CodeQL documentation

Missed ‘readonly’ opportunity

ID: cs/missed-readonly-modifier
Kind: problem
Security severity: 
Severity: recommendation
Precision: high
   - maintainability
   - language-features
Query suites:
   - csharp-security-and-quality.qls

Click to see the query in the CodeQL repository

A private field where all assignments occur as part of the declaration or in a constructor in the same class can be readonly. Making a field readonly prevents unintended assignments after object initialization.


Add a readonly modifier to the field, unless changes to the field are allowed after object initialization.


In the following example, the field Field is only assigned to in the constructor, but it can still be modified after object initialization.

class Bad
    int Field;

    public Bad(int i)
        Field = i;

In the revised example, the field is made readonly.

class Good
    readonly int Field;

    public Good(int i)
        Field = i;


  • © GitHub, Inc.
  • Terms
  • Privacy