Description
Running the FxCop analyzers with the Sdl.Required.Warning.ruleset as done on #5331 raises some errors. Please note that ML.NET already had a ruleset defined on Source.ruleset but it turns out that since the FxCop analyzers weren't installed before, several of those rules were never actually enforced. After installing the FxCop most of the errors detected come from this preexisting ruleset, but they're not to be considered security-related since they aren't part of the Sdl ruleset.
Rules related to security
- CA2301 - Raised on a couple of places of ML.NET. This is actually the only error coming from the Sdl ruleset.
- CA2100 - This doesn't come from the Sdl ruleset (it comes from the preexisting ruleset) but seems to be security related.
Rules not related to security
The other error codes thrown by the analyzers are the following. As per @sharwell recommendation, it might just be best to disable all of these, but it might also be preferable to address and solve some of them in order to reenable the rules. PR #5331 disables all of this, until they might be addressed in the future.
Rules we might want to address after disabling:
- CA1060
- CA1065
- CA2002
- CA2101
- CA2231
Rules we might simply want to disable and not address:
- CA1001
- CA1033
- CA1063
- CA2213
- CA2214