Dogma Solutions Roslyn Analyzers and Code Fixers

A set of C# Roslyn analyzers, code fixers, and refactorings that catch bugs, design flaws, and security pitfalls at compile time -- before they reach code review or production.

The package currently ships 30+ rules across six categories:

• Design
• Security
• Performance
• Code Smells
• Bug
• Best Practice

Most analyzers include an automatic code fix. All of them include tools for adding code-review comments. Install via NuGet and every rule is enforced automatically during compilation, with severity levels configurable through .editorconfig.

---

Versioning criteria

The NuGet package follows the conventions of Semantic Versioning 2.0.0.
Cit.:

Given a version number MAJOR.MINOR.PATCH, increment the:
1. MAJOR version when you make incompatible API changes
2. MINOR version when you add functionality in a backward compatible manner
3. PATCH version when you make backward compatible bug fixes

Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format.

---

Installation

Just download and install the NuGet package

https://www.nuget.org/packages/DogmaSolutions.Analyzers

---

Rules structure

This section describes the rules included in this package.

Every rule is accompanied by the following information and clues:

• Category → identify the area of interest of the rule, and can have one of the following values: Design / Naming / Style / Usage / Performance / Security
• Severity → state the default severity level of the rule. The severity level can be changed by editing the .editorconfig file used by the project/solution. Possible values are enumerated by the DiagnosticSeverity enum
• Description, motivations and fixes → a detailed explanation of the detected issue, and a brief description on how to change your code in order to solve it.
• See also → a list of similar/related rules, or related knowledge base

Rules list

Id	Category	Description	Default severity	Is enabled	Refactoring available	Code-review tools available
DSA001	Design	WebApi controller methods should not contain data-manipulation business logics through a LINQ query expression.	⚠ Warning	✅	❌	✅
DSA002	Design	WebApi controller methods should not contain data-manipulation business logics through a LINQ fluent query.	⚠ Warning	✅	❌	✅
DSA003	Code Smells	Use String.IsNullOrWhiteSpace instead of String.IsNullOrEmpty	⚠ Warning	✅	✅	✅
DSA004	Code Smells	Use DateTime.UtcNow instead of DateTime.Now	⚠ Warning	✅	✅	✅
DSA005	Code Smells	Potential non-deterministic point-in-time execution	⛔ Error	✅	✅	✅
DSA006	Code Smells	General exceptions should not be thrown by user code	⛔ Error	✅	❌	✅
DSA007	Code Smells	When initializing a lazy field, use a robust locking pattern, i.e. the "if-lock-if" (aka "double checked locking")	⚠ Warning	✅	❌	✅
DSA008	Bug	The RequiredAttribute has no impact on a not-nullable DateTime	⛔ Error	✅	✅	✅
DSA009	Bug	The RequiredAttribute has no impact on a not-nullable DateTimeOffset	⛔ Error	✅	✅	✅
DSA011	Design	Avoid lazily initialized, self-contained, static singleton properties	⚠ Warning	✅	❌	✅
DSA012	Design	Avoid the "if not exists, then insert" check-then-act antipattern on database types (TOCTOU)	⚠ Warning	✅	❌	✅
DSA013	Security	Minimal API endpoints should have an explicit authorization configuration	⚠ Warning	✅	✅	✅
DSA014	Security	Minimal API endpoints on route groups should have an explicit authorization configuration	⚠ Warning	✅	✅	✅
DSA015	Security	Minimal API endpoints on parameterized route builders should have an explicit authorization configuration	⚠ Warning	✅	✅	✅
DSA016	Code Smells	Avoid repeated invocation of the same enumeration method with identical arguments	⚠ Warning	✅	✅	✅
DSA017	Design	Use the collection's atomic operation instead of the check-then-act pattern	⚠ Warning	✅	✅	✅
DSA018	Design	Protect the check-then-act pattern with a lock or use a collection with built-in duplicate handling	⚠ Warning	✅	❌	✅
DSA019	Code Smells	Avoid repeated deeply nested member access chains	⚠ Warning	✅	✅	✅
DSA020	Code Smells	Remove redundant async/await on Task.FromResult	⚠ Warning	✅	✅	✅
DSA021	Best Practice	Entity Framework queries should be tagged with TagWith or TagWithCallSite for traceability	⚠ Warning	✅	✅	✅
DSA022	Performance	Hoist loop-invariant expression out of inner loop	⚠ Warning	✅	✅	✅
DSA023	Best Practice	Use Path.Combine instead of string concatenation to build file system paths	⚠ Warning	✅	✅	✅
DSA024	Best Practice	Use Path.Combine instead of string concatenation for path-like parameters	⚠ Warning	✅	✅	✅
DSA025	Performance	Use structured logging template instead of interpolated string	⚠ Warning	✅	✅	✅
DSA026	Bug	Use nearest scope CancellationToken	⚠ Warning	✅	✅	✅
DSA027	Performance	Replace string concatenation in loops with StringBuilder	⚠ Warning	✅	✅	✅
DSA028	Performance	Prefer ToArray() over ToList() when return type is a read-only interface	⚠ Warning	✅	✅	✅
DSA029	Bug	The RequiredAttribute has no impact on a not-nullable value type	⚠ Warning	✅	✅	✅
DSA030	Best Practice	Entity Framework queries should explicitly specify a change tracking strategy	💡 Suggestion	✅	✅	✅
DSA031	Performance	Use AsNoTracking for Entity Framework queries that do not require change tracking	⚠ Warning	✅	✅	✅
DSA032	Code Smells	Avoid duplicated string literals in the same method body	⚠ Warning	✅	✅	✅

Refactorings list

In addition to analyzer rules, this package ships code refactorings that appear in the IDE lightbulb/screwdriver menu independently of any diagnostic.

Id	Description
DSR001	Insert .TagWithCallSite() or .TagWith("...") before any EF query terminal method
DSR002	Extract any string literal to a local constant or class field constant

---

Contributing

Contributions are welcome! Please read the Contributing Guidelines before submitting a pull request.

Security

To report a security vulnerability, please follow the instructions in SECURITY.md. Do not open a public issue for security reports.

Code of Conduct

This project follows the Contributor Covenant v2.1. See CODE_OF_CONDUCT.md for details.

License

This project is licensed under the MIT License.