FxCop: A Must-Have Tool

FxCop: A "Must-Have" Tool

Before I start outlining secure coding issues and best practices, you should be aware of a useful tool named FxCop available from http://www.gotdotnet.com. FxCop is a code analysis tool that checks your .NET assemblies for conformance to the .NET Framework Design Guidelines at http://msdn.microsoft.com/library/en-us/cpgenref/html/cpconnetframeworkdesignguidelines.asp. You should run this tool over every assembly you create and then rectify appropriate errors. Like all tools, if this tool flags no security vulnerabilities, it does not mean you are secure, but it's a good minimum start bar. Figure 18-5 shows the result of running the tool on a test assembly.

NOTE
FxCop can produce an XML file that lists any design guidelines violations in your assembly. However, if you want a more readable report, you can add <?xml-stylesheet href="C:\Program Files\Micro- soft FxCop\Xml\violationsreport.xsl type="text/xsl ?> after the first line, <?xml version="1.0 ?>.

Figure 18-5. Example output from FxCop showing .NET Framework Design Guideline deviations.

Two common errors, among many, flagged by FxCop are the lack of a strong name on the assembly and the failure of an assembly to specify permission requests. Let's look at both in detail.