RamyaP

Hi,

We are trying to run fxcop on our application, but then it asks for all the references used by that dll throwing the CA0058 error. Why is this so. Aren't we supposed to be doing static analysis of the code that we wrote Then why the need to check all the references.

I understand I can fix this issue by pointing to all references, but I still would like to know y its needed

Thanks for your assistance,

Regards,

Ramya



Re: Visual Studio Code Analysis and Code Metrics FXCop looks for references.. Why..???

David M. Kean - MSFT

You are right, we only analyze the code that you wrote, however, we still need to know about base classes, attributes, parameters, return types, etc that live in other assemblies. Without this information, we couldn't make security judgements (as base class' could be applied with security attributes), we wouldn't be able to tell what type you actually derived from and our analysis would be very limited.

In mosts cases, we should only need as many references as it would to JIT every method in your assembly and call GetCustomAttributes on every module, type, member, etc. However, in current versions we can be over eager in some situations in asking for references - so sometimes we require more than we actually need.

In saying that though, we will be improving this behavior in future versions.






Re: Visual Studio Code Analysis and Code Metrics FXCop looks for references.. Why..???

RamyaP

Thanks for the update David.

Regards, Ramya