[Mono-list] [ANN] Smokey 0.8.0.0 - bug and coding guidelines checker
Jesse Jones
jesjones at mindspring.com
Wed Feb 6 05:36:48 EST 2008
Smokey is a command line tool used to analyze assemblies and report
problems. Problems include buggy code (e.g. infinite recursion, null
deref, malformed format string), performance issues (e.g. string
concatenation in loops, excessive boxing, large structs), violations
of the .NET design guidelines (e.g. inheriting from
ApplicationException or ICloneable, naming, and swallowing
exceptions), and miscellaneous rules like misspelled words in string
literals.
You can download Smokey from the web site:
<https://home.comcast.net/~jesse98/public/Smokey>. The web site also
has an html report for one of the System assemblies and a list of all
of Smokey's rules.
Changes from Smokey 0.7.0.0:
* Added 21 new rules:
APTCA1, AllowPartiallyTrustedCallers assembly calls into a non-aptca
assembly.
APTCA2, class in a AllowPartiallyTrustedCallers assembly derives
from a class defined in a non-aptca assembly.
ConflictingTransparency, a 100% transparent assembly uses
SecurityCriticalAttribute.
ImperativeSecurity, programmatic use of CodeAccessPermission objects.
IndirectLinkDemand, method in the assembly calls a link demand
method w/o performing any security checks.
InternalInterface, overridable implementation of an internal
interface method.
KeepAlive, type with finalizer and IntPtr does not call GC.KeepAlive.
NamedPermissionSet, a NamedPermissionSet is being instantiated with
the name of one of the built-in permission sets.
NonVirtualInheritanceDemand, inheritance demand on a non-virtual
method.
PathCombine, paths are being concatenated via string.Concat.
PartitionAssembly, transparent and critical code is not partitioned
correctly.
PermitDenySecurity, assembly uses PermitDeny and/or Deny security
actions.
ReadOnlyArray, public or protected readonly array.
SealedInheritanceDemand, sealed type has an inheritance demand.
SecureAsserts, method asserts a permission, but caller does no
security checks.
SecureGetObjectData, GetObjectData is not protected with
SerializationFormatter.
SecureOverrides, type has a link demand and virtuals but no
inheritance demands.
TransparentAssert1, a 100% transparent assembly asserts a permission.
TransparentAssert2, a mixed transparent/critical assembly has a
transparent method which asserts a permission.
UnmanagedCodeSecurity, SuppressUnmanagedCodeSecurityAttribute usage.
VisibleEventHandler, an event handler method is public or protected.
* Tweaked the code so that it compiles with mono 1.2.6.
* Smokey now works with .NET (you'll need to have Mono.Cecil in
Smokey's directory or somewhere else the CLR can find it) and you
won't get file and line numbers.
* Replaced Mono.GetOptions with a much simpler options parser.
* Dependent assemblies in the directory of the assembly being tested
are now correctly loaded.
* Fixed SuffixName rule: classes that implement IDictionary should
have a Dictionary suffix, not a Collection suffix.
* Instead of throwing an exception if two assemblies define a type
with the same name in the same namespace we now just use the first type.
-- Jesse
More information about the Mono-list
mailing list