Pull to refresh
126.98

.NET *

A hub about .NET

Show first
Rating limit
Level of difficulty

PVS-Studio checks the code quality in the .NET Foundation projects: LINQ to DB

Reading time 11 min
Views 557

The .NET Foundation is an independent organization, created by Microsoft, to support open-source projects around the DotNet platform. Currently, the organization gathered many libraries under its wing. We have already tested some of these libraries with the help of PVS-Studio. The next project to check with the analyzer - LINQ to DB.

Read more
Rating 0
Comments 0

All hail bug reports: how we reduced the analysis time of the user's project from 80 to 4 hours

Reading time 8 min
Views 598

0885_SupportAndAnalyzerOptimizations/image1.png


People often see work in support as something negative. Today we'll look at it from a different perspective. This article is about a real communication of 100+ messages, exceptions, the analysis that didn't complete in three days...

Read more →
Total votes 4: ↑3 and ↓1 +2
Comments 0

OWASP Top Ten and Software Composition Analysis (SCA)

Reading time 9 min
Views 1.3K

The OWASP Top Ten 2017 category A9 (which became A6 in OWASP Top Ten 2021) is dedicated to using components with known vulnerabilities. To cover this category in PVS-Studio, developers have to turn the analyzer into a full SCA solution. How will the analyzer look for vulnerabilities in the components used? What is SCA? Let's try to find the answers in this article!

Read more
Rating 0
Comments 0

Creating Roslyn API-based static analyzer for C#

Reading time 23 min
Views 4.7K

After you read this article, you'll have the knowledge to create your own static analyzer for C#. With the help of the analyzer, you can find potential errors and vulnerabilities in the source code of your own and other projects. Are you intrigued? Well, let's get started.

Read more
Total votes 2: ↑1 and ↓1 0
Comments 0

How Visual Studio 2022 ate up 100 GB of memory and what XML bombs had to do with it

Reading time 7 min
Views 2.9K

0865_VS2022_XMLBomb/image1.png


In April 2021 Microsoft announced a new version of its IDE – Visual Studio 2022 – while also announcing that the IDE would be 64-bit. We've been waiting for this for so long – no more 4 GB memory limitations! However, as it turned out, it's not all that simple...

Read more →
Total votes 2: ↑2 and ↓0 +2
Comments 0

XSS: attack, defense — and C# programming

Reading time 11 min
Views 2.1K

XSS - or cross-site scripting - is one of the most common vulnerabilities in web applications. It has been on the OWASP Top 10 list (the list of the most critical security risks to web applications) for a while now. So let's figure out together how your browser can acquire and execute a script from a third-party website, and what this may lead to (spoiler: your cookies could get stolen, for example). And while we're at it, we'll talk about ways you can protect yourself from XSS.

Read more
Total votes 1: ↑1 and ↓0 +1
Comments 0

Tutorial: how to port a project from Interop Word API to Open XML SDK

Reading time 14 min
Views 2.4K

With the .NET5 release further development of some projects was questionable due to the complexity of porting. One can abandon small outdated libraries or find a replacement. But it's hard to throw away Microsoft.Office.Interop.Word.dll. Microsoft doesn't plan to add compatibility with .NET Core/5+, so in this article we focus on creating Word files with Open XML SDK.

Read more
Total votes 4: ↑3 and ↓1 +2
Comments 0

Is PHP compilable?! PVS-Studio searches for errors in PeachPie

Reading time 22 min
Views 657

PHP is widely known as an interpreted programming language used mainly for website development. However, few people know that PHP also has a compiler to .NET – PeachPie. But how well is it made? Will the static analyzer be able to find actual bugs in this compiler? Let's find out!

Read more
Total votes 2: ↑2 and ↓0 +2
Comments 0

Optimization of .NET applications: a big result of small edits

Reading time 17 min
Views 1.8K

0852_NETAppsPerf_MinChangesMajorRes/image1.png


Today we're going to discuss how small optimizations in the right places of the application can improve its performance. Imagine: we remove the creation of an extra iterator in one place, get rid of boxing in the other. As a result, we get drastic improvements because of such small edits.

Read more →
Total votes 6: ↑4 and ↓2 +2
Comments 0

AngouriMath 1.3 update

Reading time 5 min
Views 4.2K

Four months of awesome work together with a few new contributors finally result in a new major release, which I'm happy to announce about.

Now we get completely new matrices, improved parser, a lot of new functions, almost rewritten interactive package (for working in Jupyter) and many more.

This article about a big update in a FOSS symbolic algebra library for .NET, I hope it may be interesting for someone!

Read more
Total votes 5: ↑5 and ↓0 +5
Comments 0

Creating a NuGet package for a library with platform-specific API

Level of difficulty Medium
Reading time 13 min
Views 8.8K

When creating a .NET library with a partially platform-specific API, we should think about how to pack it into a NuGet package so that the installed library will work in various scenarios (.NET Framework, .NET Core, self-contained application and so on). Unfortunately, it is difficult to find a step-by-step instruction on the web that describes how to perform this task. This article is intended to be such an instruction.

Read more
Total votes 1: ↑1 and ↓0 +1
Comments 0

How to be good in hackathons as a developer? Practice creating simple pet projects

Reading time 6 min
Views 3.3K

Hackathons could be very intimidating and stressful. The key to getting better is doing simple projects. In this article, we will look at an example of a web app that can be used for sharpening your skills when you prepare for a hackathon. We will use a powerful Google API based on Machine Learning and apply the following technologies: ASP.NET, HTML, Docker, Heroku, and Git.

Read more
Total votes 5: ↑5 and ↓0 +5
Comments 1

How WCF Shoots Itself in the Foot With TraceSource

Reading time 11 min
Views 881

We don't often get the chance to write something on parallel programming issues. This time we "got lucky". The TraceEvent standard method has some implementation peculiarities. They resulted in an error with multiple threads blocking. So we'd like to warn users about this nuance and cover this interesting case from our users support practice. Why was our support involved? Keep reading to find out. Enjoy the reading!

Read more
Total votes 5: ↑5 and ↓0 +5
Comments 0

.NET Application Optimization: Simple Edits Speeded Up PVS-Studio and Reduced Memory Consumption by 70%

Reading time 17 min
Views 1.1K

We know many ways to detect performance problems, such as extremely low speed and high memory consumption. Usually tests, developers, or testers detect such applications' drawbacks. In the worst case, users find weaknesses and report back. Alas, detecting defects is only the first step. Next, we should localize the problem. Otherwise, we won't solve it. Here comes a question - how to find weak points that lead to excessive memory consumption and slow down in a large project? Are there such at all? Maybe it's not about the application? So now you're reading a story how PVS-Studio C# developers encountered a similar problem and managed to solve it.

Read more
Rating 0
Comments 0

OWASP, Vulnerabilities, and Taint Analysis in PVS-Studio for C#. Stir, but Don't Shake

Reading time 12 min
Views 773

0831_TaintAnalysis_Cs/image1.png


We continue to develop PVS-Studio as a SAST solution. Thus, one of our major goals is expanding OWASP coverage. You might ask, what's the use when there's no taint analysis? That's exactly what we thought — and decided to implement taint analysis in the C# analyzer. Curious about what we accomplished? Read on!

Read more →
Total votes 2: ↑1 and ↓1 0
Comments 0

Multithreading in Photon

Reading time 8 min
Views 1K

What this article is about 

In this article, we will talk about multithreading in the backend. 

how it is implemented 

how is it used 

what can be done 

what we invented ourselves 

All these questions are relevant only if you develop something for the server side - modify the Server SDK code, write your own plugin, or even start some server application from scratch.

Read More
Rating 0
Comments 0

Authors' contribution