Jump to navigation

Poupou's Corner of the Web

Looking for perfect security? Try a wireless brick.
Otherwise you may find some unperfect stuff here...


Hack Week 3 - Gendarme Recap

Last week was the third edition of Novell's Hack Week. During the week I used Ohloh to describe all the changes I made to Gendarme, almost in real-time. Still a quick recap can be easier to read...

Framework Enhancements

  • New Severity.Audit for rules that will always trigger but are still useful from time to time (see new rules);
  • New IRule and IRunner TearDown methods were added to allow late reporting (of defects) and any specific rule clean up;
  • New filtering options for defects (see runners) to get shorter, more accurate, reports;
  • New [FxCopCompatibility] attribute to help map between Gendarme and FxCop rules. This will allow us to support the .NET framework [SuppressMessage] attribute.
  • New "engines" support. Engines are building additional data, on top of what Cecil provides, for the rules to consume. The runners ensure of the engine data availability before any rules that requires them start their analysis (i.e. the Check* methods). This part is not yet committed (but should be soon) and will be a moving target until 2.2 is released. Expect a few blog entries on them (there are two engines right now) later this month.

Runners Enhancements

  • The console runner has been updated to expose the new framework features, like:
    • --limit=N can be used to limit the number of defects reported during analysis;
    • --severity=... can be used to filter only some severity level (e.g. ignoring audits);
    • --confidence=... can be used to filter results more likely to be false positives.
  • A new step has been added to the wizard runner to set some options before the analysis.
    • Limit the number of defects reported;
    • Set a minimum severity level on defects;
    • Set a minimum confidence level on defects;
    • Select visibility, which allow rules to work only on visible, non-visible or all your code.


  • Quite a lot of moving, renaming and a few optimizations. Expect a bit more of this before 2.2 gets released. New assemblies were created for Code Access Security rules (Gendarme.Rules.Security.Cas) and for generic related rules (Gendarme.Rules.Design.Generic).
  • New ReviewSuppressUnmanagedCodeSecurityUsageRule to show the new Audit severity. This is a good example about something that can't be fixed (for once and for all) but where it's useful, from time to time, to know where they hide.
  • New UseGenericEventHandlerRule to promote the use of EventHandler<TEventArgs> over the creation of delegates.

Except for some rules fixes and optimizations that were backported (to 2.0) all this new stuff will be released with Gendarme 2.2 (i.e. with Mono 2.2, not 2.0). More news soon!

9/2/2008 20:30:19 | Comments

The views expressed on this website/weblog are mine alone and do not necessarily reflect the views of my employer.