You decided to make an app that works with SVG. Encouraged by the enthusiasm, you collected libraries and successfully made the application. But suddenly you find that the app is sending strange network requests. And data is leaking from the host-machine. How so?
C# *
Multi-paradigm programming language encompassing strong typing, imperative, declarative, functional, generic, object-oriented (class-based), and component-oriented programming disciplines
ECS: under the hood
This is the translation of my article about ECS. Original (in Russian).
ECS (Entity Component System) is an architectural pattern used in game development.
In this article, I am going to describe some of the general principles of ECS frameworks' inner workings and some of the problems I have faced during the development of my own.
When I first started learning about ECS everything seemed wonderful, but only in theory. I needed some real practice to make sure that all that they were saying about ECS was true.
I’ve tried different frameworks with different engines and programming languages. Mostly it was the gorgeous EnTT framework that I used with the Godot engine and LeoECS with Unity. I haven’t tried Unity’s native ECS from DOTS because it was rather unpolished at the time I was starting.
After a while, I got enough practical experience with ECS but it was still unclear to me how all this magic works under the hood. There are a few good blogs about ECS development (https://skypjack.github.io/ from the author of EnTT and https://ajmmertens.medium.com/ from the author of Flecs) but none of them gave me enough understanding about how they are implemented. So eventually, following Bender’s example, I decided that I’m gonna make my own ECS =)
Vulnerabilities due to XML files processing: XXE in C# applications in theory and in practice
How can simple XML files processing turn into a security weakness? How can a blog deployed on your machine cause a data leak? Today we'll find answers to these questions, learn what XXE is and how it looks like.
Playing with null: Checking MonoGame with the PVS-Studio analyzer
The PVS-Studio analyzer often checks code of libraries, frameworks, and engines for game development. Today we check another project — MonoGame, a low-level gamedev framework written in C#.
Re-checking PascalABC.NET
Welcome all fans of clean code! Today we analyze the PascalABC.NET project. In 2017, we already found errors in this project. We used two static analysis tools (more precisely, plugins for SonarQube): SonarC# and PVS-Studio. Today, we analyze this project with the latest version of the PVS-Studio analyzer for C#. Let's see what errors we can find today, especially when our analyzer has become more advanced and got new features: it can find more exquisite errors and potential vulnerabilities.
The most interesting C# / .NET blogs and websites
Let's take a look at the list of information sources that can be useful for the C# / .NET developers. Our list includes blogs, repositories with source code, standards and accounts of developers who covers the deep aspects of the C# and .NET.
Top 10 bugs found in C# projects in 2021
In 2021 we published several articles and showed you errors found in open-source projects. The year 2021 ends, which means it's time to present you the traditional top 10 of the most interesting bugs. Enjoy!
Errors and suspicious code fragments in .NET 6 sources
The .NET 6 turned out to be much-awaited and major release. If you write for .NET, you could hardly miss such an event. We also couldn't pass by the new version of this platform. We decided to check what interesting things we can find in the sources of .NET libraries.
PVS-Studio checks Umbraco code for the third time
Six years ago, we first checked Umbraco with the PVS-Studio static analyzer for C#. Today, we decided to go where it all started and analyze the Umbraco CMS source code.
Structured Logging and Interpolated Strings in C# 10
Structured logging is gaining more and more popularity in the developers' community. In this article I'd like to demonstrate how we can use structured logging with the Microsoft.Extensions.Logging package and show the idea how we can extend it using the new features of C# 10.
A variety of errors in C# code by the example of CMS DotNetNuke: 40 questions about the quality
Today, we discuss C# code quality and a variety of errors by the example of CMS DotNetNuke. We're going to dig into its source code. You're going to need a cup of coffee...
PVS-Studio checks the code quality in the .NET Foundation projects: LINQ to DB
The .NET Foundation is an independent organization, created by Microsoft, to support open-source projects around the DotNet platform. Currently, the organization gathered many libraries under its wing. We have already tested some of these libraries with the help of PVS-Studio. The next project to check with the analyzer - LINQ to DB.
All hail bug reports: how we reduced the analysis time of the user's project from 80 to 4 hours
People often see work in support as something negative. Today we'll look at it from a different perspective. This article is about a real communication of 100+ messages, exceptions, the analysis that didn't complete in three days...
OWASP Top Ten and Software Composition Analysis (SCA)
The OWASP Top Ten 2017 category A9 (which became A6 in OWASP Top Ten 2021) is dedicated to using components with known vulnerabilities. To cover this category in PVS-Studio, developers have to turn the analyzer into a full SCA solution. How will the analyzer look for vulnerabilities in the components used? What is SCA? Let's try to find the answers in this article!
What's new in C# 10: overview
This article covers the new version of the C# language - C# 10. Compared to C# 9, C# 10 includes a short list of enhancements. Below we described the enhancements and added explanatory code fragments. Let's look at them.
CWE Top 25 2021. What is it, what is it for and how is it useful for static analysis?
For the first time PVS-Studio provided support for the CWE classification in the 6.21 release. It took place on January 15, 2018. Years have passed since then and we would like to tell you about the improvements related to the support of this classification in the latest analyzer version.
Creating Roslyn API-based static analyzer for C#
After you read this article, you'll have the knowledge to create your own static analyzer for C#. With the help of the analyzer, you can find potential errors and vulnerabilities in the source code of your own and other projects. Are you intrigued? Well, let's get started.
How Visual Studio 2022 ate up 100 GB of memory and what XML bombs had to do with it
In April 2021 Microsoft announced a new version of its IDE – Visual Studio 2022 – while also announcing that the IDE would be 64-bit. We've been waiting for this for so long – no more 4 GB memory limitations! However, as it turned out, it's not all that simple...
Making «foreach» loop as fast as «for» loop
Hello!
This post is about writing a fast enumerator in C#:
foreach (var i in 1..10)
We will figure out whether it's possible to make it as fast as for
, and what can we do to improve our performance.
A lot of benchmarks and sharplab coming. Let's rock!
XSS: attack, defense — and C# programming
XSS - or cross-site scripting - is one of the most common vulnerabilities in web applications. It has been on the OWASP Top 10 list (the list of the most critical security risks to web applications) for a while now. So let's figure out together how your browser can acquire and execute a script from a third-party website, and what this may lead to (spoiler: your cookies could get stolen, for example). And while we're at it, we'll talk about ways you can protect yourself from XSS.
Authors' contribution
-
sidristij 1681.2 -
foto_shooter 1020.0 -
olegchir 1001.8 -
n0mo 667.0 -
sahsAGU 656.0 -
marshinov 654.6 -
timyrik20 652.6 -
kekekeks 623.4 -
DreamWalker 566.0 -
PsyHaSTe 547.4