JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

CodeSonar® 9.2p0 CONFIDENTIAL CodeSecure Inc
C#

C# Warning Classes

This page lists the built-in, CodeSonar-detected C# warning classes for CodeSonar.
Warning classes detected by Roslyn are not discussed on this page: see Roslyn-Detected C# Warning Classes.

See also C/C++ Warning Classes, Java Warning Classes.

Important Note: CodeSonar projects are built from Microsoft C# assembly code (.exe or .dll files) and debug information (.pdb files). However, CodeSonar will only analyze those parts of the project for which corresponding source code (.cs files) is also available, because warning reports are not useful or comprehensible without source information.

Introduction

We divide the C# warning classes shipped with CodeSonar into two groups.

The CodeSonar-detected C# warning classes can be further subdivided into four groups.

The table of C# warning classes that are disabled by default, below, specifies the security/deep/pedantic designation for each warning class.

Configuration Presets

There are several configuration presets that are specific to the C# analysis, as well as a number of presets that apply across all analyzed source languages.

The following are especially relevant to the CodeSonar-detected C# warning classes.

Preset Notes
csharp_complete Enables all CodeSonar-detected C# warning classes
csharp_security, csharp_deep, csharp_pedantic Enable the security, deep, and pedantic CodeSonar-detected C# warning classes, respectively.

Enabled By Default

Class Name Mnemonic
== Always Fails Because Types Always Different (C#) CSHARP.REDUNDANT.EQF.TYPE
Abs on random (C#) CSHARP.MATH.ABSRAND
Ambiguous Call from Inner Class (C#) CSHARP.CLASS.ACIC
Anonymous LDAP Authentication (C#) CSHARP.INSEC.LDAP.ANON
Approximate e Constant (C#) CSHARP.MATH.APPROX.E
Approximate pi Constant (C#) CSHARP.MATH.APPROX.PI
Assignment in Conditional (C#) CSHARP.STRUCT.CONDASSIG
Asymmetric compareTo (C#) CSHARP.COMPARE.CTO.ASSYM
Bitwise AND on Boolean (C#) CSHARP.STRUCT.BW.AND
Bitwise AND on Boolean Constant (C#) CSHARP.STRUCT.BW.ANDC
Bitwise OR on Boolean (C#) CSHARP.STRUCT.BW.OR
Bitwise OR on Boolean Constant (C#) CSHARP.STRUCT.BW.ORC
Blocking in Critical Section (C#) CSHARP.CONCURRENCY.STARVE.BLOCKING
Call Might Return Null (C#) CSHARP.NULL.RET.UNCHECKED
Cast: Integer to Floating Point (C#) CSHARP.CAST.FTRUNC
Cast: int Computation to long (C#) CSHARP.ARITH.OFLOW
Class Enables Debug Features (C#) CSHARP.DEBUG.CEDF
Closeable Not Closed (C#) CSHARP.ALLOC.LEAK.NOTCLOSED
Closeable Not Stored (C#) CSHARP.ALLOC.LEAK.NOTSTORED
Code Injection (C#) CSHARP.IO.INJ.CODE
Command Injection (C#) CSHARP.IO.INJ.COMMAND
Comparison to Class Names (C#) CSHARP.COMPARE.EQUALS.CN
Comparison to Empty String (C#) CSHARP.COMPARE.EMPTYSTR
Cross Site Scripting (C#) CSHARP.IO.INJ.XSS
Cross Site Scripting In Error Message Web Page (C#) CSHARP.IO.INJ.XSS.EMWP
Cryptographic Algorithm with Risky Default Cipher (C#) CSHARP.CRYPTO.CADRC
Cryptographic Algorithm with Weak Cipher (C#) CSHARP.CRYPTO.CARC
Cryptographic Algorithm with Weak Hash (C#) CSHARP.CRYPTO.CAWH
DLL Injection (C#) CSHARP.IO.INJ.DLL
DOS Injection (C#) CSHARP.IO.INJ.DENIAL
Debug Call (C#) CSHARP.DEBUG.CALL
Debug Warning (C#) CSHARP.DEBUG.LOG
Defines equals but not hashCode (C#) CSHARP.IDEF.EQUALSNOHC
Defines hashCode but not equals (C#) CSHARP.IDEF.HCNOEQUALS
Deprecated Cryptography Provider (C#) CSHARP.CRYPTO.DEPRECATED
Double-Checked Locking (C#) CSHARP.CONCURRENCY.LOCK.DCL
Empty Branch Statement (C#) CSHARP.STRUCT.EBS
Empty Exception Handler (C#) CSHARP.STRUCT.EXCP.EEH
Empty zip File Archived (C#) CSHARP.STRUCT.ARCHIVE.EZF
Exception Information Disclosure (C#) CSHARP.DEBUG.ID
Execution After Redirect (C#) CSHARP.INSEC.EAR
Field Never Read (C#) CSHARP.STRUCT.URFIELD
Field Never Written (C#) CSHARP.STRUCT.UWFIELD
Floating Point Equality (C#) CSHARP.ARITH.FPEQUAL
Format String Injection (C#) CSHARP.IO.INJ.FMT
Generic Exception Handler (C#) CSHARP.STRUCT.EXCP.GEH
Hardcoded Cryptographic Key (C#) CSHARP.HARDCODED.KEY
Hardcoded Filename (C#) CSHARP.HARDCODED.FNAME
Hardcoded Password (C#) CSHARP.HARDCODED.PASSWD
Hardcoded Random Seed (C#) CSHARP.HARDCODED.SEED
Hostname in Condition (C#) CSHARP.INSEC.HIC
Ignored Return Value (C#) CSHARP.FUNCS.IRV
Ignored Return Value for Pure Function (C#) CSHARP.FUNCS.IRV.PURE
Impossible Client Side Locking (C#) CSHARP.CONCURRENCY.LOCK.ICS
Impossible reference comparison (C#) CSHARP.REDUNDANT.EQF
Inappropriate Exception Handler (C#) CSHARP.STRUCT.EXCP.INAPP
Inappropriate Instanceof (C#) CSHARP.CLASS.IOF.BAD
Inefficient Bitwise AND (C#) CSHARP.STRUCT.BW.ANDI
Inefficient Bitwise OR (C#) CSHARP.STRUCT.BW.ORI
Insecure Cookie (C#) CSHARP.LIB.HTTP.COOKIE
Insecure Key Derivation (C#) CSHARP.CRYPTO.KEY
Insecure Random Number Generator (C#) CSHARP.LIB.RAND.FUNC
Insecure XSLT Execution (C#) CSHARP.LIB.XML.INSEC_XSLT
Instanceof Always False (C#) CSHARP.CLASS.IOF.F
Instanceof Always True (C#) CSHARP.CLASS.IOF.T
Legacy Random Generator (C#) CSHARP.LIB.RAND.LEGACY.GEN
Method Enables Debug Features (C#) CSHARP.DEBUG.MEDF
Method Names Differ Only in Case (C#) CSHARP.ID.CASE.METHOD
Method Should Not Return null (C#) CSHARP.NULL.RET.NONNULL
Missing Authentication Annotation (C#) CSHARP.INSEC.MAA
Missing Call to super (C#) CSHARP.CLASS.MCS
Missing Equals Override (C#) CSHARP.IDEF.NOEQUALS
Missing Required Cryptographic Step (C#) CSHARP.CRYPTO.MRCS
Mutable Enumeration (C#) CSHARP.TYPE.ME
Mutable Public Static Final Array (C#) CSHARP.TYPE.MPSFA
Non-Object compareTo Parameter (C#) CSHARP.COMPARE.CTO.NONOBJ
Non-overriding Method Signature (C#) CSHARP.ID.BADOVERRIDE
Nonserializable Field (C#) CSHARP.CLASS.SER.FNON
Nonserializable Field Element (C#) CSHARP.CLASS.SER.ENON
Nonserializable Outer Class (C#) CSHARP.CLASS.SER.OCNON
Null Parameter Dereference (C#) CSHARP.NULL.PARAM.ACTUAL
Null Pointer Dereference (C#) CSHARP.NULL.DEREF
Open Redirect (C#) CSHARP.IO.TAINT.HTTP.OR
Password in Property File (C#) CSHARP.HARDCODED.PASSWD.FILE
Possible XML External Entity Reference (C#) CSHARP.LIB.XML.XXE
Potential Infinite Recursion (C#) CSHARP.FUNCS.INFREC
Redundant Call for Integral Argument (C#) CSHARP.FUNCS.RED.INT
Redundant Call for String Argument (C#) CSHARP.FUNCS.RED.STR
Redundant Condition (C#) CSHARP.STRUCT.RC
Reflection Bypasses Member Accessibility (C#) CSHARP.CLASS.ACCESS.BYPASS
Reflection Injection (C#) CSHARP.IO.TAINT.REFLECTION
Reflection Modifies Member Accessibility (C#) CSHARP.CLASS.ACCESS.MODIFY
Return null Array (C#) CSHARP.NULL.RET.ARRAY
Risky Cipher Algorithm (C#) CSHARP.CRYPTO.RCA
Risky Cipher Field (C#) CSHARP.CRYPTO.RCF
Risky Class Cast (C#) CSHARP.CLASS.CAST
Risky Cryptographic Algorithm (C#) CSHARP.CRYPTO.RA
Risky Cryptographic Field (C#) CSHARP.CRYPTO.RF
Risky array store (C#) CSHARP.CLASS.CAST.ARRSTORE
SQL Injection (C#) CSHARP.IO.INJ.SQL
Shadowed Identifier (C#) CSHARP.ID.SHADOW
Should Use == Instead of equals() (C#) CSHARP.COMPARE.EQUALS
Should Use equals() Instead of == (C#) CSHARP.COMPARE.EQ
Single-use Random Number Generator (C#) CSHARP.LIB.RAND.NEW
Static Field Assigned Non-Static (C#) CSHARP.CLASS.STATICMOD
Synchronization on Interned String (C#) CSHARP.CONCURRENCY.LOCK.ISTR
Synchronization on static (C#) CSHARP.CONCURRENCY.LOCK.STATIC
Synchronous Call to Thread Body (C#) CSHARP.CONCURRENCY.LOCK.SCTB
Tainted @Trusted Value (C#) CSHARP.IO.TAINT.TRUSTED
Tainted Allocation Size (C#) CSHARP.IO.TAINT.SIZE
Tainted Bundle (C#) CSHARP.IO.TAINT.BUNDLE
Tainted Control (C#) CSHARP.IO.TAINT.CONTROL
Tainted Expression Evaluation (C#) CSHARP.IO.TAINT.EVAL
Tainted HTTP Response (C#) CSHARP.IO.TAINT.HTTP
Tainted Hardware Device Property (C#) CSHARP.IO.TAINT.DEVICE
Tainted LDAP Attribute (C#) CSHARP.IO.TAINT.LDAP.ATTR
Tainted LDAP Filter (C#) CSHARP.IO.TAINT.LDAP.FILTER
Tainted Log (C#) CSHARP.IO.TAINT.LOG
Tainted Message (C#) CSHARP.IO.TAINT.MESSAGE
Tainted Network Address (C#) CSHARP.IO.TAINT.ADDR
Tainted Path (C#) CSHARP.IO.TAINT.PATH
Tainted Regular Expression (C#) CSHARP.IO.TAINT.REGEX
Tainted Resource (C#) CSHARP.IO.TAINT.RESOURCE
Tainted Session (C#) CSHARP.IO.TAINT.SESSION
Tainted URL (C#) CSHARP.IO.TAINT.URL
Tainted XAML (C#) CSHARP.IO.TAINT.XAML
Tainted XML (C#) CSHARP.IO.TAINT.XML
Tainted Xpath (C#) CSHARP.IO.TAINT.XPATH
Unchecked Parameter Dereference (C#) CSHARP.STRUCT.UPD
Unnecessary Field (C#) CSHARP.STRUCT.UNFLD
Unreachable Instruction (C#) CSHARP.STRUCT.UC.INSTR
Unsafe Session Expiration Time (C#) CSHARP.INSEC.USET
Unsafe hash comparison (C#) CSHARP.CRYPTO.UHC
Unused Class (C#) CSHARP.STRUCT.UUCLASS
Unused Field (C#) CSHARP.STRUCT.UUFIELD
Unused Method (C#) CSHARP.STRUCT.UUMETH
Unused Object (C#) CSHARP.STRUCT.UUOBJ
Unused Value: Actual Parameter (C#) CSHARP.STRUCT.UUVAL.ACTUAL
Unused Value: Variable (C#) CSHARP.STRUCT.UUVAL.VAR
Unused Value: Write to Parameter (C#) CSHARP.STRUCT.UUVAL.PARAM
Use of Same Seed (C#) CSHARP.INSEC.SS
Useless Assignment (C#) CSHARP.STRUCT.UA
Useless Assignment to Default (C#) CSHARP.STRUCT.UA.DEFAULT
Useless Class Cast (C#) CSHARP.CLASS.CAST.USELESS
Useless Synchronization (C#) CSHARP.CONCURRENCY.LOCK.USELESS
Useless volatile Modifier (C#) CSHARP.CONCURRENCY.VOLATILE
Weak Cryptographic Value (C#) CSHARP.CRYPTO.VALUE
Weak Hash Algorithm (C#) CSHARP.CRYPTO.WHA
Weak Hash Algorithm Field (C#) CSHARP.CRYPTO.WHAF
Weak Initialization Vector Field (C#) CSHARP.CRYPTO.WIVF
Weak Initialization Vector Value (C#) CSHARP.CRYPTO.WIV
clone Non-cloneable (C#) CSHARP.CLASS.CLONE.CNC
clone not final (C#) CSHARP.CLASS.CLONE.NF
compareTo in Non-Comparable Class (C#) CSHARP.COMPARE.CTO.NONCOMP
compareTo without equals (C#) CSHARP.IDEF.CTONOEQ
compareTo/equals mismatch (C#) CSHARP.IDEF.CTOEQ
equals Always Fails (C#) CSHARP.REDUNDANT.EQUALSF
equals Parameter Should Be Object (C#) CSHARP.IDEF.EQUALS.NONOBJ
equals on Array (C#) CSHARP.COMPARE.EQARRAY
toString on Array (C#) CSHARP.TYPE.ARRAYTOSTRING

Disabled By Default

Class Name MnemonicSecurity/Deep/Pedantic
Actual Parameter Element may be null (C#) CSHARP.DEEPNULL.PARAM.EACTUAL deep
Certificate Added to Root Store (C#) CSHARP.INSEC.CERT.RS security
Deprecated Transfer Protocol (C#) CSHARP.INSEC.DTP security
Deserializable Class (C#) CSHARP.CLASS.SER.DESER security
Disabled Input Validation (C#) CSHARP.INSEC.DIV security
Field Element may be null (deep) (C#) CSHARP.DEEPNULL.EFIELD deep
Field Too Visible (C#) CSHARP.CLASS.VIS.FIELD pedantic
Field may be null (deep) (C#) CSHARP.DEEPNULL.FIELD deep
Hardcoded IP Address (C#) CSHARP.HARDCODED.IP security
Inadequate Salt (C#) CSHARP.CRYPTO.SALT security
Method Disables Security Setting (C#) CSHARP.INSEC.MDSS security
Method Should be final (C#) CSHARP.CLASS.METH.NF pedantic
Method Should be private (C#) CSHARP.CLASS.VIS.METH.PRIV pedantic
Missing synchronized Statement (C#) CSHARP.CONCURRENCY.SYNC.MSS deep
Mutable Constant Field (C#) CSHARP.TYPE.MCF pedantic
Naming Style Violation (C#) CSHARP.ID.STYLE pedantic
Null Pointer Dereference (deep) (C#) CSHARP.DEEPNULL.DEREF deep
Return Value may Contain null Element (C#) CSHARP.DEEPNULL.RET.EMETH deep
Return Value may be null (C#) CSHARP.DEEPNULL.RET.METH deep
Security Annotation Conflict (C#) CSHARP.INSEC.SAC security
Static Field Too Visible (C#) CSHARP.CLASS.VIS.SFIELD pedantic
Unchecked Parameter Dereference (deep) (C#) CSHARP.STRUCT.DUPD deep
Unchecked Parameter Element Dereference (deep) (C#) CSHARP.STRUCT.UPED deep
Unguarded Field (C#) CSHARP.CONCURRENCY.UG.FIELD deep
Unguarded Method (C#) CSHARP.CONCURRENCY.UG.METH deep
Unguarded Parameter (C#) CSHARP.CONCURRENCY.UG.PARAM deep
Unsafe Base64 Encoding (C#) CSHARP.CRYPTO.BASE64 security
Use of Hash without a Salt (C#) CSHARP.CRYPTO.HWS security
Useless null Test (C#) CSHARP.DEEPNULL.UTEST deep
Useless null Test of Field (C#) CSHARP.DEEPNULL.UTEST.FIELD deep
Useless null Test of Parameter (C#) CSHARP.DEEPNULL.UTEST.PARAM deep
Useless null Test of Return Value (C#) CSHARP.DEEPNULL.UTEST.RV deep
clone Subclass of Non-clonable (C#) CSHARP.CLASS.CLONE.SCNC pedantic
null Passed to Method (deep) (C#) CSHARP.DEEPNULL.PARAM.ACTUAL deep

Supported for All Languages

The following warning classes are supported for all languages, including C#.

Class NameMnemonic
Copy-Paste ErrorMISC.CPE
 

To report problems with this documentation, please visit https://support.codesecure.com/.