Sitecore and FxCop

Just started playing with FxCop and decided to create a Sitecore-Ruleset. For the people wo don’t know what FxCop actually is:
FxCop is an open source tool which makes it possible for people to analyse their code with a single click. FxCop checks your code on the most vulnabilities and the .NET Code Guidelines. A possible error generated by FxCop:

CriticalError, Certainty 95, for AssembliesShouldHaveValidStrongNames
Target : lectric.intranet.layouts.dll (IntrospectionTargetModule)
Resolution : “Sign ‘LECTRIC.Intranet.Layouts’ with a strong
name key.”
Help : (String)
Category : Microsoft.Design (String)
CheckId : CA2210 (String)
RuleFile : Design Rules (String)
Info : “Either the assembly has no strong name, an invalid
one, or the strong name is valid only because of the
computer configuration. The assembly should not be
deployed in this state. The most common causes of this
are: 1) The assembly’s contents were modified after
it was signed. 2) The signing process failed. 3) The
assembly was delay-signed. 4) A registry key existed
that allowed the check to pass (where it would not
have otherwise).”
Created : 14-5-2006 13:43:41 (DateTime)
LastSeen : 14-5-2006 14:02:56 (DateTime)
Status : Active (MessageStatus)
Fix Category : NonBreaking (FixCategories)

You can easily configure which rules should be used and which ones shouldn’t. For example, there are some rules about CLSCompliancy. Those are more interesting when you are creating Frameworks and not so interesting when you create solution based on Frameworks. Altough it shouldn’t be bad to leave all rules on, and look if everything passes the strict rules of FxCop.

FxCop default rules
FxCop default rules

I looked in the manual and found out that it isn’t so hard to write your own rules :)! So next weekend ;), I’m going to look how to create Sitecore rules. The week afterwards, Í’m going to start with a new project, so my goal will be to complete that project without FxCop warnings :P. Keep you guys informed.

6 thoughts on “Sitecore and FxCop”

  1. Very interesting Alex,

    What kind of rules would we be talking about? I for once, could imagine warnings on use of the SecurityDisabler (where best practice is to use a SecurityDiabler when possible) and similar uses.

    Would you be willing to share this with the Sitecore community?

    — Lars

  2. Hi Lars,

    I definitelly want to share it with the community, altough first it will be developed for internal usage inside LECTRIC.

    Things I want to include:
    – Usage rules for Configuration handling(for example: Factory.GetDatabase(“web”))
    – Security checks(like the SecurityDisabler but also Sitecore.Context.Domain.User != null -> Sitecore.Context.Domain.IsLoggedIn(), etc)
    – Secure usage of the other ‘using’-statements
    – Usage of GUID’s, parsing, etc
    – Community ideas? I’m open for all suggestions.

    – Alex

  3. Umm, just popping my head in here with a quick comment 😉

    But isn’t the point of FxCop the excact opposite? I mean, you adjust your code to adhere to a set of pre-determined industry standards and best practices – not adjust FxCop to adhere to your code? 😉

    I mean, there is obviously a set of best practices involving the use of the Sitecore API and I could definately see value from implementing those. But there’s a large step from that, and to writing a new ruleset that completely supresses a lot of the non-optimal practices that IS in use in the Sitecore API.

    (in my own code as well mind you, isn’t a flame.. just a fact of life)

  4. Terrific post, this is very similar to a site that I have. Please check it out sometime and feel free to leave me a comenet on it and tell me what you think. I’m always looking for feedback.

  5. Good day! Do you know if they make any plugins to help with Search Engine Optimization? Im trying to get my blog to rank for some targeted keywords but Im not seeing very good results. If you know of any please share. Appreciate it!

  6. It was hard to find your articles in google search results.
    I found it on 21 place, you should build a lot of quality backlinks , it will help you to get more visitors.

    I know how to help you, just search in google –
    k2 seo tips

Comments are closed.