Merge pull request #20 from Mijo-Software/mjohne-patch-4

Add files via upload

packages/Microsoft.NetFramework.Analyzers.2.9.8/build/Microsoft.NetFramework.Analyzers.props

@@ -0,0 +1,34 @@
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+
+  <!-- 
+    This item group adds any .editorconfig file present at the project root directory
+    as an additional file.
+  -->  
+  <ItemGroup Condition="'$(SkipDefaultEditorConfigAsAdditionalFile)' != 'true' And Exists('$(MSBuildProjectDirectory)\.editorconfig')" >
+    <AdditionalFiles Include="$(MSBuildProjectDirectory)\.editorconfig" />
+  </ItemGroup>
+
+  <!-- 
+    This property group prevents the rule ids implemented in this package to be bumped to errors when
+    the 'CodeAnalysisTreatWarningsAsErrors' = 'false'.
+  -->
+  <PropertyGroup Condition="'$(CodeAnalysisTreatWarningsAsErrors)' == 'false'">
+    <WarningsNotAsErrors>$(WarningsNotAsErrors);CA1058;CA2153;CA3075;CA3076;CA3077;CA3147</WarningsNotAsErrors>
+  </PropertyGroup>
+
+  <!-- 
+    This property group contains the rules that have been implemented in this package and therefore should be disabled for the binary FxCop.
+    The format is -[Category]#[ID], e.g., -Microsoft.Design#CA1001;
+  -->
+  <PropertyGroup>
+    <CodeAnalysisRuleSetOverrides>
+      $(CodeAnalysisRuleSetOverrides);
+      -Microsoft.Design#CA1058;
+
+    </CodeAnalysisRuleSetOverrides>
+  </PropertyGroup>
+
+  <PropertyGroup>
+    <Features>$(Features);flow-analysis</Features> 
+  </PropertyGroup>
+</Project>

packages/Microsoft.NetFramework.Analyzers.2.9.8/documentation/Microsoft.NetFramework.Analyzers.md

@@ -0,0 +1,9 @@
+
+Sr. No. | Rule ID | Title | Category | Enabled | CodeFix | Description |
+--------|---------|-------|----------|---------|---------|--------------------------------------------------------------------------------------------------------------|
+1 | [CA1058](https://docs.microsoft.com/visualstudio/code-quality/ca1058-types-should-not-extend-certain-base-types) | Types should not extend certain base types | Design | True | False | An externally visible type extends certain base types. Use one of the alternatives. |
+2 | [CA2153](https://docs.microsoft.com/visualstudio/code-quality/ca2153-avoid-handling-corrupted-state-exceptions) | Do Not Catch Corrupted State Exceptions | Security | True | False | Catching corrupted state exceptions could mask errors (such as access violations), resulting in inconsistent state of execution or making it easier for attackers to compromise system. Instead, catch and handle a more specific set of exception type(s) or re-throw the exception |
+3 | [CA3075](https://docs.microsoft.com/visualstudio/code-quality/ca3075-insecure-dtd-processing) | Insecure DTD processing in XML | Security | True | False | Using XmlTextReader.Load(), creating an insecure XmlReaderSettings instance when invoking XmlReader.Create(), setting the InnerXml property of the XmlDocument and enabling DTD processing using XmlUrlResolver insecurely can lead to information disclosure. Replace it with a call to the Load() method overload that takes an XmlReader instance, use XmlReader.Create() to accept XmlReaderSettings arguments or consider explicitly setting secure values. The DataViewSettingCollectionString property of DataViewManager should always be assigned from a trusted source, the DtdProcessing property should be set to false, and the XmlResolver property should be changed to XmlSecureResolver or null.  |
+4 | [CA3076](https://docs.microsoft.com/visualstudio/code-quality/ca3076-insecure-xslt-script-execution) | Insecure XSLT script processing. | Security | True | False | Providing an insecure XsltSettings instance and an insecure XmlResolver instance to XslCompiledTransform.Load method is potentially unsafe as it allows processing script within XSL, which on an untrusted XSL input may lead to malicious code execution. Either replace the insecure XsltSettings argument with XsltSettings.Default or an instance that has disabled document function and script execution, or replace the XmlResolver argurment with null or an XmlSecureResolver instance. This message may be suppressed if the input is known to be from a trusted source and external resource resolution from locations that are not known in advance must be supported. |
+5 | [CA3077](https://docs.microsoft.com/visualstudio/code-quality/ca3077-insecure-processing-in-api-design-xml-document-and-xml-text-reader) | Insecure Processing in API Design, XmlDocument and XmlTextReader | Security | True | False | Enabling DTD processing on all instances derived from XmlTextReader or  XmlDocument and using XmlUrlResolver for resolving external XML entities may lead to information disclosure. Ensure to set the XmlResolver property to null, create an instance of XmlSecureResolver when processing untrusted input, or use XmlReader.Create method with a secure XmlReaderSettings argument. Unless you need to enable it, ensure the DtdProcessing property is set to false.  |
+6 | [CA3147](https://docs.microsoft.com/visualstudio/code-quality/ca3147-mark-verb-handlers-with-validateantiforgerytoken) | Mark Verb Handlers With Validate Antiforgery Token | Security | True | False | Missing ValidateAntiForgeryTokenAttribute on controller action {0}. |

packages/Microsoft.NetFramework.Analyzers.2.9.8/documentation/Microsoft.NetFramework.Analyzers.sarif

@@ -0,0 +1,179 @@
+{
+  "$schema": "http://json.schemastore.org/sarif-1.0.0",
+  "version": "1.0.0",
+  "runs": [
+    {
+      "tool": {
+        "name": "Microsoft.NetFramework.Analyzers",
+        "version": "2.9.8",
+        "language": "en-US"
+      },
+      "rules": {
+        "CA1058": {
+          "id": "CA1058",
+          "shortDescription": "Types should not extend certain base types",
+          "fullDescription": "An externally visible type extends certain base types. Use one of the alternatives.",
+          "defaultLevel": "warning",
+          "helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca1058-types-should-not-extend-certain-base-types",
+          "properties": {
+            "category": "Design",
+            "isEnabledByDefault": true,
+            "typeName": "TypesShouldNotExtendCertainBaseTypesAnalyzer",
+            "languages": [
+              "C#",
+              "Visual Basic"
+            ],
+            "tags": [
+              "PortedFromFxCop",
+              "Telemetry"
+            ]
+          }
+        },
+        "CA2153": {
+          "id": "CA2153",
+          "shortDescription": "Do Not Catch Corrupted State Exceptions",
+          "fullDescription": "Catching corrupted state exceptions could mask errors (such as access violations), resulting in inconsistent state of execution or making it easier for attackers to compromise system. Instead, catch and handle a more specific set of exception type(s) or re-throw the exception",
+          "defaultLevel": "warning",
+          "helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca2153-avoid-handling-corrupted-state-exceptions",
+          "properties": {
+            "category": "Security",
+            "isEnabledByDefault": true,
+            "typeName": "DoNotCatchCorruptedStateExceptionsAnalyzer",
+            "languages": [
+              "C#",
+              "Visual Basic"
+            ],
+            "tags": [
+              "Telemetry"
+            ]
+          }
+        },
+        "CA3075": {
+          "id": "CA3075",
+          "shortDescription": "Insecure DTD processing in XML",
+          "fullDescription": "Using XmlTextReader.Load(), creating an insecure XmlReaderSettings instance when invoking XmlReader.Create(), setting the InnerXml property of the XmlDocument and enabling DTD processing using XmlUrlResolver insecurely can lead to information disclosure. Replace it with a call to the Load() method overload that takes an XmlReader instance, use XmlReader.Create() to accept XmlReaderSettings arguments or consider explicitly setting secure values. The DataViewSettingCollectionString property of DataViewManager should always be assigned from a trusted source, the DtdProcessing property should be set to false, and the XmlResolver property should be changed to XmlSecureResolver or null. ",
+          "defaultLevel": "warning",
+          "helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca3075-insecure-dtd-processing",
+          "properties": {
+            "category": "Security",
+            "isEnabledByDefault": true,
+            "typeName": "DoNotUseInsecureDtdProcessingAnalyzer",
+            "languages": [
+              "C#",
+              "Visual Basic"
+            ],
+            "tags": [
+              "Telemetry"
+            ]
+          }
+        },
+        "CA3147": {
+          "id": "CA3147",
+          "shortDescription": "Mark Verb Handlers With Validate Antiforgery Token",
+          "fullDescription": "Missing ValidateAntiForgeryTokenAttribute on controller action {0}.",
+          "defaultLevel": "warning",
+          "helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca3147-mark-verb-handlers-with-validateantiforgerytoken",
+          "properties": {
+            "category": "Security",
+            "isEnabledByDefault": true,
+            "typeName": "MarkVerbHandlersWithValidateAntiforgeryTokenAnalyzer",
+            "languages": [
+              "C#",
+              "Visual Basic"
+            ]
+          }
+        }
+      }
+    },
+    {
+      "tool": {
+        "name": "Microsoft.NetFramework.CSharp.Analyzers",
+        "version": "2.9.8",
+        "language": "en-US"
+      },
+      "rules": {
+        "CA3076": {
+          "id": "CA3076",
+          "shortDescription": "Insecure XSLT script processing.",
+          "fullDescription": "Providing an insecure XsltSettings instance and an insecure XmlResolver instance to XslCompiledTransform.Load method is potentially unsafe as it allows processing script within XSL, which on an untrusted XSL input may lead to malicious code execution. Either replace the insecure XsltSettings argument with XsltSettings.Default or an instance that has disabled document function and script execution, or replace the XmlResolver argurment with null or an XmlSecureResolver instance. This message may be suppressed if the input is known to be from a trusted source and external resource resolution from locations that are not known in advance must be supported.",
+          "defaultLevel": "warning",
+          "helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca3076-insecure-xslt-script-execution",
+          "properties": {
+            "category": "Security",
+            "isEnabledByDefault": true,
+            "typeName": "CSharpDoNotUseInsecureXSLTScriptExecutionAnalyzer",
+            "languages": [
+              "C#"
+            ],
+            "tags": [
+              "Telemetry"
+            ]
+          }
+        },
+        "CA3077": {
+          "id": "CA3077",
+          "shortDescription": "Insecure Processing in API Design, XmlDocument and XmlTextReader",
+          "fullDescription": "Enabling DTD processing on all instances derived from XmlTextReader or  XmlDocument and using XmlUrlResolver for resolving external XML entities may lead to information disclosure. Ensure to set the XmlResolver property to null, create an instance of XmlSecureResolver when processing untrusted input, or use XmlReader.Create method with a secure XmlReaderSettings argument. Unless you need to enable it, ensure the DtdProcessing property is set to false. ",
+          "defaultLevel": "warning",
+          "helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca3077-insecure-processing-in-api-design-xml-document-and-xml-text-reader",
+          "properties": {
+            "category": "Security",
+            "isEnabledByDefault": true,
+            "typeName": "CSharpDoNotUseInsecureDtdProcessingInApiDesignAnalyzer",
+            "languages": [
+              "C#"
+            ],
+            "tags": [
+              "Telemetry"
+            ]
+          }
+        }
+      }
+    },
+    {
+      "tool": {
+        "name": "Microsoft.NetFramework.VisualBasic.Analyzers",
+        "version": "2.9.8",
+        "language": "en-US"
+      },
+      "rules": {
+        "CA3076": {
+          "id": "CA3076",
+          "shortDescription": "Insecure XSLT script processing.",
+          "fullDescription": "Providing an insecure XsltSettings instance and an insecure XmlResolver instance to XslCompiledTransform.Load method is potentially unsafe as it allows processing script within XSL, which on an untrusted XSL input may lead to malicious code execution. Either replace the insecure XsltSettings argument with XsltSettings.Default or an instance that has disabled document function and script execution, or replace the XmlResolver argurment with null or an XmlSecureResolver instance. This message may be suppressed if the input is known to be from a trusted source and external resource resolution from locations that are not known in advance must be supported.",
+          "defaultLevel": "warning",
+          "helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca3076-insecure-xslt-script-execution",
+          "properties": {
+            "category": "Security",
+            "isEnabledByDefault": true,
+            "typeName": "BasicDoNotUseInsecureXSLTScriptExecutionAnalyzer",
+            "languages": [
+              "Visual Basic"
+            ],
+            "tags": [
+              "Telemetry"
+            ]
+          }
+        },
+        "CA3077": {
+          "id": "CA3077",
+          "shortDescription": "Insecure Processing in API Design, XmlDocument and XmlTextReader",
+          "fullDescription": "Enabling DTD processing on all instances derived from XmlTextReader or  XmlDocument and using XmlUrlResolver for resolving external XML entities may lead to information disclosure. Ensure to set the XmlResolver property to null, create an instance of XmlSecureResolver when processing untrusted input, or use XmlReader.Create method with a secure XmlReaderSettings argument. Unless you need to enable it, ensure the DtdProcessing property is set to false. ",
+          "defaultLevel": "warning",
+          "helpUri": "https://docs.microsoft.com/visualstudio/code-quality/ca3077-insecure-processing-in-api-design-xml-document-and-xml-text-reader",
+          "properties": {
+            "category": "Security",
+            "isEnabledByDefault": true,
+            "typeName": "BasicDoNotUseInsecureDtdProcessingInApiDesignAnalyzer",
+            "languages": [
+              "Visual Basic"
+            ],
+            "tags": [
+              "Telemetry"
+            ]
+          }
+        }
+      }
+    }
+  ]
+}

packages/Microsoft.NetFramework.Analyzers.2.9.8/rulesets/AllRulesDefault.ruleset

@@ -0,0 +1,11 @@
+<?xml version="1.0"?>
+<RuleSet Name="All Rules with default severity" Description="All Rules with default severity. Rules with IsEnabledByDefault = false are disabled." ToolsVersion="15.0">
+   <Rules AnalyzerId="Microsoft.NetFramework.Analyzers" RuleNamespace="Microsoft.NetFramework.Analyzers">
+      <Rule Id="CA1058" Action="Warning" />          <!-- Types should not extend certain base types -->
+      <Rule Id="CA2153" Action="Warning" />          <!-- Do Not Catch Corrupted State Exceptions -->
+      <Rule Id="CA3075" Action="Warning" />          <!-- Insecure DTD processing in XML -->
+      <Rule Id="CA3076" Action="Warning" />          <!-- Insecure XSLT script processing. -->
+      <Rule Id="CA3077" Action="Warning" />          <!-- Insecure Processing in API Design, XmlDocument and XmlTextReader -->
+      <Rule Id="CA3147" Action="Warning" />          <!-- Mark Verb Handlers With Validate Antiforgery Token -->
+   </Rules>
+</RuleSet>

packages/Microsoft.NetFramework.Analyzers.2.9.8/rulesets/AllRulesDisabled.ruleset

@@ -0,0 +1,11 @@
+<?xml version="1.0"?>
+<RuleSet Name="All Rules Disabled" Description="All Rules are disabled." ToolsVersion="15.0">
+   <Rules AnalyzerId="Microsoft.NetFramework.Analyzers" RuleNamespace="Microsoft.NetFramework.Analyzers">
+      <Rule Id="CA1058" Action="None" />             <!-- Types should not extend certain base types -->
+      <Rule Id="CA2153" Action="None" />             <!-- Do Not Catch Corrupted State Exceptions -->
+      <Rule Id="CA3075" Action="None" />             <!-- Insecure DTD processing in XML -->
+      <Rule Id="CA3076" Action="None" />             <!-- Insecure XSLT script processing. -->
+      <Rule Id="CA3077" Action="None" />             <!-- Insecure Processing in API Design, XmlDocument and XmlTextReader -->
+      <Rule Id="CA3147" Action="None" />             <!-- Mark Verb Handlers With Validate Antiforgery Token -->
+   </Rules>
+</RuleSet>

packages/Microsoft.NetFramework.Analyzers.2.9.8/rulesets/AllRulesEnabled.ruleset

@@ -0,0 +1,11 @@
+<?xml version="1.0"?>
+<RuleSet Name="All Rules Enabled with default severity" Description="All Rules are enabled with default severity. Rules with IsEnabledByDefault = false are force enabled with default severity." ToolsVersion="15.0">
+   <Rules AnalyzerId="Microsoft.NetFramework.Analyzers" RuleNamespace="Microsoft.NetFramework.Analyzers">
+      <Rule Id="CA1058" Action="Warning" />          <!-- Types should not extend certain base types -->
+      <Rule Id="CA2153" Action="Warning" />          <!-- Do Not Catch Corrupted State Exceptions -->
+      <Rule Id="CA3075" Action="Warning" />          <!-- Insecure DTD processing in XML -->
+      <Rule Id="CA3076" Action="Warning" />          <!-- Insecure XSLT script processing. -->
+      <Rule Id="CA3077" Action="Warning" />          <!-- Insecure Processing in API Design, XmlDocument and XmlTextReader -->
+      <Rule Id="CA3147" Action="Warning" />          <!-- Mark Verb Handlers With Validate Antiforgery Token -->
+   </Rules>
+</RuleSet>

packages/Microsoft.NetFramework.Analyzers.2.9.8/rulesets/DataflowRulesDefault.ruleset

@@ -0,0 +1,16 @@
+<?xml version="1.0"?>
+<RuleSet Name="Dataflow Rules with default severity" Description="All Dataflow Rules with default severity. Rules with IsEnabledByDefault = false and non-Dataflow rules are disabled." ToolsVersion="15.0">
+   <!-- Dataflow Rules -->
+
+
+
+   <!-- Other Rules -->
+   <Rules AnalyzerId="Microsoft.NetFramework.Analyzers" RuleNamespace="Microsoft.NetFramework.Analyzers">
+      <Rule Id="CA1058" Action="None" />             <!-- Types should not extend certain base types -->
+      <Rule Id="CA2153" Action="None" />             <!-- Do Not Catch Corrupted State Exceptions -->
+      <Rule Id="CA3075" Action="None" />             <!-- Insecure DTD processing in XML -->
+      <Rule Id="CA3076" Action="None" />             <!-- Insecure XSLT script processing. -->
+      <Rule Id="CA3077" Action="None" />             <!-- Insecure Processing in API Design, XmlDocument and XmlTextReader -->
+      <Rule Id="CA3147" Action="None" />             <!-- Mark Verb Handlers With Validate Antiforgery Token -->
+   </Rules>
+</RuleSet>

packages/Microsoft.NetFramework.Analyzers.2.9.8/rulesets/DataflowRulesEnabled.ruleset

@@ -0,0 +1,16 @@
+<?xml version="1.0"?>
+<RuleSet Name="Dataflow Rules Enabled with default severity" Description="All Dataflow Rules are enabled with default severity. Dataflow Rules with IsEnabledByDefault = false are force enabled with default severity. Non-Dataflow Rules are disabled." ToolsVersion="15.0">
+   <!-- Dataflow Rules -->
+
+
+
+   <!-- Other Rules -->
+   <Rules AnalyzerId="Microsoft.NetFramework.Analyzers" RuleNamespace="Microsoft.NetFramework.Analyzers">
+      <Rule Id="CA1058" Action="None" />             <!-- Types should not extend certain base types -->
+      <Rule Id="CA2153" Action="None" />             <!-- Do Not Catch Corrupted State Exceptions -->
+      <Rule Id="CA3075" Action="None" />             <!-- Insecure DTD processing in XML -->
+      <Rule Id="CA3076" Action="None" />             <!-- Insecure XSLT script processing. -->
+      <Rule Id="CA3077" Action="None" />             <!-- Insecure Processing in API Design, XmlDocument and XmlTextReader -->
+      <Rule Id="CA3147" Action="None" />             <!-- Mark Verb Handlers With Validate Antiforgery Token -->
+   </Rules>
+</RuleSet>