Welcome all fans of clean code! Today we analyze the PascalABC.NET project. In 2017, we already found errors in this project. We used two static analysis tools (more precisely, plugins for SonarQube): SonarC# and PVS-Studio. Today, we analyze this project with the latest version of the PVS-Studio analyzer for C#. Let's see what errors we can find today, especially when our analyzer has become more advanced and got new features: it can find more exquisite errors and potential vulnerabilities.
![](http://webcf.waybackmachine.org/web/20220128192130im_/https://habrastorage.org/getpro/habr/hub/bc7/f1e/783/bc7f1e78397bca57cf5adcd5bf1725be.png)
C# *
Multi-paradigm programming language encompassing strong typing, imperative, declarative, functional, generic, object-oriented (class-based), and component-oriented programming disciplines
- New
- Top
- All
- ≥0
- ≥10
- ≥25
- ≥50
- ≥100
The most interesting C# / .NET blogs and websites
Let's take a look at the list of information sources that can be useful for the C# / .NET developers. Our list includes blogs, repositories with source code, standards and accounts of developers who covers the deep aspects of the C# and .NET.
Top 10 bugs found in C# projects in 2021
![](https://webcf.waybackmachine.org/web/20220128192130im_/https://habrastorage.org/getpro/habr/upload_files/348/185/deb/348185debe8f84cb636ae56824a0d1c3.png)
In 2021 we published several articles and showed you errors found in open-source projects. The year 2021 ends, which means it's time to present you the traditional top 10 of the most interesting bugs. Enjoy!
Errors and suspicious code fragments in .NET 6 sources
The .NET 6 turned out to be much-awaited and major release. If you write for .NET, you could hardly miss such an event. We also couldn't pass by the new version of this platform. We decided to check what interesting things we can find in the sources of .NET libraries.
PVS-Studio checks Umbraco code for the third time
![](https://webcf.waybackmachine.org/web/20220128192130im_/https://habrastorage.org/getpro/habr/upload_files/87c/377/b0c/87c377b0ca48883e83405b2c0d66eeee.png)
Six years ago, we first checked Umbraco with the PVS-Studio static analyzer for C#. Today, we decided to go where it all started and analyze the Umbraco CMS source code.
Structured Logging and Interpolated Strings in C# 10
Structured logging is gaining more and more popularity in the developers' community. In this article I'd like to demonstrate how we can use structured logging with the Microsoft.Extensions.Logging package and show the idea how we can extend it using the new features of C# 10.
A variety of errors in C# code by the example of CMS DotNetNuke: 40 questions about the quality
Today, we discuss C# code quality and a variety of errors by the example of CMS DotNetNuke. We're going to dig into its source code. You're going to need a cup of coffee...
PVS-Studio checks the code quality in the .NET Foundation projects: LINQ to DB
![](https://webcf.waybackmachine.org/web/20220128192130im_/https://habrastorage.org/getpro/habr/upload_files/54b/7d5/a72/54b7d5a7227696b100a070e8b3f81063.png)
The .NET Foundation is an independent organization, created by Microsoft, to support open-source projects around the DotNet platform. Currently, the organization gathered many libraries under its wing. We have already tested some of these libraries with the help of PVS-Studio. The next project to check with the analyzer - LINQ to DB.
All hail bug reports: how we reduced the analysis time of the user's project from 80 to 4 hours
People often see work in support as something negative. Today we'll look at it from a different perspective. This article is about a real communication of 100+ messages, exceptions, the analysis that didn't complete in three days...
OWASP Top Ten and Software Composition Analysis (SCA)
![](https://webcf.waybackmachine.org/web/20220128192130im_/https://habrastorage.org/getpro/habr/upload_files/e7c/cbb/8df/e7ccbb8df60a845046510a020f5f400c.png)
The OWASP Top Ten 2017 category A9 (which became A6 in OWASP Top Ten 2021) is dedicated to using components with known vulnerabilities. To cover this category in PVS-Studio, developers have to turn the analyzer into a full SCA solution. How will the analyzer look for vulnerabilities in the components used? What is SCA? Let's try to find the answers in this article!
What's new in C# 10: overview
![](https://webcf.waybackmachine.org/web/20220128192130im_/https://habrastorage.org/getpro/habr/upload_files/d7f/408/590/d7f408590fda3181cad7882c2473e55f.png)
This article covers the new version of the C# language - C# 10. Compared to C# 9, C# 10 includes a short list of enhancements. Below we described the enhancements and added explanatory code fragments. Let's look at them.
CWE Top 25 2021. What is it, what is it for and how is it useful for static analysis?
For the first time PVS-Studio provided support for the CWE classification in the 6.21 release. It took place on January 15, 2018. Years have passed since then and we would like to tell you about the improvements related to the support of this classification in the latest analyzer version.
Creating Roslyn API-based static analyzer for C#
![](https://webcf.waybackmachine.org/web/20220128192130im_/https://habrastorage.org/getpro/habr/upload_files/616/a42/a33/616a42a33c69f03f580690b651bce761.png)
After you read this article, you'll have the knowledge to create your own static analyzer for C#. With the help of the analyzer, you can find potential errors and vulnerabilities in the source code of your own and other projects. Are you intrigued? Well, let's get started.
How Visual Studio 2022 ate up 100 GB of memory and what XML bombs had to do with it
In April 2021 Microsoft announced a new version of its IDE – Visual Studio 2022 – while also announcing that the IDE would be 64-bit. We've been waiting for this for so long – no more 4 GB memory limitations! However, as it turned out, it's not all that simple...
Making «foreach» loop as fast as «for» loop
![](https://webcf.waybackmachine.org/web/20220128192130im_/https://habrastorage.org/getpro/habr/upload_files/29c/ef1/eed/29cef1eed2a3b30458bb599f3d95c32e.png)
Hello!
This post is about writing a fast enumerator in C#:
foreach (var i in 1..10)
We will figure out whether it's possible to make it as fast as for
, and what can we do to improve our performance.
A lot of benchmarks and sharplab coming. Let's rock!
XSS: attack, defense — and C# programming
![](https://webcf.waybackmachine.org/web/20220128192130im_/https://habrastorage.org/getpro/habr/upload_files/777/559/485/777559485a09805c73276411e59e2ea0.png)
XSS - or cross-site scripting - is one of the most common vulnerabilities in web applications. It has been on the OWASP Top 10 list (the list of the most critical security risks to web applications) for a while now. So let's figure out together how your browser can acquire and execute a script from a third-party website, and what this may lead to (spoiler: your cookies could get stolen, for example). And while we're at it, we'll talk about ways you can protect yourself from XSS.
Tutorial: how to port a project from Interop Word API to Open XML SDK
![](https://webcf.waybackmachine.org/web/20220128192130im_/https://habrastorage.org/getpro/habr/upload_files/ac4/6ff/46a/ac46ff46ae1aa62912f8094c808b3f5c.png)
With the .NET5 release further development of some projects was questionable due to the complexity of porting. One can abandon small outdated libraries or find a replacement. But it's hard to throw away Microsoft.Office.Interop.Word.dll. Microsoft doesn't plan to add compatibility with .NET Core/5+, so in this article we focus on creating Word files with Open XML SDK.
Is PHP compilable?! PVS-Studio searches for errors in PeachPie
![](https://webcf.waybackmachine.org/web/20220128192130im_/https://habrastorage.org/getpro/habr/upload_files/e4b/c47/b19/e4bc47b1969d314143ee06986d9ab4dc.jpg)
PHP is widely known as an interpreted programming language used mainly for website development. However, few people know that PHP also has a compiler to .NET – PeachPie. But how well is it made? Will the static analyzer be able to find actual bugs in this compiler? Let's find out!
Optimization of .NET applications: a big result of small edits
Today we're going to discuss how small optimizations in the right places of the application can improve its performance. Imagine: we remove the creation of an extra iterator in one place, get rid of boxing in the other. As a result, we get drastic improvements because of such small edits.
Enums in C#: Hidden Pitfalls
C# has low barriers to entry and forgives a lot. Seriously, you may not understand how things work under the hood but still write code and remain easy-going about this. Though you still have to deal with different nuances over time. Today, we'll look at one of such subtle aspects — handling enumerations.
Authors' contribution
-
sidristij 1681.2 -
olegchir 1001.8 -
foto_shooter 909.0 -
n0mo 664.0 -
sahsAGU 656.0 -
marshinov 654.6 -
timyrik20 652.6 -
kekekeks 623.4 -
DreamWalker 566.0 -
PsyHaSTe 547.4