Monday, May 14, 2012

Best Practice fix issues from MSOCAF checking – Part 1

Best Practice fix issues from MSOCAF checking – Part 1

Microsoft SharePoint Online Code Analysis Framework (MSOCAF) is a tool published by Microsoft to check the code with the rules which are pre-defined online. This tool is not a desktop application, and because it is using an extensible framework, so every time the program runs, it updates the rules from SharePoint online engineering team. There are a lot of areas like memory management, security vulnerabilities, exception handling…that MSOCAF focuses on. MSOCAF is including FxCop, CAT.NET and SPDisposeCheck checking.

Use this tool to test deployment, roll back deployment and submit your code to Microsoft to prepare to push your product on cloud.

To download MSOCAF tool, click this link:


After downloaded, click on setup.exe


After installed, there is an icon on desktop. Click on icon to start running the tool. For the very first time, it will update the rules from SharePoint Online engineering team, so it takes a little long time. Be patient! But for the next time, its speed is faster and if there is no internet connection, all the rules are loaded from cache. We also could not customize, change or remove any rules from MSOCAF.

First screen of MSOCAF look like this:


Before analyze the code of your product, prepare the folders structure and copy all related files.

  • Create root folder, this is a top most folder. You can create it anywhere in your local drive.
  • Create a child folder named “Release documents” and copy all files *.doc (*.docx), *.xml for application note or guidance to use your product.
  • Create a child folder named “Solutions artifacts” and copy all files *.dll, *.exe, *.pdb, *.stp, *.wsp, *.xml of your product. Note: all of referent dlls or files should be copied to here unless it will stop analyzing.
  • Create a child folder named “Installation scripts” including almost files to install your product. It also include PowerShell scripting, xslt or sql script.
  • Create a child folder named “Test documents” and copy all test case documents or any files related to product.

The root folder and Solutions artifacts folder are required existing, other folders does not need to create. If you don’t have any files about test case, release documents or installation scripts, don’t worry about that, just copy dll and exe to Solutions artifacts folder and leave other folders to be empty. For the next time, to check another project, let delete all files in Solutions artifacts and copy dll’s another project then paste into this folder.

Analyze the code

Click on Analyze button, the structure folder guideline window shows and click next (if you are acquainted with usage this tool, stick the check box “Skip this step in the future”) and the rules review window shows (you are also doing stick the check box “Skip this step in the future) then click next. The next screen, select a Root folder that you’ve created before. Finally, click on analyze to start checking.

After checking finished, there is a folder named “Caf reports” is created and there are 3 report files inside.
Note: for the next time checking, MSOCAF will notify a warning about the folder “Caf reports” is existed, that means you had run checking before and if you would like to load previous report or run new analysis. Depend on your purpose to decide what you need to do.


If you click on Run New Analysis, you will get the next window warning/error about the structure of folders. Because you have copied incorrect files and pasted into the folder. For example, “Release documents” is only hosted by *.doc, *.docx or *.xml but there is another file type. So, MSOCAF shows error folder structure. However, if there is not important for your purpose checking, you could answer ‘Yes’ to continue and bypass any error about folder structure.


We recommend that you should correct any error before start analyzing the code.

Now, take a rest and drink a cup of coffee to wait until the MSOCAF finish checking. The result look like:


To view the issue easily, use filter dropdown control to select exactly assembly to view. You also scope down the issue to view by using test cases dropdown to select the rule. Failed issue only contains error issues, so please focus on error as a high priority and warning as low priority.

I love this tool very much because it not only shows the error and bad code in our code but also shows how to fix the issue and explain why it is recognized as an error.


Just click a link attached to know how the best practice code is and follow the instruction to fix your issues. However, some easy issues just have the very short explanation and no link is attached.

No comments: