.NET Static Analysis

.NET静态分析

Built-in Analyzers

内置分析器

.NET Analyzers

.NET SDK includes analyzers for code quality and style. Enable in project file:

xml

<PropertyGroup>
  <!-- Enable all .NET analyzers -->
  <EnableNETAnalyzers>true</EnableNETAnalyzers>

  <!-- Analysis level (latest, 8.0, 7.0, etc.) -->
  <AnalysisLevel>latest</AnalysisLevel>

  <!-- Analysis mode: Default, Minimum, Recommended, All -->
  <AnalysisMode>Recommended</AnalysisMode>
</PropertyGroup>

.NET SDK 包含用于代码质量与代码风格的分析器。可在项目文件中启用：

xml

<PropertyGroup>
  <!-- Enable all .NET analyzers -->
  <EnableNETAnalyzers>true</EnableNETAnalyzers>

  <!-- Analysis level (latest, 8.0, 7.0, etc.) -->
  <AnalysisLevel>latest</AnalysisLevel>

  <!-- Analysis mode: Default, Minimum, Recommended, All -->
  <AnalysisMode>Recommended</AnalysisMode>
</PropertyGroup>

Analysis Categories

分析类别

Category	Prefix	Focus
Design	CA1xxx	API design guidelines
Globalization	CA2xxx	Internationalization
Performance	CA18xx	Performance optimizations
Security	CA2xxx, CA3xxx	Security vulnerabilities
Usage	CA2xxx	Correct API usage
Naming	CA17xx	Naming conventions
Reliability	CA2xxx	Error handling, resources

类别	前缀	关注方向
设计	CA1xxx	API设计准则
全球化	CA2xxx	国际化
性能	CA18xx	性能优化
安全	CA2xxx, CA3xxx	安全漏洞
使用规范	CA2xxx	API正确使用方式
命名	CA17xx	命名规范
可靠性	CA2xxx	错误处理、资源管理

Running Analysis

运行分析

With Build

与构建同步运行

bash

undefined

bash

undefined

Build with analyzers (default)

dotnet build

Ensure analyzers run

dotnet build /p:RunAnalyzersDuringBuild=true

Treat warnings as errors

dotnet build /p:TreatWarningsAsErrors=true

Run only analyzers (no compile)

dotnet build /p:RunAnalyzers=true /p:RunCodeAnalysis=true

undefined

dotnet build /p:RunAnalyzers=true /p:RunCodeAnalysis=true

undefined

As Separate Step

作为独立步骤运行

bash

undefined

bash

undefined

Format check (style only)

dotnet format --verify-no-changes

Format and fix

dotnet format

Analyze specific project

dotnet build src/MyApp/MyApp.csproj /p:TreatWarningsAsErrors=true

undefined

dotnet build src/MyApp/MyApp.csproj /p:TreatWarningsAsErrors=true

undefined

Configuring Rules

配置规则

EditorConfig

ini

undefined

ini

undefined

.editorconfig

root = true

[*.cs]

root = true

[*.cs]

Naming conventions

dotnet_naming_rule.private_fields_should_be_camel_case.severity = warning dotnet_naming_rule.private_fields_should_be_camel_case.symbols = private_fields dotnet_naming_rule.private_fields_should_be_camel_case.style = camel_case_style

dotnet_naming_symbols.private_fields.applicable_kinds = field dotnet_naming_symbols.private_fields.applicable_accessibilities = private

dotnet_naming_style.camel_case_style.capitalization = camel_case dotnet_naming_style.camel_case_style.required_prefix = _

dotnet_naming_rule.private_fields_should_be_camel_case.severity = warning dotnet_naming_rule.private_fields_should_be_camel_case.symbols = private_fields dotnet_naming_rule.private_fields_should_be_camel_case.style = camel_case_style

dotnet_naming_symbols.private_fields.applicable_kinds = field dotnet_naming_symbols.private_fields.applicable_accessibilities = private

dotnet_naming_style.camel_case_style.capitalization = camel_case dotnet_naming_style.camel_case_style.required_prefix = _

Code style

csharp_style_var_for_built_in_types = true:suggestion csharp_style_expression_bodied_methods = when_on_single_line:suggestion csharp_prefer_braces = true:warning

Analyzer rules

dotnet_diagnostic.CA1062.severity = warning # Validate arguments dotnet_diagnostic.CA2007.severity = none # Don't require ConfigureAwait dotnet_diagnostic.IDE0044.severity = warning # Make field readonly

undefined

dotnet_diagnostic.CA1062.severity = warning # Validate arguments dotnet_diagnostic.CA2007.severity = none # Don't require ConfigureAwait dotnet_diagnostic.IDE0044.severity = warning # Make field readonly

undefined

GlobalAnalyzerConfig

ini

undefined

ini

undefined

.globalconfig

is_global = true

Apply to all projects

dotnet_diagnostic.CA1062.severity = warning dotnet_diagnostic.CA2000.severity = error

undefined

dotnet_diagnostic.CA1062.severity = warning dotnet_diagnostic.CA2000.severity = error

undefined

Project-Level

项目级配置

xml

<PropertyGroup>
  <!-- Suppress in entire project -->
  <NoWarn>$(NoWarn);CA1062;CA2007</NoWarn>

  <!-- Treat specific as error -->
  <WarningsAsErrors>$(WarningsAsErrors);CA2000</WarningsAsErrors>
</PropertyGroup>

xml

<PropertyGroup>
  <!-- Suppress in entire project -->
  <NoWarn>$(NoWarn);CA1062;CA2007</NoWarn>

  <!-- Treat specific as error -->
  <WarningsAsErrors>$(WarningsAsErrors);CA2000</WarningsAsErrors>
</PropertyGroup>

Suppressing Warnings

抑制警告

Code-Level Suppression

代码级抑制

csharp

// Suppress on member
[SuppressMessage("Design", "CA1062:Validate arguments",
    Justification = "Validated by framework")]
public void Process(Request request) { }

// Suppress on line
#pragma warning disable CA1062
public void Process(Request request) { }
#pragma warning restore CA1062

// Suppress all in file
[assembly: SuppressMessage("Design", "CA1062")]

csharp

// Suppress on member
[SuppressMessage("Design", "CA1062:Validate arguments",
    Justification = "Validated by framework")]
public void Process(Request request) { }

// Suppress on line
#pragma warning disable CA1062
public void Process(Request request) { }
#pragma warning restore CA1062

// Suppress all in file
[assembly: SuppressMessage("Design", "CA1062")]

Global Suppressions

全局抑制

csharp

// GlobalSuppressions.cs
using System.Diagnostics.CodeAnalysis;

[assembly: SuppressMessage("Design", "CA1062",
    Scope = "namespaceanddescendants",
    Target = "~N:MyApp.Controllers")]

csharp

// GlobalSuppressions.cs
using System.Diagnostics.CodeAnalysis;

[assembly: SuppressMessage("Design", "CA1062",
    Scope = "namespaceanddescendants",
    Target = "~N:MyApp.Controllers")]

Common Analyzer Rules

常见分析器规则

CA1062 - Validate Arguments

CA1062 - 验证参数

csharp

// Warning: parameter 'request' is never validated
public void Process(Request request)
{
    request.Execute();  // CA1062
}

// Fixed
public void Process(Request request)
{
    ArgumentNullException.ThrowIfNull(request);
    request.Execute();
}

csharp

// Warning: parameter 'request' is never validated
public void Process(Request request)
{
    request.Execute();  // CA1062
}

// Fixed
public void Process(Request request)
{
    ArgumentNullException.ThrowIfNull(request);
    request.Execute();
}

CA2007 - ConfigureAwait

CA2007 - 使用ConfigureAwait

csharp

// Warning in library code
await SomeAsync();  // CA2007

// Fixed
await SomeAsync().ConfigureAwait(false);

// Or suppress in application code (.editorconfig)
dotnet_diagnostic.CA2007.severity = none

csharp

// Warning in library code
await SomeAsync();  // CA2007

// Fixed
await SomeAsync().ConfigureAwait(false);

// Or suppress in application code (.editorconfig)
dotnet_diagnostic.CA2007.severity = none

CA1822 - Mark Members Static

CA1822 - 将成员标记为静态

csharp

// Warning: can be static
public int Calculate(int x) => x * 2;  // CA1822

// Fixed
public static int Calculate(int x) => x * 2;

csharp

// Warning: can be static
public int Calculate(int x) => x * 2;  // CA1822

// Fixed
public static int Calculate(int x) => x * 2;

IDE0044 - Make Field Readonly

IDE0044 - 将字段设为只读

csharp

// Warning
private int _value;  // IDE0044

// Fixed
private readonly int _value;

csharp

// Warning
private int _value;  // IDE0044

// Fixed
private readonly int _value;

CA2000 - Dispose Objects

CA2000 - 释放对象

csharp

// Warning: not disposed
public void Process()
{
    var stream = new FileStream("file.txt", FileMode.Open);
}  // CA2000

// Fixed
public void Process()
{
    using var stream = new FileStream("file.txt", FileMode.Open);
}

csharp

// Warning: not disposed
public void Process()
{
    var stream = new FileStream("file.txt", FileMode.Open);
}  // CA2000

// Fixed
public void Process()
{
    using var stream = new FileStream("file.txt", FileMode.Open);
}

dotnet format

Check Formatting

检查格式

bash

undefined

bash

undefined

Check without changes

dotnet format --verify-no-changes

Check specific files

dotnet format --include "src/**/*.cs" --verify-no-changes

Exclude paths

dotnet format --exclude "/Migrations/"

undefined

dotnet format --exclude "/Migrations/"

undefined

Apply Fixes

应用修复

bash

undefined

bash

undefined

Fix all issues

dotnet format

Fix style issues only

dotnet format style

Fix analyzers only

dotnet format analyzers

Fix specific severity

dotnet format --severity warn

undefined

dotnet format --severity warn

undefined

Targeting

目标指定

bash

undefined

bash

undefined

Whitespace only

dotnet format whitespace

Style and analyzers

dotnet format style dotnet format analyzers

Specific diagnostics

dotnet format --diagnostics CA1062 IDE0044

undefined

dotnet format --diagnostics CA1062 IDE0044

undefined

Third-Party Analyzers

第三方分析器

StyleCop.Analyzers

bash

dotnet add package StyleCop.Analyzers

ini

undefined

bash

dotnet add package StyleCop.Analyzers

ini

undefined

.editorconfig

Configure StyleCop rules

dotnet_diagnostic.SA1101.severity = none # Prefix local calls with this dotnet_diagnostic.SA1200.severity = none # Using directives placement dotnet_diagnostic.SA1633.severity = none # File header

undefined

dotnet_diagnostic.SA1101.severity = none # Prefix local calls with this dotnet_diagnostic.SA1200.severity = none # Using directives placement dotnet_diagnostic.SA1633.severity = none # File header

undefined

Roslynator

bash

dotnet add package Roslynator.Analyzers

bash

dotnet add package Roslynator.Analyzers

SonarAnalyzer

bash

dotnet add package SonarAnalyzer.CSharp

bash

dotnet add package SonarAnalyzer.CSharp

CI Integration

CI集成

Quality Gate Script

质量门脚本

bash

#!/bin/bash

bash

#!/bin/bash

Run build with analysis

dotnet build --no-restore /p:TreatWarningsAsErrors=true

Check format

dotnet format --verify-no-changes

Exit with error if any issues

exit $?

undefined

exit $?

undefined

Azure DevOps

yaml

- task: DotNetCoreCLI@2
  displayName: 'Build with Analysis'
  inputs:
    command: build
    arguments: '/p:TreatWarningsAsErrors=true'

See analyzers.md for detailed analyzer configurations.

yaml

- task: DotNetCoreCLI@2
  displayName: 'Build with Analysis'
  inputs:
    command: build
    arguments: '/p:TreatWarningsAsErrors=true'

详细的分析器配置请查看 analyzers.md。

static-analysis

Original

Translation

.NET Static Analysis

.NET静态分析

Built-in Analyzers

内置分析器

.NET Analyzers

.NET Analyzers

Analysis Categories

分析类别

Running Analysis

运行分析

With Build

与构建同步运行

Build with analyzers (default)

Build with analyzers (default)

Ensure analyzers run

Ensure analyzers run

Treat warnings as errors

Treat warnings as errors

Run only analyzers (no compile)

Run only analyzers (no compile)

As Separate Step

作为独立步骤运行

Format check (style only)

Format check (style only)

Format and fix

Format and fix

Analyze specific project

Analyze specific project

Configuring Rules

配置规则

EditorConfig

EditorConfig

.editorconfig

.editorconfig

Naming conventions

Naming conventions

Code style

Code style

Analyzer rules

Analyzer rules

GlobalAnalyzerConfig

GlobalAnalyzerConfig

.globalconfig

.globalconfig

Apply to all projects

Apply to all projects

Project-Level

项目级配置

Suppressing Warnings

抑制警告

Code-Level Suppression

代码级抑制

Global Suppressions

全局抑制

Common Analyzer Rules

常见分析器规则

CA1062 - Validate Arguments

CA1062 - 验证参数

CA2007 - ConfigureAwait

CA2007 - 使用ConfigureAwait

CA1822 - Mark Members Static

CA1822 - 将成员标记为静态

IDE0044 - Make Field Readonly

IDE0044 - 将字段设为只读

CA2000 - Dispose Objects

CA2000 - 释放对象

dotnet format

dotnet format

Check Formatting

检查格式

Check without changes

Check without changes

Check specific files

Check specific files

Exclude paths

Exclude paths

Apply Fixes