be noticed in transparent code, and that byte array might contain critical, or more important safe-critical code, that does have to be audited.

CA2145

CA2145: Transparent methods should not be decorated with the SuppressUnmanagedCodeSecurityAttribute

Methods that are decorated by the SuppressUnmanagedCodeSecurityAttribute attribute have an implicit LinkDemand put upon any method that calls it. This LinkDemand requires that the calling code be security critical. Marking the method that uses SuppressUnmanagedCodeSecurity by using the SecurityCriticalAttribute attribute makes this requirement more obvious for callers of the method.

CA2146

CA2146: Types must be at least as critical as their base types and interfaces

This rule is raised when a derived type has a security transparency attribute that is not as critical as its base type or implemented interface. Only critical types can derive from critical base types or implement critical interfaces, and only critical or safe-critical types can derive from safe-critical base types or implement safe-critical interfaces.

CA2147

CA2147: Transparent methods may not use security asserts

Code that is marked as SecurityTransparentAttribute is not granted sufficient permissions to assert.

CA2149

CA2149: Transparent methods must not call into native code

This rule is raised on any transparent method that calls directly into native code (for example, through a P/Invoke). Violations of this rule lead to a MethodAccessException in the level 2 transparency model and a full demand for UnmanagedCode in the level 1 transparency model.

CA2151

CA2151: Fields with critical types should be security critical

To use security critical types, the code that references the type must be either security critical or security safe critical. This is true even if the reference is indirect. Therefore, having a security transparent or security safe critical field is misleading because transparent code will still be unable to access the field.

CA2200

CA2200: Rethrow to preserve stack details

An exception is rethrown and the exception is explicitly specified in the throw statement. If an exception is rethrown by specifying the exception in the throw statement, the list of method calls between the original method that threw the exception and the current method is lost.

CA2201

CA2201: Do not raise reserved exception types

This makes the original error difficult to detect and debug.

CA2202

CA2202: Do not dispose objects multiple times

A method implementation contains code paths that could cause multiple calls to System.IDisposable.Dispose or a Dispose equivalent (such as a Close() method on some types) on the same object.

CA2204

CA2204: Literals should be spelled correctly

A literal string in a method body contains one or more words that are not recognized by the Microsoft spelling checker library.

CA2205

CA2205: Use managed equivalents of Win32 API

An operating system invoke method is defined and a method that has the equivalent functionality is located in the .NET Framework class library.

CA2207

CA2207: Initialize value type static fields inline

A value type declares an explicit static constructor. To fix a violation of this rule, initialize all static data when it is declared and remove the static constructor.

CA2208

CA2208: Instantiate argument exceptions correctly

A call is made to the default (parameterless) constructor of an exception type that is or derives from ArgumentException, or an incorrect string argument is passed to a parameterized constructor of an exception type that is or derives from ArgumentException.

CA2210

CA2210: Assemblies should have valid strong names

The strong name protects clients from unknowingly loading an assembly that has been tampered with. Assemblies without strong names should not be deployed outside very limited scenarios. If you share or distribute assemblies that are not correctly signed, the assembly can be tampered with, the common language runtime might not load the assembly, or the user might have to disable verification on his or her computer.

CA2211

CA2211: Non-constant fields should not be visible

Static fields that are neither constants nor read-only are not thread-safe. Access to such a field must be carefully controlled and requires advanced programming techniques to synchronize access to the class object.

CA2212

CA2212: Do not mark serviced components with WebMethod

A method in a type that inherits from System.EnterpriseServices.ServicedComponent is marked by using System.Web.Services.WebMethodAttribute. Because WebMethodAttribute and a ServicedComponent method have conflicting behavior and requirements for context and transaction flow, the behavior of the method will be incorrect in some scenarios.

CA2213

CA2213: Disposable fields should be disposed

A type that implements System.IDisposable declares fields that are of types that also implement IDisposable. The Dispose method of the field is not called by the Dispose method of the declaring type.

CA2214

CA2214: Do not call overridable methods in constructors

When a constructor calls a virtual method, the constructor for the instance that invokes the method may not have executed.

CA2215

CA2215: Dispose methods should call base class dispose

If a type inherits from a disposable type, it must call the Dispose method of the base type from its own Dispose method.

CA2216

CA2216: Disposable types should declare finalizer

A type that implements System.IDisposable and has fields that suggest the use of unmanaged resources does not implement a finalizer, as described by Object.Finalize.

CA2217

CA2217: Do not mark enums with FlagsAttribute

An externally visible enumeration is marked by using FlagsAttribute, and it has one or more values that are not powers of two or a combination of the other defined values on the enumeration.

CA2218

CA2218: Override GetHashCode on overriding Equals

GetHashCode returns a value, based on the current instance, that is suited for hashing algorithms and data structures such as a hash table. Two objects that are the same type and are equal must return the same hash code.

CA2219

CA2219: Do not raise exceptions in exception clauses

When an exception is raised in a finally or fault clause, the new exception hides the active exception. When an exception is raised in a filter clause, the run time silently catches the exception. This makes the original error difficult to detect and debug.

CA2220

CA2220: Finalizers should call base class finalizer

Finalization must be propagated through the inheritance hierarchy. To guarantee this, types must call their base class Finalize method in their own Finalize method.

CA2221

CA2221: Finalizers should be protected

Finalizers must use the family access modifier.

CA2222

CA2222: Do not decrease inherited member visibility

You should not change the access modifier for inherited members. Changing an inherited member to private does not prevent callers from accessing the base class implementation of the method.

CA2223

CA2223: Members should differ by more than return type

Although the common language runtime allows the use of return types to differentiate between otherwise identical members, this feature is not in the Common Language Specification, nor is it a common feature of .NET programming languages.

CA2224

CA2224: Override equals on overloading operator equals

A public type implements the equality operator but does not override Object.Equals.

CA2225

CA2225: Operator overloads have named alternates

An operator overload was detected, and the expected named alternative method was not found. The named alternative member provides access to the same functionality as the operator and is provided for developers who program in languages that do not support overloaded operators.

CA2226

CA2226: Operators should have symmetrical overloads

A type implements the equality or inequality operator and does not implement the opposite operator.

CA2227

CA2227: Collection properties should be read only

A writable collection property allows a user to replace the collection with a different collection. A read-only property stops the collection from being replaced but still allows the individual members to be set.

CA2228

CA2228: Do not ship unreleased resource formats

Resource files that were built by using prerelease versions of the .NET Framework might not be usable by supported versions of the .NET Framework.

CA2229

CA2229: Implement serialization constructors

To fix a violation of this rule, implement the serialization constructor. For a sealed class, make the constructor private; otherwise, make it protected.

CA2230

CA2230: Use params for variable arguments

A public or protected type contains a public or protected method that uses the VarArgs calling convention instead of the params keyword.

CA2231

CA2231: Overload operator equals on overriding ValueType.Equals

A value type overrides Object.Equals but does not implement the equality operator.

CA2232

CA2232: Mark Windows Forms entry points with STAThread

STAThreadAttribute indicates that the COM threading model for the application is a single-threaded apartment. This attribute must be present on the entry point of any application that uses Windows Forms; if it is omitted, the Windows components might not work correctly.

CA2233

CA2233: Operations should not overflow

You should not perform arithmetic operations without first validating the operands. This makes sure that the result of the operation is not outside the range of possible values for the data types that are involved.

CA2234

CA2234: Pass System.Uri objects instead of strings

A call is made to a method that has a string parameter whose name contains "uri", "URI", "urn", "URN", "url", or "URL". The declaring type of the method contains a corresponding method overload that has a System.Uri parameter.

CA2235

CA2235: Mark all non-serializable fields

An instance field of a type that is not serializable is declared in a type that is serializable.

CA2236

CA2236: Call base class methods on ISerializable types

To fix a violation of this rule, call the base type GetObjectData method or serialization constructor from the corresponding derived type method or constructor.

CA2237

CA2237: Mark ISerializable types with SerializableAttribute

To be recognized by the common language runtime as serializable, types must be marked by using the SerializableAttribute attribute even when the type uses a custom serialization routine through implementation of the ISerializable interface.

CA2238

CA2238: Implement serialization methods correctly

A method that handles a serialization event does not have the correct signature, return type, or visibility.

CA2239

CA2239: Provide deserialization methods for optional fields

A type has a field that is marked by using the System.Runtime.Serialization.OptionalFieldAttribute attribute, and the type does not provide deserialization event handling methods.

CA2240

CA2240: Implement ISerializable correctly

To fix a violation of this rule, make the GetObjectData method visible and overridable, and make sure that all instance fields are included in the serialization process or explicitly marked by using the NonSerializedAttribute attribute.

CA2241

CA2241: Provide correct arguments to formatting methods

The format argument that is passed to System.String.Format does not contain a format item that corresponds to each object argument, or vice versa.

CA2242

CA2242: Test for NaN correctly

This expression tests a value against Single.Nan or Double.Nan. Use Single.IsNan(Single) or Double.IsNan(Double) to test the value.

CA2243

CA2243: Attribute string literals should parse correctly

The string literal parameter of an attribute does not parse correctly for a URL, a GUID, or a version.

CA5122

CA5122 P/Invoke declarations should not be safe critical

Methods are marked as SecuritySafeCritical when they perform a security sensitive operation, but are also safe to be used by transparent code. Transparent code may never directly call native code through a P/Invoke. Therefore, marking a P/Invoke as security safe critical will not enable transparent code to call it, and is misleading for security analysis.