Title Image

Don Xml's Grok This

The home of Don Demsak
Welcome to Don Xml's Grok This Sign in | Help
in Search
Home Grok This All Things Techie Music Blog Photos Downloads

This Blog

Syndication

Site Sponsors

Recent Posts

Archives

DonXml's All Things Techie

Static Code Analysis and Custom FxCop Rules for Enterprise ASP.Net Development

Over the last couple months I've been doing a bit of work with FxCop and Static Code Analysis.  If you remember playing with FxCop back in the day, it was a cool tool to check for possible design, localization, performance, and security issues with your .Net code.  But, for most of us, that's where things stopped, playing with a cool tool and then forgetting about it.  Sure, Microsoft built it into VS 2005 as Visual Studio Code Analysis, but still most developers forget about it, and never turn it on.  Well, I've been on a Continuous Integration kick for over a year now (with CruiseControl.Net or TFS 2008, depending on the client), and it is easy to an things like FxCop and NDepend to your build process.  Yes, there are a lot of pre-built rules out there, but for most of us, some of the rules are extremely valuable, but some are just annoying, and there are still a lot of personal best practices that you have developed over the years that don't have rules. 

Well, that is where writing your own FxCop rules can come in handy.  It isn't the easiest thing to work with, since there is no official documentation of Microsoft.Cci (which is the heart and soul of FxCop).  But, Jason Kresowaty has created some helpful documentation (although not complete by any means), and he also created the extremely helpful Introspector tool to go along with spelunking assemblies using the introspection object model.  After writing a couple of my own custom rules, I figured I should poke around and see if anyone has released some FxCop rule libraries, checking out CodePlex and SourceForge, but I didn't find any.  I did find one blog post by Richard Banks on a great WCF FxCop rule example, EnsureFaultContractsAreDeclared, and sure, the Patterns & Practices team releases custom rules as part of their Software Factories, but I thought that there would be more out there.  It seems like something that would be perfect for groups like ASP Insiders, Sharepoint MVPs, Connected Systems MVPs, etc. and they could band together and come up with some good rules to go along with all the best practices we seem to come up with.

So, I'll try to start this thing rolling, and try to put together a bunch of rules around best practices for building Enterprise-ready ASP.Net applications.  But I can't do it alone, so I'm asking the community to help me out, and either leave their own ASP.Net rules as comments, or post them up on their blog (if you have one, and link back to this post).  I'll document them, and if we get enough traction, I'll start up a CodePlex project where we can coordinate this.  Here's an example:

Rule: EnsureAspSessionVariablesAreSerializable
Name - Asp.Net Session variables must be marked serializable
Description: All session variables must be marked serializable if you will be using a SessionStateMode other than inproc
Resolution: Mark the variable to be stored in session with the Serializable attribute

I'm sure others have similar rules, that they use implicitly, and I'd like to gather them up, put them into rule libraries and then publish them on CodePlex.

Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!
Published Wednesday, June 18, 2008 8:40 PM by donxml
Filed under: ,

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

Jason Bock said:

I really like this idea, I toyed with pushing a CodeAnalysis project on CodePlex, where they'd be WPF rules, WCF rules (I've personally written one that checks return values on one-way calls), ASP.NET rules...but the big issue is that custom rules are simply not testable. That sucks.
June 19, 2008 9:40 AM

donxml said:

Jason, yes, I was bummed about not being able to easily test custom rules.  I have a couple ideas about how to solve it (or just make it easier), but I need to some time to explore the options.  The biggest hassle is the lack of documentation on Microsoft.Cci, so it make it hard to Mock it, even with something like TypeMock.

June 19, 2008 10:03 AM

Jason Bock said:

"not easily" should be phrased "damn near impossible" :) I think that the rules engine is going to be re-engineered and FINALLY documented in the future (although I'm not sure about that). That shouldn't stop an OS project like this, but that would make development on it much easier.
June 19, 2008 10:07 AM

Leave a Comment

(required) 
(optional)
(required) 
Submit

About donxml

I’m an independent consultant, specializing in .Net solutions architecture, based out of New Jersey who also doubles as an evangelist for XML, Domain Driven Design, enterprise architecture and .Net. I do not work for Microsoft, the W3C or any other big company that you may know of (at least not yet). I’ve been an indie for over ten years, and although I’ve been tempted a couple times to take a job with companies like Microsoft, I’ve haven’t found something better than my current situation. I work mostly with the large pharmaceuticals that are based here in New Jersey, and usually find myself on long term contracts. Definitely not the prototypical indie consultant, but it lets me dedicate time to my non-income generating activities like the developer community stuff, plus financing open source projects like XPathmania and MVP-XML. If you would like to talk to me about doing some contract work, just contact me via the contact page. My rates vary widely, depending on lots of different variables, but mostly distance from Jersey, and type of work. Plus, I’ve been known to donate some of my code for various projects.

Tags
Copyright 2007
Powered by Community Server, by Telligent Systems