FxCop backlog themes: Exceptions

Since I started monitoring traffic on this blog a little more closely about a week ago, I had the unexpected surprise that the posts on HTML encoding and server vs. client cultures were getting a lot more hits than I expected. I had been planning on starting a series of “how to” posts on those topics this weekend, but that was before David Kean from the FxCop team was kind enough to direct a bunch of folks my way with a post about my recent FxCop posts. Since it would seem that I’ve now got quite a few new subscribers … Continue reading FxCop backlog themes: Exceptions

FxCop backlogs: Some rules for rule activation

If you’ve decided to try to tackle an FxCop violation backlog, one of the first issues you’re going to face is deciding which rules to activate when. Here are some general guidelines… Starting out When you first begin the backlog clean-up process, you’re going to need to introduce the FxCop tool to your team (assuming, of course, that you’re not already using FxCop for new projects). In order to focus on mastering the tool and the cleanup process before diving into “difficult” rules, you’ll want to pick a few rules to activate that meet the following criteria: The rule itself … Continue reading FxCop backlogs: Some rules for rule activation

Control flow engine, 200?-2007, RIP

Surprise! (not the good kind) If you use FxCop or Visual Studio Static Analysis and haven’t yet started playing with Orcas, you may be in for a bit of an unpleasant surprise. While the code analysis team is doing all sorts of interesting things for Orcas, one somewhat less desirable change you probably haven’t heard about yet is removal of the control flow engine and, consequently, the following rules which depend upon it: Category Rule Design ValidateArgumentsOfPublicMethods Globalization DoNotPassLiteralsAsLocalizedParameters Performance AvoidUnnecessaryStringCreation DoNotCallPropertiesThatCloneValuesInLoops DoNotConcatenateStringsInsideLoops Reliability DisposeObjectsBeforeLosingScope Security ReviewSqlQueriesForSecurityVulnerabilities Usage AttributeStringLiteralsShouldParseCorrectly DisposeMethodsShouldCallBaseClassDispose DoNotDisposeObjectsMultipleTimes LiteralsShouldBeSpelledCorrectly ProvideCorrectArgumentsToFormattingMethods The reasons given for removing the engine … Continue reading Control flow engine, 200?-2007, RIP

FxCop and the big, bad backlog

A few months ago, I gave a presentation on using FxCop at the Montreal Visual Studio Users Group. The material was divided into two main topics: (a) the mechanics of using FxCop and (b) integrating FxCop use into a development process. During the first part of the talk, some members of the peanut gallery kept piping up with questions about what one can do to handle the huge number of FxCop rule violations that an existing code base will have when one first runs FxCop against it. Lucky for me, most of the second part of the talk covered exactly … Continue reading FxCop and the big, bad backlog

No rules in your FxCop rule assembly?

Since I posted an FxCop rule sample over at bordecal.mvps.org, it’s rapidly become the most popular content on the site. Not something I expected but, given that I have trouble coming up with blogging topics and there seems to be some interest in FxCop, I figured I might as well spend a lovely Saturday morning writing about it… (Actually, I’m pretty much just killing time while waiting for a tire change, so please feel free to keep that “get a life” comment to yourself. <g>) There’s all sorts of stuff I could (and will try to) write about FxCop use, … Continue reading No rules in your FxCop rule assembly?

CodePlex project for Bordecal.ImportsSorter

I’ve been getting a small but steady trickle of requests for new ImportsSorter features and source code availability, so I created a CodePlex project for it a while back at http://www.codeplex.com/ImportsSorter.  Given that it took me almost two months to get around to writing a teensy little announcement about it to post here, there’s probably good reason to expect that it might take me a while to actually implement any new features. 😉  However, if you want to request one, http://www.codeplex.com/ImportsSorter/WorkItem/List.aspx is the place to do it. If you can’t be bothered to wait around for me to add your feature, … Continue reading CodePlex project for Bordecal.ImportsSorter

Why I won’t be kissing that TOOD

I’ve frequently wondered why it is that folks that very heartily embrace a particular software quality attribute seem to lose all interest in any others. Now, if you’ve read any of my other postings, you’re probably wondering what right a security wonk like me has to be casting aspersions on the hue of anyone else’s kettle. Well, the truth is that, while I happen to be very interested in security, that interest doesn’t mean that I necessarily value security over other quality factors. It simply means that I want to know how to evaluate and implement security aspects of software … Continue reading Why I won’t be kissing that TOOD

What’s wrong with ASP.NET? Cultures

The problem The ability offered by .NET to set a thread-level culture then automatically format and select localizable resources using that culture’s settings is wonderful stuff. Unfortunately, it’s an approach that plays out quite a bit better in a client-side application than in a server-based application. The reason for this lies in the nature of the work one performs in a server-based application: some formatting and/or rendering is intended for consumption by client applications, but some (e.g.: log entries) is intended for consumption on the server. Things tend to muddle along just fine as long as both the client and … Continue reading What’s wrong with ASP.NET? Cultures

New version ( of Bordecal.ImportsSorter available

There’s a new version of the Bordecal.ImportsSorter add-in available for download. This new version allows shortcut keys to be permanently assigned to the configuration and/or sorting menu items via VStudio options. The hashes for the new MSI file are: MD5: f89f3c1bfa2a40adbb67315de8fef148 SHA1: c54803ba3392ca68ca29fd4dc9b4b359606f46c7

What’s wrong with ASP.NET? HTML encoding

The problem Back when ASP.NET was first introduced, I had pretty high hopes that the new controls would offer support for automatic HTML encoding. Unfortunately, there was very little of this, and most of it was more than a bit lukewarm (more on this later). In some ways, things have improved a bit in v. 2.0, but they’re considerably worse in others. Before you read any further, you might want to ask yourself which ASP.NET controls perform HTML encoding for you and under what circumstances this is done. If the answer doesn’t leap to mind, you’ve perhaps got a first … Continue reading What’s wrong with ASP.NET? HTML encoding