 |
 |
$(ProjectDir)/../Build/NauckIT.NAnt.dll - nauckit.nant.dll |
NonBreaking |
95 %
|
Assemblies should have valid strong names |
|
| Rule: |
Assemblies should have valid strong names |
| Check Id: |
CA2210 |
| Category: |
Microsoft.Design |
| Description: |
Either the assembly has no strong name, an invalid one, or the strong name is valid only because of the computer configuration. The assembly should not be deployed in this state. The most common causes of this are: 1) The assembly's contents were modified after it was signed. 2) The signing process failed. 3) The assembly was delay-signed. 4) A registry key existed that allowed the check to pass (where it would not have otherwise). |
| Found at: |
|
| Resolution: |
Sign 'NauckIT.NAnt.dll' with a strong name key. |
| Help Link: |
http://msdn2.microsoft.com/library/ms182127(VS.90).aspx |
| Rule File: |
DesignRules.dll Version: 9.0.0.0 |
|
|
|
GendarmeTask - #BuildArguments() |
DependsOnFix |
95 %
|
Specify IFormatProvider |
|
| Rule: |
Specify IFormatProvider |
| Check Id: |
CA1305 |
| Category: |
Microsoft.Globalization |
| Description: |
If an overload exists that takes an IFormatProvider argument, it should always be called in favor of an overload that does not. Some methods in the runtime convert a value to or from a string representation and take a string parameter that contains one or more characters, called format specifiers, which indicate how the value is to be converted. If the meaning of the format specifier varies by culture, a formatting object supplies the actual characters used in the string representation. In scenarios where sorting and comparison behavior should never change between cultures, specify CultureInfo.InvariantCulture, otherwise, specify CultureInfo.CurrentCulture. |
| Found at: |
d:\Build\Projects\NauckIT.NAnt\SCM\src\Tasks\GendarmeTask.cs at line 238 |
| Resolution: |
Because the behavior of 'int.ToString()' could vary based on the current user's locale settings, replace this call in 'GendarmeTask.BuildArguments()' with a call to 'int.ToString(IFormatProvider)'. If the result of 'int.ToString(IFormatProvider)' will be displayed to the user, specify 'CultureInfo.CurrentCulture' as the 'IFormatProvider' parameter. Otherwise, if the result will be stored and accessed by software, such as when it is persisted to disk or to a database, specify 'CultureInfo.InvariantCulture'. |
| Help Link: |
http://msdn2.microsoft.com/library/ms182190(VS.90).aspx |
| Rule File: |
GlobalizationRules.dll Version: 9.0.0.0 |
|
|
|
GendarmeTask - #ExecuteTask() |
DependsOnFix |
95 %
|
Specify IFormatProvider |
|
| Rule: |
Specify IFormatProvider |
| Check Id: |
CA1305 |
| Category: |
Microsoft.Globalization |
| Description: |
If an overload exists that takes an IFormatProvider argument, it should always be called in favor of an overload that does not. Some methods in the runtime convert a value to or from a string representation and take a string parameter that contains one or more characters, called format specifiers, which indicate how the value is to be converted. If the meaning of the format specifier varies by culture, a formatting object supplies the actual characters used in the string representation. In scenarios where sorting and comparison behavior should never change between cultures, specify CultureInfo.InvariantCulture, otherwise, specify CultureInfo.CurrentCulture. |
| Found at: |
d:\Build\Projects\NauckIT.NAnt\SCM\src\Tasks\GendarmeTask.cs at line 190 |
| Resolution: |
Because the behavior of 'Convert.ToInt32(string)' could vary based on the current user's locale settings, replace this call in 'GendarmeTask.ExecuteTask()' with a call to 'Convert.ToInt32(string, IFormatProvider)'. If the result of 'Convert.ToInt32(string, IFormatProvider)' will be displayed to the user, specify 'CultureInfo.CurrentCulture' as the 'IFormatProvider' parameter. Otherwise, if the result will be stored and accessed by software, such as when it is persisted to disk or to a database, specify 'CultureInfo.InvariantCulture'. |
| Help Link: |
http://msdn2.microsoft.com/library/ms182190(VS.90).aspx |
| Rule File: |
GlobalizationRules.dll Version: 9.0.0.0 |
|
|
|
MSBuildTask - #BuildArguments() |
NonBreaking |
90 %
|
Normalize strings to uppercase |
|
| Rule: |
Normalize strings to uppercase |
| Check Id: |
CA1308 |
| Category: |
Microsoft.Globalization |
| Description: |
Strings should be normalized to upper-case. |
| Found at: |
d:\Build\Projects\NauckIT.NAnt\SCM\src\Tasks\MSBuildTask.cs at line 201 |
| Resolution: |
In method 'MSBuildTask.BuildArguments()', replace the call to 'string.ToLowerInvariant()' with String.ToUpperInvariant(). |
| Help Link: |
http://msdn2.microsoft.com/library/bb386042(VS.90).aspx |
| Rule File: |
GlobalizationRules.dll Version: 9.0.0.0 |
|
|
|
MSBuildTask - #PrepareProcess(System.Diagnostics.Process) |
NonBreaking |
33 %
|
Do not indirectly expose methods with link demands |
|
| Rule: |
Do not indirectly expose methods with link demands |
| Check Id: |
CA2122 |
| Category: |
Microsoft.Security |
| Description: |
Do not wrap a method protected by a LinkDemand with a method that does not perform a security check. A LinkDemand checks the permissions of the immediate caller rather than checking the permissions of all callers in the call stack. In this case, the permissions of the wrapper method will be checked. If the wrapper method does not, itself, check the permissions of callers higher in the call stack, malicious code might be able to execute the wrapped function even though it lacks permission to do so. |
| Found at: |
d:\Build\Projects\NauckIT.NAnt\SCM\src\Tasks\MSBuildTask.cs at line 142 |
| Resolution: |
'MSBuildTask.PrepareProcess(Process)' calls into 'Process.StartInfo.get()' which has a LinkDemand. By making this call, 'Process.StartInfo.get()' is indirectly exposed to user code. Review the following call stack that might expose a way to circumvent security protection:
->'MSBuildTask.PrepareProcess(Process)'
->'MSBuildTask.PrepareProcess(Process)' |
| Help Link: |
http://msdn2.microsoft.com/library/ms182303(VS.90).aspx |
| Rule File: |
SecurityRules.dll Version: 9.0.0.0 |
|
|
|
NUnitTask - #CommandLineParameterFlag |
Breaking |
95 %
|
Use preferred terms |
|
| Rule: |
Use preferred terms |
| Check Id: |
CA1726 |
| Category: |
Microsoft.Naming |
| Description: |
Use preferred terms over deprecated alternates. |
| Found at: |
|
| Resolution: |
Replace the term 'Flag' in member name 'NUnitTask.CommandLineParameterFlag' with an appropriate alternate or remove it entirely. |
| Help Link: |
http://msdn2.microsoft.com/library/ms182258(VS.90).aspx |
| Rule File: |
NamingRules.dll Version: 9.0.0.0 |
|
|
|
NUnitTask - #PrepareProcess(System.Diagnostics.Process) |
NonBreaking |
33 %
|
Do not indirectly expose methods with link demands |
|
| Rule: |
Do not indirectly expose methods with link demands |
| Check Id: |
CA2122 |
| Category: |
Microsoft.Security |
| Description: |
Do not wrap a method protected by a LinkDemand with a method that does not perform a security check. A LinkDemand checks the permissions of the immediate caller rather than checking the permissions of all callers in the call stack. In this case, the permissions of the wrapper method will be checked. If the wrapper method does not, itself, check the permissions of callers higher in the call stack, malicious code might be able to execute the wrapped function even though it lacks permission to do so. |
| Found at: |
d:\Build\Projects\NauckIT.NAnt\SCM\src\Tasks\NUnitTask.cs at line 139 |
| Resolution: |
'NUnitTask.PrepareProcess(Process)' calls into 'Process.StartInfo.get()' which has a LinkDemand. By making this call, 'Process.StartInfo.get()' is indirectly exposed to user code. Review the following call stack that might expose a way to circumvent security protection:
->'NUnitTask.PrepareProcess(Process)'
->'NUnitTask.PrepareProcess(Process)' |
| Help Link: |
http://msdn2.microsoft.com/library/ms182303(VS.90).aspx |
| Rule File: |
SecurityRules.dll Version: 9.0.0.0 |
|
|
|
StringExtensions - #DoubleQuote(System.String) |
NonBreaking |
95 %
|
Specify StringComparison |
|
| Rule: |
Specify StringComparison |
| Check Id: |
CA1307 |
| Category: |
Microsoft.Globalization |
| Description: |
If an overload exists that takes a StringComparison argument, it should always be called in favor of an overload that does not. |
| Found at: |
d:\Build\Projects\NauckIT.NAnt\SCM\src\Util\StringExtensions.cs at line 39 |
| Resolution: |
'StringExtensions.DoubleQuote(this string)' makes a call to 'string.EndsWith(string)' that does not explicitly provide a StringComparison. This should be replaced with a call to 'string.EndsWith(string, StringComparison)'. |
| Help Link: |
http://msdn2.microsoft.com/library/bb386080(VS.90).aspx |
| Rule File: |
GlobalizationRules.dll Version: 9.0.0.0 |
|
