Use NetAnalyzers from SDK instead of FxCopAnalyzers (#30138)

* Use analyzers from .NET SDK

.editorconfig

@@ -23,6 +23,32 @@ insert_final_newline = true
 indent_size = 4
 dotnet_sort_system_directives_first = true
 
+# Don't use this. qualifier
+dotnet_style_qualification_for_field = false:suggestion
+dotnet_style_qualification_for_property = false:suggestion
+
+# use int x = .. over Int32
+dotnet_style_predefined_type_for_locals_parameters_members = true:suggestion
+
+# use int.MaxValue over Int32.MaxValue
+dotnet_style_predefined_type_for_member_access = true:suggestion
+
+# Require var all the time.
+csharp_style_var_for_built_in_types = true:suggestion
+csharp_style_var_when_type_is_apparent = true:suggestion
+csharp_style_var_elsewhere = true:suggestion
+
+# Disallow throw expressions.
+csharp_style_throw_expression = false:suggestion
+
+# Newline settings
+csharp_new_line_before_open_brace = all
+csharp_new_line_before_else = true
+csharp_new_line_before_catch = true
+csharp_new_line_before_finally = true
+csharp_new_line_before_members_in_object_initializers = true
+csharp_new_line_before_members_in_anonymous_types = true
+
 [*.{xml,config,*proj,nuspec,props,resx,targets,yml,tasks}]
 indent_size = 2
 
@@ -43,7 +69,6 @@ end_of_line = lf
 [*.{razor,cshtml}]
 charset = utf-8-bom
 
-[*.cs]
-dotnet_diagnostic.CA1304.severity = error
+[*.{cs,vb}]
+# CA1305: Specify IFormatProvider
 dotnet_diagnostic.CA1305.severity = error
-dotnet_diagnostic.CA1310.severity = error

.globalconfig

@@ -0,0 +1,16 @@
+is_global = true
+
+# CA1309: Use ordinal StringComparison
+# https://github.com/dotnet/aspnetcore/pull/30111#issuecomment-777817003
+dotnet_diagnostic.CA1309.severity = suggestion
+
+# CA3076: Insecure XSLT Script Execution
+# Disabled due to crashing: https://github.com/dotnet/roslyn-analyzers/issues/4750
+# Delete the following line when we have a working version.
+dotnet_diagnostic.CA3076.severity = none
+
+# CA1304: Specify CultureInfo
+dotnet_diagnostic.CA1304.severity = error
+
+# CA1310: Specify StringComparison for correctness
+dotnet_diagnostic.CA1310.severity = error

Directory.Build.props

@@ -7,6 +7,12 @@
     <RepositoryType>git</RepositoryType>
   </PropertyGroup>
 
+  <PropertyGroup>
+    <EnableNETAnalyzers>true</EnableNETAnalyzers>
+    <AnalysisLevel>latest</AnalysisLevel>
+    <AnalysisMode>Default</AnalysisMode>
+  </PropertyGroup>
+
   <!-- Defines project type conventions. -->
   <PropertyGroup>
     <RepoRelativeProjectDir>$([MSBuild]::MakeRelative($(RepoRoot), $(MSBuildProjectDirectory)))</RepoRelativeProjectDir>

eng/AllRulesDisabled.ruleset

@@ -1,216 +0,0 @@
-<?xml version="1.0"?>
-<RuleSet Name="All Rules Disabled" Description="All Rules are disabled." ToolsVersion="15.0">
-   <Rules AnalyzerId="Microsoft.CodeAnalysis.FxCopAnalyzers" RuleNamespace="Microsoft.CodeAnalysis.FxCopAnalyzers">
-      <Rule Id="CA1000" Action="None" />             <!-- Do not declare static members on generic types -->
-      <Rule Id="CA1001" Action="None" />             <!-- Types that own disposable fields should be disposable -->
-      <Rule Id="CA1003" Action="None" />             <!-- Use generic event handler instances -->
-      <Rule Id="CA1008" Action="None" />             <!-- Enums should have zero value -->
-      <Rule Id="CA1010" Action="None" />             <!-- Generic interface should also be implemented -->
-      <Rule Id="CA1012" Action="None" />             <!-- Abstract types should not have constructors -->
-      <Rule Id="CA1014" Action="None" />             <!-- Mark assemblies with CLSCompliant -->
-      <Rule Id="CA1016" Action="None" />             <!-- Mark assemblies with assembly version -->
-      <Rule Id="CA1017" Action="None" />             <!-- Mark assemblies with ComVisible -->
-      <Rule Id="CA1018" Action="None" />             <!-- Mark attributes with AttributeUsageAttribute -->
-      <Rule Id="CA1019" Action="None" />             <!-- Define accessors for attribute arguments -->
-      <Rule Id="CA1021" Action="None" />             <!-- Avoid out parameters -->
-      <Rule Id="CA1024" Action="None" />             <!-- Use properties where appropriate -->
-      <Rule Id="CA1027" Action="None" />             <!-- Mark enums with FlagsAttribute -->
-      <Rule Id="CA1028" Action="None" />             <!-- Enum Storage should be Int32 -->
-      <Rule Id="CA1030" Action="None" />             <!-- Use events where appropriate -->
-      <Rule Id="CA1031" Action="None" />             <!-- Do not catch general exception types -->
-      <Rule Id="CA1032" Action="None" />             <!-- Implement standard exception constructors -->
-      <Rule Id="CA1033" Action="None" />             <!-- Interface methods should be callable by child types -->
-      <Rule Id="CA1034" Action="None" />             <!-- Nested types should not be visible -->
-      <Rule Id="CA1036" Action="None" />             <!-- Override methods on comparable types -->
-      <Rule Id="CA1040" Action="None" />             <!-- Avoid empty interfaces -->
-      <Rule Id="CA1041" Action="None" />             <!-- Provide ObsoleteAttribute message -->
-      <Rule Id="CA1043" Action="None" />             <!-- Use Integral Or String Argument For Indexers -->
-      <Rule Id="CA1044" Action="None" />             <!-- Properties should not be write only -->
-      <Rule Id="CA1050" Action="None" />             <!-- Declare types in namespaces -->
-      <Rule Id="CA1051" Action="None" />             <!-- Do not declare visible instance fields -->
-      <Rule Id="CA1052" Action="None" />             <!-- Static holder types should be Static or NotInheritable -->
-      <Rule Id="CA1054" Action="None" />             <!-- Uri parameters should not be strings -->
-      <Rule Id="CA1055" Action="None" />             <!-- Uri return values should not be strings -->
-      <Rule Id="CA1056" Action="None" />             <!-- Uri properties should not be strings -->
-      <Rule Id="CA1058" Action="None" />             <!-- Types should not extend certain base types -->
-      <Rule Id="CA1060" Action="None" />             <!-- Move pinvokes to native methods class -->
-      <Rule Id="CA1061" Action="None" />             <!-- Do not hide base class methods -->
-      <Rule Id="CA1062" Action="None" />             <!-- Validate arguments of public methods -->
-      <Rule Id="CA1063" Action="None" />             <!-- Implement IDisposable Correctly -->
-      <Rule Id="CA1064" Action="None" />             <!-- Exceptions should be public -->
-      <Rule Id="CA1065" Action="None" />             <!-- Do not raise exceptions in unexpected locations -->
-      <Rule Id="CA1066" Action="None" />             <!-- Type {0} should implement IEquatable<T> because it overrides Equals -->
-      <Rule Id="CA1067" Action="None" />             <!-- Override Object.Equals(object) when implementing IEquatable<T> -->
-      <Rule Id="CA1068" Action="None" />             <!-- CancellationToken parameters must come last -->
-      <Rule Id="CA1069" Action="None" />             <!-- Enums values should not be duplicated -->
-      <Rule Id="CA1200" Action="None" />             <!-- Avoid using cref tags with a prefix -->
-      <Rule Id="CA1303" Action="None" />             <!-- Do not pass literals as localized parameters -->
-      <Rule Id="CA1304" Action="None" />             <!-- Specify CultureInfo -->
-      <Rule Id="CA1305" Action="None" />             <!-- Specify IFormatProvider -->
-      <Rule Id="CA1307" Action="None" />             <!-- Specify StringComparison -->
-      <Rule Id="CA1308" Action="None" />             <!-- Normalize strings to uppercase -->
-      <Rule Id="CA1309" Action="None" />             <!-- Use ordinal stringcomparison -->
-      <Rule Id="CA1401" Action="None" />             <!-- P/Invokes should not be visible -->
-      <Rule Id="CA1501" Action="None" />             <!-- Avoid excessive inheritance -->
-      <Rule Id="CA1502" Action="None" />             <!-- Avoid excessive complexity -->
-      <Rule Id="CA1505" Action="None" />             <!-- Avoid unmaintainable code -->
-      <Rule Id="CA1506" Action="None" />             <!-- Avoid excessive class coupling -->
-      <Rule Id="CA1507" Action="None" />             <!-- Use nameof to express symbol names -->
-      <Rule Id="CA1508" Action="None" />             <!-- Avoid dead conditional code -->
-      <Rule Id="CA1509" Action="None" />             <!-- Invalid entry in code metrics rule specification file -->
-      <Rule Id="CA1707" Action="None" />             <!-- Identifiers should not contain underscores -->
-      <Rule Id="CA1708" Action="None" />             <!-- Identifiers should differ by more than case -->
-      <Rule Id="CA1710" Action="None" />             <!-- Identifiers should have correct suffix -->
-      <Rule Id="CA1711" Action="None" />             <!-- Identifiers should not have incorrect suffix -->
-      <Rule Id="CA1712" Action="None" />             <!-- Do not prefix enum values with type name -->
-      <Rule Id="CA1714" Action="None" />             <!-- Flags enums should have plural names -->
-      <Rule Id="CA1715" Action="None" />             <!-- Identifiers should have correct prefix -->
-      <Rule Id="CA1716" Action="None" />             <!-- Identifiers should not match keywords -->
-      <Rule Id="CA1717" Action="None" />             <!-- Only FlagsAttribute enums should have plural names -->
-      <Rule Id="CA1720" Action="None" />             <!-- Identifier contains type name -->
-      <Rule Id="CA1721" Action="None" />             <!-- Property names should not match get methods -->
-      <Rule Id="CA1724" Action="None" />             <!-- Type names should not match namespaces -->
-      <Rule Id="CA1725" Action="None" />             <!-- Parameter names should match base declaration -->
-      <Rule Id="CA1801" Action="None" />             <!-- Review unused parameters -->
-      <Rule Id="CA1802" Action="None" />             <!-- Use literals where appropriate -->
-      <Rule Id="CA1806" Action="None" />             <!-- Do not ignore method results -->
-      <Rule Id="CA1810" Action="None" />             <!-- Initialize reference type static fields inline -->
-      <Rule Id="CA1812" Action="None" />             <!-- Avoid uninstantiated internal classes -->
-      <Rule Id="CA1813" Action="None" />             <!-- Avoid unsealed attributes -->
-      <Rule Id="CA1814" Action="None" />             <!-- Prefer jagged arrays over multidimensional -->
-      <Rule Id="CA1815" Action="None" />             <!-- Override equals and operator equals on value types -->
-      <Rule Id="CA1816" Action="None" />             <!-- Dispose methods should call SuppressFinalize -->
-      <Rule Id="CA1819" Action="None" />             <!-- Properties should not return arrays -->
-      <Rule Id="CA1820" Action="None" />             <!-- Test for empty strings using string length -->
-      <Rule Id="CA1821" Action="None" />             <!-- Remove empty Finalizers -->
-      <Rule Id="CA1822" Action="None" />             <!-- Mark members as static -->
-      <Rule Id="CA1823" Action="None" />             <!-- Avoid unused private fields -->
-      <Rule Id="CA1824" Action="None" />             <!-- Mark assemblies with NeutralResourcesLanguageAttribute -->
-      <Rule Id="CA1825" Action="None" />             <!-- Avoid zero-length array allocations. -->
-      <Rule Id="CA1826" Action="None" />             <!-- Do not use Enumerable methods on indexable collections. Instead use the collection directly -->
-      <Rule Id="CA1827" Action="None" />             <!-- Do not use Count() or LongCount() when Any() can be used -->
-      <Rule Id="CA1828" Action="None" />             <!-- Do not use CountAsync() or LongCountAsync() when AnyAsync() can be used -->
-      <Rule Id="CA1829" Action="None" />             <!-- Use Length/Count property instead of Count() when available -->
-      <Rule Id="CA2000" Action="None" />             <!-- Dispose objects before losing scope -->
-      <Rule Id="CA2002" Action="None" />             <!-- Do not lock on objects with weak identity -->
-      <Rule Id="CA2007" Action="None" />             <!-- Consider calling ConfigureAwait on the awaited task -->
-      <Rule Id="CA2008" Action="None" />             <!-- Do not create tasks without passing a TaskScheduler -->
-      <Rule Id="CA2009" Action="None" />             <!-- Do not call ToImmutableCollection on an ImmutableCollection value -->
-      <Rule Id="CA2010" Action="None" />             <!-- Always consume the value returned by methods marked with PreserveSigAttribute -->
-      <Rule Id="CA2011" Action="None" />             <!-- Avoid infinite recursion -->
-      <Rule Id="CA2012" Action="None" />             <!-- Use ValueTasks correctly -->
-      <Rule Id="CA2013" Action="None" />             <!-- Do not use ReferenceEquals with value types -->
-      <Rule Id="CA2100" Action="None" />             <!-- Review SQL queries for security vulnerabilities -->
-      <Rule Id="CA2101" Action="None" />             <!-- Specify marshaling for P/Invoke string arguments -->
-      <Rule Id="CA2119" Action="None" />             <!-- Seal methods that satisfy private interfaces -->
-      <Rule Id="CA2153" Action="None" />             <!-- Do Not Catch Corrupted State Exceptions -->
-      <Rule Id="CA2200" Action="None" />             <!-- Rethrow to preserve stack details. -->
-      <Rule Id="CA2201" Action="None" />             <!-- Do not raise reserved exception types -->
-      <Rule Id="CA2207" Action="None" />             <!-- Initialize value type static fields inline -->
-      <Rule Id="CA2208" Action="None" />             <!-- Instantiate argument exceptions correctly -->
-      <Rule Id="CA2211" Action="None" />             <!-- Non-constant fields should not be visible -->
-      <Rule Id="CA2213" Action="None" />             <!-- Disposable fields should be disposed -->
-      <Rule Id="CA2214" Action="None" />             <!-- Do not call overridable methods in constructors -->
-      <Rule Id="CA2215" Action="None" />             <!-- Dispose methods should call base class dispose -->
-      <Rule Id="CA2216" Action="None" />             <!-- Disposable types should declare finalizer -->
-      <Rule Id="CA2217" Action="None" />             <!-- Do not mark enums with FlagsAttribute -->
-      <Rule Id="CA2218" Action="None" />             <!-- Override GetHashCode on overriding Equals -->
-      <Rule Id="CA2219" Action="None" />             <!-- Do not raise exceptions in finally clauses -->
-      <Rule Id="CA2224" Action="None" />             <!-- Override Equals on overloading operator equals -->
-      <Rule Id="CA2225" Action="None" />             <!-- Operator overloads have named alternates -->
-      <Rule Id="CA2226" Action="None" />             <!-- Operators should have symmetrical overloads -->
-      <Rule Id="CA2227" Action="None" />             <!-- Collection properties should be read only -->
-      <Rule Id="CA2229" Action="None" />             <!-- Implement serialization constructors -->
-      <Rule Id="CA2231" Action="None" />             <!-- Overload operator equals on overriding value type Equals -->
-      <Rule Id="CA2234" Action="None" />             <!-- Pass system uri objects instead of strings -->
-      <Rule Id="CA2235" Action="None" />             <!-- Mark all non-serializable fields -->
-      <Rule Id="CA2237" Action="None" />             <!-- Mark ISerializable types with serializable -->
-      <Rule Id="CA2241" Action="None" />             <!-- Provide correct arguments to formatting methods -->
-      <Rule Id="CA2242" Action="None" />             <!-- Test for NaN correctly -->
-      <Rule Id="CA2243" Action="None" />             <!-- Attribute string literals should parse correctly -->
-      <Rule Id="CA2244" Action="None" />             <!-- Do not duplicate indexed element initializations -->
-      <Rule Id="CA2245" Action="None" />             <!-- Do not assign a property to itself. -->
-      <Rule Id="CA2246" Action="None" />             <!-- Assigning symbol and its member in the same statement. -->
-      <Rule Id="CA2300" Action="None" />             <!-- Do not use insecure deserializer BinaryFormatter -->
-      <Rule Id="CA2301" Action="None" />             <!-- Do not call BinaryFormatter.Deserialize without first setting BinaryFormatter.Binder -->
-      <Rule Id="CA2302" Action="None" />             <!-- Ensure BinaryFormatter.Binder is set before calling BinaryFormatter.Deserialize -->
-      <Rule Id="CA2305" Action="None" />             <!-- Do not use insecure deserializer LosFormatter -->
-      <Rule Id="CA2310" Action="None" />             <!-- Do not use insecure deserializer NetDataContractSerializer -->
-      <Rule Id="CA2311" Action="None" />             <!-- Do not deserialize without first setting NetDataContractSerializer.Binder -->
-      <Rule Id="CA2312" Action="None" />             <!-- Ensure NetDataContractSerializer.Binder is set before deserializing -->
-      <Rule Id="CA2315" Action="None" />             <!-- Do not use insecure deserializer ObjectStateFormatter -->
-      <Rule Id="CA2321" Action="None" />             <!-- Do not deserialize with JavaScriptSerializer using a SimpleTypeResolver -->
-      <Rule Id="CA2322" Action="None" />             <!-- Ensure JavaScriptSerializer is not initialized with SimpleTypeResolver before deserializing -->
-      <Rule Id="CA2326" Action="None" />             <!-- Do not use TypeNameHandling values other than None -->
-      <Rule Id="CA2327" Action="None" />             <!-- Do not use insecure JsonSerializerSettings -->
-      <Rule Id="CA2328" Action="None" />             <!-- Ensure that JsonSerializerSettings are secure -->
-      <Rule Id="CA2329" Action="None" />             <!-- Do not deserialize with JsonSerializer using an insecure configuration -->
-      <Rule Id="CA2330" Action="None" />             <!-- Ensure that JsonSerializer has a secure configuration when deserializing -->
-      <Rule Id="CA3001" Action="None" />             <!-- Review code for SQL injection vulnerabilities -->
-      <Rule Id="CA3002" Action="None" />             <!-- Review code for XSS vulnerabilities -->
-      <Rule Id="CA3003" Action="None" />             <!-- Review code for file path injection vulnerabilities -->
-      <Rule Id="CA3004" Action="None" />             <!-- Review code for information disclosure vulnerabilities -->
-      <Rule Id="CA3005" Action="None" />             <!-- Review code for LDAP injection vulnerabilities -->
-      <Rule Id="CA3006" Action="None" />             <!-- Review code for process command injection vulnerabilities -->
-      <Rule Id="CA3007" Action="None" />             <!-- Review code for open redirect vulnerabilities -->
-      <Rule Id="CA3008" Action="None" />             <!-- Review code for XPath injection vulnerabilities -->
-      <Rule Id="CA3009" Action="None" />             <!-- Review code for XML injection vulnerabilities -->
-      <Rule Id="CA3010" Action="None" />             <!-- Review code for XAML injection vulnerabilities -->
-      <Rule Id="CA3011" Action="None" />             <!-- Review code for DLL injection vulnerabilities -->
-      <Rule Id="CA3012" Action="None" />             <!-- Review code for regex injection vulnerabilities -->
-      <Rule Id="CA3061" Action="None" />             <!-- Do Not Add Schema By URL -->
-      <Rule Id="CA3075" Action="None" />             <!-- Insecure DTD processing in XML -->
-      <Rule Id="CA3076" Action="None" />             <!-- Insecure XSLT script processing. -->
-      <Rule Id="CA3077" Action="None" />             <!-- Insecure Processing in API Design, XmlDocument and XmlTextReader -->
-      <Rule Id="CA3147" Action="None" />             <!-- Mark Verb Handlers With Validate Antiforgery Token -->
-      <Rule Id="CA5350" Action="None" />             <!-- Do Not Use Weak Cryptographic Algorithms -->
-      <Rule Id="CA5351" Action="None" />             <!-- Do Not Use Broken Cryptographic Algorithms -->
-      <Rule Id="CA5358" Action="None" />             <!-- Review cipher mode usage with cryptography experts -->
-      <Rule Id="CA5359" Action="None" />             <!-- Do Not Disable Certificate Validation -->
-      <Rule Id="CA5360" Action="None" />             <!-- Do Not Call Dangerous Methods In Deserialization -->
-      <Rule Id="CA5361" Action="None" />             <!-- Do Not Disable SChannel Use of Strong Crypto -->
-      <Rule Id="CA5362" Action="None" />             <!-- Do Not Refer Self In Serializable Class -->
-      <Rule Id="CA5363" Action="None" />             <!-- Do Not Disable Request Validation -->
-      <Rule Id="CA5364" Action="None" />             <!-- Do Not Use Deprecated Security Protocols -->
-      <Rule Id="CA5365" Action="None" />             <!-- Do Not Disable HTTP Header Checking -->
-      <Rule Id="CA5366" Action="None" />             <!-- Use XmlReader For DataSet Read Xml -->
-      <Rule Id="CA5367" Action="None" />             <!-- Do Not Serialize Types With Pointer Fields -->
-      <Rule Id="CA5368" Action="None" />             <!-- Set ViewStateUserKey For Classes Derived From Page -->
-      <Rule Id="CA5369" Action="None" />             <!-- Use XmlReader For Deserialize -->
-      <Rule Id="CA5370" Action="None" />             <!-- Use XmlReader For Validating Reader -->
-      <Rule Id="CA5371" Action="None" />             <!-- Use XmlReader For Schema Read -->
-      <Rule Id="CA5372" Action="None" />             <!-- Use XmlReader For XPathDocument -->
-      <Rule Id="CA5373" Action="None" />             <!-- Do not use obsolete key derivation function -->
-      <Rule Id="CA5374" Action="None" />             <!-- Do Not Use XslTransform -->
-      <Rule Id="CA5375" Action="None" />             <!-- Do Not Use Account Shared Access Signature -->
-      <Rule Id="CA5376" Action="None" />             <!-- Use SharedAccessProtocol HttpsOnly -->
-      <Rule Id="CA5377" Action="None" />             <!-- Use Container Level Access Policy -->
-      <Rule Id="CA5378" Action="None" />             <!-- Do not disable ServicePointManagerSecurityProtocols -->
-      <Rule Id="CA5379" Action="None" />             <!-- Do Not Use Weak Key Derivation Function Algorithm -->
-      <Rule Id="CA5380" Action="None" />             <!-- Do Not Add Certificates To Root Store -->
-      <Rule Id="CA5381" Action="None" />             <!-- Ensure Certificates Are Not Added To Root Store -->
-      <Rule Id="CA5382" Action="None" />             <!-- Use Secure Cookies In ASP.Net Core -->
-      <Rule Id="CA5383" Action="None" />             <!-- Ensure Use Secure Cookies In ASP.Net Core -->
-      <Rule Id="CA5384" Action="None" />             <!-- Do Not Use Digital Signature Algorithm (DSA) -->
-      <Rule Id="CA5385" Action="None" />             <!-- Use Rivest–Shamir–Adleman (RSA) Algorithm With Sufficient Key Size -->
-      <Rule Id="CA5386" Action="None" />             <!-- Avoid hardcoding SecurityProtocolType value -->
-      <Rule Id="CA5387" Action="None" />             <!-- Do Not Use Weak Key Derivation Function With Insufficient Iteration Count -->
-      <Rule Id="CA5388" Action="None" />             <!-- Ensure Sufficient Iteration Count When Using Weak Key Derivation Function -->
-      <Rule Id="CA5389" Action="None" />             <!-- Do Not Add Archive Item's Path To The Target File System Path -->
-      <Rule Id="CA5390" Action="None" />             <!-- Do not hard-code encryption key -->
-      <Rule Id="CA5391" Action="None" />             <!-- Use antiforgery tokens in ASP.NET Core MVC controllers -->
-      <Rule Id="CA5392" Action="None" />             <!-- Use DefaultDllImportSearchPaths attribute for P/Invokes -->
-      <Rule Id="CA5393" Action="None" />             <!-- Do not use unsafe DllImportSearchPath value -->
-      <Rule Id="CA5394" Action="None" />             <!-- Do not use insecure randomness -->
-      <Rule Id="CA5395" Action="None" />             <!-- Miss HttpVerb attribute for action methods -->
-      <Rule Id="CA5396" Action="None" />             <!-- Set HttpOnly to true for HttpCookie -->
-      <Rule Id="CA5397" Action="None" />             <!-- Do not use deprecated SslProtocols values -->
-      <Rule Id="CA5398" Action="None" />             <!-- Avoid hardcoded SslProtocols values -->
-      <Rule Id="CA5399" Action="None" />             <!-- HttpClients should enable certificate revocation list checks -->
-      <Rule Id="CA5400" Action="None" />             <!-- Ensure HttpClient certificate revocation list check is not disabled -->
-      <Rule Id="CA5401" Action="None" />             <!-- Do not use CreateEncryptor with non-default IV -->
-      <Rule Id="CA5402" Action="None" />             <!-- Use CreateEncryptor with the default IV  -->
-      <Rule Id="CA5403" Action="None" />             <!-- Do not hard-code certificate -->
-      <Rule Id="CA9999" Action="None" />             <!-- Analyzer version mismatch -->
-   </Rules>
-</RuleSet>

eng/Dependencies.props

@@ -110,7 +110,6 @@ and are generated based on the last package release.
     <LatestPackageReference Include="Microsoft.AspNetCore.AzureAppServices.SiteExtension.5.0.x86" />
     <LatestPackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Runtime" />
     <LatestPackageReference Include="Microsoft.Bcl.AsyncInterfaces" />
-    <LatestPackageReference Include="Microsoft.CodeAnalysis.FxCopAnalyzers" />
     <LatestPackageReference Include="Microsoft.CodeAnalysis.PublicApiAnalyzers" />
     <LatestPackageReference Include="Microsoft.EntityFrameworkCore.Design" />
     <LatestPackageReference Include="Microsoft.EntityFrameworkCore.InMemory" />

eng/Versions.props

@@ -226,7 +226,6 @@
     <MicrosoftCodeAnalysisCSharpVersion>3.7.0</MicrosoftCodeAnalysisCSharpVersion>
     <MicrosoftCodeAnalysisCSharpWorkspacesVersion>3.7.0</MicrosoftCodeAnalysisCSharpWorkspacesVersion>
     <MicrosoftCodeAnalysisPublicApiAnalyzersVersion>3.3.0</MicrosoftCodeAnalysisPublicApiAnalyzersVersion>
-    <MicrosoftCodeAnalysisFxCopAnalyzersVersion>3.0.0</MicrosoftCodeAnalysisFxCopAnalyzersVersion>
     <MicrosoftCssParserVersion>1.0.0-20200708.1</MicrosoftCssParserVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryVersion>3.19.8</MicrosoftIdentityModelClientsActiveDirectoryVersion>
     <MicrosoftIdentityModelLoggingVersion>6.8.0</MicrosoftIdentityModelLoggingVersion>

eng/targets/CSharp.Common.props

@@ -12,14 +12,6 @@
     <PackageReference Include="MicroBuild.Core" Version="0.3.0" PrivateAssets="All" AllowExplicitReference="true" ExcludeAssets="All" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(IsTestProject)' != 'true' AND '$(DotNetBuildFromSource)' != 'true' ">
-    <Reference Include="Microsoft.CodeAnalysis.FxCopAnalyzers" PrivateAssets="All" />
-  </ItemGroup>
-
-  <PropertyGroup>
-    <CodeAnalysisRuleSet>$(RepoRoot)eng\AllRulesDisabled.ruleset</CodeAnalysisRuleSet>
-  </PropertyGroup>
-
   <ItemGroup Condition=" '$(IsTestProject)' == 'true' ">
     <Reference Include="Microsoft.AspNetCore.Testing" />
     <Reference Include="Moq" />

eng/tools/RepoTasks/.editorconfig

@@ -1,4 +0,0 @@
-[*.cs]
-dotnet_diagnostic.CA1307.severity = none
-dotnet_diagnostic.CA1308.severity = none
-dotnet_diagnostic.CA1309.severity = none

eng/tools/RepoTasks/Uuid.cs

@@ -11,7 +11,7 @@ namespace RepoTasks
     /// <summary>
     /// Implementation of RFC 4122 - A Universally Unique Identifier (UUID) URN Namespace.
     /// </summary>
-    internal sealed class Uuid
+    internal static class Uuid
     {
         /// <summary>
         ///   Generates a version 3 UUID given a namespace UUID and name. This is based on the algorithm described in

src/Analyzers/Analyzers/src/OptionsAnalyzer.cs

@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Collections.Immutable;
 using Microsoft.CodeAnalysis;
 using Microsoft.CodeAnalysis.Diagnostics;
@@ -27,7 +28,7 @@ namespace Microsoft.AspNetCore.Analyzers
                     operation.Value.ConstantValue.HasValue &&
                     operation.Target is IPropertyReferenceOperation property &&
                     property.Property?.ContainingType?.Name != null &&
-                    property.Property.ContainingType.Name.EndsWith("Options"))
+                    property.Property.ContainingType.Name.EndsWith("Options", StringComparison.Ordinal))
                 {
                     options.Add(new OptionsItem(property.Property, operation.Value.ConstantValue.Value));
                 }

src/Azure/AzureAD/AzureAD.ruleset

@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<RuleSet Name="Rules for AzureAD tests" Description="Code analysis rules for AzureAD tests" ToolsVersion="15.0">
-
-  <Include Path="..\..\..\eng\AllRulesDisabled.ruleset" Action="Default" />
-
-  <Rules AnalyzerId="xunit.analyzers" RuleNamespace="xunit.analyzers">
-    <!--
-      This code is produced when theory parameters that are unused. Normally, this is a warning which causes our build to fail.
-    -->
-    <Rule Id="xUnit1026" Action="Info" />
-  </Rules>
-</RuleSet>

src/Azure/AzureAD/Directory.Build.props

@@ -3,6 +3,5 @@
 
   <PropertyGroup>
     <WarningsNotAsErrors>xUnit1026:$(WarningsNotAsErrors)</WarningsNotAsErrors>
-    <CodeAnalysisRuleSet>$(MSBuildThisFileDirectory)AzureAD.ruleset</CodeAnalysisRuleSet>
   </PropertyGroup>
 </Project>

src/HealthChecks/HealthChecks/src/HealthCheckPublisherHostedService.cs

@@ -180,15 +180,15 @@ namespace Microsoft.Extensions.Diagnostics.HealthChecks
                 // This is a cancellation - if the app is shutting down we want to ignore it. Otherwise, it's
                 // a timeout and we want to log it.
             }
-            catch (OperationCanceledException ocex)
+            catch (OperationCanceledException)
             {
                 Logger.HealthCheckPublisherTimeout(_logger, publisher, duration.GetElapsedTime());
-                throw ocex;
+                throw;
             }
             catch (Exception ex)
             {
                 Logger.HealthCheckPublisherError(_logger, publisher, duration.GetElapsedTime(), ex);
-                throw ex;
+                throw;
             }
         }
 

src/Mvc/.editorconfig

@@ -1,30 +0,0 @@
-# EditorConfig is awesome:http://EditorConfig.org
-
-# Dotnet code style settings:
-[*.cs]
-
-# Don't use this. qualifier
-dotnet_style_qualification_for_field = false:suggestion
-dotnet_style_qualification_for_property = false:suggestion
-
-# use int x = .. over Int32
-dotnet_style_predefined_type_for_locals_parameters_members = true:suggestion
-
-# use int.MaxValue over Int32.MaxValue
-dotnet_style_predefined_type_for_member_access = true:suggestion
-
-# Require var all the time.
-csharp_style_var_for_built_in_types = true:suggestion
-csharp_style_var_when_type_is_apparent = true:suggestion
-csharp_style_var_elsewhere = true:suggestion
-
-# Disallow throw expressions.
-csharp_style_throw_expression = false:suggestion
-
-# Newline settings
-csharp_new_line_before_open_brace = all
-csharp_new_line_before_else = true
-csharp_new_line_before_catch = true
-csharp_new_line_before_finally = true
-csharp_new_line_before_members_in_object_initializers = true
-csharp_new_line_before_members_in_anonymous_types = true

src/Mvc/Directory.Build.props

@@ -1,7 +1,7 @@
 <Project>
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory)..\, Directory.Build.props))\Directory.Build.props" />
 
-  <PropertyGroup Condition=" '$(IsTestProject)' == 'true' ">
-    <CodeAnalysisRuleSet>$(MSBuildThisFileDirectory)MvcTests.ruleset</CodeAnalysisRuleSet>
-  </PropertyGroup>
+  <ItemGroup>
+    <EditorConfigFiles Include="$(MSBuildThisFileDirectory)MvcTests.globalconfig" />
+  </ItemGroup>
 </Project>

src/Mvc/Mvc.Api.Analyzers/src/AddResponseTypeAttributeCodeFixAction.cs

@@ -176,7 +176,7 @@ namespace Microsoft.AspNetCore.Mvc.Api.Analyzers
                 {
                     if (member is IFieldSymbol field &&
                         field.Type.SpecialType == SpecialType.System_Int32 &&
-                        field.Name.StartsWith("Status") &&
+                        field.Name.StartsWith("Status", StringComparison.Ordinal) &&
                         field.HasConstantValue &&
                         field.ConstantValue is int statusCode)
                     {

src/Mvc/MvcTests.globalconfig

@@ -0,0 +1,3 @@
+is_global = true
+
+dotnet_diagnostic.xUnit1026.severity = suggestion

src/Mvc/MvcTests.ruleset

@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<RuleSet Name="Rules for MVC Tests" Description="Code analysis rules for MVC Tests" ToolsVersion="15.0">
-  <Rules AnalyzerId="xunit.analyzers" RuleNamespace="xunit.analyzers">
-    <!-- 
-      This code is produced when theory parameters that are unused. Normally, this is a warning which causes our build to fail.
-    -->
-    <Rule Id="xUnit1026" Action="Info" />
-  </Rules>
-</RuleSet>

src/Razor/.editorconfig

@@ -1,30 +0,0 @@
-# EditorConfig is awesome:http://EditorConfig.org
-
-# Dotnet code style settings:
-[*.cs]
-
-# Don't use this. qualifier
-dotnet_style_qualification_for_field = false:suggestion
-dotnet_style_qualification_for_property = false:suggestion
-
-# use int x = .. over Int32
-dotnet_style_predefined_type_for_locals_parameters_members = true:suggestion
-
-# use int.MaxValue over Int32.MaxValue
-dotnet_style_predefined_type_for_member_access = true:suggestion
-
-# Require var all the time.
-csharp_style_var_for_built_in_types = true:suggestion
-csharp_style_var_when_type_is_apparent = true:suggestion
-csharp_style_var_elsewhere = true:suggestion
-
-# Disallow throw expressions.
-csharp_style_throw_expression = false:suggestion
-
-# Newline settings
-csharp_new_line_before_open_brace = all
-csharp_new_line_before_else = true
-csharp_new_line_before_catch = true
-csharp_new_line_before_finally = true
-csharp_new_line_before_members_in_object_initializers = true
-csharp_new_line_before_members_in_anonymous_types = true

src/Razor/Microsoft.AspNetCore.Mvc.Razor.Extensions.Version1_X/src/ViewComponentTypeVisitor.cs

@@ -62,7 +62,7 @@ namespace Microsoft.AspNetCore.Mvc.Razor.Extensions.Version1_X
                 return false;
             }
 
-            return symbol.Name.EndsWith(ViewComponentTypes.ViewComponentSuffix) ||
+            return symbol.Name.EndsWith(ViewComponentTypes.ViewComponentSuffix, StringComparison.Ordinal) ||
                 AttributeIsDefined(symbol, _viewComponentAttribute);
         }
 

src/Razor/Microsoft.AspNetCore.Mvc.Razor.Extensions.Version2_X/src/AssemblyAttributeInjectionPass.cs

@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Diagnostics;
 using Microsoft.AspNetCore.Razor.Language;
 using Microsoft.AspNetCore.Razor.Language.Intermediate;
@@ -90,7 +91,7 @@ namespace Microsoft.AspNetCore.Mvc.Razor.Extensions.Version2_X
             }
 
             // Checking for both / and \ because a \ will become a /.
-            if (!relativePath.StartsWith("/") && !relativePath.StartsWith("\\"))
+            if (!relativePath.StartsWith("/", StringComparison.Ordinal) && !relativePath.StartsWith("\\", StringComparison.Ordinal))
             {
                 relativePath = "/" + relativePath;
             }

src/Razor/Microsoft.AspNetCore.Mvc.Razor.Extensions.Version2_X/src/ViewComponentTypeVisitor.cs

@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using Microsoft.CodeAnalysis;
@@ -64,7 +65,7 @@ namespace Microsoft.AspNetCore.Mvc.Razor.Extensions.Version2_X
                 return false;
             }
 
-            return symbol.Name.EndsWith(ViewComponentTypes.ViewComponentSuffix) ||
+            return symbol.Name.EndsWith(ViewComponentTypes.ViewComponentSuffix, StringComparison.Ordinal) ||
                 AttributeIsDefined(symbol, _viewComponentAttribute);
         }
 

src/Razor/Microsoft.AspNetCore.Mvc.Razor.Extensions/src/ViewComponentTypeVisitor.cs

@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using Microsoft.CodeAnalysis;
@@ -64,7 +65,7 @@ namespace Microsoft.AspNetCore.Mvc.Razor.Extensions
                 return false;
             }
 
-            return symbol.Name.EndsWith(ViewComponentTypes.ViewComponentSuffix) ||
+            return symbol.Name.EndsWith(ViewComponentTypes.ViewComponentSuffix, StringComparison.Ordinal) ||
                 AttributeIsDefined(symbol, _viewComponentAttribute);
         }
 

src/Razor/Microsoft.AspNetCore.Razor.Language/src/Components/ComponentBindLoweringPass.cs

@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Collections.Generic;
 using System.Globalization;
 using System.Linq;
@@ -496,7 +497,7 @@ namespace Microsoft.AspNetCore.Razor.Language.Components
                 return true;
             }
 
-            if (!attributeName.StartsWith("bind-"))
+            if (!attributeName.StartsWith("bind-", StringComparison.Ordinal))
             {
                 return false;
             }
@@ -548,7 +549,7 @@ namespace Microsoft.AspNetCore.Razor.Language.Components
             if (bindEntry.BindEventNode == null)
             {
                 // @bind:event not specified
-                changeAttributeName ??= node.TagHelper.GetChangeAttributeName();
+                changeAttributeName = node.TagHelper.GetChangeAttributeName();
             }
             else if (TryExtractEventNodeStaticText(bindEntry.BindEventNode, out var text))
             {

src/Razor/Microsoft.AspNetCore.Razor.Language/src/Components/ComponentMarkupEncodingPass.cs

@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -171,7 +171,7 @@ namespace Microsoft.AspNetCore.Razor.Language.Components
                 if (endPosition != -1)
                 {
                     entity = content.Substring(position, endPosition - position + 1);
-                    if (entity.StartsWith("&#"))
+                    if (entity.StartsWith("&#", StringComparison.Ordinal))
                     {
                         // Extract the codepoint and map it to an entity.
 

src/Razor/Microsoft.AspNetCore.Razor.Language/src/DefaultAllowedChildTagDescriptorBuilder.cs

@@ -47,7 +47,7 @@ namespace Microsoft.AspNetCore.Razor.Language
             var descriptor = new DefaultAllowedChildTagDescriptor(
                 Name,
                 displayName,
-                diagnostics?.ToArray() ?? Array.Empty<RazorDiagnostic>());
+                diagnostics.ToArray());
 
             return descriptor;
         }

src/Razor/Microsoft.AspNetCore.Razor.Language/src/DefaultBoundAttributeDescriptorBuilder.cs

@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -187,7 +187,7 @@ namespace Microsoft.AspNetCore.Razor.Language
                 }
 
                 var name = Name;
-                if (isDirectiveAttribute && name.StartsWith("@"))
+                if (isDirectiveAttribute && name.StartsWith("@", StringComparison.Ordinal))
                 {
                     name = name.Substring(1);
                 }
@@ -238,7 +238,7 @@ namespace Microsoft.AspNetCore.Razor.Language
                 else
                 {
                     var indexerPrefix = IndexerAttributeNamePrefix;
-                    if (isDirectiveAttribute && indexerPrefix.StartsWith("@"))
+                    if (isDirectiveAttribute && indexerPrefix.StartsWith("@", StringComparison.Ordinal))
                     {
                         indexerPrefix = indexerPrefix.Substring(1);
                     }

src/Razor/Microsoft.AspNetCore.Razor.Language/src/DefaultRazorIntermediateNodeLoweringPhase.cs

@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -1770,7 +1770,7 @@ namespace Microsoft.AspNetCore.Razor.Language
                         {
                             // Directive attributes should start with '@' unless the descriptors are misconfigured.
                             // In that case, we would have already logged an error.
-                            var actualAttributeName = attributeName.StartsWith("@") ? attributeName.Substring(1) : attributeName;
+                            var actualAttributeName = attributeName.StartsWith("@", StringComparison.Ordinal) ? attributeName.Substring(1) : attributeName;
 
                             IntermediateNode attributeNode;
                             if (parameterMatch &&
@@ -1908,7 +1908,7 @@ namespace Microsoft.AspNetCore.Razor.Language
                         {
                             // Directive attributes should start with '@' unless the descriptors are misconfigured.
                             // In that case, we would have already logged an error.
-                            var actualAttributeName = attributeName.StartsWith("@") ? attributeName.Substring(1) : attributeName;
+                            var actualAttributeName = attributeName.StartsWith("@", StringComparison.Ordinal) ? attributeName.Substring(1) : attributeName;
 
                             IntermediateNode attributeNode;
                             if (parameterMatch &&

src/Razor/Microsoft.AspNetCore.Razor.Language/src/DefaultRequiredAttributeDescriptorBuilder.cs

@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -60,7 +60,7 @@ namespace Microsoft.AspNetCore.Razor.Language
                 Value,
                 ValueComparisonMode,
                 displayName,
-                diagnostics?.ToArray() ?? Array.Empty<RazorDiagnostic>(),
+                diagnostics.ToArray(),
                 new Dictionary<string, string>(Metadata));
 
             return rule;
@@ -83,7 +83,7 @@ namespace Microsoft.AspNetCore.Razor.Language
             {
                 var name = Name;
                 var isDirectiveAttribute = this.IsDirectiveAttribute();
-                if (isDirectiveAttribute && name.StartsWith("@"))
+                if (isDirectiveAttribute && name.StartsWith("@", StringComparison.Ordinal))
                 {
                     name = name.Substring(1);
                 }

src/Razor/Microsoft.AspNetCore.Razor.Language/src/Extensions/DefaultMetadataIdentifierFeature.cs

@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -30,7 +30,7 @@ namespace Microsoft.AspNetCore.Razor.Language.Extensions
 
             var identifier = sourceDocument.RelativePath;
             identifier = identifier.Replace("\\", "/");
-            if (!identifier.StartsWith("/"))
+            if (!identifier.StartsWith("/", StringComparison.Ordinal))
             {
                 identifier = "/" + identifier;
             }

src/Razor/Microsoft.AspNetCore.Razor.Language/src/Extensions/MetadataAttributePass.cs

@@ -95,7 +95,7 @@ namespace Microsoft.AspNetCore.Razor.Language.Extensions
             // Checksum of the main source
             var checksum = codeDocument.Source.GetChecksum();
             var checksumAlgorithm = codeDocument.Source.GetChecksumAlgorithm();
-            if (checksum == null || checksum.Length == 0 || checksumAlgorithm == null || identifier == null)
+            if (checksum == null || checksum.Length == 0 || checksumAlgorithm == null)
             {
                 // Don't generate anything unless we have all of the required information.
                 return;

src/Razor/Microsoft.AspNetCore.Razor.Language/src/Legacy/CSharpCodeParser.cs

@@ -1227,8 +1227,8 @@ namespace Microsoft.AspNetCore.Razor.Language.Legacy
             if (lookupStrings == null ||
                 lookupStrings.Any(string.IsNullOrWhiteSpace) ||
                 lookupStrings.Length != 2 ||
-                text.StartsWith("'") ||
-                text.EndsWith("'"))
+                text.StartsWith("'", StringComparison.Ordinal) ||
+                text.EndsWith("'", StringComparison.Ordinal))
             {
                 errors.Add(
                     RazorDiagnosticFactory.CreateParsing_InvalidTagHelperLookupText(

src/Razor/Microsoft.AspNetCore.Razor.Language/src/Legacy/HtmlMarkupParser.cs

@@ -344,7 +344,7 @@ namespace Microsoft.AspNetCore.Razor.Language.Legacy
 
                     // Make sure the current token is not markup, which can be html start tag or @:
                     if (!(At(SyntaxKind.OpenAngle) ||
-                        (At(SyntaxKind.Transition) && Lookahead(count: 1).Content.StartsWith(":"))))
+                        (At(SyntaxKind.Transition) && Lookahead(count: 1).Content.StartsWith(":", StringComparison.Ordinal))))
                     {
                         // Don't accept whitespace as markup if the end text tag is followed by csharp.
                         shouldAcceptWhitespaceAndNewLine = false;
@@ -2184,7 +2184,7 @@ namespace Microsoft.AspNetCore.Razor.Language.Legacy
                 return false;
             }
 
-            if (tagName.StartsWith("!"))
+            if (tagName.StartsWith("!", StringComparison.Ordinal))
             {
                 tagName = tagName.Substring(1);
             }

src/Razor/Microsoft.AspNetCore.Razor.Language/src/Legacy/TagHelperBlockRewriter.cs

@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -314,7 +314,7 @@ namespace Microsoft.AspNetCore.Razor.Language.Legacy
                 new SyntaxList<SyntaxToken>(SyntaxFactory.MissingToken(SyntaxKind.Transition)));
             RazorMetaCodeSyntax colon = null;
             MarkupTextLiteralSyntax parameterName = null;
-            if (attributeName.StartsWith("@"))
+            if (attributeName.StartsWith("@", StringComparison.Ordinal))
             {
                 attributeName = attributeName.Substring(1);
                 var attributeNameToken = SyntaxFactory.Token(SyntaxKind.Text, attributeName);
@@ -375,7 +375,7 @@ namespace Microsoft.AspNetCore.Razor.Language.Legacy
                 new SyntaxList<SyntaxToken>(SyntaxFactory.MissingToken(SyntaxKind.Transition)));
             RazorMetaCodeSyntax colon = null;
             MarkupTextLiteralSyntax parameterName = null;
-            if (attributeName.StartsWith("@"))
+            if (attributeName.StartsWith("@", StringComparison.Ordinal))
             {
                 attributeName = attributeName.Substring(1);
                 var attributeNameToken = SyntaxFactory.Token(SyntaxKind.Text, attributeName);

src/Razor/Microsoft.AspNetCore.Razor.Language/src/Legacy/TagHelperParseTreeRewriter.cs

@@ -228,7 +228,7 @@ namespace Microsoft.AspNetCore.Razor.Language.Legacy
                 var tagName = startTag.GetTagNameWithOptionalBang();
 
                 // Could not determine tag name, it can't be a TagHelper, continue on and track the element.
-                if (string.IsNullOrEmpty(tagName) || tagName.StartsWith("!"))
+                if (string.IsNullOrEmpty(tagName) || tagName.StartsWith("!", StringComparison.Ordinal))
                 {
                     return false;
                 }
@@ -294,7 +294,7 @@ namespace Microsoft.AspNetCore.Razor.Language.Legacy
                 rewritten = null;
                 var tagName = endTag.GetTagNameWithOptionalBang();
                 // Could not determine tag name, it can't be a TagHelper, continue on and track the element.
-                if (string.IsNullOrEmpty(tagName) || tagName.StartsWith("!"))
+                if (string.IsNullOrEmpty(tagName) || tagName.StartsWith("!", StringComparison.Ordinal))
                 {
                     return false;
                 }

src/Razor/Microsoft.AspNetCore.Razor.Language/src/RazorCodeDocumentExtensions.cs

@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -451,7 +451,7 @@ namespace Microsoft.AspNetCore.Razor.Language
                     var directiveContent = node.Body?.GetContent();
 
                     // In practice, this should never be null and always start with 'namespace'. Just being defensive here.
-                    if (directiveContent != null && directiveContent.StartsWith(NamespaceDirective.Directive.Directive))
+                    if (directiveContent != null && directiveContent.StartsWith(NamespaceDirective.Directive.Directive, StringComparison.Ordinal))
                     {
                         LastNamespaceContent = directiveContent.Substring(NamespaceDirective.Directive.Directive.Length).Trim();
                         LastNamespaceLocation = node.GetSourceSpan(_source);

src/Razor/Microsoft.AspNetCore.Razor.Language/src/SourceSpan.cs

@@ -30,7 +30,7 @@ namespace Microsoft.AspNetCore.Razor.Language
             FilePath = filePath;
         }
 
-        public SourceSpan(int absoluteIndex, int lineIndex, int characterIndex, int length) 
+        public SourceSpan(int absoluteIndex, int lineIndex, int characterIndex, int length)
             : this(filePath: null, absoluteIndex: absoluteIndex, lineIndex: lineIndex, characterIndex: characterIndex, length: length)
         {
         }
@@ -57,13 +57,7 @@ namespace Microsoft.AspNetCore.Razor.Language
 
         public override bool Equals(object obj)
         {
-            var other = obj as SourceSpan?;
-            if (ReferenceEquals(other, null))
-            {
-                return false;
-            }
-
-            return Equals(other.Value);
+            return obj is SourceSpan span && Equals(span);
         }
 
         public override int GetHashCode()
@@ -91,33 +85,11 @@ namespace Microsoft.AspNetCore.Razor.Language
 
         public static bool operator ==(SourceSpan left, SourceSpan right)
         {
-            if (ReferenceEquals(left, right))
-            {
-                // Exact equality e.g. both objects are null.
-                return true;
-            }
-
-            if (ReferenceEquals(left, null))
-            {
-                return false;
-            }
-
             return left.Equals(right);
         }
 
         public static bool operator !=(SourceSpan left, SourceSpan right)
         {
-            if (ReferenceEquals(left, right))
-            {
-                // Exact equality e.g. both objects are null.
-                return false;
-            }
-
-            if (ReferenceEquals(left, null))
-            {
-                return true;
-            }
-
             return !left.Equals(right);
         }
     }

src/Razor/Microsoft.AspNetCore.Razor.Language/src/Syntax/InternalSyntax/SyntaxListOfT.cs

@@ -43,7 +43,6 @@ namespace Microsoft.AspNetCore.Razor.Language.Syntax.InternalSyntax
                 }
                 else if (index == 0)
                 {
-                    Debug.Assert(index == 0);
                     return ((TNode)_node);
                 }
                 else

src/Razor/Microsoft.CodeAnalysis.Razor/src/BindTagHelperDescriptorProvider.cs

@@ -431,7 +431,7 @@ namespace Microsoft.CodeAnalysis.Razor
                 for (var i = 0; i < tagHelper.BoundAttributes.Count; i++)
                 {
                     var changeAttribute = tagHelper.BoundAttributes[i];
-                    if (!changeAttribute.Name.EndsWith("Changed") ||
+                    if (!changeAttribute.Name.EndsWith("Changed", StringComparison.Ordinal) ||
 
                         // Allow the ValueChanged attribute to be a delegate or EventCallback<>.
                         //

src/Razor/test/Microsoft.AspNetCore.Razor.Test.Common/Language/IntegrationTests/IntegrationTestBase.cs

@@ -147,7 +147,7 @@ namespace Microsoft.AspNetCore.Razor.Language.IntegrationTests
 
             // FilePaths in Razor are **always** are of the form '/a/b/c.cshtml'
             filePath = physicalPath.Replace('\\', '/');
-            if (!filePath.StartsWith("/"))
+            if (!filePath.StartsWith("/", StringComparison.Ordinal))
             {
                 filePath = '/' + filePath;
             }
@@ -175,7 +175,7 @@ namespace Microsoft.AspNetCore.Razor.Language.IntegrationTests
                 throw new InvalidOperationException(message);
             }
 
-            var suffixIndex = FileName.LastIndexOf("_");
+            var suffixIndex = FileName.LastIndexOf("_", StringComparison.Ordinal);
             var normalizedFileName = suffixIndex == -1 ? FileName : FileName.Substring(0, suffixIndex);
             var sourceFileName = Path.ChangeExtension(normalizedFileName, FileExtension);
             var testFile = TestFile.Create(sourceFileName, GetType().GetTypeInfo().Assembly);
@@ -195,7 +195,7 @@ namespace Microsoft.AspNetCore.Razor.Language.IntegrationTests
 
             // FilePaths in Razor are **always** are of the form '/a/b/c.cshtml'
             filePath = filePath ?? sourceFileName;
-            if (!filePath.StartsWith("/"))
+            if (!filePath.StartsWith("/", StringComparison.Ordinal))
             {
                 filePath = '/' + filePath;
             }

src/Razor/test/Microsoft.AspNetCore.Razor.Test.Common/Language/IntegrationTests/IntermediateNodeVerifier.cs

@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -155,13 +155,13 @@ namespace Microsoft.AspNetCore.Razor.Language.IntegrationTests
                     return;
                 }
 
-                var expectedDelimiter = expected.IndexOf(" - ", charsVerified);
+                var expectedDelimiter = expected.IndexOf(" - ", charsVerified, StringComparison.Ordinal);
                 if (expectedDelimiter != charsVerified && expectedDelimiter != -1)
                 {
                     throw new InvalidOperationException($"Baseline text is not well-formed: '{actual}'.");
                 }
 
-                var actualDelimiter = actual.IndexOf(" - ", charsVerified);
+                var actualDelimiter = actual.IndexOf(" - ", charsVerified, StringComparison.Ordinal);
                 if (actualDelimiter != charsVerified && actualDelimiter != -1)
                 {
                     throw new InvalidOperationException($"Baseline text is not well-formed: '{actual}'.");
@@ -202,7 +202,7 @@ namespace Microsoft.AspNetCore.Razor.Language.IntegrationTests
 
             private string GetName(string text, int start)
             {
-                var delimiter = text.IndexOf(" - ", start);
+                var delimiter = text.IndexOf(" - ", start, StringComparison.Ordinal);
                 if (delimiter == -1)
                 {
                     throw new InvalidOperationException($"Baseline text is not well-formed: '{text}'.");
@@ -213,7 +213,7 @@ namespace Microsoft.AspNetCore.Razor.Language.IntegrationTests
 
             private string GetLocation(string text, int start)
             {
-                var delimiter = text.IndexOf(" - ", start);
+                var delimiter = text.IndexOf(" - ", start, StringComparison.Ordinal);
                 return delimiter == -1 ? text.Substring(start) : text.Substring(start, delimiter - start);
             }
 

src/Razor/test/Microsoft.AspNetCore.Razor.Test.Common/Language/IntegrationTests/IntermediateNodeWriter.cs

@@ -277,7 +277,7 @@ namespace Microsoft.AspNetCore.Razor.Language.IntegrationTests
         protected void WriteName(IntermediateNode node)
         {
             var typeName = node.GetType().Name;
-            if (typeName.EndsWith("IntermediateNode"))
+            if (typeName.EndsWith("IntermediateNode", StringComparison.Ordinal))
             {
                 _writer.Write(typeName.Substring(0, typeName.Length - "IntermediateNode".Length));
             }

src/Razor/test/Microsoft.AspNetCore.Razor.Test.Common/Language/IntegrationTests/RazorIntegrationTestBase.cs

@@ -146,7 +146,7 @@ namespace Microsoft.AspNetCore.Razor.Language.IntegrationTests
 
             // FilePaths in Razor are **always** are of the form '/a/b/c.cshtml'
             var filePath = cshtmlRelativePath.Replace('\\', '/');
-            if (!filePath.StartsWith("/"))
+            if (!filePath.StartsWith("/", StringComparison.Ordinal))
             {
                 filePath = '/' + filePath;
             }

src/Razor/test/Microsoft.AspNetCore.Razor.Test.Common/Language/Legacy/SyntaxNodeVerifier.cs

@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -176,13 +176,13 @@ namespace Microsoft.AspNetCore.Razor.Language.Legacy
                     return;
                 }
 
-                var expectedDelimiter = expected.IndexOf(" - ", charsVerified);
+                var expectedDelimiter = expected.IndexOf(" - ", charsVerified, StringComparison.Ordinal);
                 if (expectedDelimiter != charsVerified && expectedDelimiter != -1)
                 {
                     throw new InvalidOperationException($"Baseline text is not well-formed: '{actual}'.");
                 }
 
-                var actualDelimiter = actual.IndexOf(" - ", charsVerified);
+                var actualDelimiter = actual.IndexOf(" - ", charsVerified, StringComparison.Ordinal);
                 if (actualDelimiter != charsVerified && actualDelimiter != -1)
                 {
                     throw new InvalidOperationException($"Baseline text is not well-formed: '{actual}'.");
@@ -223,7 +223,7 @@ namespace Microsoft.AspNetCore.Razor.Language.Legacy
 
             private string GetName(string text, int start)
             {
-                var delimiter = text.IndexOf(" - ", start);
+                var delimiter = text.IndexOf(" - ", start, StringComparison.Ordinal);
                 if (delimiter == -1)
                 {
                     throw new InvalidOperationException($"Baseline text is not well-formed: '{text}'.");
@@ -234,7 +234,7 @@ namespace Microsoft.AspNetCore.Razor.Language.Legacy
 
             private string GetLocation(string text, int start)
             {
-                var delimiter = text.IndexOf(" - ", start);
+                var delimiter = text.IndexOf(" - ", start, StringComparison.Ordinal);
                 return delimiter == -1 ? text.Substring(start) : text.Substring(start, delimiter - start);
             }
 

src/Servers/IIS/IIS/test/Common.FunctionalTests/HttpsTests.cs

@@ -88,7 +88,7 @@ namespace Microsoft.AspNetCore.Server.IIS.FunctionalTests
                     Assert.Equal("Disabled", responseText);
                 }
             }
-            catch (Exception ex)
+            catch (Exception)
             {
                 Logger.LogError($"Certificate is invalid. Issuer name: {cert?.Issuer}");
                 using (var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine))
@@ -101,7 +101,7 @@ namespace Microsoft.AspNetCore.Server.IIS.FunctionalTests
                     }
                     store.Close();
                 }
-                throw ex;
+                throw;
             }
         }
     }

src/Servers/IIS/IIS/test/Common.FunctionalTests/Infrastructure/Helpers.cs

@@ -233,7 +233,7 @@ namespace Microsoft.AspNetCore.Server.IIS.FunctionalTests
                 {
                     logger.LogError($"{hostingProcess.ProcessName} pid: {hostingProcess.Id} hasExited: {hostingProcess.HasExited.ToString()}");
                 }
-                throw ex;
+                throw;
             }
         }
 

src/Servers/Kestrel/Core/test/MessageBodyTests.cs

@@ -351,9 +351,9 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Core.Tests
                     var res = await stream.ReadAsync(buffer, 0, buffer.Length);
                     Assert.Equal(0, res);
                 }
-                catch (Exception ex)
+                catch (Exception)
                 {
-                    throw ex;
+                    throw;
                 }
 
                 await body.StopAsync();

src/Testing/src/AssemblyTestLog.cs

@@ -108,7 +108,7 @@ namespace Microsoft.AspNetCore.Testing
             var assemblyName = _assembly.GetName().Name;
 
             // Try to shorten the class name using the assembly name
-            if (className.StartsWith(assemblyName + "."))
+            if (className.StartsWith(assemblyName + ".", StringComparison.Ordinal))
             {
                 className = className.Substring(assemblyName.Length + 1);
             }

src/Testing/src/HttpClientSlim.cs

@@ -101,7 +101,7 @@ namespace Microsoft.AspNetCore.Testing
                 var status = GetStatus(response);
                 new HttpResponseMessage(status).EnsureSuccessStatusCode();
 
-                var body = response.Substring(response.IndexOf("\r\n\r\n") + 4);
+                var body = response.Substring(response.IndexOf("\r\n\r\n", StringComparison.Ordinal) + 4);
                 return body;
             }
         }

src/Testing/src/Logging/XunitLoggerProvider.cs

@@ -96,7 +96,7 @@ namespace Microsoft.Extensions.Logging.Testing
 
             // Remove the last line-break, because ITestOutputHelper only has WriteLine.
             var message = messageBuilder.ToString();
-            if (message.EndsWith(Environment.NewLine))
+            if (message.EndsWith(Environment.NewLine, StringComparison.Ordinal))
             {
                 message = message.Substring(0, message.Length - Environment.NewLine.Length);
             }

src/Testing/src/TestFileOutputContext.cs

@@ -108,7 +108,7 @@ namespace Microsoft.AspNetCore.Testing
 
             // Try to shorten the class name using the assembly name
             var assemblyName = type.Assembly.GetName().Name;
-            if (name.StartsWith(assemblyName + "."))
+            if (name.StartsWith(assemblyName + ".", StringComparison.Ordinal))
             {
                 name = name.Substring(assemblyName.Length + 1);
             }

src/Testing/src/xunit/SkipOnHelixAttribute.cs

@@ -52,7 +52,7 @@ namespace Microsoft.AspNetCore.Testing
 
             var targetQueue = GetTargetHelixQueue().ToLowerInvariant();
 
-            if (Queues.Contains("All.OSX") && targetQueue.StartsWith("osx"))
+            if (Queues.Contains("All.OSX") && targetQueue.StartsWith("osx", StringComparison.OrdinalIgnoreCase))
             {
                 return true;
             }