SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
C#

C# static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C# code

  • All rules 493
  • Vulnerability46
  • Bug88
  • Security Hotspot24
  • Code Smell335

  • Quick Fix 61
Filtered: 23 rules found
unused
    Impact
      Clean code attribute
        1. Unread "private" fields should be removed

           Code Smell
        2. Empty "default" clauses should be removed

           Code Smell
        3. Method overloads with default parameter values should not overlap

           Code Smell
        4. Events should be invoked

           Code Smell
        5. Namespaces should not be empty

           Code Smell
        6. Methods should not return values that are never used

           Code Smell
        7. Redundant parentheses should not be used

           Code Smell
        8. "GC.SuppressFinalize" should not be invoked for types without destructors

           Code Smell
        9. "ThreadStatic" should not be used on non-static fields

           Bug
        10. "catch" clauses should do more than rethrow

           Code Smell
        11. Conditionally executed code should be reachable

           Bug
        12. Redundant modifiers should not be used

           Code Smell
        13. Unused type parameters should be removed

           Code Smell
        14. Test classes should contain at least one test case

           Code Smell
        15. Values should not be uselessly incremented

           Bug
        16. Related "if/else if" statements should not have the same condition

           Bug
        17. Unused assignments should be removed

           Code Smell
        18. Unused local variables should be removed

           Code Smell
        19. Sections of code should not be commented out

           Code Smell
        20. Unused method parameters should be removed

           Code Smell
        21. Unused private types or members should be removed

           Code Smell
        22. Unnecessary "using" should be removed

           Code Smell
        23. Empty statements should be removed

           Code Smell

        Test classes should contain at least one test case

        adaptability - tested
        maintainability
        Code Smell
        • tests
        • unused
        • confusing

        Why is this an issue?

        How can I fix it?

        More Info

        To ensure proper testing, it is important to include test cases in a test class. If a test class does not have any test cases, it can give the wrong impression that the class being tested has been thoroughly tested, when in reality, it has not.

        This rule will raise an issue when any of these conditions are met:

        • For NUnit, a class is marked with TestFixture but does not contain any method marked with Test, TestCase, TestCaseSource, or Theory.
        • For MSTest, a class is marked with TestClass but does not contain any method marked with TestMethod or DataTestMethod.

        It does not apply to xUnit since xUnit does not require a test class attribute.

        Exceptions

        There are scenarios where not having any test cases within a test class is perfectly acceptable and not seen as a problem.

        Abstract classes

        To facilitate the creation of common test cases, test logic, or test infrastructure, it is advisable to use a base class.

        Additionally, in both NUnit and MSTest, abstract classes that are annotated with their respective attributes (TestFixture in NUnit and TestClass in MSTest) are automatically ignored.

        Therefore, there is no need to raise an issue in this particular scenario.

        More information here:

        • TestFixture documentation in NUnit
        • TypeValidator class in MSTest (GitHub)

        Derived classes that inherit test cases from a base class

        A base class containing one or more test cases to provide generic test cases is also considered a compliant scenario.

        Classes that contain AssemblyInitialize or AssemblyCleanup methods

        This particular exception scenario only applies to the MSTest test framework.

        The AssemblyInitialize and AssemblyCleanup attributes are used to annotate methods that are executed only once at the beginning and at the end of a test run. These attributes can only be applied once per assembly.

        It is logical to have a dedicated class for these methods, and this scenario is also considered compliant.

        Furthermore, it is important to note that the test engine will execute a method annotated with either the AssemblyInitialize or AssemblyCleanup attribute only if that method is part of a class annotated with the TestClass attribute.

        More information here:

        • AssemblyInitialize attribute
        • AssemblyCleanup attribute
          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube Community BuildAnalyze code in your
          on-premise CI
          Available Since
          9.1
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          9.1

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use