From aa4f8da17984acd949049e0a9f078fe82f763134 Mon Sep 17 00:00:00 2001 From: paulomorgado <470455+paulomorgado@users.noreply.github.com> Date: Wed, 28 Aug 2019 23:32:59 +0100 Subject: [PATCH] update documentation --- .../Microsoft.CodeAnalysis.FxCopAnalyzers.md | 16 ++- ...icrosoft.CodeAnalysis.FxCopAnalyzers.sarif | 128 ++++++++++-------- .../Microsoft.NetCore.Analyzers.md | 14 +- .../Microsoft.NetCore.Analyzers.sarif | 128 ++++++++++-------- 4 files changed, 153 insertions(+), 133 deletions(-) diff --git a/src/Microsoft.CodeAnalysis.FxCopAnalyzers/Microsoft.CodeAnalysis.FxCopAnalyzers.md b/src/Microsoft.CodeAnalysis.FxCopAnalyzers/Microsoft.CodeAnalysis.FxCopAnalyzers.md index 1d3297e105..c5b5ae1340 100644 --- a/src/Microsoft.CodeAnalysis.FxCopAnalyzers/Microsoft.CodeAnalysis.FxCopAnalyzers.md +++ b/src/Microsoft.CodeAnalysis.FxCopAnalyzers/Microsoft.CodeAnalysis.FxCopAnalyzers.md @@ -191,10 +191,12 @@ Sr. No. | Rule ID | Title | Category | Enabled | CodeFix | Description | 188 | CA5388 | Ensure Sufficient Iteration Count When Using Weak Key Derivation Function | Security | False | False | When deriving cryptographic keys from user-provided inputs such as password, use sufficient iteration count (at least 100k). | 189 | CA5389 | Do Not Add Archive Item's Path To The Target File System Path | Security | True | False | When extracting files from an archive and using the archive item's path, check if the path is safe. Archive path can be relative and can lead to file system access outside of the expected file system target path, leading to malicious config changes and remote code execution via lay-and-wait technique. | 190 | CA5390 | Do Not Hard Code Encryption Key | Security | True | False | SymmetricAlgorithm's .Key property, or a method's rgbKey parameter, should never be a hardcoded value. | -191 | CA5392 | Use DefaultDllImportSearchPaths attribute for P/Invokes | Security | True | False | By default, P/Invokes using DllImportAttribute probe a number of directories, including the current working directory for the library to load. This can be a security issue for certain applications, leading to DLL hijacking. | -192 | CA5393 | Do not use unsafe DllImportSearchPath value | Security | True | False | There could be a malicious DLL in the default DLL search directories. Or, depending on where your application is run from, there could be a malicious DLL in the application's directory. Use a DllImportSearchPath value that specifies an explicit search path instead. The DllImportSearchPath flags that this rule looks for can be configured in .editorconfig. | -193 | CA5394 | Do not use insecure randomness | Security | False | False | {0} is an insecure random number generator. Use cryptographically secure random number generators when randomness is required for security | -194 | CA5396 | Set HttpOnly to true for HttpCookie | Security | False | False | As a defense in depth measure, ensure security sensitive HTTP cookies are marked as HttpOnly. This indicates web browsers should disallow scripts from accessing the cookies. Injected malicious scripts are a common way of stealing cookies. | -195 | [CA5397](https://docs.microsoft.com/visualstudio/code-quality/ca5397) | Do not use deprecated SslProtocols values | Security | True | False | Older protocol versions of Transport Layer Security (TLS) are less secure than TLS 1.2 and TLS 1.3, and are more likely to have new vulnerabilities. Avoid older protocol versions to minimize risk. | -196 | [CA5398](https://docs.microsoft.com/visualstudio/code-quality/ca5398) | Avoid hardcoded SslProtocols values | Security | False | False | Current Transport Layer Security protocol versions may become deprecated if vulnerabilities are found. Avoid hardcoding SslProtocols values to keep your application secure. Use 'None' to let the Operating System choose a version. | -197 | CA9999 | Analyzer version mismatch | Reliability | True | False | Analyzers in this package require a certain minimum version of Microsoft.CodeAnalysis to execute correctly. Refer to https://docs.microsoft.com/visualstudio/code-quality/install-fxcop-analyzers#fxcopanalyzers-package-versions to install the correct analyzer version. | +191 | CA5391 | Use antiforgery tokens in ASP.NET Core MVC controllers | Security | True | False | Handling a POST, PUT, PATCH, or DELETE request without validating an antiforgery token may be vulnerable to cross-site request forgery attacks. A cross-site request forgery attack can send malicious requests from an authenticated user to your ASP.NET Core MVC controller. | +192 | CA5392 | Use DefaultDllImportSearchPaths attribute for P/Invokes | Security | True | False | By default, P/Invokes using DllImportAttribute probe a number of directories, including the current working directory for the library to load. This can be a security issue for certain applications, leading to DLL hijacking. | +193 | CA5393 | Do not use unsafe DllImportSearchPath value | Security | True | False | There could be a malicious DLL in the default DLL search directories. Or, depending on where your application is run from, there could be a malicious DLL in the application's directory. Use a DllImportSearchPath value that specifies an explicit search path instead. The DllImportSearchPath flags that this rule looks for can be configured in .editorconfig. | +194 | CA5394 | Do not use insecure randomness | Security | False | False | {0} is an insecure random number generator. Use cryptographically secure random number generators when randomness is required for security | +195 | CA5395 | Miss HttpVerb attribute for action methods | Security | False | False | All the methods that create, edit, delete, or otherwise modify data do so in the [HttpPost] overload of the method, which needs to be protected with the anti forgery attribute from request forgery. Performing a GET operation should be a safe operation that has no side effects and doesn't modify your persisted data. | +196 | CA5396 | Set HttpOnly to true for HttpCookie | Security | False | False | As a defense in depth measure, ensure security sensitive HTTP cookies are marked as HttpOnly. This indicates web browsers should disallow scripts from accessing the cookies. Injected malicious scripts are a common way of stealing cookies. | +197 | [CA5397](https://docs.microsoft.com/visualstudio/code-quality/ca5397) | Do not use deprecated SslProtocols values | Security | True | False | Older protocol versions of Transport Layer Security (TLS) are less secure than TLS 1.2 and TLS 1.3, and are more likely to have new vulnerabilities. Avoid older protocol versions to minimize risk. | +198 | [CA5398](https://docs.microsoft.com/visualstudio/code-quality/ca5398) | Avoid hardcoded SslProtocols values | Security | False | False | Current Transport Layer Security protocol versions may become deprecated if vulnerabilities are found. Avoid hardcoding SslProtocols values to keep your application secure. Use 'None' to let the Operating System choose a version. | +199 | CA9999 | Analyzer version mismatch | Reliability | True | False | Analyzers in this package require a certain minimum version of Microsoft.CodeAnalysis to execute correctly. Refer to https://docs.microsoft.com/visualstudio/code-quality/install-fxcop-analyzers#fxcopanalyzers-package-versions to install the correct analyzer version. | diff --git a/src/Microsoft.CodeAnalysis.FxCopAnalyzers/Microsoft.CodeAnalysis.FxCopAnalyzers.sarif b/src/Microsoft.CodeAnalysis.FxCopAnalyzers/Microsoft.CodeAnalysis.FxCopAnalyzers.sarif index 6a80facaf2..2e4660c087 100644 --- a/src/Microsoft.CodeAnalysis.FxCopAnalyzers/Microsoft.CodeAnalysis.FxCopAnalyzers.sarif +++ b/src/Microsoft.CodeAnalysis.FxCopAnalyzers/Microsoft.CodeAnalysis.FxCopAnalyzers.sarif @@ -2128,6 +2128,38 @@ ] } }, + "CA1827": { + "id": "CA1827", + "shortDescription": "Do not use Count() or LongCount() when Any() can be used", + "fullDescription": "For non-empty collections, Count() and LongCount() enumerate the entire sequence, while Any() stops at the first item or the first item that satisfies a condition.", + "defaultLevel": "warning", + "helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca1827", + "properties": { + "category": "Performance", + "isEnabledByDefault": true, + "typeName": "DoNotUseCountWhenAnyCanBeUsedAnalyzer", + "languages": [ + "C#", + "Visual Basic" + ] + } + }, + "CA1828": { + "id": "CA1828", + "shortDescription": "Do not use CountAsync() or LongCountAsync() when AnyAsync() can be used", + "fullDescription": "For non-empty collections, CountAsync() and LongCountAsync() enumerate the entire sequence, while AnyAsync() stops at the first item or the first item that satisfies a condition.", + "defaultLevel": "warning", + "helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca1828", + "properties": { + "category": "Performance", + "isEnabledByDefault": true, + "typeName": "DoNotUseCountWhenAnyCanBeUsedAnalyzer", + "languages": [ + "C#", + "Visual Basic" + ] + } + }, "CA2000": { "id": "CA2000", "shortDescription": "Dispose objects before losing scope", @@ -3565,6 +3597,24 @@ ] } }, + "CA5391": { + "id": "CA5391", + "shortDescription": "Use antiforgery tokens in ASP.NET Core MVC controllers", + "fullDescription": "Handling a POST, PUT, PATCH, or DELETE request without validating an antiforgery token may be vulnerable to cross-site request forgery attacks. A cross-site request forgery attack can send malicious requests from an authenticated user to your ASP.NET Core MVC controller.", + "defaultLevel": "warning", + "properties": { + "category": "Security", + "isEnabledByDefault": true, + "typeName": "UseAutoValidateAntiforgeryToken", + "languages": [ + "C#", + "Visual Basic" + ], + "tags": [ + "Telemetry" + ] + } + }, "CA5392": { "id": "CA5392", "shortDescription": "Use DefaultDllImportSearchPaths attribute for P/Invokes", @@ -3619,6 +3669,24 @@ ] } }, + "CA5395": { + "id": "CA5395", + "shortDescription": "Miss HttpVerb attribute for action methods", + "fullDescription": "All the methods that create, edit, delete, or otherwise modify data do so in the [HttpPost] overload of the method, which needs to be protected with the anti forgery attribute from request forgery. Performing a GET operation should be a safe operation that has no side effects and doesn't modify your persisted data.", + "defaultLevel": "warning", + "properties": { + "category": "Security", + "isEnabledByDefault": false, + "typeName": "UseAutoValidateAntiforgeryToken", + "languages": [ + "C#", + "Visual Basic" + ], + "tags": [ + "Telemetry" + ] + } + }, "CA5396": { "id": "CA5396", "shortDescription": "Set HttpOnly to true for HttpCookie", @@ -3756,36 +3824,6 @@ ] } }, - "CA1827": { - "id": "CA1827", - "shortDescription": "Do not use Count() or LongCount() when Any() can be used", - "fullDescription": "For non-empty collections, Count() and LongCount() enumerate the entire sequence, while Any() stops at the first item or the first item that satisfies a condition.", - "defaultLevel": "warning", - "helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca1827", - "properties": { - "category": "Performance", - "isEnabledByDefault": true, - "typeName": "CSharpDoNotUseCountWhenAnyCanBeUsedAnalyzer", - "languages": [ - "C#" - ] - } - }, - "CA1828": { - "id": "CA1828", - "shortDescription": "Do not use CountAsync() or LongCountAsync() when AnyAsync() can be used", - "fullDescription": "For non-empty collections, CountAsync() and LongCountAsync() enumerate the entire sequence, while AnyAsync() stops at the first item or the first item that satisfies a condition.", - "defaultLevel": "warning", - "helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca1828", - "properties": { - "category": "Performance", - "isEnabledByDefault": true, - "typeName": "CSharpDoNotUseCountWhenAnyCanBeUsedAnalyzer", - "languages": [ - "C#" - ] - } - }, "CA1829": { "id": "CA1829", "shortDescription": "Use Length/Count property instead of Count() when available", @@ -3936,36 +3974,6 @@ ] } }, - "CA1827": { - "id": "CA1827", - "shortDescription": "Do not use Count() or LongCount() when Any() can be used", - "fullDescription": "For non-empty collections, Count() and LongCount() enumerate the entire sequence, while Any() stops at the first item or the first item that satisfies a condition.", - "defaultLevel": "warning", - "helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca1827", - "properties": { - "category": "Performance", - "isEnabledByDefault": true, - "typeName": "BasicDoNotUseCountWhenAnyCanBeUsedAnalyzer", - "languages": [ - "Visual Basic" - ] - } - }, - "CA1828": { - "id": "CA1828", - "shortDescription": "Do not use CountAsync() or LongCountAsync() when AnyAsync() can be used", - "fullDescription": "For non-empty collections, CountAsync() and LongCountAsync() enumerate the entire sequence, while AnyAsync() stops at the first item or the first item that satisfies a condition.", - "defaultLevel": "warning", - "helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca1828", - "properties": { - "category": "Performance", - "isEnabledByDefault": true, - "typeName": "BasicDoNotUseCountWhenAnyCanBeUsedAnalyzer", - "languages": [ - "Visual Basic" - ] - } - }, "CA1829": { "id": "CA1829", "shortDescription": "Use Length/Count property instead of Count() when available", diff --git a/src/Microsoft.NetCore.Analyzers/Microsoft.NetCore.Analyzers.md b/src/Microsoft.NetCore.Analyzers/Microsoft.NetCore.Analyzers.md index 73a41f9af9..8436688850 100644 --- a/src/Microsoft.NetCore.Analyzers/Microsoft.NetCore.Analyzers.md +++ b/src/Microsoft.NetCore.Analyzers/Microsoft.NetCore.Analyzers.md @@ -99,9 +99,11 @@ Sr. No. | Rule ID | Title | Category | Enabled | CodeFix | Description | 96 | CA5388 | Ensure Sufficient Iteration Count When Using Weak Key Derivation Function | Security | False | False | When deriving cryptographic keys from user-provided inputs such as password, use sufficient iteration count (at least 100k). | 97 | CA5389 | Do Not Add Archive Item's Path To The Target File System Path | Security | True | False | When extracting files from an archive and using the archive item's path, check if the path is safe. Archive path can be relative and can lead to file system access outside of the expected file system target path, leading to malicious config changes and remote code execution via lay-and-wait technique. | 98 | CA5390 | Do Not Hard Code Encryption Key | Security | True | False | SymmetricAlgorithm's .Key property, or a method's rgbKey parameter, should never be a hardcoded value. | -99 | CA5392 | Use DefaultDllImportSearchPaths attribute for P/Invokes | Security | True | False | By default, P/Invokes using DllImportAttribute probe a number of directories, including the current working directory for the library to load. This can be a security issue for certain applications, leading to DLL hijacking. | -100 | CA5393 | Do not use unsafe DllImportSearchPath value | Security | True | False | There could be a malicious DLL in the default DLL search directories. Or, depending on where your application is run from, there could be a malicious DLL in the application's directory. Use a DllImportSearchPath value that specifies an explicit search path instead. The DllImportSearchPath flags that this rule looks for can be configured in .editorconfig. | -101 | CA5394 | Do not use insecure randomness | Security | False | False | {0} is an insecure random number generator. Use cryptographically secure random number generators when randomness is required for security | -102 | CA5396 | Set HttpOnly to true for HttpCookie | Security | False | False | As a defense in depth measure, ensure security sensitive HTTP cookies are marked as HttpOnly. This indicates web browsers should disallow scripts from accessing the cookies. Injected malicious scripts are a common way of stealing cookies. | -103 | [CA5397](https://docs.microsoft.com/visualstudio/code-quality/ca5397) | Do not use deprecated SslProtocols values | Security | True | False | Older protocol versions of Transport Layer Security (TLS) are less secure than TLS 1.2 and TLS 1.3, and are more likely to have new vulnerabilities. Avoid older protocol versions to minimize risk. | -104 | [CA5398](https://docs.microsoft.com/visualstudio/code-quality/ca5398) | Avoid hardcoded SslProtocols values | Security | False | False | Current Transport Layer Security protocol versions may become deprecated if vulnerabilities are found. Avoid hardcoding SslProtocols values to keep your application secure. Use 'None' to let the Operating System choose a version. | +99 | CA5391 | Use antiforgery tokens in ASP.NET Core MVC controllers | Security | True | False | Handling a POST, PUT, PATCH, or DELETE request without validating an antiforgery token may be vulnerable to cross-site request forgery attacks. A cross-site request forgery attack can send malicious requests from an authenticated user to your ASP.NET Core MVC controller. | +100 | CA5392 | Use DefaultDllImportSearchPaths attribute for P/Invokes | Security | True | False | By default, P/Invokes using DllImportAttribute probe a number of directories, including the current working directory for the library to load. This can be a security issue for certain applications, leading to DLL hijacking. | +101 | CA5393 | Do not use unsafe DllImportSearchPath value | Security | True | False | There could be a malicious DLL in the default DLL search directories. Or, depending on where your application is run from, there could be a malicious DLL in the application's directory. Use a DllImportSearchPath value that specifies an explicit search path instead. The DllImportSearchPath flags that this rule looks for can be configured in .editorconfig. | +102 | CA5394 | Do not use insecure randomness | Security | False | False | {0} is an insecure random number generator. Use cryptographically secure random number generators when randomness is required for security | +103 | CA5395 | Miss HttpVerb attribute for action methods | Security | False | False | All the methods that create, edit, delete, or otherwise modify data do so in the [HttpPost] overload of the method, which needs to be protected with the anti forgery attribute from request forgery. Performing a GET operation should be a safe operation that has no side effects and doesn't modify your persisted data. | +104 | CA5396 | Set HttpOnly to true for HttpCookie | Security | False | False | As a defense in depth measure, ensure security sensitive HTTP cookies are marked as HttpOnly. This indicates web browsers should disallow scripts from accessing the cookies. Injected malicious scripts are a common way of stealing cookies. | +105 | [CA5397](https://docs.microsoft.com/visualstudio/code-quality/ca5397) | Do not use deprecated SslProtocols values | Security | True | False | Older protocol versions of Transport Layer Security (TLS) are less secure than TLS 1.2 and TLS 1.3, and are more likely to have new vulnerabilities. Avoid older protocol versions to minimize risk. | +106 | [CA5398](https://docs.microsoft.com/visualstudio/code-quality/ca5398) | Avoid hardcoded SslProtocols values | Security | False | False | Current Transport Layer Security protocol versions may become deprecated if vulnerabilities are found. Avoid hardcoding SslProtocols values to keep your application secure. Use 'None' to let the Operating System choose a version. | diff --git a/src/Microsoft.NetCore.Analyzers/Microsoft.NetCore.Analyzers.sarif b/src/Microsoft.NetCore.Analyzers/Microsoft.NetCore.Analyzers.sarif index e4772c66ab..430d81e12d 100644 --- a/src/Microsoft.NetCore.Analyzers/Microsoft.NetCore.Analyzers.sarif +++ b/src/Microsoft.NetCore.Analyzers/Microsoft.NetCore.Analyzers.sarif @@ -208,6 +208,38 @@ ] } }, + "CA1827": { + "id": "CA1827", + "shortDescription": "Do not use Count() or LongCount() when Any() can be used", + "fullDescription": "For non-empty collections, Count() and LongCount() enumerate the entire sequence, while Any() stops at the first item or the first item that satisfies a condition.", + "defaultLevel": "warning", + "helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca1827", + "properties": { + "category": "Performance", + "isEnabledByDefault": true, + "typeName": "DoNotUseCountWhenAnyCanBeUsedAnalyzer", + "languages": [ + "C#", + "Visual Basic" + ] + } + }, + "CA1828": { + "id": "CA1828", + "shortDescription": "Do not use CountAsync() or LongCountAsync() when AnyAsync() can be used", + "fullDescription": "For non-empty collections, CountAsync() and LongCountAsync() enumerate the entire sequence, while AnyAsync() stops at the first item or the first item that satisfies a condition.", + "defaultLevel": "warning", + "helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca1828", + "properties": { + "category": "Performance", + "isEnabledByDefault": true, + "typeName": "DoNotUseCountWhenAnyCanBeUsedAnalyzer", + "languages": [ + "C#", + "Visual Basic" + ] + } + }, "CA2000": { "id": "CA2000", "shortDescription": "Dispose objects before losing scope", @@ -1645,6 +1677,24 @@ ] } }, + "CA5391": { + "id": "CA5391", + "shortDescription": "Use antiforgery tokens in ASP.NET Core MVC controllers", + "fullDescription": "Handling a POST, PUT, PATCH, or DELETE request without validating an antiforgery token may be vulnerable to cross-site request forgery attacks. A cross-site request forgery attack can send malicious requests from an authenticated user to your ASP.NET Core MVC controller.", + "defaultLevel": "warning", + "properties": { + "category": "Security", + "isEnabledByDefault": true, + "typeName": "UseAutoValidateAntiforgeryToken", + "languages": [ + "C#", + "Visual Basic" + ], + "tags": [ + "Telemetry" + ] + } + }, "CA5392": { "id": "CA5392", "shortDescription": "Use DefaultDllImportSearchPaths attribute for P/Invokes", @@ -1699,6 +1749,24 @@ ] } }, + "CA5395": { + "id": "CA5395", + "shortDescription": "Miss HttpVerb attribute for action methods", + "fullDescription": "All the methods that create, edit, delete, or otherwise modify data do so in the [HttpPost] overload of the method, which needs to be protected with the anti forgery attribute from request forgery. Performing a GET operation should be a safe operation that has no side effects and doesn't modify your persisted data.", + "defaultLevel": "warning", + "properties": { + "category": "Security", + "isEnabledByDefault": false, + "typeName": "UseAutoValidateAntiforgeryToken", + "languages": [ + "C#", + "Visual Basic" + ], + "tags": [ + "Telemetry" + ] + } + }, "CA5396": { "id": "CA5396", "shortDescription": "Set HttpOnly to true for HttpCookie", @@ -1836,36 +1904,6 @@ ] } }, - "CA1827": { - "id": "CA1827", - "shortDescription": "Do not use Count() or LongCount() when Any() can be used", - "fullDescription": "For non-empty collections, Count() and LongCount() enumerate the entire sequence, while Any() stops at the first item or the first item that satisfies a condition.", - "defaultLevel": "warning", - "helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca1827", - "properties": { - "category": "Performance", - "isEnabledByDefault": true, - "typeName": "CSharpDoNotUseCountWhenAnyCanBeUsedAnalyzer", - "languages": [ - "C#" - ] - } - }, - "CA1828": { - "id": "CA1828", - "shortDescription": "Do not use CountAsync() or LongCountAsync() when AnyAsync() can be used", - "fullDescription": "For non-empty collections, CountAsync() and LongCountAsync() enumerate the entire sequence, while AnyAsync() stops at the first item or the first item that satisfies a condition.", - "defaultLevel": "warning", - "helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca1828", - "properties": { - "category": "Performance", - "isEnabledByDefault": true, - "typeName": "CSharpDoNotUseCountWhenAnyCanBeUsedAnalyzer", - "languages": [ - "C#" - ] - } - }, "CA1829": { "id": "CA1829", "shortDescription": "Use Length/Count property instead of Count() when available", @@ -2016,36 +2054,6 @@ ] } }, - "CA1827": { - "id": "CA1827", - "shortDescription": "Do not use Count() or LongCount() when Any() can be used", - "fullDescription": "For non-empty collections, Count() and LongCount() enumerate the entire sequence, while Any() stops at the first item or the first item that satisfies a condition.", - "defaultLevel": "warning", - "helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca1827", - "properties": { - "category": "Performance", - "isEnabledByDefault": true, - "typeName": "BasicDoNotUseCountWhenAnyCanBeUsedAnalyzer", - "languages": [ - "Visual Basic" - ] - } - }, - "CA1828": { - "id": "CA1828", - "shortDescription": "Do not use CountAsync() or LongCountAsync() when AnyAsync() can be used", - "fullDescription": "For non-empty collections, CountAsync() and LongCountAsync() enumerate the entire sequence, while AnyAsync() stops at the first item or the first item that satisfies a condition.", - "defaultLevel": "warning", - "helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca1828", - "properties": { - "category": "Performance", - "isEnabledByDefault": true, - "typeName": "BasicDoNotUseCountWhenAnyCanBeUsedAnalyzer", - "languages": [ - "Visual Basic" - ] - } - }, "CA1829": { "id": "CA1829", "shortDescription": "Use Length/Count property instead of Count() when available",