Merge pull request #4480 from gewarren/nuget

Code analysis GitHub issue fixes

Author: GitHubber17

docs/code-quality/code-analysis-warnings-for-managed-code-by-checkid.md

@@ -1,6 +1,6 @@
 ---
 title: Code Analysis Warnings for Managed Code by CheckId
-ms.date: 11/04/2016
+ms.date: 04/18/2019
 ms.topic: reference
 f1_keywords:
   - "CA1000"
@@ -160,6 +160,7 @@ f1_keywords:
   - "CA2003"
   - "CA2004"
   - "CA2006"
+  - "CA2007"
   - "CA2100"
   - "CA2101"
   - "CA2102"
@@ -305,7 +306,7 @@ The following table lists Code Analysis warnings for managed code by the CheckId
 | CA1041 | [CA1041: Provide ObsoleteAttribute message](../code-quality/ca1041-provide-obsoleteattribute-message.md) | A type or member is marked by using a System.ObsoleteAttribute attribute that does not have its ObsoleteAttribute.Message property specified. When a type or member that is marked by using ObsoleteAttribute is compiled, the Message property of the attribute is displayed. This gives the user information about the obsolete type or member. |
 | CA1043 | [CA1043: Use integral or string argument for indexers](../code-quality/ca1043-use-integral-or-string-argument-for-indexers.md) | Indexers (that is, indexed properties) should use integral or string types for the index. These types are typically used for indexing data structures and they increase the usability of the library. Use of the Object type should be restricted to those cases where the specific integral or string type cannot be specified at design time. |
 | CA1044 | [CA1044: Properties should not be write only](../code-quality/ca1044-properties-should-not-be-write-only.md) | Although it is acceptable and often necessary to have a read-only property, the design guidelines prohibit the use of write-only properties. This is because letting a user set a value, and then preventing the user from viewing that value, does not provide any security. Also, without read access, the state of shared objects cannot be viewed, which limits their usefulness. |
-| CA1045 |[CA1045: Do not pass types by reference](../code-quality/ca1045-do-not-pass-types-by-reference.md) | Passing types by reference (using out or ref) requires experience with pointers, understanding how value types and reference types differ, and handling methods that have multiple return values. Library architects who design for a general audience should not expect users to master working with out or ref parameters. |
+| CA1045 |[CA1045: Do not pass types by reference](../code-quality/ca1045-do-not-pass-types-by-reference.md) | Passing types by reference (using out or ref) requires experience with pointers, understanding how value types and reference types differ, and handling methods that have multiple return values. Library architects who design for a general audience should not expect users to master working with `out` or `ref` parameters. |
 | CA1046 | [CA1046: Do not overload operator equals on reference types](../code-quality/ca1046-do-not-overload-operator-equals-on-reference-types.md) | For reference types, the default implementation of the equality operator is almost always correct. By default, two references are equal only if they point to the same object. |
 | CA1047 |[CA1047: Do not declare protected members in sealed types](../code-quality/ca1047-do-not-declare-protected-members-in-sealed-types.md) | Types declare protected members so that inheriting types can access or override the member. By definition, sealed types cannot be inherited, which means that protected methods on sealed types cannot be called. |
 | CA1048 | [CA1048: Do not declare virtual members in sealed types](../code-quality/ca1048-do-not-declare-virtual-members-in-sealed-types.md) | Types declare methods as virtual so that inheriting types can override the implementation of the virtual method. By definition, a sealed type cannot be inherited. This makes a virtual method on a sealed type meaningless. |
@@ -327,7 +328,7 @@ The following table lists Code Analysis warnings for managed code by the CheckId
 | CA1064 | [CA1064: Exceptions should be public](../code-quality/ca1064-exceptions-should-be-public.md) | An internal exception is visible only inside its own internal scope. After the exception falls outside the internal scope, only the base exception can be used to catch the exception. If the internal exception is inherited from <xref:System.Exception>, <xref:System.SystemException>, or <xref:System.ApplicationException>, the external code will not have sufficient information to know what to do with the exception. |
 | CA1065 | [CA1065: Do not raise exceptions in unexpected locations](../code-quality/ca1065-do-not-raise-exceptions-in-unexpected-locations.md) | A method that is not expected to throw exceptions throws an exception. |
 | CA1300 | [CA1300: Specify MessageBoxOptions](../code-quality/ca1300-specify-messageboxoptions.md) | To correctly display a message box for cultures that use a right-to-left reading order, the RightAlign and RtlReading members of the MessageBoxOptions enumeration must be passed to the Show method. |
-| CA1301 | [CA1301: Avoid duplicate accelerators](../code-quality/ca1301-avoid-duplicate-accelerators.md) | An access key, also known as an accelerator, enables keyboard access to a control by using the ALT key. When multiple controls have duplicate access keys, the behavior of the access key is not well defined. |
+| CA1301 | [CA1301: Avoid duplicate accelerators](../code-quality/ca1301-avoid-duplicate-accelerators.md) | An access key, also known as an accelerator, enables keyboard access to a control by using the ALT key. When multiple controls have duplicate access keys, the behavior of the access key is not well-defined. |
 | CA1302 | [CA1302: Do not hardcode locale specific strings](../code-quality/ca1302-do-not-hardcode-locale-specific-strings.md) | The System.Environment.SpecialFolder enumeration contains members that refer to special system folders. The locations of these folders can have different values on different operating systems; the user can change some of the locations; and the locations are localized. The Environment.GetFolderPath method returns the locations that are associated with the Environment.SpecialFolder enumeration, localized and appropriate for the currently running computer. |
 | CA1303 | [CA1303: Do not pass literals as localized parameters](../code-quality/ca1303-do-not-pass-literals-as-localized-parameters.md) | An externally visible method passes a string literal as a parameter to a constructor or method in the .NET Framework class library, and that string should be localizable. |
 | CA1304 | [CA1304: Specify CultureInfo](../code-quality/ca1304-specify-cultureinfo.md) | A method or constructor calls a member that has an overload that accepts a System.Globalization.CultureInfo parameter, and the method or constructor does not call the overload that takes the CultureInfo parameter. When a CultureInfo or System.IFormatProvider object is not supplied, the default value that is supplied by the overloaded member might not have the effect that you want in all locales. |
@@ -401,7 +402,7 @@ The following table lists Code Analysis warnings for managed code by the CheckId
 | CA1821 | [CA1821: Remove empty finalizers](../code-quality/ca1821-remove-empty-finalizers.md) | Whenever you can, avoid finalizers because of the additional performance overhead that is involved in tracking object lifetime. An empty finalizer incurs added overhead and delivers no benefit. |
 | CA1822 |[CA1822: Mark members as static](../code-quality/ca1822-mark-members-as-static.md) | Members that do not access instance data or call instance methods can be marked as static (Shared in [!INCLUDE[vbprvb](../code-quality/includes/vbprvb_md.md)]). After you mark the methods as static, the compiler will emit nonvirtual call sites to these members. This can give you a measurable performance gain for performance-sensitive code. |
 | CA1823 | [CA1823: Avoid unused private fields](../code-quality/ca1823-avoid-unused-private-fields.md) | Private fields were detected that do not appear to be accessed in the assembly. |
-| CA1824 |[CA1824: Mark assemblies with NeutralResourcesLanguageAttribute](../code-quality/ca1824-mark-assemblies-with-neutralresourceslanguageattribute.md) | The NeutralResourcesLanguage attribute informs the ResourceManager of the language that was used to display the resources of a neutral culture for an assembly. This improves lookup performance for the first resource that you load and can reduce your working set. |
+| CA1824 |[CA1824: Mark assemblies with NeutralResourcesLanguageAttribute](../code-quality/ca1824-mark-assemblies-with-neutralresourceslanguageattribute.md) | The NeutralResourcesLanguage attribute informs the resource manager of the language that was used to display the resources of a neutral culture for an assembly. This improves lookup performance for the first resource that you load and can reduce your working set. |
 | CA1900 | [CA1900: Value type fields should be portable](../code-quality/ca1900-value-type-fields-should-be-portable.md) | This rule checks that structures that are declared by using explicit layout will align correctly when marshaled to unmanaged code on 64-bit operating systems. |
 | CA1901 | [CA1901: P/Invoke declarations should be portable](../code-quality/ca1901-p-invoke-declarations-should-be-portable.md) | This rule evaluates the size of each parameter and the return value of a P/Invoke, and verifies that the size of the parameter is correct when marshaled to unmanaged code on 32-bit and 64-bit operating systems. |
 | CA1903 | [CA1903: Use only API from targeted framework](../code-quality/ca1903-use-only-api-from-targeted-framework.md) | A member or type is using a member or type that was introduced in a service pack that was not included together with the targeted framework of the project. |
@@ -411,6 +412,7 @@ The following table lists Code Analysis warnings for managed code by the CheckId
 | CA2003 |[CA2003: Do not treat fibers as threads](../code-quality/ca2003-do-not-treat-fibers-as-threads.md) | A managed thread is being treated as a [!INCLUDE[TLA2#tla_win32](../code-quality/includes/tla2sharptla_win32_md.md)] thread. |
 | CA2004 | [CA2004: Remove calls to GC.KeepAlive](../code-quality/ca2004-remove-calls-to-gc-keepalive.md) | If you convert to SafeHandle usage, remove all calls to GC.KeepAlive (object). In this case, classes should not have to call GC.KeepAlive. This assumes they do not have a finalizer but rely on SafeHandle to finalize the OS handle for them. |
 | CA2006 | [CA2006: Use SafeHandle to encapsulate native resources](../code-quality/ca2006-use-safehandle-to-encapsulate-native-resources.md) | Use of IntPtr in managed code might indicate a potential security and reliability problem. All uses of IntPtr must be reviewed to determine whether use of a SafeHandle, or similar technology, is required in its place. |
+| CA2007 | [CA2007: Do not directly await a Task](ca2007-do-not-directly-await-task.md) | An asynchronous method [awaits](/dotnet/csharp/language-reference/keywords/await) a <xref:System.Threading.Tasks.Task> directly. When an asynchronous method awaits a <xref:System.Threading.Tasks.Task> directly, continuation occurs in the same thread that created the task. This behavior can be costly in terms of performance and can result in a deadlock on the UI thread. Consider calling <xref:System.Threading.Tasks.Task.ConfigureAwait(System.Boolean)?displayProperty=nameWithType> to signal your intention for continuation. |
 | CA2100 | [CA2100: Review SQL queries for security vulnerabilities](../code-quality/ca2100-review-sql-queries-for-security-vulnerabilities.md) | A method sets the System.Data.IDbCommand.CommandText property by using a string that is built from a string argument to the method. This rule assumes that the string argument contains user input. A SQL command string that is built from user input is vulnerable to SQL injection attacks. |
 | CA2101 |[CA2101: Specify marshaling for P/Invoke string arguments](../code-quality/ca2101-specify-marshaling-for-p-invoke-string-arguments.md) | A platform invoke member allows partially trusted callers, has a string parameter, and does not explicitly marshal the string. This can cause a potential security vulnerability. |
 | CA2102 | [CA2102: Catch non-CLSCompliant exceptions in general handlers](../code-quality/ca2102-catch-non-clscompliant-exceptions-in-general-handlers.md) | A member in an assembly that is not marked by using the RuntimeCompatibilityAttribute or is marked RuntimeCompatibility(WrapNonExceptionThrows = false) contains a catch block that handles System.Exception and does not contain an immediately following general catch block. |

docs/code-quality/install-roslyn-analyzers.md

@@ -18,14 +18,14 @@ Visual Studio includes a core set of .NET Compiler Platform (*Roslyn*) analyzers
 
 ## To install NuGet analyzer packages
 
-1. Find the analyzer package you want to install on www.nuget.org. For example, you may want to [install the Microsoft FxCop analyzers](install-fxcop-analyzers.md#to-install-fxcop-analyzers-as-a-nuget-package) to check your code for security and performance issues, among others.
+1. Find the analyzer package you want to install on www.nuget.org.
+
+   For example, you may want to [install the Microsoft FxCop analyzers](install-fxcop-analyzers.md#to-install-fxcop-analyzers-as-a-nuget-package) to check your code for security and performance issues, among others. Or, install [StyleCopAnalyzers](https://www.nuget.org/packages/stylecop.analyzers/) to look for style issues in your codebase.
 
 2. Install the package in Visual Studio, using either the [Package Manager Console](/nuget/quickstart/install-and-use-a-package-in-visual-studio#package-manager-console) or the [Package Manager UI](/nuget/quickstart/install-and-use-a-package-in-visual-studio#package-manager-console).
 
    > [!NOTE]
    > The www.nuget.org page for each analyzer package shows you the command to paste into the **Package Manager Console**. There's even a handy button to copy the text to the clipboard.
-   >
-   > ![NuGet.org page showing Package Manager Console command](media/nuget-install-command.png)
 
    The analyzer assemblies are installed and appear in **Solution Explorer** under **References** > **Analyzers**.