This tutorial will show you how to fix the sample "10 Rules Fail Sample (10RulesFailSample_WindowsCS2010)" project that came with SSW Code Auditor - VS Extension.
We will show you how to run Code Auditor on the sample solution and step you through each of the violated rules.
-
Getting started
Follow these steps to start auditing your sample solution:
- Download and install SSW Code Auditor - VS Extension using the VS Extension Manager
- Restart Visual Studio
- Click on the menu "Samples" to download the sample solution
-
- Figure: Download sample solution from button "Samples"
- Open 10RulesFailSample_WindowsCS2010.zip in Samples folder, unzip it and run the 10RulesFailSample.sln inside.
-
- Figure: Unzip 10RulesFailSample_WindowsCS2010.zip and run 10RulesFailSample.sln
- From the "SSW Code Auditor" Menu, Select "Options", click on the "Code Auditor" tab and then click on the "Add" button
-
- Figure: Select the "Options" Menu to add rules
- Select "All" and then click on the "Add" button
-
- Figure: Select all available rules
- On the "Code Auditor" tab "Enable All" rules and then click on the "Ok" button
-
- Figure: Enable rules in the "SSW Code Auditor" project
- Click "Audit" on the menu or toolbar in Visual Studio.
-
- Figure: Extension toolbar and menu
- Select source code to scan and click "Start".
-
- Figure: Select project to scan
- Scanning...
-
- Figure: Scanning in progress...
- Finished
-
- Figure: Click "OK" to see the result
- The report will now open.
-
- Figure: Report in browser
- Close the report, go back to Visual Studio and see the error report in Output panel.
-
- Figure: The result in Visual Studio Output panel
Note: Make sure the Output panel is visible.
- Continue with tutorial to start fixing code! :)
Note: Double click on the error to navigate to error.
SSW Code Auditor - VS Extension - Improving your code
-
C# Code- Catch and re-throw exception improperly
Never re-throw exceptions by passing the original exception object. Wrap the exception or use throw; instead.
Change from:
throw ex;
to:
throw; |
See rule Do you catch and re-throw exceptions properly?.
-
C# Code- Catch Exception must be more specific
When an invalid regular expression is parsed in Regex.Match(), ArgumentException
will be thrown - and this is what we want to catch.
Change from:
catch (Exception ex)
to:
catch (ArgumentException ex) |
See rule Do you
catch and re-throw exceptions properly?.
-
C#/VB.NET Code- Application entry method should handle "UnhandledException" and
"ThreadException" events
Application entry method should handle these exceptions properly to minimize risk and make the application more stable during runtime.
Add the highlighted line:
Application.ThreadException += new System.Threading.ThreadExceptionEventHandler(Application_ThreadException);
AppDomain.CurrentDomain.UnhandledException +=
new UnhandledExceptionEventHandler(CurrentDomain_UnhandledException); |
And:
private static void CurrentDomain_UnhandledException(object sender, UnhandledExceptionEventArgs e)
{
MessageBox.Show(e.ToString(), Application.ProductName + " " + new Version(Application.ProductVersion).ToString(2), MessageBoxButtons.OK, MessageBoxIcon.Error);
}
|
See rule Do you
use exception management application block?.
-
C#/VB.NET Code- Don't throw System.Exception
While everyone knows that "catch (Exception ex)" is bad, no one has really noticed that "throw Exception()" is actually the root of all evil.
System.Exception is a very extensive class, and it is inherited by all other exception classes. If you throw an exception with the code "throw Exception()", what you need subsequently to handle the exception will be the infamous "catch (Exception ex)".
Change from:
throw new Exception("Not implemented
yet; This is a test.");
to:
throw new NotImplementedException("Not
implemented yet; This is a test."); |
See rule Do you know that you should never throw an exception using System.Exception?.
-
C#/VB.NET Code- MessageBoxIcon.Question should not be used
NEVER use the question mark icon!.
According to Microsoft, the Question mark is being phased out, as any of the other three: Error, Warning or Information can easily be reworded into a Question, and Question does not show the user the severity of the issue that has just occurred.
E.g. If you want to ask the user whether they want to save a file before closing, you should use the Warning Icon.
Change from:
MessageBox.Show("File cannot be found.", Application.ProductName
+ " " + new Version(Application.ProductVersion).ToString(2), MessageBoxButtons.OK,
MessageBoxIcon.Question);
to:
MessageBox.Show("File cannot be found.", Application.ProductName
+ " " + new Version(Application.ProductVersion).ToString(2), MessageBoxButtons.OK,
MessageBoxIcon.Warning); |
-
- Figure: Bad - MessageBox with question icon
-
- Figure:
Good - MessageBox with warning icon
See rule Do you know how to make message boxes user friendly?.
SSW Code Auditor - VS Extension - Improving your UI
-
C#/VB.NET Code- MessageBoxes must have icons
Message boxes should have consistent and informative titles and descriptions, and icons should be used appropriately.
Change from:
MessageBox.Show("An error has occurred:" + Environment.NewLine
+ Environment.NewLine + ex.ToString(),
Application.ProductName + " " + new Version(Application.ProductVersion).ToString(2),
MessageBoxButtons.OK);
to:
MessageBox.Show("An error has occurred:" + Environment.NewLine
+ Environment.NewLine + ex.ToString(),
Application.ProductName + " " + new Version(Application.ProductVersion).ToString(2),
MessageBoxButtons.OK, MessageBoxIcon.Error); |
-
- Figure:
Bad - MessageBox without icon
-
- Figure:
Good - MessageBox with icon
See rule Do you know how to make message boxes user friendly?.
-
C#/VB.NET UI & Code- Buttons (except OK, Cancel, and Close), CheckBoxes, RadioButtons
must have mnemonics
A mnemonic for a button is the letter which has an underscore, and the user can press the button using Alt-"Char".
This enables the user to navigate through the form quicker and is a must for Buttons (except OK, Cancel and Close), Checkboxes and Radiobuttons.
Change from:
this.btnOpen.Text = "Open";
to:
this.btnOpen.Text = "&Open"; |
You can also do this using VS IDE designer:
-
- Figure:
Add the Mnemonic using VS IDE designer
-
- Figure: Bad - "Open" button does not have mnemonic
-
- Figure: Good - "Open" button has mnemonic
See rule Control
- Do your buttons have a mnemonic?.
-
C#/VB.NET UI & Code- OK, Cancel and Close buttons should not have mnemonics
OK, Cancel, Close, and Apply buttons should not have mnemonics, because they should be associated with Accept and Cancel buttons.
Change from:
this.btnClose.Text = "&Close";
to:
this.btnClose.Text = "Close"; |
You can also do this using VS IDE designer
-
- Figure: Remove the Mnemonic using VS IDE designer
-
- Figure: Bad - "Close" button has mnemonic
-
- Figure: Good - "Close" button does not have mnemonic
See rule Control
- Do your buttons have a mnemonic?.
-
C#/VB.NET UI- FixedDialog must be used with CenterParent
FixedDialog must be used with CenterParent to prevent multi-monitor confusion.
Change from:
this.StartPosition = System.Windows.Forms.FormStartPosition.CenterScreen;
to:
this.StartPosition = System.Windows.Forms.FormStartPosition.CenterParent; |
See rule Do you use inherited forms for consistent behaviour?.
-
C#/VB.NET UI- TextBox's PasswordChar must be *
If you want to work with sensitive data on textboxes is always good practice to set PasswordChar to (*).
Change from:
this.txtPassword.PasswordChar = '#';
to:
this.txtPassword.PasswordChar = '*'; |
You can also do this using VS IDE designer
-
- Figure: Change the password char using VS IDE designer
-
- Figure: Bad - Password character is "#"
-
- Figure: Good - Password character is "*"
See rule Do you set PasswordChar to (*) on a TextBox on sensitive data?.