.editorconfig

# top-most EditorConfig file
root = true

# Don't use tabs for indentation.
[*]
indent_style = space

# Note that there is a corresponding setting set in the `.gitattributes` file
# which should be regarded when adding/removing file types from this list.

[*.{bicep,yml,yaml}]
end_of_line = lf
indent_size = 2
insert_final_newline = true
trim_trailing_whitespace = true

[*.{cs,csx,ts,tsx,js}]
end_of_line = crlf
indent_size = 4
insert_final_newline = true
trim_trailing_whitespace = true
#charset = utf-8

# XML project files
[*.{csproj,vbproj,vcxproj,vcxproj.filters,proj,projitems,shproj}]
indent_size = 2

# XML config files
[*.{props,targets,ruleset,config,nuspec,resx,vsixmanifest,vsct}]
indent_size = 2

# JSON files
[*.json]
indent_size = 2

# C# code style settings:
[*.cs]

# New line preferences
csharp_new_line_before_open_brace = all
# csharp_new_line_before_open_brace = accessors, anonymous_methods, anonymous_types, control_blocks, events, indexers, lambdas, local_functions, methods, object_collection_array_initializers, properties, types
csharp_new_line_before_catch = true
csharp_new_line_before_else = true
csharp_new_line_before_finally = true
csharp_new_line_before_members_in_anonymous_types = true
csharp_new_line_before_members_in_object_initializers = true
csharp_new_line_between_query_expression_clauses = true

# Indentation preferences
csharp_indent_braces = false
csharp_indent_case_contents = true
csharp_indent_switch_labels = true
csharp_indent_labels = no_change
csharp_indent_block_contents = true
csharp_indent_case_contents_when_block = false

# Style preferences
csharp_style_namespace_declarations = file_scoped:silent
csharp_style_expression_bodied_methods = true:suggestion
csharp_style_expression_bodied_constructors = false:suggestion
csharp_style_expression_bodied_operators = true:suggestion
csharp_style_expression_bodied_properties = true:warning
csharp_style_expression_bodied_indexers = true:warning
csharp_style_expression_bodied_accessors = true:warning
csharp_style_expression_bodied_lambdas = true:warning
csharp_style_expression_bodied_local_functions = when_on_single_line:warning
csharp_prefer_simple_default_expression = true:suggestion
csharp_style_prefer_local_over_anonymous_function = true:suggestion
csharp_style_deconstructed_variable_declaration = true:suggestion
csharp_style_unused_value_expression_statement_preference = discard_variable:suggestion
csharp_style_unused_value_assignment_preference = discard_variable:silent
csharp_style_allow_embedded_statements_on_same_line_experimental = true:warning
csharp_style_allow_blank_lines_between_consecutive_braces_experimental = true:warning
csharp_style_allow_blank_line_after_colon_in_constructor_initializer_experimental = true:warning
csharp_style_var_when_type_is_apparent = true:suggestion
csharp_style_var_elsewhere = true:silent
csharp_style_var_for_built_in_types = true:silent
csharp_style_prefer_pattern_matching = true:suggestion
csharp_style_inlined_variable_declaration = true:warning
csharp_style_throw_expression  = true:warning
csharp_style_conditional_delegate_call = true
csharp_style_pattern_matching_over_as_with_null_check = true:warning
csharp_style_pattern_matching_over_is_with_cast_check = true:warning
csharp_style_prefer_switch_expression = true:warning
csharp_style_prefer_pattern_matching = true:warning
csharp_style_prefer_not_pattern = true:warning
csharp_style_pattern_local_over_anonymous_function = true:warning
csharp_style_implicit_object_creation_when_type_is_apparent = true:warning

# Space preferences
csharp_space_after_cast = false
csharp_space_after_keywords_in_control_flow_statements = true
csharp_space_between_parentheses = false
csharp_space_before_colon_in_inheritance_clause = true
csharp_space_after_colon_in_inheritance_clause = true
csharp_space_around_binary_operators = before_and_after
csharp_space_between_method_declaration_parameter_list_parentheses = false
csharp_space_between_method_declaration_empty_parameter_list_parentheses = false
csharp_space_between_method_declaration_name_and_open_parenthesis = false
csharp_space_between_method_call_parameter_list_parentheses = false
csharp_space_between_method_call_empty_parameter_list_parentheses = false
csharp_space_between_method_call_name_and_opening_parenthesis = false
csharp_space_after_comma = true
csharp_space_before_comma = false
csharp_space_after_dot = false:error
csharp_space_before_dot = false
csharp_space_after_semicolon_in_for_statement = true
csharp_space_before_semicolon_in_for_statement = false
csharp_space_around_declaration_statements = false
csharp_space_before_open_square_brackets = false
csharp_space_between_empty_square_brackets = false
csharp_space_between_square_brackets = false

# Other preferences
csharp_using_directive_placement = inside_namespace:warning
csharp_prefer_braces = true:warning
csharp_prefer_static_local_function = true
csharp_preferred_modifier_order = public, private, protected, internal, static, extern, new, virtual, abstract, sealed, override, readonly, unsafe, volatile, async:warning

# .NET style preferences
dotnet_style_coalesce_expression = true:warning
dotnet_style_null_propagation = true:warning
dotnet_style_prefer_is_null_check_over_reference_equality_method = true:warning
dotnet_style_prefer_auto_properties = true:warning
dotnet_style_explicit_tuple_names = true:warning
dotnet_style_prefer_simplified_interpolation = true:warning
dotnet_style_namespace_match_folder = true:warning
dotnet_style_readonly_field = true:warning
dotnet_style_object_initializer = true:warning
dotnet_style_collection_initializer = true:warning
dotnet_style_prefer_conditional_expression_over_assignment = true:silent
dotnet_style_prefer_conditional_expression_over_return = true:silent
dotnet_style_prefer_simplified_boolean_expressions = true:silent
dotnet_style_allow_multiple_blank_lines_experimental = true:warning
dotnet_style_allow_statement_immediately_after_block_experimental = true:warning
dotnet_style_qualification_for_field = false:warning
dotnet_style_qualification_for_property = false:warning
dotnet_style_qualification_for_method = false:warning
dotnet_style_qualification_for_event = false:warning
dotnet_style_predefined_type_for_locals_parameters_members = true
dotnet_style_predefined_type_for_member_access = true
dotnet_style_require_accessibility_modifiers = true:warning
dotnet_style_readonly_field = true:warning
dotnet_style_prefer_inferred_tuple_names = false:warning
dotnet_style_prefer_compound_assignment = true:warning

# .NET code quality preferences
dotnet_code_quality_unused_parameters = all:warning

# Suppressed code analysis rules
dotnet_diagnostic.CA1001.severity = none # CA1001: dispose pattern
dotnet_diagnostic.CA1002.severity = none # CA1002: generic lists
dotnet_diagnostic.CA1014.severity = none # CA1014: mark assemblies CLSCompliant
dotnet_diagnostic.CA1031.severity = none # CA1031: catch a more specific exception
dotnet_diagnostic.CA1052.severity = none # CA1052: static program
dotnet_diagnostic.CA1054.severity = none # CA1054: don't use string for uri
dotnet_diagnostic.CA1056.severity = none # CA1056: don't use string for uri
dotnet_diagnostic.CA1304.severity = none # CA1304: CultureInfo parameter
dotnet_diagnostic.CA1305.severity = none # CA1305: CultureInfo parameter
dotnet_diagnostic.CA1307.severity = none # CA1307: StringComparison parameter
dotnet_diagnostic.CA1309.severity = none # CA1309: StringComparison parameter
dotnet_diagnostic.CA1310.severity = none # CA1310: CultureInfo parameter
dotnet_diagnostic.CA1707.severity = none # CA1707: Remove underscores from member names
dotnet_diagnostic.CA1812.severity = none # CA1812: Avoid uninstantiated internal classes
dotnet_diagnostic.CA1848.severity = none # CA1848: Log message performance
dotnet_diagnostic.CA2000.severity = none # CA2000: Dispose pattern
dotnet_diagnostic.CA2007.severity = none # CA2007: Do not directly await a Task (No longer required .NET due to lack of synchronisation context)
dotnet_diagnostic.CA2201.severity = none # CA2201: Exception is not sufficiently specific
dotnet_diagnostic.CA2213.severity = none # CA2213: Dispose pattern

# Code quality / performance rules
dotnet_diagnostic.CA1802.severity = warning # CA1802: Use literals where appropriate
dotnet_diagnostic.CA1805.severity = warning # CA1805: Do not initialize unnecessarily
dotnet_diagnostic.CA1806.severity = warning # CA1806: Do not ignore method results
dotnet_diagnostic.CA1810.severity = warning # CA1810: Initialize reference type static fields inline
dotnet_diagnostic.CA1813.severity = warning # CA1813: Avoid unsealed attributes
dotnet_diagnostic.CA1814.severity = warning # CA1814: Prefer jagged arrays over multidimensional
dotnet_diagnostic.CA1815.severity = warning # CA1815: Override equals and operator equals on value types
dotnet_diagnostic.CA1819.severity = warning # CA1819: Properties should not return arrays
dotnet_diagnostic.CA1820.severity = warning # CA1820: Test for empty strings using string length
dotnet_diagnostic.CA1821.severity = warning # CA1821: Remove empty finalizers
dotnet_diagnostic.CA1822.severity = warning # CA1822: Mark members as static
dotnet_diagnostic.CA1823.severity = warning # CA1823: Avoid unused private fields
dotnet_diagnostic.CA1825.severity = warning # CA1825: Avoid zero-length array allocations
dotnet_diagnostic.CA1826.severity = warning # CA1826: Use property instead of Linq Enumerable method
dotnet_diagnostic.CA1827.severity = warning # CA1827: Do not use Count/LongCount when Any can be used
dotnet_diagnostic.CA1828.severity = warning # CA1828: Do not use CountAsync/LongCountAsync when AnyAsync can be used
dotnet_diagnostic.CA1829.severity = warning # CA1829: Use Length/Count property instead of Enumerable.Count method
dotnet_diagnostic.CA1830.severity = warning # CA1830: Prefer strongly-typed Append and Insert method overloads on StringBuilder
dotnet_diagnostic.CA1831.severity = warning # CA1831: Use AsSpan instead of Range-based indexers for string when appropriate
dotnet_diagnostic.CA1832.severity = warning # CA1832: Use AsSpan or AsMemory instead of Range-based indexers for getting ReadOnlySpan or ReadOnlyMemory portion of an array
dotnet_diagnostic.CA1833.severity = warning # CA1833: Use AsSpan or AsMemory instead of Range-based indexers for getting Span or Memory portion of an array
dotnet_diagnostic.CA1836.severity = warning # CA1836: Prefer IsEmpty over Count when available
dotnet_diagnostic.CA1841.severity = warning # CA1841: Prefer Dictionary Contains methods
dotnet_diagnostic.CA1845.severity = warning # CA1845: Use span-based 'string.Concat'
dotnet_diagnostic.CA1846.severity = warning # CA1846: Prefer AsSpan over Substring
dotnet_diagnostic.CA1847.severity = warning # CA1847: Use string.Contains(char) instead of string.Contains(string) with single characters
dotnet_diagnostic.CA1849.severity = warning # CA1849: Call async methods when in an async method

# Code quality / reliability rules
dotnet_diagnostic.CA2002.severity = warning # CA2002: Do not lock on objects with weak identity
dotnet_diagnostic.CA2011.severity = warning # CA2011: Do not assign property within its setter
dotnet_diagnostic.CA2012.severity = warning # CA2012: Use ValueTasks correctly
dotnet_diagnostic.CA2013.severity = warning # CA2013: Do not use ReferenceEquals with value types
dotnet_diagnostic.CA2016.severity = warning # CA2016: Forward the CancellationToken parameter to methods that take one

# Code quality / security rules
dotnet_diagnostic.CA2100.severity = warning # CA2100: Review SQL queries for security vulnerabilities
dotnet_diagnostic.CA2109.severity = warning # CA2109: Review visible event handlers
dotnet_diagnostic.CA2119.severity = warning # CA2119: Seal methods that satisfy private interfaces
dotnet_diagnostic.CA2153.severity = warning # CA2153: Avoid Handling Corrupted State Exceptions
dotnet_diagnostic.CA2300.severity = warning # CA2300: Do not use insecure deserializer BinaryFormatter
dotnet_diagnostic.CA2301.severity = warning # CA2301: Do not call BinaryFormatter.Deserialize without first setting BinaryFormatter.Binder
dotnet_diagnostic.CA2302.severity = warning # CA2302: Ensure BinaryFormatter.Binder is set before calling BinaryFormatter.Deserialize
dotnet_diagnostic.CA2305.severity = warning # CA2305: Do not use insecure deserializer LosFormatter
dotnet_diagnostic.CA2310.severity = warning # CA2310: Do not use insecure deserializer NetDataContractSerializer
dotnet_diagnostic.CA2311.severity = warning # CA2311: Do not deserialize without first setting NetDataContractSerializer.Binder
dotnet_diagnostic.CA2312.severity = warning # CA2312: Ensure NetDataContractSerializer.Binder is set before deserializing
dotnet_diagnostic.CA2315.severity = warning # CA2315: Do not use insecure deserializer ObjectStateFormatter
dotnet_diagnostic.CA2321.severity = warning # CA2321: Do not deserialize with JavaScriptSerializer using a SimpleTypeResolver
dotnet_diagnostic.CA2322.severity = warning # CA2322: Ensure JavaScriptSerializer is not initialized with SimpleTypeResolver before deserializing
dotnet_diagnostic.CA2326.severity = warning # CA2326: Do not use TypeNameHandling values other than None
dotnet_diagnostic.CA2327.severity = warning # CA2327: Do not use insecure JsonSerializerSettings
dotnet_diagnostic.CA2328.severity = warning # CA2328: Ensure that JsonSerializerSettings are secure
dotnet_diagnostic.CA2329.severity = warning # CA2329: Do not deserialize with JsonSerializer using an insecure configuration
dotnet_diagnostic.CA2330.severity = warning # CA2330: Ensure that JsonSerializer has a secure configuration when deserializing
dotnet_diagnostic.CA2350.severity = warning # CA2350: Ensure DataTable.ReadXml()'s input is trusted
dotnet_diagnostic.CA2351.severity = warning # CA2351: Ensure DataSet.ReadXml()'s input is trusted
dotnet_diagnostic.CA2352.severity = warning # CA2352: Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks
dotnet_diagnostic.CA2353.severity = warning # CA2353: Unsafe DataSet or DataTable in serializable type
dotnet_diagnostic.CA2354.severity = warning # CA2354: Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attack
dotnet_diagnostic.CA2355.severity = warning # CA2355: Unsafe DataSet or DataTable in deserialized object graph
dotnet_diagnostic.CA2356.severity = warning # CA2356: Unsafe DataSet or DataTable in web deserialized object graph
dotnet_diagnostic.CA2361.severity = warning # CA2361: Ensure autogenerated class containing DataSet.ReadXml() is not used with untrusted data
dotnet_diagnostic.CA2362.severity = warning # CA2362: Unsafe DataSet or DataTable in autogenerated serializable type can be vulnerable to remote code execution attacks
dotnet_diagnostic.CA3001.severity = warning # CA3001: Review code for SQL injection vulnerabilities
dotnet_diagnostic.CA3002.severity = warning # CA3002: Review code for XSS vulnerabilities
dotnet_diagnostic.CA3003.severity = warning # CA3003: Review code for file path injection vulnerabilities
dotnet_diagnostic.CA3004.severity = warning # CA3004: Review code for information disclosure vulnerabilities
dotnet_diagnostic.CA3006.severity = warning # CA3006: Review code for process command injection vulnerabilities
dotnet_diagnostic.CA3007.severity = warning # CA3007: Review code for open redirect vulnerabilities
dotnet_diagnostic.CA3008.severity = warning # CA3008: Review code for XPath injection vulnerabilities
dotnet_diagnostic.CA3009.severity = warning # CA3009: Review code for XML injection vulnerabilities
dotnet_diagnostic.CA3010.severity = warning # CA3010: Review code for XAML injection vulnerabilities
dotnet_diagnostic.CA3011.severity = warning # CA3011: Review code for DLL injection vulnerabilities
dotnet_diagnostic.CA3012.severity = warning # CA3012: Review code for regex injection vulnerabilities
dotnet_diagnostic.CA3061.severity = warning # CA3061: Do not add schema by URL
dotnet_diagnostic.CA3075.severity = warning # CA3075: Insecure DTD Processing
dotnet_diagnostic.CA3076.severity = warning # CA3076: Insecure XSLT Script Execution
dotnet_diagnostic.CA3077.severity = warning # CA3077: Insecure Processing in API Design, XML Document and XML Text Reader
dotnet_diagnostic.CA3147.severity = warning # CA3147: Mark verb handlers with ValidateAntiForgeryToken
dotnet_diagnostic.CA5350.severity = error # CA5350: Do Not Use Weak Cryptographic Algorithms
dotnet_diagnostic.CA5351.severity = error # CA5351: Do Not Use Broken Cryptographic Algorithms
dotnet_diagnostic.CA5358.severity = warning # CA5358: Do Not Use Unsafe Cipher Modes
dotnet_diagnostic.CA5359.severity = warning # CA5359: Do not disable certificate validation
dotnet_diagnostic.CA5360.severity = warning # CA5360: Do not call dangerous methods in deserialization
dotnet_diagnostic.CA5361.severity = warning # CA5361: Do not disable SChannel use of strong crypto
dotnet_diagnostic.CA5362.severity = warning # CA5362: Potential reference cycle in deserialized object graph
dotnet_diagnostic.CA5363.severity = warning # CA5363: Do not disable request validation
dotnet_diagnostic.CA5364.severity = warning # CA5364: Do not use deprecated security protocols
dotnet_diagnostic.CA5365.severity = warning # CA5365: Do Not Disable HTTP Header Checking
dotnet_diagnostic.CA5366.severity = warning # CA5366: Use XmlReader For DataSet Read XML
dotnet_diagnostic.CA5367.severity = warning # CA5367: Do Not Serialize Types With Pointer Fields
dotnet_diagnostic.CA5368.severity = warning # CA5368: Set ViewStateUserKey For Classes Derived From Page
dotnet_diagnostic.CA5369.severity = warning # CA5369: Use XmlReader for Deserialize
dotnet_diagnostic.CA5370.severity = warning # CA5370: Use XmlReader for validating reader
dotnet_diagnostic.CA5371.severity = warning # CA5371: Use XmlReader for schema read
dotnet_diagnostic.CA5372.severity = warning # CA5372: Use XmlReader for XPathDocument
dotnet_diagnostic.CA5373.severity = warning # CA5373: Do not use obsolete key derivation function
dotnet_diagnostic.CA5374.severity = warning # CA5374: Do Not Use XslTransform
dotnet_diagnostic.CA5375.severity = warning # CA5375: Do not use account shared access signature
dotnet_diagnostic.CA5376.severity = warning # CA5376: Use SharedAccessProtocol HttpsOnly
dotnet_diagnostic.CA5377.severity = warning # CA5377: Use container level access policy
dotnet_diagnostic.CA5378.severity = warning # CA5378: Do not disable ServicePointManagerSecurityProtocols
dotnet_diagnostic.CA5379.severity = warning # CA5379: Ensure key derivation function algorithm is sufficiently strong
dotnet_diagnostic.CA5380.severity = warning # CA5380: Do not add certificates to root store
dotnet_diagnostic.CA5381.severity = warning # CA5381: Ensure certificates are not added to root store
dotnet_diagnostic.CA5382.severity = warning # CA5382: Use secure cookies in ASP.NET Core
dotnet_diagnostic.CA5383.severity = warning # CA5383: Ensure use secure cookies in ASP.NET Core
dotnet_diagnostic.CA5384.severity = warning # CA5384: Do not use digital signature algorithm (DSA)
dotnet_diagnostic.CA5385.severity = warning # CA5385: Use Rivest–Shamir–Adleman (RSA) algorithm with sufficient key size
dotnet_diagnostic.CA5386.severity = warning # CA5386: Avoid hardcoding SecurityProtocolType value
dotnet_diagnostic.CA5387.severity = warning # CA5387: Do not use weak key derivation function with insufficient iteration count
dotnet_diagnostic.CA5388.severity = warning # CA5388: Ensure sufficient iteration count when using weak key derivation function
dotnet_diagnostic.CA5389.severity = warning # CA5389: Do not add archive item's path to the target file system path
dotnet_diagnostic.CA5390.severity = warning # CA5390: Do not hard-code encryption key
dotnet_diagnostic.CA5391.severity = warning # CA5391: Use antiforgery tokens in ASP.NET Core MVC controllers
dotnet_diagnostic.CA5392.severity = warning # CA5392: Use DefaultDllImportSearchPaths attribute for P/Invokes
dotnet_diagnostic.CA5393.severity = warning # CA5393: Do not use unsafe DllImportSearchPath value
dotnet_diagnostic.CA5394.severity = warning # CA5394: Do not use insecure randomness
dotnet_diagnostic.CA5395.severity = warning # CA5395: Miss HttpVerb attribute for action methods
dotnet_diagnostic.CA5396.severity = warning # CA5396: Set HttpOnly to true for HttpCookie
dotnet_diagnostic.CA5397.severity = warning # CA5397: Do not use deprecated SslProtocols values
dotnet_diagnostic.CA5398.severity = warning # CA5398: Avoid hardcoded SslProtocols values
dotnet_diagnostic.CA5399.severity = warning # CA5399: Definitely disable HttpClient certificate revocation list check
dotnet_diagnostic.CA5400.severity = warning # CA5400: Ensure HttpClient certificate revocation list check is not disabled
dotnet_diagnostic.CA5401.severity = suggestion # CA5401: Do not use CreateEncryptor with non-default IV
dotnet_diagnostic.CA5402.severity = warning # CA5402: Use CreateEncryptor with the default IV
dotnet_diagnostic.CA5403.severity = warning # CA5403: Do not hard-code certificate
dotnet_diagnostic.CA5404.severity = warning # CA5404: Do not disable token validation checks
dotnet_diagnostic.CA5405.severity = warning # CA5405: Do not always skip token validation in delegates

# Code quality / usage rules
dotnet_diagnostic.CA2100.severity = warning # CA2100: Review SQL queries for security vulnerabilities
dotnet_diagnostic.CA2109.severity = warning # CA2109: Review visible event handlers
dotnet_diagnostic.CA2119.severity = warning # CA2119: Seal methods that satisfy private interfaces
dotnet_diagnostic.CA2153.severity = warning # CA2153: Avoid Handling Corrupted State Exceptions
dotnet_diagnostic.CA2300.severity = warning # CA2300: Do not use insecure deserializer BinaryFormatter
dotnet_diagnostic.CA2301.severity = warning # CA2301: Do not call BinaryFormatter.Deserialize without first setting BinaryFormatter.Binder
dotnet_diagnostic.CA2302.severity = warning # CA2302: Ensure BinaryFormatter.Binder is set before calling BinaryFormatter.Deserialize
dotnet_diagnostic.CA2305.severity = warning # CA2305: Do not use insecure deserializer LosFormatter
dotnet_diagnostic.CA2310.severity = warning # CA2310: Do not use insecure deserializer NetDataContractSerializer
dotnet_diagnostic.CA2311.severity = warning # CA2311: Do not deserialize without first setting NetDataContractSerializer.Binder
dotnet_diagnostic.CA2312.severity = warning # CA2312: Ensure NetDataContractSerializer.Binder is set before deserializing
dotnet_diagnostic.CA2315.severity = warning # CA2315: Do not use insecure deserializer ObjectStateFormatter
dotnet_diagnostic.CA2321.severity = warning # CA2321: Do not deserialize with JavaScriptSerializer using a SimpleTypeResolver
dotnet_diagnostic.CA2322.severity = warning # CA2322: Ensure JavaScriptSerializer is not initialized with SimpleTypeResolver before deserializing
dotnet_diagnostic.CA2326.severity = warning # CA2326: Do not use TypeNameHandling values other than None
dotnet_diagnostic.CA2327.severity = warning # CA2327: Do not use insecure JsonSerializerSettings
dotnet_diagnostic.CA2328.severity = warning # CA2328: Ensure that JsonSerializerSettings are secure
dotnet_diagnostic.CA2329.severity = warning # CA2329: Do not deserialize with JsonSerializer using an insecure configuration
dotnet_diagnostic.CA2330.severity = warning # CA2330: Ensure that JsonSerializer has a secure configuration when deserializing
dotnet_diagnostic.CA2350.severity = warning # CA2350: Ensure DataTable.ReadXml()'s input is trusted
dotnet_diagnostic.CA2351.severity = warning # CA2351: Ensure DataSet.ReadXml()'s input is trusted
dotnet_diagnostic.CA2352.severity = warning # CA2352: Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks
dotnet_diagnostic.CA2353.severity = warning # CA2353: Unsafe DataSet or DataTable in serializable type
dotnet_diagnostic.CA2354.severity = warning # CA2354: Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attack
dotnet_diagnostic.CA2355.severity = warning # CA2355: Unsafe DataSet or DataTable in deserialized object graph
dotnet_diagnostic.CA2356.severity = warning # CA2356: Unsafe DataSet or DataTable in web deserialized object graph
dotnet_diagnostic.CA2361.severity = warning # CA2361: Ensure autogenerated class containing DataSet.ReadXml() is not used with untrusted data
dotnet_diagnostic.CA2362.severity = warning # CA2362: Unsafe DataSet or DataTable in autogenerated serializable type can be vulnerable to remote code execution attacks
dotnet_diagnostic.CA3001.severity = warning # CA3001: Review code for SQL injection vulnerabilities
dotnet_diagnostic.CA3002.severity = warning # CA3002: Review code for XSS vulnerabilities
dotnet_diagnostic.CA3003.severity = warning # CA3003: Review code for file path injection vulnerabilities
dotnet_diagnostic.CA3004.severity = warning # CA3004: Review code for information disclosure vulnerabilities
dotnet_diagnostic.CA3006.severity = warning # CA3006: Review code for process command injection vulnerabilities
dotnet_diagnostic.CA3007.severity = warning # CA3007: Review code for open redirect vulnerabilities
dotnet_diagnostic.CA3008.severity = warning # CA3008: Review code for XPath injection vulnerabilities
dotnet_diagnostic.CA3009.severity = warning # CA3009: Review code for XML injection vulnerabilities
dotnet_diagnostic.CA3010.severity = warning # CA3010: Review code for XAML injection vulnerabilities
dotnet_diagnostic.CA3011.severity = warning # CA3011: Review code for DLL injection vulnerabilities
dotnet_diagnostic.CA3012.severity = warning # CA3012: Review code for regex injection vulnerabilities
dotnet_diagnostic.CA3061.severity = warning # CA3061: Do not add schema by URL
dotnet_diagnostic.CA3075.severity = warning # CA3075: Insecure DTD Processing
dotnet_diagnostic.CA3076.severity = warning # CA3076: Insecure XSLT Script Execution
dotnet_diagnostic.CA3077.severity = warning # CA3077: Insecure Processing in API Design, XML Document and XML Text Reader
dotnet_diagnostic.CA3147.severity = warning # CA3147: Mark verb handlers with ValidateAntiForgeryToken
dotnet_diagnostic.CA5350.severity = warning # CA5350: Do Not Use Weak Cryptographic Algorithms
dotnet_diagnostic.CA5351.severity = warning # CA5351: Do Not Use Broken Cryptographic Algorithms
dotnet_diagnostic.CA5358.severity = warning # CA5358: Do Not Use Unsafe Cipher Modes
dotnet_diagnostic.CA5359.severity = warning # CA5359: Do not disable certificate validation
dotnet_diagnostic.CA5360.severity = warning # CA5360: Do not call dangerous methods in deserialization
dotnet_diagnostic.CA5361.severity = warning # CA5361: Do not disable SChannel use of strong crypto
dotnet_diagnostic.CA5362.severity = warning # CA5362: Potential reference cycle in deserialized object graph
dotnet_diagnostic.CA5363.severity = warning # CA5363: Do not disable request validation
dotnet_diagnostic.CA5364.severity = warning # CA5364: Do not use deprecated security protocols
dotnet_diagnostic.CA5365.severity = warning # CA5365: Do Not Disable HTTP Header Checking
dotnet_diagnostic.CA5366.severity = warning # CA5366: Use XmlReader For DataSet Read XML
dotnet_diagnostic.CA5367.severity = warning # CA5367: Do Not Serialize Types With Pointer Fields
dotnet_diagnostic.CA5368.severity = warning # CA5368: Set ViewStateUserKey For Classes Derived From Page
dotnet_diagnostic.CA5369.severity = warning # CA5369: Use XmlReader for Deserialize
dotnet_diagnostic.CA5370.severity = warning # CA5370: Use XmlReader for validating reader
dotnet_diagnostic.CA5371.severity = warning # CA5371: Use XmlReader for schema read
dotnet_diagnostic.CA5372.severity = warning # CA5372: Use XmlReader for XPathDocument
dotnet_diagnostic.CA5373.severity = warning # CA5373: Do not use obsolete key derivation function
dotnet_diagnostic.CA5374.severity = warning # CA5374: Do Not Use XslTransform
dotnet_diagnostic.CA5375.severity = warning # CA5375: Do not use account shared access signature
dotnet_diagnostic.CA5376.severity = warning # CA5376: Use SharedAccessProtocol HttpsOnly
dotnet_diagnostic.CA5377.severity = warning # CA5377: Use container level access policy
dotnet_diagnostic.CA5378.severity = warning # CA5378: Do not disable ServicePointManagerSecurityProtocols
dotnet_diagnostic.CA5379.severity = warning # CA5379: Ensure key derivation function algorithm is sufficiently strong
dotnet_diagnostic.CA5380.severity = warning # CA5380: Do not add certificates to root store
dotnet_diagnostic.CA5381.severity = warning # CA5381: Ensure certificates are not added to root store
dotnet_diagnostic.CA5382.severity = warning # CA5382: Use secure cookies in ASP.NET Core
dotnet_diagnostic.CA5383.severity = warning # CA5383: Ensure use secure cookies in ASP.NET Core
dotnet_diagnostic.CA5384.severity = warning # CA5384: Do not use digital signature algorithm (DSA)
dotnet_diagnostic.CA5385.severity = warning # CA5385: Use Rivest–Shamir–Adleman (RSA) algorithm with sufficient key size
dotnet_diagnostic.CA5386.severity = warning # CA5386: Avoid hardcoding SecurityProtocolType value
dotnet_diagnostic.CA5387.severity = warning # CA5387: Do not use weak key derivation function with insufficient iteration count
dotnet_diagnostic.CA5388.severity = warning # CA5388: Ensure sufficient iteration count when using weak key derivation function
dotnet_diagnostic.CA5389.severity = warning # CA5389: Do not add archive item's path to the target file system path
dotnet_diagnostic.CA5390.severity = warning # CA5390: Do not hard-code encryption key
dotnet_diagnostic.CA5391.severity = warning # CA5391: Use antiforgery tokens in ASP.NET Core MVC controllers
dotnet_diagnostic.CA5392.severity = warning # CA5392: Use DefaultDllImportSearchPaths attribute for P/Invokes
dotnet_diagnostic.CA5393.severity = warning # CA5393: Do not use unsafe DllImportSearchPath value
dotnet_diagnostic.CA5395.severity = warning # CA5395: Miss HttpVerb attribute for action methods
dotnet_diagnostic.CA5396.severity = warning # CA5396: Set HttpOnly to true for HttpCookie
dotnet_diagnostic.CA5397.severity = warning # CA5397: Do not use deprecated SslProtocols values
dotnet_diagnostic.CA5398.severity = warning # CA5398: Avoid hardcoded SslProtocols values
dotnet_diagnostic.CA5399.severity = warning # CA5399: Definitely disable HttpClient certificate revocation list check
dotnet_diagnostic.CA5400.severity = warning # CA5400: Ensure HttpClient certificate revocation list check is not disabled
dotnet_diagnostic.CA5401.severity = warning # CA5401: Do not use CreateEncryptor with non-default IV
dotnet_diagnostic.CA5402.severity = warning # CA5402: Use CreateEncryptor with the default IV
dotnet_diagnostic.CA5403.severity = warning # CA5403: Do not hard-code certificate
dotnet_diagnostic.CA5404.severity = warning # CA5404: Do not disable token validation checks
dotnet_diagnostic.CA5405.severity = warning # CA5405: Do not always skip token validation in delegates

dotnet_diagnostic.CA2251.severity = warning
dotnet_sort_system_directives_first = true:warning
dotnet_separate_import_directive_groups = true:suggestion

dotnet_diagnostic.IDE0055.severity = error # IDE0055: Fix formatting
dotnet_diagnostic.IDE0001.severity = warning # IDE0001: Simplify names
dotnet_diagnostic.IDE0002.severity = warning # IDE0002: Simplify member access
dotnet_diagnostic.IDE0004.severity = warning # IDE0004: Remove unnecessary cast
dotnet_diagnostic.IDE0005.severity = warning # IDE0005: Remove unnecessary import
dotnet_diagnostic.IDE0035.severity = warning # IDE0035: Remove unreachable code
dotnet_diagnostic.IDE0051.severity = warning # IDE0051: Remove unused private member
dotnet_diagnostic.IDE0052.severity = warning # IDE0052: Remove unread private member
dotnet_diagnostic.IDE0058.severity = suggestion # IDE0058: Remove unnecessary expression value
dotnet_diagnostic.IDE0059.severity = warning # IDE0059: Remove unnecessary value assignment
dotnet_diagnostic.IDE0060.severity = warning # IDE0060: Remove unused parameter
dotnet_diagnostic.IDE0079.severity = warning # IDE0079: Remove unnecessary suppression
dotnet_diagnostic.IDE0080.severity = warning # IDE0080: Remove unnecessary suppression operator
dotnet_diagnostic.IDE0100.severity = warning # IDE0100: Remove unnecessary equality operator
dotnet_diagnostic.IDE0110.severity = warning # IDE0110: Remove unnecessary discard
dotnet_diagnostic.RCS1090.severity = none # RCS1090: Add call to 'ConfigureAwait' (or vice versa).
csharp_style_prefer_method_group_conversion = true:silent
csharp_style_prefer_top_level_statements = true:silent

##########################################
# .NET Naming Rules
# https://docs.microsoft.com/dotnet/fundamentals/code-analysis/style-rules/naming-rules
##########################################

[*.{cs,csx,cake,vb,vbx}]

##########################################
# Styles
##########################################


#camel_case_style - Define the camelCase style
dotnet_naming_style.camel_case_style.capitalization = camel_case

#camel_case_style - Define the camelCase style with leading _ for private fields
dotnet_naming_style.camel_case_style_private_field.capitalization = camel_case
dotnet_naming_style.camel_case_style_private_field.required_prefix = _

#camel_case_style - Define the camelCase style with leading s_ for private static fields
dotnet_naming_style.camel_case_style_private_static_field.capitalization = camel_case
dotnet_naming_style.camel_case_style_private_static_field.required_prefix = s_

#pascal_case_style - Define the PascalCase style
dotnet_naming_style.pascal_case_style.capitalization = pascal_case

#first_upper_style - The first character must start with an upper-case character
dotnet_naming_style.first_upper_style.capitalization = first_word_upper

#prefix_interface_with_i_style - Interfaces must be PascalCase and the first character of an interface must be an 'I'
dotnet_naming_style.prefix_interface_with_i_style.capitalization = pascal_case
dotnet_naming_style.prefix_interface_with_i_style.required_prefix = I

#prefix_type_parameters_with_t_style - Generic Type Parameters must be PascalCase and the first character must be a 'T'
dotnet_naming_style.prefix_type_parameters_with_t_style.capitalization = pascal_case
dotnet_naming_style.prefix_type_parameters_with_t_style.required_prefix = T

#disallowed_style - Anything that has this style applied is marked as disallowed
dotnet_naming_style.disallowed_style.capitalization  = pascal_case
dotnet_naming_style.disallowed_style.required_prefix = ____RULE_VIOLATION____
dotnet_naming_style.disallowed_style.required_suffix = ____RULE_VIOLATION____

#internal_error_style - This style should never occur... if it does, it indicates a bug in file or in the parser using the file
dotnet_naming_style.internal_error_style.capitalization  = pascal_case
dotnet_naming_style.internal_error_style.required_prefix = ____INTERNAL_ERROR____
dotnet_naming_style.internal_error_style.required_suffix = ____INTERNAL_ERROR____

##########################################
# .NET Design Guideline Field Naming Rules
# Naming rules for fields follow the .NET Framework design guidelines
# https://docs.microsoft.com/dotnet/standard/design-guidelines/index
##########################################

# All public/protected/protected_internal constant fields must be PascalCase
# https://docs.microsoft.com/dotnet/standard/design-guidelines/field
dotnet_naming_symbols.public_protected_constant_fields_group.applicable_accessibilities = public, protected, protected_internal
dotnet_naming_symbols.public_protected_constant_fields_group.required_modifiers         = const
dotnet_naming_symbols.public_protected_constant_fields_group.applicable_kinds           = field
dotnet_naming_rule.public_protected_constant_fields_must_be_pascal_case_rule.symbols    = public_protected_constant_fields_group
dotnet_naming_rule.public_protected_constant_fields_must_be_pascal_case_rule.style = pascal_case_style
dotnet_naming_rule.public_protected_constant_fields_must_be_pascal_case_rule.severity = warning

# All public/protected/protected_internal static readonly fields must be PascalCase
# https://docs.microsoft.com/dotnet/standard/design-guidelines/field
dotnet_naming_symbols.public_protected_static_readonly_fields_group.applicable_accessibilities = public, protected, protected_internal
dotnet_naming_symbols.public_protected_static_readonly_fields_group.required_modifiers         = static, readonly
dotnet_naming_symbols.public_protected_static_readonly_fields_group.applicable_kinds           = field
dotnet_naming_rule.public_protected_static_readonly_fields_must_be_pascal_case_rule.symbols    = public_protected_static_readonly_fields_group
dotnet_naming_rule.public_protected_static_readonly_fields_must_be_pascal_case_rule.style = pascal_case_style
dotnet_naming_rule.public_protected_static_readonly_fields_must_be_pascal_case_rule.severity = warning

# No other public/protected/protected_internal fields are allowed
# https://docs.microsoft.com/dotnet/standard/design-guidelines/field
dotnet_naming_symbols.other_public_protected_fields_group.applicable_accessibilities = public, protected, protected_internal
dotnet_naming_symbols.other_public_protected_fields_group.applicable_kinds           = field
dotnet_naming_rule.other_public_protected_fields_disallowed_rule.symbols             = other_public_protected_fields_group
dotnet_naming_rule.other_public_protected_fields_disallowed_rule.style = disallowed_style
dotnet_naming_rule.other_public_protected_fields_disallowed_rule.severity = error

##########################################
# StyleCop Field Naming Rules
# Naming rules for fields follow the StyleCop analyzers
# This does not override any rules using disallowed_style above
# https://github.com/DotNetAnalyzers/StyleCopAnalyzers
##########################################

# All constant fields must be PascalCase
# https://github.com/DotNetAnalyzers/StyleCopAnalyzers/blob/master/documentation/SA1303.md
dotnet_naming_symbols.stylecop_constant_fields_group.applicable_accessibilities = public, internal, protected_internal, protected, private_protected, private
dotnet_naming_symbols.stylecop_constant_fields_group.required_modifiers         = const
dotnet_naming_symbols.stylecop_constant_fields_group.applicable_kinds           = field
dotnet_naming_rule.stylecop_constant_fields_must_be_pascal_case_rule.symbols    = stylecop_constant_fields_group
dotnet_naming_rule.stylecop_constant_fields_must_be_pascal_case_rule.style = pascal_case_style
dotnet_naming_rule.stylecop_constant_fields_must_be_pascal_case_rule.severity = warning

## All static readonly fields must be PascalCase
## https://github.com/DotNetAnalyzers/StyleCopAnalyzers/blob/master/documentation/SA1311.md
dotnet_naming_symbols.stylecop_static_readonly_fields_group.applicable_accessibilities = public, internal, protected_internal, protected
dotnet_naming_symbols.stylecop_static_readonly_fields_group.required_modifiers         = static, readonly
dotnet_naming_symbols.stylecop_static_readonly_fields_group.applicable_kinds           = field
dotnet_naming_rule.stylecop_static_readonly_fields_must_be_pascal_case_rule.symbols    = stylecop_static_readonly_fields_group
dotnet_naming_rule.stylecop_static_readonly_fields_must_be_pascal_case_rule.style = pascal_case_style
dotnet_naming_rule.stylecop_static_readonly_fields_must_be_pascal_case_rule.severity = warning

# No non-private instance fields are allowed
# https://github.com/DotNetAnalyzers/StyleCopAnalyzers/blob/master/documentation/SA1401.md
dotnet_naming_symbols.stylecop_fields_must_be_private_group.applicable_accessibilities = public, internal, protected_internal, protected, private_protected
dotnet_naming_symbols.stylecop_fields_must_be_private_group.applicable_kinds           = field
dotnet_naming_rule.stylecop_instance_fields_must_be_private_rule.symbols               = stylecop_fields_must_be_private_group
dotnet_naming_rule.stylecop_instance_fields_must_be_private_rule.style = disallowed_style
dotnet_naming_rule.stylecop_instance_fields_must_be_private_rule.severity = error

# Private static fields must be camelCase with a leading s_
# https://github.com/DotNetAnalyzers/StyleCopAnalyzers/blob/master/documentation/SA1306.md
dotnet_naming_symbols.stylecop_private_static_fields_group.applicable_accessibilities = private
dotnet_naming_symbols.stylecop_private_static_fields_group.required_modifiers		  = static, readonly
dotnet_naming_symbols.stylecop_private_static_fields_group.applicable_kinds           = field
dotnet_naming_rule.stylecop_private_static_fields_must_be_camel_case_rule.symbols	  = stylecop_private_static_fields_group
dotnet_naming_rule.stylecop_private_static_fields_must_be_camel_case_rule.style = camel_case_style_private_static_field
dotnet_naming_rule.stylecop_private_static_fields_must_be_camel_case_rule.severity = warning

# Private fields must be camelCase with a leading _
# https://github.com/DotNetAnalyzers/StyleCopAnalyzers/blob/master/documentation/SA1306.md
dotnet_naming_symbols.stylecop_private_fields_group.applicable_accessibilities = private
dotnet_naming_symbols.stylecop_private_fields_group.applicable_kinds           = field
dotnet_naming_rule.stylecop_private_fields_must_be_camel_case_rule.symbols     = stylecop_private_fields_group
dotnet_naming_rule.stylecop_private_fields_must_be_camel_case_rule.style = camel_case_style_private_field
dotnet_naming_rule.stylecop_private_fields_must_be_camel_case_rule.severity = warning

# Local variables must be camelCase
# https://github.com/DotNetAnalyzers/StyleCopAnalyzers/blob/master/documentation/SA1312.md
dotnet_naming_symbols.stylecop_local_fields_group.applicable_accessibilities = local
dotnet_naming_symbols.stylecop_local_fields_group.applicable_kinds           = local
dotnet_naming_rule.stylecop_local_fields_must_be_camel_case_rule.symbols     = stylecop_local_fields_group
dotnet_naming_rule.stylecop_local_fields_must_be_camel_case_rule.style = camel_case_style
dotnet_naming_rule.stylecop_local_fields_must_be_camel_case_rule.severity = silent

# This rule should never fire.  However, it's included for at least two purposes:
# First, it helps to understand, reason about, and root-case certain types of issues, such as bugs in .editorconfig parsers.
# Second, it helps to raise immediate awareness if a new field type is added (as occurred recently in C#).
dotnet_naming_symbols.sanity_check_uncovered_field_case_group.applicable_accessibilities	= *
dotnet_naming_symbols.sanity_check_uncovered_field_case_group.applicable_kinds				= field
dotnet_naming_rule.sanity_check_uncovered_field_case_rule.symbols							= sanity_check_uncovered_field_case_group
dotnet_naming_rule.sanity_check_uncovered_field_case_rule.style = internal_error_style
dotnet_naming_rule.sanity_check_uncovered_field_case_rule.severity = error

##########################################
# Other Naming Rules
##########################################

# All of the following must be PascalCase:
# - Namespaces
#   https://docs.microsoft.com/dotnet/standard/design-guidelines/names-of-namespaces
#   https://github.com/DotNetAnalyzers/StyleCopAnalyzers/blob/master/documentation/SA1300.md
# - Classes and Enumerations
#   https://docs.microsoft.com/dotnet/standard/design-guidelines/names-of-classes-structs-and-interfaces
#   https://github.com/DotNetAnalyzers/StyleCopAnalyzers/blob/master/documentation/SA1300.md
# - Delegates
#   https://docs.microsoft.com/dotnet/standard/design-guidelines/names-of-classes-structs-and-interfaces#names-of-common-types
# - Constructors, Properties, Events, Methods
#   https://docs.microsoft.com/dotnet/standard/design-guidelines/names-of-type-members
dotnet_naming_symbols.element_group.applicable_kinds = namespace, class, enum, struct, delegate, event, method, property
dotnet_naming_rule.element_rule.symbols              = element_group
dotnet_naming_rule.element_rule.style = pascal_case_style
dotnet_naming_rule.element_rule.severity = warning

# Interfaces use PascalCase and are prefixed with uppercase 'I'
# https://docs.microsoft.com/dotnet/standard/design-guidelines/names-of-classes-structs-and-interfaces
dotnet_naming_symbols.interface_group.applicable_kinds = interface
dotnet_naming_rule.interface_rule.symbols              = interface_group
dotnet_naming_rule.interface_rule.style = prefix_interface_with_i_style
dotnet_naming_rule.interface_rule.severity = warning

# Generics Type Parameters use PascalCase and are prefixed with uppercase 'T'
# https://docs.microsoft.com/dotnet/standard/design-guidelines/names-of-classes-structs-and-interfaces
dotnet_naming_symbols.type_parameter_group.applicable_kinds = type_parameter
dotnet_naming_rule.type_parameter_rule.symbols              = type_parameter_group
dotnet_naming_rule.type_parameter_rule.style = prefix_type_parameters_with_t_style
dotnet_naming_rule.type_parameter_rule.severity = warning

# Function parameters use camelCase
# https://docs.microsoft.com/dotnet/standard/design-guidelines/naming-parameters
dotnet_naming_symbols.parameters_group.applicable_kinds = parameter
dotnet_naming_rule.parameters_rule.symbols              = parameters_group
dotnet_naming_rule.parameters_rule.style = camel_case_style
dotnet_naming_rule.parameters_rule.severity = warning

# Default severity for all analyzer diagnostics
dotnet_analyzer_diagnostic.severity = none

# Default severity for analyzer diagnostics with category 'StyleCop.CSharp.DocumentationRules'
dotnet_analyzer_diagnostic.category-StyleCop.CSharp.DocumentationRules.severity = none
dotnet_style_coalesce_expression = true:warning
dotnet_style_null_propagation = true:warning
dotnet_style_operator_placement_when_wrapping = beginning_of_line
tab_width = 4
dotnet_style_prefer_is_null_check_over_reference_equality_method = true:warning
dotnet_style_prefer_auto_properties = true:warning