From 7dc337e460e46938e06df96a2778b06fbbaaaa13 Mon Sep 17 00:00:00 2001 From: Rob Hague Date: Sat, 18 Nov 2023 21:00:41 +0100 Subject: [PATCH 1/2] Disable some impactful analyzers --- .editorconfig | 119 +++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 114 insertions(+), 5 deletions(-) diff --git a/.editorconfig b/.editorconfig index 30ee78be8..3c87b23ed 100644 --- a/.editorconfig +++ b/.editorconfig @@ -83,6 +83,16 @@ dotnet_diagnostic.S1481.severity = none # This is a duplicate of IDE0059. dotnet_diagnostic.S1854.severity = none +# S1944: Invalid casts should be avoided +# https://rules.sonarsource.com/csharp/RSPEC-1944/ +# +# Disabled due to build performance impact. +dotnet_diagnostic.S1944.severity = none + +# S2053: Hashes should include an unpredictable salt +# https://rules.sonarsource.com/csharp/RSPEC-2053/ +dotnet_diagnostic.S2053.severity = none + # S2259: Null pointers should not be dereferenced # https://rules.sonarsource.com/csharp/RSPEC-2259 # @@ -104,8 +114,8 @@ dotnet_diagnostic.S2551.severity = none # S2583: Conditionally executed code should be reachable # https://rules.sonarsource.com/csharp/RSPEC-2583 # -# This rule produces false errors in, for example, for loops. -#dotnet_diagnostic.S2583.severity = none +# Disabled due to build performance impact. +dotnet_diagnostic.S2583.severity = none # S2699: Tests should include assertions # https://rules.sonarsource.com/csharp/RSPEC-2699 @@ -119,6 +129,12 @@ dotnet_diagnostic.S2551.severity = none # } dotnet_diagnostic.S2699.severity = none +# S2930: "IDisposables" should be disposed +# https://rules.sonarsource.com/csharp/RSPEC-2930/ +# +# Duplicate of CA2000. +dotnet_diagnostic.S2930.severity = none + # S2933: Fields that are only assigned in the constructor should be "readonly" # https://rules.sonarsource.com/csharp/RSPEC-2933 # @@ -143,6 +159,10 @@ dotnet_diagnostic.S3218.severity = none # LINQ is the root of all evil :p dotnet_diagnostic.S3267.severity = none +# S3329: Cipher Block Chaining IVs should be unpredictable +# https://rules.sonarsource.com/csharp/RSPEC-3329/ +dotnet_diagnostic.S3329.severity = none + # S3376: Attribute, EventArgs, and Exception type names should end with the type being extended # https://rules.sonarsource.com/csharp/RSPEC-3376 # @@ -150,12 +170,36 @@ dotnet_diagnostic.S3267.severity = none # consider enabling S3376 in favor of MA0058. dotnet_diagnostic.S3376.severity = none +# S3459: Unassigned members should be removed +# https://rules.sonarsource.com/csharp/RSPEC-3459/ +# +# Duplicate of IDE0051/IDE0052 +dotnet_diagnostic.S3459.severity = none + +# S3626: Jump statements should not be redundant +# https://rules.sonarsource.com/csharp/RSPEC-3626/ +# +# Disabled due to build performance impact. +dotnet_diagnostic.S3626.severity = none + +# S3655: Empty nullable value should not be accessed +# https://rules.sonarsource.com/csharp/RSPEC-3655/ +# +# Disabled due to build performance impact. +dotnet_diagnostic.S3655.severity = none + # S3871: Exception types should be "public" # https://rules.sonarsource.com/csharp/RSPEC-3871 # # This is a duplicate of CA1064. dotnet_diagnostic.S3871.severity = none +# S3900: Arguments of public methods should be validated against null +# https://rules.sonarsource.com/csharp/RSPEC-3900/ +# +# This is a duplicate of CA1062. +dotnet_diagnostic.S3900.severity = none + # S3925: "ISerializable" should be implemented correctly # https://rules.sonarsource.com/csharp/RSPEC-3925 # @@ -168,6 +212,10 @@ dotnet_diagnostic.S3925.severity = none # This is a duplicate of MA0015. dotnet_diagnostic.S3928.severity = none +# S3949: Calculations should not overflow +# https://rules.sonarsource.com/csharp/RSPEC-3949/ +dotnet_diagnostic.S3949.severity = none + # S3998: Threads should not lock on objects with weak identity # https://rules.sonarsource.com/csharp/RSPEC-3998 # @@ -180,6 +228,16 @@ dotnet_diagnostic.S3998.severity = none # This is a duplicate of MA0062. dotnet_diagnostic.S4070.severity = none +# S4158: Empty collections should not be accessed or iterated +# https://rules.sonarsource.com/csharp/RSPEC-4158/ +# +# Disabled due to build performance impact. +dotnet_diagnostic.S4158.severity = none + +# S4423: Weak SSL/TLS protocols should not be used +# https://rules.sonarsource.com/csharp/RSPEC-4423/ +dotnet_diagnostic.S4423.severity = none + # S4456: Parameter validation in yielding methods should be wrapped # https://rules.sonarsource.com/csharp/RSPEC-4456 # @@ -198,6 +256,30 @@ dotnet_diagnostic.S4487.severity = none # This is a partial duplicate of MA0067, and we do not want to report the use of 'default' for a Guid as error. dotnet_diagnostic.S4581.severity = none +# S4663: Comments should not be empty +# https://rules.sonarsource.com/csharp/RSPEC-4663/ +dotnet_diagnostic.S4663.severity = none + +# S4830: Server certificates should be verified during SSL/TLS connections +# https://rules.sonarsource.com/csharp/RSPEC-4830/ +dotnet_diagnostic.S4830.severity = none + +# S5542: Encryption algorithms should be used with secure mode and padding scheme +# https://rules.sonarsource.com/csharp/RSPEC-5542/ +dotnet_diagnostic.S5542.severity = none + +# S5547: Cipher algorithms should be robust +# https://rules.sonarsource.com/csharp/RSPEC-5547/ +dotnet_diagnostic.S5547.severity = none + +# S5659: JWT should be signed and verified with strong cipher algorithms +# https://rules.sonarsource.com/csharp/RSPEC-5659/ +dotnet_diagnostic.S5659.severity = none + +# S5773: Types allowed to be deserialized should be restricted +# https://rules.sonarsource.com/csharp/RSPEC-5773/ +dotnet_diagnostic.S4581.severity = none + #### StyleCop rules #### # SA1003: Symbols must be spaced correctly @@ -232,6 +314,12 @@ dotnet_diagnostic.SA1101.severity = none # callsForType.Count); dotnet_diagnostic.SA1116.severity = none +# SA1121: Use built-in type alias +# https://github.com/DotNetAnalyzers/StyleCopAnalyzers/blob/master/documentation/SA1121.md +# +# Duplicate of IDE0049. +dotnet_diagnostic.SA1121.severity = none + # SA1200: Using directives must be placed correctly # # This is already verified by the .NET compiler platform analyzers (csharp_using_directive_placement option and IDE0065 rule). @@ -263,6 +351,9 @@ dotnet_diagnostic.SA1413.severity = none # This is a duplicate of IDE0011. dotnet_diagnostic.SA1503.severity = none +# SA1512: Single-line comments should not be followed by a blank line +dotnet_diagnostic.SA1512.severity = none + # SA1516: Elements must be separated by blank line # # When enabled, a diagnostic is produced for properties with both a get and set accessor. @@ -518,9 +609,7 @@ dotnet_diagnostic.CA1510.severity = none # # This is a duplicate of S927, but contains at least one bug: # https://github.com/dotnet/roslyn-analyzers/issues/6461 -# -# Since we do not enable any of the Sonar rules by default, we'll leave CA1725 enabled. -dotnet_diagnostic.CA1725.severity = error +dotnet_diagnostic.CA1725.severity = none # CA1825: Avoid zero-length array allocations # https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca1825 @@ -555,6 +644,26 @@ dotnet_code_quality.CA1859.api_surface = all # This is similar to, but less powerful than, MA0015. dotnet_diagnostic.CA2208.severity = none +# CA5389: Do not add archive item's path to the target file system path +# https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca5389 +dotnet_diagnostic.CA5389.severity = none + +# CA5390: Do not hard-code encryption key +# https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca5390 +dotnet_diagnostic.CA5390.severity = none + +# CA5401: Do not use CreateEncryptor with non-default IV +# https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca5401 +dotnet_diagnostic.CA5401.severity = none + +# CA5402: Use CreateEncryptor with the default IV +# https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca5402 +dotnet_diagnostic.CA5402.severity = none + +# CA5403: Do not hard-code certificate +# https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca5403 +dotnet_diagnostic.CA5403.severity = none + #### Roslyn IDE analyser rules #### # IDE0028: Simplify collection initialization; and From 14db4de527a4b4fbfbdb2a7f09878062edcea5c6 Mon Sep 17 00:00:00 2001 From: Rob Hague Date: Wed, 29 Nov 2023 20:12:58 +0100 Subject: [PATCH 2/2] fb --- .editorconfig | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.editorconfig b/.editorconfig index d55a22b4c..b8a4868e5 100644 --- a/.editorconfig +++ b/.editorconfig @@ -91,6 +91,9 @@ dotnet_diagnostic.S1944.severity = none # S2053: Hashes should include an unpredictable salt # https://rules.sonarsource.com/csharp/RSPEC-2053/ +# +# Disabled due to build performance impact / +# We need to specify the salt. dotnet_diagnostic.S2053.severity = none # S2259: Null pointers should not be dereferenced @@ -114,7 +117,8 @@ dotnet_diagnostic.S2551.severity = none # S2583: Conditionally executed code should be reachable # https://rules.sonarsource.com/csharp/RSPEC-2583 # -# Disabled due to build performance impact. +# Disabled due to build performance impact / +# This rule produces false errors in, for example, for loops. dotnet_diagnostic.S2583.severity = none # S2699: Tests should include assertions @@ -214,6 +218,8 @@ dotnet_diagnostic.S3928.severity = none # S3949: Calculations should not overflow # https://rules.sonarsource.com/csharp/RSPEC-3949/ +# +# Disabled due to build performance impact. dotnet_diagnostic.S3949.severity = none # S3998: Threads should not lock on objects with weak identity @@ -256,10 +262,6 @@ dotnet_diagnostic.S4487.severity = none # This is a partial duplicate of MA0067, and we do not want to report the use of 'default' for a Guid as error. dotnet_diagnostic.S4581.severity = none -# S4663: Comments should not be empty -# https://rules.sonarsource.com/csharp/RSPEC-4663/ -dotnet_diagnostic.S4663.severity = none - # S4830: Server certificates should be verified during SSL/TLS connections # https://rules.sonarsource.com/csharp/RSPEC-4830/ dotnet_diagnostic.S4830.severity = none @@ -352,6 +354,8 @@ dotnet_diagnostic.SA1413.severity = none dotnet_diagnostic.SA1503.severity = none # SA1512: Single-line comments should not be followed by a blank line +# +# Blank lines can improve readability. dotnet_diagnostic.SA1512.severity = none # SA1516: Elements must be separated by blank line @@ -663,14 +667,10 @@ dotnet_diagnostic.CA5390.severity = none # CA5401: Do not use CreateEncryptor with non-default IV # https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca5401 -# -# We need to specify the IV. dotnet_diagnostic.CA5401.severity = none # CA5402: Use CreateEncryptor with the default IV # https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca5402 -# -# We need to specify the IV. dotnet_diagnostic.CA5402.severity = none # CA5403: Do not hard-code certificate