July 2012 : the analyzer for C# of Microsoft is now available

Octobre 2012 : new violations are available : best practices and performance issues

Current list of violations :

Id    Priority    Description
QC-CSHCWE078    BLOCKER    OS command injection
QC-CSHCWE079    BLOCKER    Basic XSS
QC-CSHCWE080    BLOCKER    SQL Injection
QC-CSHCWE099    BLOCKER    Ressource injection
QC-CSHCWE412    BLOCKER    Unrestricted lock of critical ressource, deadlock
QC-CSHCWE470    BLOCKER    Use of externally-controlled (unsafe reflection)
QC-CSHCWE833    BLOCKER    Deadlock
QC-CSH000002    BLOCKER    An alone throw instruction preceeded by method invocations
QC-CSH000003    BLOCKER    The throw instruction fires a new instance of Exception class
QC-CSH000004    BLOCKER    String comparing : change x=='' to x.IsNullOrEmpty
QC-CSH000005    BLOCKER    String comparing : change x.Equals('') to x.IsNullOrEmpty
QC-CSH000006    BLOCKER    String comparing : change Equals(x,'') to x.IsNullOrEmpty
QC-CSH000007    BLOCKER    String concat : use concat with StringBuilder instead of +. Huge performance impact
QC-CSH000008    BLOCKER    String comparing : change == or != to Equals()
QC-CSH999999    BLOCKER    Syntax analysis failure on the source code
QC-CSH000009    BLOCKER    In case of MS linq, change xxx to xxxOrDefault to avoid NPE
QC-CSH000010    BLOCKER    Don't lock on 'this' or 'typeof', see MSDN DEV320 C# Best practices
QC-CSH000011    BLOCKER    Class name must start with uppercase, and not contain _, see MSDN DEV320 C# Best practices
QC-CSH000012    BLOCKER    Void method must not start with get, see MSDN DEV320 C# Best practices
QC-CSH000014    BLOCKER    Don't invoke method(s) in 'for loop' or 'while loop' condition. Huge performance impact
QC-CSH000015    BLOCKER    Replace the cast expression by it's 'as' equivalent
QC-CSH000001    CRITICAL    Original stack trace lost because the catch exception is thrown
QC-CSH000484    CRITICAL    Omitted Break Statement in Switch
QC-CSH000013    CRITICAL    Avoid GC.Collect() invocation, see MSDN DEV320 C# Best practices
QC-CSHCWE390    MAJOR    Detection of error condition without action
QC-CSHCWE392    MAJOR    Failure to report error in status code
QC-CSHCWE481    MAJOR    Assigning instead of comparing
QC-CSHCWE493    MAJOR    Critical public variable without final modifier
QC-CSHCWE584    MAJOR    Return inside finally block
QC-CSHCWE252    MINOR    Return type of function is not tested
QC-CSHCWE500    MINOR    Static public field not marked final
QC-CSHCWE582    MINOR    Array declared public, final and static
QC-CSHCWE585    MINOR    The software contains an empty synchronized block
QC-CSHCWE626    MINOR    Null byte interaction error
QC-CSH999996    INFO    Local Cut and Paste Detector in single file