No products

Shipping 0,00 €
Tax 0,00 €
Total 0,00 €

Prices are tax included

Cart Check out


Scan2Fix4Csh product

Scan2Fix4Csh product

Scan2Fix4Csh the Microsoft C# source code analyzer

More details

0,00 € tax incl.


  • analysis of Microsoft C# source code
  • detects violation of developpement rules, respect of security rules (local to 1 file, and for the entiere application)
  • autonomous tool, no dll or Microsoft additional software

Integration in development and production environments

  • Sonar provides a multi views dashboard :
    • continous integration (jenkins for ex)
    • source code + unit test (Sonar and Scan2Fix 4CSharp or 4Php or 4VB6 or 4Java)
    • production supervision (IIS logs Scan2Fix4Iis, Windows Stack trace Scan2Fix4Stt)
    • web site qualityaudit (Scan2Fix4Aspx)
  • Sonar Web Server is accessible for all technical actors (developers, project managers, Web integrators, production)
  • Generation of static Html reports : standalone and publishable


Quick and simple installation

  • during the command process, provide the sonar server hostname
  • install a java jre
  • install maven 2 or 3
  • install Sonar (any version)
  • copy the plugin (the download link is provided during the commande process) in SONAR_HOME/extensions/plugins
  • restart the Sonar server
  • under admin / Profiles, activate all the rules in the profile "Default Csh Profile")
  • start a C# scan and the violations appear in the Sonar dashboard)

Example of pom.xml file

<project xmlns="" xmlns:xsi="" xsi:schemaLocation="">

  • <modelVersion>4.0.0</modelVersion>
  • <groupId>com.qualitesys.wsqualitychecker</groupId>
  • <artifactId>tfs_MEL_2012_06_19_csh</artifactId>
  • <version>2012_06_19_01</version>
  • <name>tfs_MEL_2012_06_19_csh</name>

  • <properties>
    • <sonar.language>csh</sonar.language>
    • <>true</>
  • </properties>

  • <pluginRepositories>
    • <pluginRepository>
      • <id>QualityChecker remote repository</id>
      • <url></url>
    • </pluginRepository>
  • </pluginRepositories>
  • <build>
    • <!-- OBLIGATOIRE -->
    • <sourceDirectory>C:your_dir_to_source_code</sourceDirectory>
    • <plugins>
        • <plugin>
        • <groupId>com.qualitesys.maven.plugins</groupId>
        • <artifactId>qcr-maven-plugin</artifactId>
        • <executions>
          • <execution>
            • <id>PhaseCleanGoalqcrgoalclean</id>
            • <phase>clean</phase>
            • <goals>
              • <goal>qcrgoalclean</goal>
            • </goals>
          • </execution>
          • <execution>
            • <id>PhaseCompileGoalqcrgoalcompile</id>
            • <phase>compile</phase>
            • <goals>
              • <goal>qcrgoalcompile</goal>
            • </goals>
          • </execution>
        • </executions>
      • </plugin>
        • <plugin>
        • <groupId>org.apache.maven.plugins</groupId>
        • <artifactId>maven-site-plugin</artifactId>
        • <version>3.0-beta-3</version>
        • <configuration>
          • <reportPlugins>
            • <plugin>
              • <groupId>org.apache.maven.plugins</groupId>
              • <artifactId>maven-project-info-reports-plugin</artifactId>
              • <version>2.2</version>
            • </plugin>
            • <plugin>
              • <groupId>com.qualitesys.maven.plugins</groupId>
              • <artifactId>qcr-maven-plugin</artifactId>
            • </plugin>
          • </reportPlugins>
        • </configuration>
      • </plugin>
    • </plugins>
  • </build>



Example with Maven only

Nota : the plugin for Sonar is not required. Usage is limited to 5 days.

mvn clean compile site

Maven will generate the static Web site under target/site/index.html

Example with Maven and Sonar

Nota : the plugin for Sonar is not required. It is provided at the validation step of the command process or on explicit request (

mvn clean compile sonar:sonar


Violations dictionary

QC-CSHCWE078 BLOCKER OS command injection
QC-CSHCWE099 BLOCKER Ressource injection
QC-CSHCWE412 BLOCKER Unrestricted lock of critical ressource, deadlock
QC-CSHCWE470 BLOCKER Use of externally-controlled (unsafe reflection)
QC-CSHCWE621 BLOCKER Variable extraction error
QC-CSHCWE624 BLOCKER Executable regular expression error
QC-CSH000002 BLOCKER An alone throw instruction preceeded by method invocations
QC-CSH000004 BLOCKER String comparing : change x=='' to x.IsNullOrEmpty
QC-CSH000005 BLOCKER String comparing : change x.Equals('') to x.IsNullOrEmpty
QC-CSH000006 BLOCKER String comparing : change Equals(x,'') to x.IsNullOrEmpty
QC-CSH000007 BLOCKER String concat : use concat instead of +
QC-CSH000008 BLOCKER String comparing : change == or != to Equals()
QC-CSH999999 BLOCKER Syntax analysis failure on the source code
QC-CSH000001 CRITICAL Original stack trace lost because the catch exception is thrown
QC-CSH000096 CRITICAL Insufficient control of directives in statically saved code
QC-CSH000476 CRITICAL Null pointer reference
QC-CSH000484 CRITICAL Omitted Break Statement in Switch
QC-CSH000570 CRITICAL Condition NEVER true
QC-CSH000616 CRITICAL Incomplete identification of uploaded file
QC-CSHCWE390 MAJOR Detection of error condition without action
QC-CSHCWE392 MAJOR Failure to report error in status code
QC-CSHCWE481 MAJOR Assigning instead of comparing
QC-CSHCWE493 MAJOR Critical public variable without final modifier
QC-CSHCWE584 MAJOR Return inside finally block
QC-CSHCWE252 MINOR Return type of function is not tested
QC-CSHCWE500 MINOR Static public field not marked final
QC-CSHCWE582 MINOR Array declared public, final and static
QC-CSHCWE585 MINOR The software contains an empty synchronized block
QC-CSHCWE626 MINOR Null byte interaction error
QC-CSHCWE627 MINOR Dynamic variable evaluation for variable
QC-CSH999996 INFO Local Cut and Paste Detector in single file


  • Sonar compatibility Sonar 3.0 to 4.1.2
  • Maven compatibility maven 2&3

Informations After saving your customized product, remember to add it to your cart.


  • Name of the Sonar server*

* required fields