The Role of the FxCop.exe Utility
• As you would guess, there are several .NET security best practices recommended by Microsoft.
• However, committing all best practices to memory is seldom possible and not very enjoyable.
• Fxcop.exe is a free tool created by Microsoft which will test any .NET assembly against .NET best
practices.
• This tool can be downloaded from numerous locations such as www.gotdotnet.com or www.msdn.com.
• To use fxcop.exe, begin by creating a new project using the File | New Project menu item.
• You can then add the assembly to analyze using drag-drop techniques or via the Projects | Add Target…
menu item.
• The Targets tab allows you to select the namespaces, types and members to check.
• By default, all members are checked.
• The Rules tab allows you to select which rules you wish to check against.
• Rule sets are bundled into .NET assemblies.
• Here are some core categories:
FxCop Rule Category Meaning in Life
DesignRules Tests assembly against design best practices.
Globalization Rules Tests assembly against best practices for building international software.
Naming Rules Tests assembly against suggest .NET naming conventions.
Performance Rules Tests against various performance best practices.
Security Rules Security best practices!
Usage Rules Tests against ‘all other’ best practices that do not necessary fall into the previous categories.
• Notice how you can selectively choose which rule sets (and which rules):
• Once you click the Analyze button, you will be given a breakdown as to how your assembly stacks up.
• Double clicking on any of the violations will present you with further details.
• Finally, be aware that the Team edition of Visual Studio integrates fxcop.exe functionality within the
IDE.
• From your project’s Properties page, click on the Code Analysis tab.
• Violations will be reported under the warning tab of the output window.
• As you would guess, there are several .NET security best practices recommended by Microsoft.
• However, committing all best practices to memory is seldom possible and not very enjoyable.
• Fxcop.exe is a free tool created by Microsoft which will test any .NET assembly against .NET best
practices.
• This tool can be downloaded from numerous locations such as www.gotdotnet.com or www.msdn.com.
• To use fxcop.exe, begin by creating a new project using the File | New Project menu item.
• You can then add the assembly to analyze using drag-drop techniques or via the Projects | Add Target…
menu item.
• The Targets tab allows you to select the namespaces, types and members to check.
• By default, all members are checked.
• The Rules tab allows you to select which rules you wish to check against.
• Rule sets are bundled into .NET assemblies.
• Here are some core categories:
FxCop Rule Category Meaning in Life
DesignRules Tests assembly against design best practices.
Globalization Rules Tests assembly against best practices for building international software.
Naming Rules Tests assembly against suggest .NET naming conventions.
Performance Rules Tests against various performance best practices.
Security Rules Security best practices!
Usage Rules Tests against ‘all other’ best practices that do not necessary fall into the previous categories.
• Notice how you can selectively choose which rule sets (and which rules):
• Once you click the Analyze button, you will be given a breakdown as to how your assembly stacks up.
• Double clicking on any of the violations will present you with further details.
• Finally, be aware that the Team edition of Visual Studio integrates fxcop.exe functionality within the
IDE.
• From your project’s Properties page, click on the Code Analysis tab.
• Violations will be reported under the warning tab of the output window.
FxCop Utility
Table of Contents
Copyright (c) 2008. Intertech, Inc. All Rights Reserved. This information is to be used exclusively as an
online learning aid. Any attempts to copy, reproduce, or use for training is strictly prohibited.
online learning aid. Any attempts to copy, reproduce, or use for training is strictly prohibited.
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Courseware
Training Resources
Tutorials