FxCop静态代码分析

SQL Inject: SQL注入

FxCop :静态代码分析，用软件来检测你的代码

代码检测扩展功能（自己可以写方法，来检测自己的代码有那些漏洞）

#region Using directives

using System;
using System.Globalization;

using Microsoft.Cci;
using Microsoft.FxCop.Sdk;
using Microsoft.FxCop.Sdk.Introspection;

#endregion

namespace FxCop.Rules
{
    #region //comment
    /// <summary>
 ///  <para>
 ///   Checks for complicated methods and constructors.
 ///  </para>
 /// </summary>
 /// <remarks>
 ///  <para>
 ///   A method or constructor is classes as complicated if it contains more than 75 method calls.
 ///  </para>
    /// </remarks>
    #endregion

    public class AvoidComplicatedMethods : BaseRule
 {
  private const int MAXIMUM_METHOD_CALLS = 75;

        #region //comment
        /// <summary>
  ///  <para>
  ///   Initializes a new instance of the <see cref="AvoidComplicatedMethods"/> class.
  ///  </para>
        /// </summary>
        #endregion

        public AvoidComplicatedMethods() : base("AvoidComplicatedMethods")
  {
        }

        #region //comment
        /// <summary>
  ///  <para>
  ///   This member overrides <see cref="BaseIntrospectionRule.Check(Member)"/>.
  ///  </para>
  /// </summary>
  /// <param name="m">
  ///  The <see cref="Member"/> to check.
  /// </param>
  /// <returns>
  ///  A <see cref="ProblemCollection"/> containing the problems associated with <paramref name="m"/>.
        /// </returns>
        #endregion

        public override ProblemCollection Check(Member m)
  {
   Method method = m as Method;

   if (method == null)
    return null;

   if (method.Instructions == null)
    return null;

   string name = method.Name.Name;

   if (name == "InitializeComponent")
    return null;

   int methodCallCount = 0;
   
   for (int i = 0; i < method.Instructions.Length; i++)
   {
    if (RuleHelper.IsMethodCall(method.Instructions[i]))
    {
     methodCallCount++;
    }
   }

   if (methodCallCount > MAXIMUM_METHOD_CALLS)
   {
    AddProblem(method, methodCallCount);    
   }

   return Problems;
  }

  private void AddProblem(Method m, int callCount)
  {
   Problems.Add(new Problem(GetResolution(RuleUtilities.Format(m), callCount.ToString(CultureInfo.CurrentCulture), MAXIMUM_METHOD_CALLS.ToString(CultureInfo.CurrentCulture))));
  }
 }
}

 MSDN中文版的FxCop静态代码分析

<?xml version="1.0" encoding="utf-8" ?>
<Rules FriendlyName="Custom Rules">
 <Rule TypeName="AvoidComplicatedMethods" Category="Custom" CheckId="CUS1000">
  <Name>Avoid complicated methods</Name>
  <Description>Methods that have many methods calls or property accessors are hard to maintain and therefore should be kept to a minimum.</Description>
  <Owner>Not Available</Owner>
  <Url>http://www.gotdotnet.com/team/fxcop/</Url>
  <Resolution>'{0}' has {1} method calls. Refactor '{0}' so that it calls fewer than {2} methods.</Resolution>
  <Email>Not Available</Email>
  <MessageLevel Certainty="95">Warning</MessageLevel>
  <FixCategories>NonBreaking</FixCategories>
 </Rule> 
</Rules>