Disallow some classes in C#?

In followup to Input validations in C#/.NET web applications I am considering to ban classes XmlUrlResolver, XmlDocument, and possibly others.
I noticed that SonarQube (7.9 is the version used, haven´t seen templates in Sonarcloud) does have a template “Track uses of disallowed classes” for Java, but not for C#.
Does that exist in 9.0? Or is it on the list for a future release?
Thanks, Joachim

Java also allows to disallow specific constructors and methods, in C# properties could also be on the list then…

Hi Joachim

Thanks for your suggestions. It seems like a useful rule that could be used wherever an organisation prefers not to use certain classes, methods or properties, for all sorts of reasons including your security use case. We would prefer to have a specific rule for these cases but where that’s not possible a configurable one can be a useful fallback. I will consider this for prioritisation later this year and try and let you know if and when it is available.

Thanks, Tom

Besides company policies, discouraging the use of XmlDocument, XmlElement and others (as XDocument and its counterparts are preferable), is worth a specific rule, with a suggestion on what to use instead. Obviously, this can not be marked as ‘SonarWay’ as there will be a lot of code bases, where that is beyond repair.