forked from Azure/bicep
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.editorconfig
276 lines (259 loc) · 12.1 KB
/
.editorconfig
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
root = true
[*]
charset = utf-8
indent_style = space
indent_size = 2
end_of_line = lf
trim_trailing_whitespace = true
insert_final_newline = true
[*.md]
trim_trailing_whitespace = false # Two spaces in markdown is the same as a <br>.
[*.{cs,csx,vb}]
indent_size = 4
##############################################################################
########################## .NET Code Analysis Rules ##########################
##############################################################################
file_header_template = Copyright (c) Microsoft Corporation.\nLicensed under the MIT License.
# Organize usings
dotnet_separate_import_directive_groups = false
dotnet_sort_system_directives_first = true
# Expression-level preferences
csharp_style_implicit_object_creation_when_type_is_apparent = true:warning
csharp_using_directive_placement = outside_namespace
csharp_prefer_braces = true
# IDE0005: [Using directive is unnecessary](https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/style-rules/ide0005)
dotnet_diagnostic.IDE0005.severity = suggestion
# Require file header
dotnet_diagnostic.IDE0073.severity = warning
# 'using' directive placement
dotnet_diagnostic.IDE0065.severity = warning
# Add braces
dotnet_diagnostic.IDE0011.severity = warning
# Remove unnecessary import
dotnet_diagnostic.IDE0005.severity = none
# Private member is unused
dotnet_diagnostic.IDE0051.severity = warning
# Use collection expression for array
dotnet_diagnostic.IDE0300.severity = warning
dotnet_style_prefer_collection_expression = true
# Use collection expression for empty
dotnet_diagnostic.IDE0301.severity = warning
# Use collection expression for stackalloc
dotnet_diagnostic.IDE0302.severity = warning
# Use collection expression for `Create()
dotnet_diagnostic.IDE0303.severity = warning
# Use collection expression for builder
dotnet_diagnostic.IDE0304.severity = warning
# Use collection expression for fluent
dotnet_diagnostic.IDE0305.severity = warning
# Unused local variables
dotnet_diagnostic.CA1804.severity = warning
# Private methods that are not called from any other code
dotnet_diagnostic.CA1811.severity = warning
# Avoid unused private fields
dotnet_diagnostic.CA1823.severity = warning
# Use string.Contains(char) instead of string.Contains(string) with single characters
dotnet_diagnostic.CA1847.severity = warning
# Use 'string.Method(char)' instead of 'string.Method(string)' for string with single char
dotnet_diagnostic.CA1865.severity = warning
# Use 'string.Method(char)' instead of 'string.Method(string)' for string with single char
dotnet_diagnostic.CA1866.severity = warning
# Use 'string.Method(char)' instead of 'string.Method(string)' for string with single char
dotnet_diagnostic.CA1867.severity = warning
# Review SQL queries for security vulnerabilities
dotnet_diagnostic.CA2100.severity = warning
# Review visible event handlers
dotnet_diagnostic.CA2109.severity = warning
# Seal methods that satisfy private interfaces
dotnet_diagnostic.CA2119.severity = warning
# Do Not Catch Corrupted State Exceptions
dotnet_diagnostic.CA2153.severity = warning
# Do not use insecure deserializer BinaryFormatter
dotnet_diagnostic.CA2300.severity = warning
# Do not call BinaryFormatter.Deserialize without first setting BinaryFormatter.Binder
dotnet_diagnostic.CA2301.severity = warning
# Ensure BinaryFormatter.Binder is set before calling BinaryFormatter.Deserialize
dotnet_diagnostic.CA2302.severity = warning
# Do not use insecure deserializer LosFormatter
dotnet_diagnostic.CA2305.severity = warning
# Do not use insecure deserializer NetDataContractSerializer
dotnet_diagnostic.CA2310.severity = warning
# Do not deserialize without first setting NetDataContractSerializer.Binder
dotnet_diagnostic.CA2311.severity = warning
# Ensure NetDataContractSerializer.Binder is set before deserializing
dotnet_diagnostic.CA2312.severity = warning
# Do not use insecure deserializer ObjectStateFormatter
dotnet_diagnostic.CA2315.severity = warning
# Do not deserialize with JavaScriptSerializer using a SimpleTypeResolver
dotnet_diagnostic.CA2321.severity = warning
# Ensure JavaScriptSerializer is not initialized with SimpleTypeResolver before deserializing
dotnet_diagnostic.CA2322.severity = warning
# Do not use TypeNameHandling values other than None
dotnet_diagnostic.CA2326.severity = warning
# Do not use insecure JsonSerializerSettings
dotnet_diagnostic.CA2327.severity = warning
# Ensure that JsonSerializerSettings are secure
dotnet_diagnostic.CA2328.severity = warning
# Do not deserialize with JsonSerializer using an insecure configuration
dotnet_diagnostic.CA2329.severity = warning
# Ensure that JsonSerializer has a secure configuration when deserializing
dotnet_diagnostic.CA2330.severity = warning
# Do not use DataTable.ReadXml() with untrusted data
dotnet_diagnostic.CA2350.severity = warning
# Do not use DataSet.ReadXml() with untrusted data
dotnet_diagnostic.CA2351.severity = warning
# Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks
dotnet_diagnostic.CA2352.severity = warning
# Unsafe DataSet or DataTable in serializable type
dotnet_diagnostic.CA2353.severity = warning
# Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attacks
dotnet_diagnostic.CA2354.severity = warning
# Unsafe DataSet or DataTable type found in deserializable object graph
dotnet_diagnostic.CA2355.severity = warning
# Unsafe DataSet or DataTable type in web deserializable object graph
dotnet_diagnostic.CA2356.severity = warning
# Ensure autogenerated class containing DataSet.ReadXml() is not used with untrusted data
dotnet_diagnostic.CA2361.severity = warning
# Unsafe DataSet or DataTable in autogenerated serializable type can be vulnerable to remote code execution attacks
dotnet_diagnostic.CA2362.severity = warning
# Review code for SQL injection vulnerabilities
dotnet_diagnostic.CA3001.severity = warning
# Review code for XSS vulnerabilities
dotnet_diagnostic.CA3002.severity = warning
# Review code for file path injection vulnerabilities
dotnet_diagnostic.CA3003.severity = warning
# Review code for information disclosure vulnerabilities
dotnet_diagnostic.CA3004.severity = warning
# Review code for LDAP injection vulnerabilities
dotnet_diagnostic.CA3005.severity = warning
# Review code for process command injection vulnerabilities
dotnet_diagnostic.CA3006.severity = warning
# Review code for open redirect vulnerabilities
dotnet_diagnostic.CA3007.severity = warning
# Review code for XPath injection vulnerabilities
dotnet_diagnostic.CA3008.severity = warning
# Review code for XML injection vulnerabilities
dotnet_diagnostic.CA3009.severity = warning
# Review code for XAML injection vulnerabilities
dotnet_diagnostic.CA3010.severity = warning
# Review code for DLL injection vulnerabilities
dotnet_diagnostic.CA3011.severity = warning
# Review code for regex injection vulnerabilities
dotnet_diagnostic.CA3012.severity = warning
# Do Not Add Schema By URL
dotnet_diagnostic.CA3061.severity = warning
# Insecure DTD processing in XML
dotnet_diagnostic.CA3075.severity = warning
# Insecure XSLT script processing.
dotnet_diagnostic.CA3076.severity = warning
# Insecure Processing in API Design, XmlDocument and XmlTextReader
dotnet_diagnostic.CA3077.severity = warning
# Mark Verb Handlers With Validate Antiforgery Token
dotnet_diagnostic.CA3147.severity = warning
# Do Not Use Weak Cryptographic Algorithms
dotnet_diagnostic.CA5350.severity = warning
# Do Not Use Broken Cryptographic Algorithms
dotnet_diagnostic.CA5351.severity = warning
# Review cipher mode usage with cryptography experts
dotnet_diagnostic.CA5358.severity = warning
# Do Not Disable Certificate Validation
dotnet_diagnostic.CA5359.severity = warning
# Do Not Call Dangerous Methods In Deserialization
dotnet_diagnostic.CA5360.severity = warning
# Do Not Disable SChannel Use of Strong Crypto
dotnet_diagnostic.CA5361.severity = warning
# Potential reference cycle in deserialized object graph
dotnet_diagnostic.CA5362.severity = warning
# Do Not Disable Request Validation
dotnet_diagnostic.CA5363.severity = warning
# Do Not Use Deprecated Security Protocols
dotnet_diagnostic.CA5364.severity = warning
# Do Not Disable HTTP Header Checking
dotnet_diagnostic.CA5365.severity = warning
# Use XmlReader For DataSet Read Xml
dotnet_diagnostic.CA5366.severity = warning
# Do Not Serialize Types With Pointer Fields
dotnet_diagnostic.CA5367.severity = warning
# Set ViewStateUserKey For Classes Derived From Page
dotnet_diagnostic.CA5368.severity = warning
# Use XmlReader For Deserialize
dotnet_diagnostic.CA5369.severity = warning
# Use XmlReader For Validating Reader
dotnet_diagnostic.CA5370.severity = warning
# Use XmlReader For Schema Read
dotnet_diagnostic.CA5371.severity = warning
# Use XmlReader For XPathDocument
dotnet_diagnostic.CA5372.severity = warning
# Do not use obsolete key derivation function
dotnet_diagnostic.CA5373.severity = warning
# Do Not Use XslTransform
dotnet_diagnostic.CA5374.severity = warning
# Do Not Use Account Shared Access Signature
dotnet_diagnostic.CA5375.severity = warning
# Use SharedAccessProtocol HttpsOnly
dotnet_diagnostic.CA5376.severity = warning
# Use Container Level Access Policy
dotnet_diagnostic.CA5377.severity = warning
# Do not disable ServicePointManagerSecurityProtocols
dotnet_diagnostic.CA5378.severity = warning
# Do Not Use Weak Key Derivation Function Algorithm
dotnet_diagnostic.CA5379.severity = warning
# Do Not Add Certificates To Root Store
dotnet_diagnostic.CA5380.severity = warning
# Ensure Certificates Are Not Added To Root Store
dotnet_diagnostic.CA5381.severity = warning
# Use Secure Cookies In ASP.Net Core
dotnet_diagnostic.CA5382.severity = warning
# Ensure Use Secure Cookies In ASP.Net Core
dotnet_diagnostic.CA5383.severity = warning
# Do Not Use Digital Signature Algorithm (DSA)
dotnet_diagnostic.CA5384.severity = warning
# Use Rivest–Shamir–Adleman (RSA) Algorithm With Sufficient Key Size
dotnet_diagnostic.CA5385.severity = warning
# Avoid hardcoding SecurityProtocolType value
dotnet_diagnostic.CA5386.severity = warning
# Do Not Use Weak Key Derivation Function With Insufficient Iteration Count
dotnet_diagnostic.CA5387.severity = warning
# Ensure Sufficient Iteration Count When Using Weak Key Derivation Function
dotnet_diagnostic.CA5388.severity = warning
# Do Not Add Archive Item's Path To The Target File System Path
dotnet_diagnostic.CA5389.severity = warning
# Do not hard-code encryption key
dotnet_diagnostic.CA5390.severity = warning
# Use antiforgery tokens in ASP.NET Core MVC controllers
dotnet_diagnostic.CA5391.severity = warning
# Use DefaultDllImportSearchPaths attribute for P/Invokes
dotnet_diagnostic.CA5392.severity = warning
# Do not use unsafe DllImportSearchPath value
dotnet_diagnostic.CA5393.severity = warning
# Do not use insecure randomness
dotnet_diagnostic.CA5394.severity = warning
# Miss HttpVerb attribute for action methods
dotnet_diagnostic.CA5395.severity = warning
# Set HttpOnly to true for HttpCookie
dotnet_diagnostic.CA5396.severity = warning
# Do not use deprecated SslProtocols values
dotnet_diagnostic.CA5397.severity = warning
# Avoid hardcoded SslProtocols values
dotnet_diagnostic.CA5398.severity = warning
# HttpClients should enable certificate revocation list checks
dotnet_diagnostic.CA5399.severity = warning
# Ensure HttpClient certificate revocation list check is not disabled
dotnet_diagnostic.CA5400.severity = warning
# Do not use CreateEncryptor with non-default IV
dotnet_diagnostic.CA5401.severity = warning
# Use CreateEncryptor with the default IV
dotnet_diagnostic.CA5402.severity = warning
# Do not hard-code certificate
dotnet_diagnostic.CA5403.severity = warning
# Parameter 'parameter' has no matching param tag in the XML comment for 'parameter' (but other parameters do)
dotnet_diagnostic.CS1573.severity = suggestion
# Missing XML comment for publicly visible type or member 'Type_or_Member'
dotnet_diagnostic.CS1591.severity = none
# VSTHRD200: Use "Async" suffix for async methods
dotnet_diagnostic.VSTHRD200.severity = none
# Possible multiple enumerations of IEnumerable collection
dotnet_diagnostic.CA1851.severity = warning
# Override code quality rules for test projects
[{src/Bicep.Core.Samples/*.cs,src/*Test*/*.cs}]
dotnet_diagnostic.CA1851.severity = suggestion