Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

S6931: Support for ASP.NET Core #8939

Merged
merged 3 commits into from
Mar 21, 2024
Merged

S6931: Support for ASP.NET Core #8939

merged 3 commits into from
Mar 21, 2024

Conversation

mary-georgiou-sonarsource
Copy link
Contributor

@mary-georgiou-sonarsource mary-georgiou-sonarsource commented Mar 18, 2024
edited
Loading

Related to #8870

@martin-strecker-sonarsource Please ignore the squash-rebase commit. I rebased.

@mary-georgiou-sonarsource mary-georgiou-sonarsource marked this pull request as draft March 18, 2024 09:44
@mary-georgiou-sonarsource mary-georgiou-sonarsource force-pushed the mary/S6931-aspnetcore-2.x branch 14 times, most recently from 5899532 to 6cb3a8e Compare March 19, 2024 15:28
@mary-georgiou-sonarsource mary-georgiou-sonarsource force-pushed the mary/S6931-aspnetcore-2.x branch 3 times, most recently from 9e9b345 to 7e09abf Compare March 20, 2024 11:02
martin-strecker-sonarsource
martin-strecker-sonarsource reviewed Mar 20, 2024
View reviewed changes
analyzers/src/SonarAnalyzer.Common/Rules/RouteTemplateShouldNotStartWithSlashBase.cs Outdated
compilationStartContext.RegisterSymbolStartAction(symbolStartContext =>
{
var symbol = (INamedTypeSymbol)symbolStartContext.Symbol;
if (symbol.IsControllerType() && symbol.ContainingSymbol is not INamedTypeSymbol)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The && symbol.ContainingSymbol is not INamedTypeSymbol part should go into symbol.IsControllerType()

Suggested change
if (symbol.IsControllerType() && symbol.ContainingSymbol is not INamedTypeSymbol)
if (symbol.IsControllerType())

martin-strecker-sonarsource
martin-strecker-sonarsource reviewed Mar 20, 2024
View reviewed changes
analyzers/src/SonarAnalyzer.Common/Rules/RouteTemplateShouldNotStartWithSlashBase.cs Outdated
// If one of the following conditions is true, the rule won't raise an issue
// 1. The controller does not have any actions defined
// 2. At least one action is not annotated with a route attribute or is annotated with a parameterless attribute
// 3. At least one route template defined in a route attribute over any action does not start with '/'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// 3. At least one route template defined in a route attribute over any action does not start with '/'
// 3. There is at least one action with a route template that does not start with '/'

@mary-georgiou-sonarsource mary-georgiou-sonarsource marked this pull request as ready for review March 20, 2024 13:32
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Mar 20, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Mar 20, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

martin-strecker-sonarsource
martin-strecker-sonarsource approved these changes Mar 21, 2024
View reviewed changes
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

I left some comments regarding the interaction of S6931 and S6934, but this is nothing that requires action in this PR. It needs to be discussed independently.

analyzers/tests/SonarAnalyzer.Test/Rules/RouteTemplateShouldNotStartWithSlashTest.cs
Comment on lines +104 to +105
{{attribute}} // Secondary
public ActionResult SomeAction() => View();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These test cases contradict with S6934 "How to fix" option 3).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@martin-strecker-sonarsource @antonioaversa maybe we can exclude in S6931 routes that start with /[controller] as they seem pretty intentional.
WDYT?

analyzers/tests/SonarAnalyzer.Test/TestCases/RouteTemplateShouldNotStartWithSlash.AspNetCore.cs
public IActionResult Index4() => View();
}

public class NoncompliantNoControllerRouteController : Controller // Noncompliant {{Change the paths of the actions of this controller to be relative and add a controller route with the common prefix.}}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This contradicts suggestion 3) for rule S6934. This is not necessarily a bad thing as option 3) is still not ideal. But if you want to do route value binding for a single action only, it is a viable alternative. You just have to accept the S6931 violation afterward. I think we should cross-link between the two RSpecs.
Please look at the next test case as well. We allow absolute path in this rule as well if there is mixed routing.
/cc @costin-zaharia-sonarsource and @antonioaversa

analyzers/tests/SonarAnalyzer.Test/TestCases/RouteTemplateShouldNotStartWithSlash.AspNetCore.cs

public class CompliantNoControllerRouteNoActionRouteController : Controller // Compliant
{
public IActionResult Index1() => View(); // Default route -> relative
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
public IActionResult Index1() => View(); // Default route -> relative
public IActionResult Index1() => View(); // Conventional route -> relative

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed here 1b3c553

analyzers/tests/SonarAnalyzer.Test/TestCases/RouteTemplateShouldNotStartWithSlash.AspNetCore.cs
public class CompliantNoControllerRouteEmptyActionRouteController : Controller // Compliant
{
[HttpGet]
public IActionResult Index1() => View(); // Empty route -> relative
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
public IActionResult Index1() => View(); // Empty route -> relative
public IActionResult Index1() => View(); // Empty route template -> relative conventional routing

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed here 1b3c553

@mary-georgiou-sonarsource mary-georgiou-sonarsource merged commit 6d62fa5 into master Mar 21, 2024
27 checks passed
@mary-georgiou-sonarsource mary-georgiou-sonarsource deleted the mary/S6931-aspnetcore-2.x branch March 21, 2024 13:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@martin-strecker-sonarsource martin-strecker-sonarsource martin-strecker-sonarsource approved these changes

Assignees

@mary-georgiou-sonarsource mary-georgiou-sonarsource

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mary-georgiou-sonarsource @martin-strecker-sonarsource