ReviewSqlQueriesForSecurityVulnerabilities Missing Rule RRS feed

  • Question

  • Hi,

    I am using VS2010 Pro edition which means I don't get FxCop Code Analysis pre-integrated. I downloaded FxCop 1.36 separately and running it. However, FxCop does not seem to have rule CA2100 i.e. ReviewSqlQueriesForSecurityVulnerabilities. The only reason for which I downloaded FxCop was to use this rule.

    How can I install/enable this rule? If there is no way I can get it, is there any custom rule available that I can use doing similar job?


    Khalid Ashraf

    Friday, November 16, 2012 5:10 PM


  • That rule seems to have been long since retired. I can't tell you why, but I expect that it is due to the fact that too many false positives were found and that the introduction of technologies like TableAdapters, LINQ to SQL, Entiry Framework and improved API support for parameters have made it something that is in an area of the .NET framework used less and less directly.

    If you want to run it, it used to be part of FxCop 1.35 if I remember correctlty. If you can find that, it should still work for any 2.0 and 3.5 projects. I suspect it will fail for 4.0 and 4.5.

    My blog: blog.jessehouwing.nl

    • Marked as answer by Khalid Ashraf Monday, November 19, 2012 11:10 AM
    Friday, November 16, 2012 5:57 PM