Disable some impactful analyzers (#1246)

Rob-Hague · WojciechNagorski · web-flow · commit 9b0262c5fb05 · 2023-12-02T16:41:32.000+01:00
* Disable some impactful analyzers

* fb

---------

Co-authored-by: Wojciech Nagórski &lt;wojtpl2@gmail.com&gt;
diff --git a/.editorconfig b/.editorconfig
@@ -89,6 +89,19 @@ dotnet_diagnostic.S1481.severity = none
 # This is a duplicate of IDE0059.
 dotnet_diagnostic.S1854.severity = none
 
+# S1944: Invalid casts should be avoided
+# https://rules.sonarsource.com/csharp/RSPEC-1944/
+#
+# Disabled due to build performance impact.
+dotnet_diagnostic.S1944.severity = none
+
+# S2053: Hashes should include an unpredictable salt
+# https://rules.sonarsource.com/csharp/RSPEC-2053/
+#
+# Disabled due to build performance impact /
+# We need to specify the salt.
+dotnet_diagnostic.S2053.severity = none
+
 # S2259: Null pointers should not be dereferenced
 # https://rules.sonarsource.com/csharp/RSPEC-2259
 #
@@ -116,8 +129,9 @@ dotnet_diagnostic.S2551.severity = none
 # S2583: Conditionally executed code should be reachable
 # https://rules.sonarsource.com/csharp/RSPEC-2583
 #
+# Disabled due to build performance impact /
 # This rule produces false errors in, for example, for loops.
-#dotnet_diagnostic.S2583.severity = none
+dotnet_diagnostic.S2583.severity = none
 
 # S2699: Tests should include assertions
 # https://rules.sonarsource.com/csharp/RSPEC-2699
@@ -131,6 +145,12 @@ dotnet_diagnostic.S2551.severity = none
 # }
 dotnet_diagnostic.S2699.severity = none
 
+# S2930: "IDisposables" should be disposed
+# https://rules.sonarsource.com/csharp/RSPEC-2930/
+#
+# Duplicate of CA2000.
+dotnet_diagnostic.S2930.severity = none
+
 # S2933: Fields that are only assigned in the constructor should be "readonly"
 # https://rules.sonarsource.com/csharp/RSPEC-2933
 #
@@ -155,6 +175,10 @@ dotnet_diagnostic.S3218.severity = none
 # LINQ is the root of all evil :p
 dotnet_diagnostic.S3267.severity = none
 
+# S3329: Cipher Block Chaining IVs should be unpredictable
+# https://rules.sonarsource.com/csharp/RSPEC-3329/
+dotnet_diagnostic.S3329.severity = none
+
 # S3376: Attribute, EventArgs, and Exception type names should end with the type being extended
 # https://rules.sonarsource.com/csharp/RSPEC-3376
 #
@@ -174,12 +198,36 @@ dotnet_diagnostic.S3442.severity = none
 # This is a duplicate of MA0087.
 dotnet_diagnostic.S3450.severity = none
 
+# S3459: Unassigned members should be removed
+# https://rules.sonarsource.com/csharp/RSPEC-3459/
+#
+# Duplicate of IDE0051/IDE0052
+dotnet_diagnostic.S3459.severity = none
+
+# S3626: Jump statements should not be redundant
+# https://rules.sonarsource.com/csharp/RSPEC-3626/
+#
+# Disabled due to build performance impact.
+dotnet_diagnostic.S3626.severity = none
+
+# S3655: Empty nullable value should not be accessed
+# https://rules.sonarsource.com/csharp/RSPEC-3655/
+#
+# Disabled due to build performance impact.
+dotnet_diagnostic.S3655.severity = none
+
 # S3871: Exception types should be "public"
 # https://rules.sonarsource.com/csharp/RSPEC-3871
 #
 # This is a duplicate of CA1064.
 dotnet_diagnostic.S3871.severity = none
 
+# S3900: Arguments of public methods should be validated against null
+# https://rules.sonarsource.com/csharp/RSPEC-3900/
+#
+# This is a duplicate of CA1062.
+dotnet_diagnostic.S3900.severity = none
+
 # S3903: Types should be defined in named namespaces
 # https://rules.sonarsource.com/csharp/RSPEC-3903
 #
@@ -198,6 +246,12 @@ dotnet_diagnostic.S3925.severity = none
 # This is a duplicate of MA0015.
 dotnet_diagnostic.S3928.severity = none
 
+# S3949: Calculations should not overflow
+# https://rules.sonarsource.com/csharp/RSPEC-3949/
+#
+# Disabled due to build performance impact.
+dotnet_diagnostic.S3949.severity = none
+
 # S3998: Threads should not lock on objects with weak identity
 # https://rules.sonarsource.com/csharp/RSPEC-3998
 #
@@ -210,6 +264,16 @@ dotnet_diagnostic.S3998.severity = none
 # This is a duplicate of MA0062.
 dotnet_diagnostic.S4070.severity = none
 
+# S4158: Empty collections should not be accessed or iterated
+# https://rules.sonarsource.com/csharp/RSPEC-4158/
+#
+# Disabled due to build performance impact.
+dotnet_diagnostic.S4158.severity = none
+
+# S4423: Weak SSL/TLS protocols should not be used
+# https://rules.sonarsource.com/csharp/RSPEC-4423/
+dotnet_diagnostic.S4423.severity = none
+
 # S4456: Parameter validation in yielding methods should be wrapped
 # https://rules.sonarsource.com/csharp/RSPEC-4456
 #
@@ -228,6 +292,26 @@ dotnet_diagnostic.S4487.severity = none
 # This is a partial duplicate of MA0067, and we do not want to report the use of 'default' for a Guid as error.
 dotnet_diagnostic.S4581.severity = none
 
+# S4830: Server certificates should be verified during SSL/TLS connections
+# https://rules.sonarsource.com/csharp/RSPEC-4830/
+dotnet_diagnostic.S4830.severity = none
+
+# S5542: Encryption algorithms should be used with secure mode and padding scheme
+# https://rules.sonarsource.com/csharp/RSPEC-5542/
+dotnet_diagnostic.S5542.severity = none
+
+# S5547: Cipher algorithms should be robust
+# https://rules.sonarsource.com/csharp/RSPEC-5547/
+dotnet_diagnostic.S5547.severity = none
+
+# S5659: JWT should be signed and verified with strong cipher algorithms
+# https://rules.sonarsource.com/csharp/RSPEC-5659/
+dotnet_diagnostic.S5659.severity = none
+
+# S5773: Types allowed to be deserialized should be restricted
+# https://rules.sonarsource.com/csharp/RSPEC-5773/
+dotnet_diagnostic.S4581.severity = none
+
 #### StyleCop rules ####
 
 # SA1003: Symbols must be spaced correctly
@@ -262,6 +346,12 @@ dotnet_diagnostic.SA1101.severity = none
 #                                         callsForType.Count);
 dotnet_diagnostic.SA1116.severity = none
 
+# SA1121: Use built-in type alias
+# https://github.com/DotNetAnalyzers/StyleCopAnalyzers/blob/master/documentation/SA1121.md
+#
+# Duplicate of IDE0049.
+dotnet_diagnostic.SA1121.severity = none
+
 # SA1200: Using directives must be placed correctly
 #
 # This is already verified by the .NET compiler platform analyzers (csharp_using_directive_placement option and IDE0065 rule).
@@ -293,6 +383,11 @@ dotnet_diagnostic.SA1413.severity = none
 # This is a duplicate of IDE0011.
 dotnet_diagnostic.SA1503.severity = none
 
+# SA1512: Single-line comments should not be followed by a blank line
+#
+# Blank lines can improve readability.
+dotnet_diagnostic.SA1512.severity = none
+
 # SA1516: Elements must be separated by blank line
 #
 # When enabled, a diagnostic is produced for properties with both a get and set accessor.
@@ -551,9 +646,7 @@ dotnet_diagnostic.CA1510.severity = none
 #
 # This is a duplicate of S927, but contains at least one bug:
 # https://github.com/dotnet/roslyn-analyzers/issues/6461
-#
-# Since we do not enable any of the Sonar rules by default, we'll leave CA1725 enabled.
-dotnet_diagnostic.CA1725.severity = error
+dotnet_diagnostic.CA1725.severity = none
 
 # CA1825: Avoid zero-length array allocations
 # https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca1825
@@ -594,12 +687,26 @@ dotnet_diagnostic.CA2208.severity = none
 # We use ECB mode as the basis for other modes (e.g. CTR)
 dotnet_diagnostic.CA5358.severity = none
 
+# CA5389: Do not add archive item's path to the target file system path
+# https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca5389
+dotnet_diagnostic.CA5389.severity = none
+
+# CA5390: Do not hard-code encryption key
+# https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca5390
+dotnet_diagnostic.CA5390.severity = none
+
 # CA5401: Do not use CreateEncryptor with non-default IV
-# https://learn.microsoft.com/en-gb/dotnet/fundamentals/code-analysis/quality-rules/ca5401
-#
-# We need to specify the IV.
+# https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca5401
 dotnet_diagnostic.CA5401.severity = none
 
+# CA5402: Use CreateEncryptor with the default IV
+# https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca5402
+dotnet_diagnostic.CA5402.severity = none
+
+# CA5403: Do not hard-code certificate
+# https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca5403
+dotnet_diagnostic.CA5403.severity = none
+
 #### Roslyn IDE analyser rules ####
 
 # IDE0028: Simplify collection initialization; and
