A set of C# Roslyn analyzers that catch bugs, design flaws, and security pitfalls at compile time -- before they reach code review or production.
The package currently ships 30+ rules across six categories (Design, Security, Performance, Code Smells, Bug, Best Practice); most include an automatic code fix.
Rules range from straightforward code-smell detection (e.g. DateTime.Now instead of DateTime.UtcNow) to cross-method semantic analysis (e.g. Entity Framework queries missing TagWith, check-then-act race conditions on concurrent collections, or loop-invariant expressions that should be hoisted).
Install via NuGet and every rule is enforced automatically during compilation, with severity levels configurable through .editorconfig.
The NuGet package follows the conventions of Semantic Versioning 2.0.0.
Cit.:
Given a version number MAJOR.MINOR.PATCH, increment the:
1. MAJOR version when you make incompatible API changes
2. MINOR version when you add functionality in a backward compatible manner
3. PATCH version when you make backward compatible bug fixes
Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format.
Just download and install the NuGet package
https://www.nuget.org/packages/DogmaSolutions.Analyzers
This section describes the rules included in this package.
Every rule is accompanied by the following information and clues:
- Category → identify the area of interest of the rule, and can have one of the following values: Design / Naming / Style / Usage / Performance / Security
- Severity → state the default severity level of the rule. The severity level can be changed by editing the .editorconfig file used by the project/solution. Possible values are enumerated by the DiagnosticSeverity enum
- Description, motivations and fixes → a detailed explanation of the detected issue, and a brief description on how to change your code in order to solve it.
- See also → a list of similar/related rules, or related knowledge base
| Id | Category | Description | Default severity | Is enabled | Code fix |
|---|---|---|---|---|---|
| DSA001 | Design | WebApi controller methods should not contain data-manipulation business logics through a LINQ query expression. | ⚠ Warning | ✅ | ❌ |
| DSA002 | Design | WebApi controller methods should not contain data-manipulation business logics through a LINQ fluent query. | ⚠ Warning | ✅ | ❌ |
| DSA003 | Code Smells | Use String.IsNullOrWhiteSpace instead of String.IsNullOrEmpty |
⚠ Warning | ✅ | ✅ |
| DSA004 | Code Smells | Use DateTime.UtcNow instead of DateTime.Now |
⚠ Warning | ✅ | ✅ |
| DSA005 | Code Smells | Potential non-deterministic point-in-time execution | ⛔ Error | ✅ | ✅ |
| DSA006 | Code Smells | General exceptions should not be thrown by user code | ⛔ Error | ✅ | ❌ |
| DSA007 | Code Smells | When initializing a lazy field, use a robust locking pattern, i.e. the "if-lock-if" (aka "double checked locking") | ⚠ Warning | ✅ | ❌ |
| DSA008 | Bug | The Required Attribute has no impact on a not-nullable DateTime | ⛔ Error | ✅ | ✅ |
| DSA009 | Bug | The Required Attribute has no impact on a not-nullable DateTimeOffset | ⛔ Error | ✅ | ✅ |
| DSA011 | Design | Avoid lazily initialized, self-contained, static singleton properties | ⚠ Warning | ✅ | ❌ |
| DSA012 | Design | Avoid the "if not exists, then insert" check-then-act antipattern on database types (TOCTOU) | ⚠ Warning | ✅ | ❌ |
| DSA013 | Security | Minimal API endpoints should have an explicit authorization configuration | ⚠ Warning | ✅ | ✅ |
| DSA014 | Security | Minimal API endpoints on route groups should have an explicit authorization configuration | ⚠ Warning | ✅ | ✅ |
| DSA015 | Security | Minimal API endpoints on parameterized route builders should have an explicit authorization configuration | ⚠ Warning | ✅ | ✅ |
| DSA016 | Code Smells | Avoid repeated invocation of the same enumeration method with identical arguments | ⚠ Warning | ✅ | ✅ |
| DSA017 | Design | Use the collection's atomic operation instead of the check-then-act pattern | ⚠ Warning | ✅ | ✅ |
| DSA018 | Design | Protect the check-then-act pattern with a lock or use a collection with built-in duplicate handling | ⚠ Warning | ✅ | ❌ |
| DSA019 | Code Smells | Avoid repeated deeply nested member access chains | ⚠ Warning | ✅ | ✅ |
| DSA020 | Code Smells | Remove redundant async/await on Task.FromResult |
⚠ Warning | ✅ | ✅ |
| DSA021 | Best Practice | Entity Framework queries should be tagged with TagWith or TagWithCallSite for traceability | ⚠ Warning | ✅ | ✅ |
| DSA022 | Performance | Hoist loop-invariant expression out of inner loop | ⚠ Warning | ✅ | ✅ |
| DSA023 | Best Practice | Use Path.Combine instead of string concatenation to build file system paths |
⚠ Warning | ✅ | ✅ |
| DSA024 | Best Practice | Use Path.Combine instead of string concatenation for path-like parameters |
⚠ Warning | ✅ | ✅ |
| DSA025 | Performance | Use structured logging template instead of interpolated string | ⚠ Warning | ✅ | ✅ |
| DSA026 | Bug | Use nearest scope CancellationToken | ⚠ Warning | ✅ | ✅ |
| DSA027 | Performance | Replace string concatenation in loops with StringBuilder |
⚠ Warning | ✅ | ✅ |
| DSA028 | Performance | Prefer ToArray() over ToList() when return type is a read-only interface |
⚠ Warning | ✅ | ✅ |
| DSA029 | Bug | The Required Attribute has no impact on a not-nullable value type | ⚠ Warning | ✅ | ✅ |
| DSA030 | Best Practice | Entity Framework queries should explicitly specify a change tracking strategy | 💡 Suggestion | ✅ | ✅ |
| DSA031 | Performance | Use AsNoTracking for Entity Framework queries that do not require change tracking | ⚠ Warning | ✅ | ✅ |
| DSA032 | Code Smells | Avoid duplicated string literals in the same method body | ⚠ Warning | ✅ | ✅ |
Contributions are welcome! Please read the Contributing Guidelines before submitting a pull request.
To report a security vulnerability, please follow the instructions in SECURITY.md. Do not open a public issue for security reports.
This project follows the Contributor Covenant v2.1. See CODE_OF_CONDUCT.md for details.
This project is licensed under the MIT License.