</PropertyGroup>
<ItemGroup Condition="'$(EnableAnalyzers)' == 'true'">
<PackageReference Include="Microsoft.DotNet.CodeAnalysis" Version="$(MicrosoftDotNetCodeAnalysisVersion)" PrivateAssets="all" IsImplicitlyDefined="true" />
- <PackageReference Include="Microsoft.CodeAnalysis.NetAnalyzers" Version="3.3.0-beta1.20355.1" PrivateAssets="all" />
+ <PackageReference Include="Microsoft.CodeAnalysis.NetAnalyzers" Version="3.3.0-beta3.20407.4" PrivateAssets="all" />
<PackageReference Include="StyleCop.Analyzers" Version="1.2.0-beta.164" PrivateAssets="all" />
</ItemGroup>
</Project>
<Rule Id="CA1308" Action="None" /> <!-- Normalize strings to uppercase -->
<Rule Id="CA1309" Action="None" /> <!-- Use ordinal stringcomparison -->
<Rule Id="CA1401" Action="Warning" /> <!-- P/Invokes should not be visible -->
+ <Rule Id="CA1417" Action="Warning" /> <!-- Do not use 'OutAttribute' on string parameters for P/Invokes -->
<Rule Id="CA1501" Action="None" /> <!-- Avoid excessive inheritance -->
<Rule Id="CA1502" Action="None" /> <!-- Avoid excessive complexity -->
<Rule Id="CA1505" Action="None" /> <!-- Avoid unmaintainable code -->
<Rule Id="CA1834" Action="Warning" /> <!-- Consider using 'StringBuilder.Append(char)' when applicable. -->
<Rule Id="CA1835" Action="Warning" /> <!-- Prefer the 'Memory'-based overloads for 'ReadAsync' and 'WriteAsync' -->
<Rule Id="CA1836" Action="Info" /> <!-- Prefer IsEmpty over Count -->
+ <Rule Id="CA1837" Action="Warning" /> <!-- Use 'Environment.ProcessId' -->
+ <Rule Id="CA1838" Action="Warning" /> <!-- Avoid 'StringBuilder' parameters for P/Invokes -->
<Rule Id="CA2000" Action="None" /> <!-- Dispose objects before losing scope -->
<Rule Id="CA2002" Action="None" /> <!-- Do not lock on objects with weak identity -->
<Rule Id="CA2007" Action="Warning" /> <!-- Consider calling ConfigureAwait on the awaited task -->
<Rule Id="CA2328" Action="None" /> <!-- Ensure that JsonSerializerSettings are secure -->
<Rule Id="CA2329" Action="None" /> <!-- Do not deserialize with JsonSerializer using an insecure configuration -->
<Rule Id="CA2330" Action="None" /> <!-- Ensure that JsonSerializer has a secure configuration when deserializing -->
+ <Rule Id="CA2350" Action="None" /> <!-- Do not use DataTable.ReadXml() with untrusted data -->
+ <Rule Id="CA2351" Action="None" /> <!-- Do not use DataSet.ReadXml() with untrusted data -->
+ <Rule Id="CA2352" Action="None" /> <!-- Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks -->
+ <Rule Id="CA2353" Action="None" /> <!-- Unsafe DataSet or DataTable in serializable type -->
+ <Rule Id="CA2354" Action="None" /> <!-- Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attacks -->
+ <Rule Id="CA2355" Action="None" /> <!-- Unsafe DataSet or DataTable type found in deserializable object graph -->
+ <Rule Id="CA2356" Action="None" /> <!-- Unsafe DataSet or DataTable type in web deserializable object graph -->
+ <Rule Id="CA2361" Action="None" /> <!-- Ensure autogenerated class containing DataSet.ReadXml() is not used with untrusted data -->
+ <Rule Id="CA2362" Action="None" /> <!-- Unsafe DataSet or DataTable in autogenerated serializable type can be vulnerable to remote code execution attacks -->
<Rule Id="CA3001" Action="None" /> <!-- Review code for SQL injection vulnerabilities -->
<Rule Id="CA3002" Action="None" /> <!-- Review code for XSS vulnerabilities -->
<Rule Id="CA3003" Action="None" /> <!-- Review code for file path injection vulnerabilities -->
<Rule Id="CA5401" Action="None" /> <!-- Do not use CreateEncryptor with non-default IV -->
<Rule Id="CA5402" Action="None" /> <!-- Use CreateEncryptor with the default IV -->
<Rule Id="CA5403" Action="None" /> <!-- Do not hard-code certificate -->
+ <Rule Id="IL3000" Action="None" /> <!-- Avoid using accessing Assembly file path when publishing as a single-file -->
+ <Rule Id="IL3001" Action="None" /> <!-- Avoid using accessing Assembly file path when publishing as a single-file -->
</Rules>
<Rules AnalyzerId="StyleCop.Analyzers" RuleNamespace="StyleCop.Analyzers">
<Rule Id="AD0001" Action="None" /> <!-- Analyzer threw an exception -->
IntPtr password,
LogonFlags logonFlags,
string? appName,
+#pragma warning disable CA1838 // reasonable use of StringBuilder to build up a command line
[In] StringBuilder cmdLine,
+#pragma warning restore CA1838
int creationFlags,
IntPtr environmentBlock,
string lpCurrentDirectory,
int dwProvType,
IntPtr pdwReserved,
GetDefaultProviderFlags dwFlags,
- StringBuilder? pszProvName,
+#pragma warning disable CA1838 // not on a hot path
+ [Out] StringBuilder? pszProvName,
+#pragma warning restore CA1838
ref int pcbProvName);
}
}
[DllImport(Libraries.Kernel32, CharSet = CharSet.Unicode, SetLastError = true, BestFitMapping = false, EntryPoint = "CreateProcessW")]
internal static extern bool CreateProcess(
string? lpApplicationName,
+#pragma warning disable CA1838 // reasonable use of StringBuilder to build up a command line
[In] StringBuilder lpCommandLine,
+#pragma warning restore CA1838
ref SECURITY_ATTRIBUTES procSecAttrs,
ref SECURITY_ATTRIBUTES threadSecAttrs,
bool bInheritHandles,
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WinHttpAddRequestHeaders(
SafeWinHttpHandle requestHandle,
+#pragma warning disable CA1838 // Uses pooled StringBuilder
[In] StringBuilder headers,
+#pragma warning restore CA1838
uint headersLength,
uint modifiers);
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WinHttpSendRequest(
SafeWinHttpHandle requestHandle,
- [In] StringBuilder headers,
+ IntPtr headers,
uint headersLength,
IntPtr optional,
uint optionalLength,
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
<TargetFrameworks>$(NetCoreAppCurrent)-Windows_NT;$(NetCoreAppCurrent)-FreeBSD;$(NetCoreAppCurrent)-illumos;$(NetCoreAppCurrent)-Solaris;$(NetCoreAppCurrent)-Linux;$(NetCoreAppCurrent)-OSX;$(NetCoreAppCurrent)-iOS;$(NetCoreAppCurrent)-tvOS;$(NetCoreAppCurrent);netcoreapp2.0-FreeBSD;netcoreapp2.0-Linux;netcoreapp2.0-OSX;netcoreapp2.0-Windows_NT;netstandard2.0;net461-Windows_NT</TargetFrameworks>
<ExcludeCurrentNetCoreAppFromPackage>true</ExcludeCurrentNetCoreAppFromPackage>
- <NoWarn>$(NoWarn);CA2249</NoWarn>
+ <NoWarn>$(NoWarn);CA2249;CA1838</NoWarn>
<Nullable>enable</Nullable>
</PropertyGroup>
<!-- DesignTimeBuild requires all the TargetFramework Derived Properties to not be present in the first property group. -->
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
<TargetFrameworks>$(NetCoreAppCurrent)-Windows_NT;netcoreapp2.0-Windows_NT;net461;netstandard2.0</TargetFrameworks>
<ExcludeCurrentNetCoreAppFromPackage>true</ExcludeCurrentNetCoreAppFromPackage>
+ <NoWarn>$(NoWarn);CA1838</NoWarn>
</PropertyGroup>
<!-- DesignTimeBuild requires all the TargetFramework Derived Properties to not be present in the first property group. -->
<PropertyGroup>
internal static extern void cupsFreeDests(int num_dests, IntPtr dests);
[DllImport(LibraryName, ExactSpelling = true, CharSet = CharSet.Ansi)]
- internal static extern IntPtr cupsTempFd(StringBuilder sb, int len);
+#pragma warning disable CA1838 // not hot-path enough to worry about the overheads of StringBuilder marshaling
+ internal static extern IntPtr cupsTempFd([Out] StringBuilder sb, int len);
+#pragma warning restore CA1838
[DllImport(LibraryName, ExactSpelling = true)]
internal static extern IntPtr cupsGetDefault();
state.Pin();
if (!Interop.WinHttp.WinHttpSendRequest(
state.RequestHandle,
- null,
+ IntPtr.Zero,
0,
IntPtr.Zero,
0,
public static bool WinHttpSendRequest(
SafeWinHttpHandle requestHandle,
- StringBuilder headers,
+ IntPtr headers,
uint headersLength,
IntPtr optional,
uint optionalLength,