1
Vote

FxCop's security rule's sequence not working for Asp.net & MVC

description

Hi,

I have a strange problem when I run FxCop’s AspNetSecurity rules against different types of web application (Asp.net & Asp.net MVC)
__
I understand that order of the dlls in /rule (AspNetMvcSecurityRules.dll & AspNetSecurityRules.dll)
create the problem__

Here is the scenario,
For Web Project (.aspx):
When I run the following command in FxCopcmd.exe for asp.net project, I won’t get expected errors from FxCop
/out:"results.xml" /file:"C:\WebApplication1.dll" /rule:"AspNetMvcSecurityRules.dll" /rule:"AspNetSecurityRules.dll" …
(Reason : In /rule, i have given MVC dll as first then second Asp dll as well. but the project dll is Asp.net )

However, if I tweak the command like following, I will get the expected errors
/out:"results.xml" /file:"C:\WebApplication1.dll" /rule:"AspNetSecurityRules.dll" /rule:"AspNetMvcSecurityRules.dll" …
(Reason : In /rule, i have given ASP dll as first then second MVC dll as well. but the project dll is Asp.net )

For MVC Project:
This is reverse of Asp.net project,

I mean, I won’t get any error message from FxCorp, if my command would be like following,
/out:"results.xml" /file:"C:\MVCApplication1.dll" /rule:"AspNetSecurityRules.dll" /rule:"AspNetMvcSecurityRules.dll" …
(Reason : In /rule, i have given ASP dll as first then second MVC dll as well. but the project dll is Asp.net )

However, if I tweak the command like following, I will get the expected output
/out:"results.xml" /file:"C:\MVCApplication1.dll" /rule:"AspNetMvcSecurityRules.dll" /rule:"AspNetSecurityRules.dll" …
(Reason : In /rule, i have given MVC dll as first then second Asp dll as well. but the project dll is Asp.net )

Please suggest me how to tackle that issue.
Because, I may have a single FxCop command which should run in both Asp.Net & Asp.Net MVC.

Thanks in advance.

comments