SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
C#

C# static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C# code

  • All rules 494
  • Vulnerability47
  • Bug88
  • Security Hotspot24
  • Code Smell335

  • Quick Fix 61
 
Tags
    Impact
      Clean code attribute
        1. Literal suffixes should be upper case

           Code Smell
        2. Actions that return a value should be annotated with ProducesResponseTypeAttribute containing the return type

           Code Smell
        3. Controllers should not have mixed responsibilities

           Code Smell
        4. A Route attribute should be added to the controller when a route template is specified at the action level

           Code Smell
        5. ASP.NET controller actions should not have a route template starting with "/"

           Code Smell
        6. "First" and "Last" properties of "LinkedList" should be used instead of the "First()" and "Last()" extension methods

           Code Smell
        7. "StartsWith" and "EndsWith" overloads that take a "char" should be used instead of the ones that take a "string"

           Code Smell
        8. Use the "UnixEpoch" field instead of creating "DateTime" instances that point to the beginning of the Unix epoch

           Code Smell
        9. Null checks should not be combined with "is" operator checks

           Code Smell
        10. "params" should not be introduced on overrides

           Code Smell
        11. Empty "default" clauses should be removed

           Code Smell
        12. Empty "case" clauses that fall through to the "default" should be omitted

           Code Smell
        13. "string.ToCharArray()" and "ReadOnlySpan<T>.ToArray()" should not be called redundantly

           Bug
        14. "[DefaultValue]" should not be used when "[DefaultParameterValue]" is meant

           Code Smell
        15. Parameters with "[DefaultParameterValue]" attributes should also be marked "[Optional]"

           Code Smell
        16. "[Optional]" should not be used on "ref" or "out" parameters

           Code Smell
        17. Exceptions should not be explicitly rethrown

           Code Smell
        18. Redundant property names should be omitted in anonymous classes

           Code Smell
        19. Variables should not be checked against the values they're about to be assigned

           Code Smell
        20. Unchanged variables should be marked as "const"

           Code Smell
        21. Non-flags enums should not be used in bitwise operations

           Code Smell
        22. "params" should be used on overrides

           Code Smell
        23. Namespaces should not be empty

           Code Smell
        24. Declarations and initializations should be as concise as possible

           Code Smell
        25. Default parameter values should not be passed as arguments

           Code Smell
        26. Constructor and destructor declarations should not be redundant

           Code Smell
        27. The simplest possible condition syntax should be used

           Code Smell
        28. Redundant parentheses should not be used

           Code Smell
        29. "GC.SuppressFinalize" should not be invoked for types without destructors

           Code Smell
        30. "Explicit" conversions of "foreach" loops should not be used

           Code Smell
        31. Multiple "OrderBy" calls should not be used

           Code Smell
        32. Members should not be initialized to default values

           Code Smell
        33. "ThreadStatic" should not be used on non-static fields

           Bug
        34. Generic parameters not constrained to reference types should not be compared to "null"

           Bug
        35. Property assignments should not be made for "readonly" fields not constrained to reference types

           Bug
        36. Fields that are only assigned in the constructor should be "readonly"

           Code Smell
        37. Doubled prefix operators "!!" and "~~" should not be used

           Bug
        38. "catch" clauses should do more than rethrow

           Code Smell
        39. Unnecessary bit operations should not be performed

           Code Smell
        40. Redundant modifiers should not be used

           Code Smell
        41. "GetHashCode" should not reference mutable fields

           Bug
        42. Field-like events should not be virtual

           Code Smell
        43. Runtime type checking should be simplified

           Code Smell
        44. Short-circuit logic should be used in boolean contexts

           Code Smell
        45. Boolean checks should not be inverted

           Code Smell
        46. Inheritance list should not be redundant

           Code Smell
        47. Redundant casts should not be used

           Code Smell
        48. "ToString()" calls should not be redundant

           Code Smell
        49. Multiple variables should not be declared on the same line

           Code Smell
        50. Track lack of copyright and license headers

           Code Smell
        51. Sections of code should not be commented out

           Code Smell
        52. Methods should not be empty

           Code Smell
        53. Overriding members should do more than simply call the same member in the base class

           Code Smell
        54. Unused method parameters should be removed

           Code Smell
        55. "Any()" should be used to test for emptiness

           Code Smell
        56. Unused private types or members should be removed

           Code Smell
        57. Unnecessary "using" should be removed

           Code Smell
        58. Boolean literals should not be redundant

           Code Smell
        59. Empty statements should be removed

           Code Smell
        60. Redundant pairs of parentheses should be removed

           Code Smell
        61. Method overrides should not change parameter defaults

           Code Smell

        "ToString()" calls should not be redundant

        intentionality - clear
        maintainability
        Code Smell
        Quick FixIDE quick fixes available with SonarQube for IDE
        • finding
        • clumsy

        Why is this an issue?

        Invoking a method designed to return a string representation of an object which is already a string is a waste of keystrokes. Similarly, explicitly invoking ToString() when the compiler would do it implicitly is also needless code-bloat.

        This rule raises an issue when ToString() is invoked:

        • on a string
        • on a non-string operand to concatenation
        • on an argument to string.Format

        Noncompliant code example

        var s = "foo";
        var t = "fee fie foe " + s.ToString();  // Noncompliant
        var someObject = new object();
        var u = "" + someObject.ToString(); // Noncompliant
        var v = string.Format("{0}", someObject.ToString()); // Noncompliant
        

        Compliant solution

        var s = "foo";
        var t = "fee fie foe " + s;
        var someObject = new object();
        var u = "" + someObject;
        var v = string.Format("{0}", someObject);
        

        Exceptions

        The rule does not report on value types, where leaving off the ToString() call would result in automatic boxing.

        var v = string.Format("{0}", 1.ToString());
        
          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube Community BuildAnalyze code in your
          on-premise CI
          Available Since
          9.1
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          9.1

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use