SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
C#

C# static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C# code

  • All rules 493
  • Vulnerability46
  • Bug88
  • Security Hotspot24
  • Code Smell335

  • Quick Fix 61
Filtered: 12 rules found
design
    Impact
      Clean code attribute
        1. Interfaces for durable entities should satisfy the restrictions

           Code Smell
        2. Client instances should not be recreated on each Azure Function invocation

           Code Smell
        3. Multidimensional arrays should not be used

           Code Smell
        4. Strings or integral types should be used for indexers

           Code Smell
        5. Classes should not have only "private" constructors

           Bug
        6. Interfaces should not simply inherit from base interfaces with colliding members

           Code Smell
        7. Methods should not return values that are never used

           Code Smell
        8. Inner class members should not shadow outer class "static" or type members

           Code Smell
        9. "interface" instances should not be cast to concrete types

           Code Smell
        10. Two branches in a conditional structure should not have exactly the same implementation

           Code Smell
        11. String literals should not be duplicated

           Code Smell
        12. Utility classes should not have public constructors

           Code Smell

        Client instances should not be recreated on each Azure Function invocation

        intentionality - complete
        maintainability
        Code Smell
        • azure
        • bad-practice
        • design

        Why is this an issue?

        More Info

        To avoid holding more connections than necessary and to avoid potentially exhausting the number of available sockets when using HttpClient, DocumentClient, QueueClient, ConnectionMultiplexer or Azure Storage clients, consider:

        • Creating a single, thread-safe static client that every Azure Function invocation can use. Provide it in a shared class when different Azure Functions need it.
        • Instantiate the client as a thread-safe Singleton or a pool of reusable instances and use it with dependency injection.

        These classes typically manage their own connections to the resource, and thus are intended to be instantiated once and reused throughout the lifetime of an application.

        Noncompliant code example

            public class HttpExample
            {
                [FunctionName("HttpExample")]
                public async Task<IActionResult> Run([HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = null)] HttpRequest request)
                {
                    HttpClient httpClient = new HttpClient(); // Noncompliant
        
                    var response = await httpClient.GetAsync("https://example.com");
                    // rest of the function
                }
            }
        

        Compliant solution

            public class HttpExample
            {
                [FunctionName("HttpExample")]
                public async Task<IActionResult> Run([HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = null)] HttpRequest request, IHttpClientFactory clientFactory)
                {
                    var httpClient = clientFactory.CreateClient();
                    var response = await httpClient.GetAsync("https://example.com");
                    // rest of the function
                }
            }
        
          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube Community BuildAnalyze code in your
          on-premise CI
          Available Since
          9.6
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          9.6

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use