From ed9341356ee88a8d2d7ca37f10906e6adb546644 Mon Sep 17 00:00:00 2001
From: mary-georgiou-sonarsource
 <mary-georgiou-sonarsource@users.noreply.github.com>
Date: Thu, 22 Feb 2024 16:25:35 +0000
Subject: [PATCH] first rule draft

---
 rules/S6934/csharp/metadata.json | 25 ++++++++++++
 rules/S6934/csharp/rule.adoc     | 66 ++++++++++++++++++++++++++++++++
 rules/S6934/metadata.json        |  2 +
 3 files changed, 93 insertions(+)
 create mode 100644 rules/S6934/csharp/metadata.json
 create mode 100644 rules/S6934/csharp/rule.adoc
 create mode 100644 rules/S6934/metadata.json

diff --git a/rules/S6934/csharp/metadata.json b/rules/S6934/csharp/metadata.json
new file mode 100644
index 00000000000..bf9936df677
--- /dev/null
+++ b/rules/S6934/csharp/metadata.json
@@ -0,0 +1,25 @@
+{
+  "title": "You should specify the RouteAttribute when an HttpMethodAttribute is specified at an action level",
+  "type": "CODE_SMELL",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5min"
+  },
+  "tags": [
+  ],
+  "defaultSeverity": "Major",
+  "ruleSpecification": "RSPEC-6934",
+  "sqKey": "S6934",
+  "scope": "All",
+  "defaultQualityProfiles": ["Sonar way"],
+  "quickfix": "unknown",
+  "code": {
+    "impacts": {
+      "MAINTAINABILITY": "HIGH",
+      "RELIABILITY": "MEDIUM",
+      "SECURITY": "LOW"
+    },
+    "attribute": "CONVENTIONAL"
+  }
+}
diff --git a/rules/S6934/csharp/rule.adoc b/rules/S6934/csharp/rule.adoc
new file mode 100644
index 00000000000..ee02f1070e4
--- /dev/null
+++ b/rules/S6934/csharp/rule.adoc
@@ -0,0 +1,66 @@
+The https://learn.microsoft.com/en-us/aspnet/core/mvc/controllers/routing[routing] middleware in https://learn.microsoft.com/en-us/aspnet/core/mvc/overview[ASP.NET Core MVC] uses a set of predefined rules and conventions to determine which controller and action method to invoke for a given HTTP request. The routing configuration is typically defined with the https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.builder.controllerendpointroutebuilderextensions.mapcontrollerroute[`MapControllerRoute`] method during the application configuration.
+However, without some extra configuration on the developer's part, sometimes the routing system cannot correctly resolve a route and map it to a certain action, resulting in unexpected behavior or errors.
+
+== Why is this an issue?
+
+In ASP.NET MVC, when a https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.mvc.routing.httpmethodattribute[`HttpMethodAttribute`] (such as https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.mvc.httpgetattribute[`HttpGet`], https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.mvc.httppostattribute[`HttpPost`], etc) is specified with a given route template at the action level, it's important that its controller also has a https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.mvc.routeattribute[`RouteAttribute`] defined. If not, then the route pattern that has been defined in `WebApplication.MapControllerRoute` is applied, resulting in an unexpected route and potential confusion. This applies also to when https://learn.microsoft.com/en-us/aspnet/core/mvc/controllers/areas[`areas`] are defined.
+
+
+== How to fix it
+
+When any of the controller actions is annotated with a `HttpMethodAttribute' with a route template, you should also annotate the controller with the `RouteAttribute` as well.
+
+=== Code examples
+
+==== Noncompliant code example
+
+[source,csharp]
+----
+    public class PersonController : Controller
+    {
+        [HttpGet("GetPerson")]
+        public ActionResult Index() // Noncompliant, this action will be reachable by "/root/GetPerson" instead of "/root/Person/GetPerson"
+        {
+            return View();
+        }
+    }
+----
+
+==== Compliant solution
+
+[source,csharp]
+----
+
+    public class PersonController: Controller
+    {
+        [HttpGet]
+        public ActionResult Index() // Compliant, no route template is given to the attribute
+        {
+            return View();
+        }
+    }
+
+    [Route("Person")]
+    public class PersonController: Controller
+    {
+        [HttpGet("GetPerson")]
+        public ActionResult Index() // Compliant
+        {
+            return View();
+        }
+    }
+----
+
+== Resources
+
+=== Documentation
+
+* Microsoft Learn - https://learn.microsoft.com/en-us/aspnet/core/mvc/overview[Overview of ASP.NET Core MVC]
+* Microsoft Learn - https://learn.microsoft.com/en-us/aspnet/core/mvc/controllers/routing[Routing to controller actions in ASP.NET Core]
+
+=== Articles & blog posts
+* Medium - https://medium.com/quick-code/routing-in-asp-net-core-c433bff3f1a4[Routing in ASP.NET Core]
+//=== Conference presentations
+//=== Standards
+//=== External coding guidelines
+//=== Benchmarks
diff --git a/rules/S6934/metadata.json b/rules/S6934/metadata.json
new file mode 100644
index 00000000000..2c63c085104
--- /dev/null
+++ b/rules/S6934/metadata.json
@@ -0,0 +1,2 @@
+{
+}