root = true # Code files [*.{cs,csx,vb}] indent_style = space end_of_line = lf indent_size = 4 charset = utf-8 trim_trailing_whitespace = true insert_final_newline = true file_header_template = Copyright (c) Microsoft Corporation.\nLicensed under the MIT License. # Organize usings dotnet_separate_import_directive_groups = false dotnet_sort_system_directives_first = true # Expression-level preferences csharp_style_implicit_object_creation_when_type_is_apparent = true:warning csharp_using_directive_placement = outside_namespace csharp_prefer_braces = true # IDE0005: [Using directive is unnecessary](https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/style-rules/ide0005) dotnet_diagnostic.IDE0005.severity = suggestion # Require file header dotnet_diagnostic.IDE0073.severity = warning # 'using' directive placement dotnet_diagnostic.IDE0065.severity = warning # Add braces dotnet_diagnostic.IDE0011.severity = warning # Remove unnecessary import dotnet_diagnostic.IDE0005.severity = none # Private member is unused dotnet_diagnostic.IDE0051.severity = warning # Unused local variables dotnet_diagnostic.CA1804.severity = warning # Private methods that are not called from any other code dotnet_diagnostic.CA1811.severity = warning # Avoid unused private fields dotnet_diagnostic.CA1823.severity = warning # Use string.Contains(char) instead of string.Contains(string) with single characters dotnet_diagnostic.CA1847.severity = warning # Review SQL queries for security vulnerabilities dotnet_diagnostic.CA2100.severity = warning # Review visible event handlers dotnet_diagnostic.CA2109.severity = warning # Seal methods that satisfy private interfaces dotnet_diagnostic.CA2119.severity = warning # Do Not Catch Corrupted State Exceptions dotnet_diagnostic.CA2153.severity = warning # Do not use insecure deserializer BinaryFormatter dotnet_diagnostic.CA2300.severity = warning # Do not call BinaryFormatter.Deserialize without first setting BinaryFormatter.Binder dotnet_diagnostic.CA2301.severity = warning # Ensure BinaryFormatter.Binder is set before calling BinaryFormatter.Deserialize dotnet_diagnostic.CA2302.severity = warning # Do not use insecure deserializer LosFormatter dotnet_diagnostic.CA2305.severity = warning # Do not use insecure deserializer NetDataContractSerializer dotnet_diagnostic.CA2310.severity = warning # Do not deserialize without first setting NetDataContractSerializer.Binder dotnet_diagnostic.CA2311.severity = warning # Ensure NetDataContractSerializer.Binder is set before deserializing dotnet_diagnostic.CA2312.severity = warning # Do not use insecure deserializer ObjectStateFormatter dotnet_diagnostic.CA2315.severity = warning # Do not deserialize with JavaScriptSerializer using a SimpleTypeResolver dotnet_diagnostic.CA2321.severity = warning # Ensure JavaScriptSerializer is not initialized with SimpleTypeResolver before deserializing dotnet_diagnostic.CA2322.severity = warning # Do not use TypeNameHandling values other than None dotnet_diagnostic.CA2326.severity = warning # Do not use insecure JsonSerializerSettings dotnet_diagnostic.CA2327.severity = warning # Ensure that JsonSerializerSettings are secure dotnet_diagnostic.CA2328.severity = warning # Do not deserialize with JsonSerializer using an insecure configuration dotnet_diagnostic.CA2329.severity = warning # Ensure that JsonSerializer has a secure configuration when deserializing dotnet_diagnostic.CA2330.severity = warning # Do not use DataTable.ReadXml() with untrusted data dotnet_diagnostic.CA2350.severity = warning # Do not use DataSet.ReadXml() with untrusted data dotnet_diagnostic.CA2351.severity = warning # Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks dotnet_diagnostic.CA2352.severity = warning # Unsafe DataSet or DataTable in serializable type dotnet_diagnostic.CA2353.severity = warning # Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attacks dotnet_diagnostic.CA2354.severity = warning # Unsafe DataSet or DataTable type found in deserializable object graph dotnet_diagnostic.CA2355.severity = warning # Unsafe DataSet or DataTable type in web deserializable object graph dotnet_diagnostic.CA2356.severity = warning # Ensure autogenerated class containing DataSet.ReadXml() is not used with untrusted data dotnet_diagnostic.CA2361.severity = warning # Unsafe DataSet or DataTable in autogenerated serializable type can be vulnerable to remote code execution attacks dotnet_diagnostic.CA2362.severity = warning # Review code for SQL injection vulnerabilities dotnet_diagnostic.CA3001.severity = warning # Review code for XSS vulnerabilities dotnet_diagnostic.CA3002.severity = warning # Review code for file path injection vulnerabilities dotnet_diagnostic.CA3003.severity = warning # Review code for information disclosure vulnerabilities dotnet_diagnostic.CA3004.severity = warning # Review code for LDAP injection vulnerabilities dotnet_diagnostic.CA3005.severity = warning # Review code for process command injection vulnerabilities dotnet_diagnostic.CA3006.severity = warning # Review code for open redirect vulnerabilities dotnet_diagnostic.CA3007.severity = warning # Review code for XPath injection vulnerabilities dotnet_diagnostic.CA3008.severity = warning # Review code for XML injection vulnerabilities dotnet_diagnostic.CA3009.severity = warning # Review code for XAML injection vulnerabilities dotnet_diagnostic.CA3010.severity = warning # Review code for DLL injection vulnerabilities dotnet_diagnostic.CA3011.severity = warning # Review code for regex injection vulnerabilities dotnet_diagnostic.CA3012.severity = warning # Do Not Add Schema By URL dotnet_diagnostic.CA3061.severity = warning # Insecure DTD processing in XML dotnet_diagnostic.CA3075.severity = warning # Insecure XSLT script processing. dotnet_diagnostic.CA3076.severity = warning # Insecure Processing in API Design, XmlDocument and XmlTextReader dotnet_diagnostic.CA3077.severity = warning # Mark Verb Handlers With Validate Antiforgery Token dotnet_diagnostic.CA3147.severity = warning # Do Not Use Weak Cryptographic Algorithms dotnet_diagnostic.CA5350.severity = warning # Do Not Use Broken Cryptographic Algorithms dotnet_diagnostic.CA5351.severity = warning # Review cipher mode usage with cryptography experts dotnet_diagnostic.CA5358.severity = warning # Do Not Disable Certificate Validation dotnet_diagnostic.CA5359.severity = warning # Do Not Call Dangerous Methods In Deserialization dotnet_diagnostic.CA5360.severity = warning # Do Not Disable SChannel Use of Strong Crypto dotnet_diagnostic.CA5361.severity = warning # Potential reference cycle in deserialized object graph dotnet_diagnostic.CA5362.severity = warning # Do Not Disable Request Validation dotnet_diagnostic.CA5363.severity = warning # Do Not Use Deprecated Security Protocols dotnet_diagnostic.CA5364.severity = warning # Do Not Disable HTTP Header Checking dotnet_diagnostic.CA5365.severity = warning # Use XmlReader For DataSet Read Xml dotnet_diagnostic.CA5366.severity = warning # Do Not Serialize Types With Pointer Fields dotnet_diagnostic.CA5367.severity = warning # Set ViewStateUserKey For Classes Derived From Page dotnet_diagnostic.CA5368.severity = warning # Use XmlReader For Deserialize dotnet_diagnostic.CA5369.severity = warning # Use XmlReader For Validating Reader dotnet_diagnostic.CA5370.severity = warning # Use XmlReader For Schema Read dotnet_diagnostic.CA5371.severity = warning # Use XmlReader For XPathDocument dotnet_diagnostic.CA5372.severity = warning # Do not use obsolete key derivation function dotnet_diagnostic.CA5373.severity = warning # Do Not Use XslTransform dotnet_diagnostic.CA5374.severity = warning # Do Not Use Account Shared Access Signature dotnet_diagnostic.CA5375.severity = warning # Use SharedAccessProtocol HttpsOnly dotnet_diagnostic.CA5376.severity = warning # Use Container Level Access Policy dotnet_diagnostic.CA5377.severity = warning # Do not disable ServicePointManagerSecurityProtocols dotnet_diagnostic.CA5378.severity = warning # Do Not Use Weak Key Derivation Function Algorithm dotnet_diagnostic.CA5379.severity = warning # Do Not Add Certificates To Root Store dotnet_diagnostic.CA5380.severity = warning # Ensure Certificates Are Not Added To Root Store dotnet_diagnostic.CA5381.severity = warning # Use Secure Cookies In ASP.Net Core dotnet_diagnostic.CA5382.severity = warning # Ensure Use Secure Cookies In ASP.Net Core dotnet_diagnostic.CA5383.severity = warning # Do Not Use Digital Signature Algorithm (DSA) dotnet_diagnostic.CA5384.severity = warning # Use Rivest–Shamir–Adleman (RSA) Algorithm With Sufficient Key Size dotnet_diagnostic.CA5385.severity = warning # Avoid hardcoding SecurityProtocolType value dotnet_diagnostic.CA5386.severity = warning # Do Not Use Weak Key Derivation Function With Insufficient Iteration Count dotnet_diagnostic.CA5387.severity = warning # Ensure Sufficient Iteration Count When Using Weak Key Derivation Function dotnet_diagnostic.CA5388.severity = warning # Do Not Add Archive Item's Path To The Target File System Path dotnet_diagnostic.CA5389.severity = warning # Do not hard-code encryption key dotnet_diagnostic.CA5390.severity = warning # Use antiforgery tokens in ASP.NET Core MVC controllers dotnet_diagnostic.CA5391.severity = warning # Use DefaultDllImportSearchPaths attribute for P/Invokes dotnet_diagnostic.CA5392.severity = warning # Do not use unsafe DllImportSearchPath value dotnet_diagnostic.CA5393.severity = warning # Do not use insecure randomness dotnet_diagnostic.CA5394.severity = warning # Miss HttpVerb attribute for action methods dotnet_diagnostic.CA5395.severity = warning # Set HttpOnly to true for HttpCookie dotnet_diagnostic.CA5396.severity = warning # Do not use deprecated SslProtocols values dotnet_diagnostic.CA5397.severity = warning # Avoid hardcoded SslProtocols values dotnet_diagnostic.CA5398.severity = warning # HttpClients should enable certificate revocation list checks dotnet_diagnostic.CA5399.severity = warning # Ensure HttpClient certificate revocation list check is not disabled dotnet_diagnostic.CA5400.severity = warning # Do not use CreateEncryptor with non-default IV dotnet_diagnostic.CA5401.severity = warning # Use CreateEncryptor with the default IV dotnet_diagnostic.CA5402.severity = warning # Do not hard-code certificate dotnet_diagnostic.CA5403.severity = warning # Parameter 'parameter' has no matching param tag in the XML comment for 'parameter' (but other parameters do) dotnet_diagnostic.CS1573.severity = suggestion # Missing XML comment for publicly visible type or member 'Type_or_Member' dotnet_diagnostic.CS1591.severity = none # VSTHRD200: Use "Async" suffix for async methods dotnet_diagnostic.VSTHRD200.severity = none # Possible multiple enumerations of IEnumerable collection dotnet_diagnostic.CA1851.severity = warning # Override code quality rules for test projects [{src/Bicep.Core.Samples/*.cs,src/*Test*/*.cs}] dotnet_diagnostic.CA1851.severity = suggestion [*.{ts,tsx,js}] indent_style = space end_of_line = lf indent_size = 2 charset = utf-8 trim_trailing_whitespace = true insert_final_newline = true # Xml config files [.resx] indent_style = space end_of_line = lf indent_size = 2 charset = utf-8 trim_trailing_whitespace = true insert_final_newline = true