Update Microsoft.CodeAnalysis.NetAnalyzers to 3.3.0-beta3.20407.4 (#4…

…0560)
dotnet · Aug 9, 2020 · aa5fdab · aa5fdab
1 parent 4a58c28
commit aa5fdab
Show file tree

Hide file tree

Showing 11 changed files with 32 additions and 7 deletions.
diff --git a/eng/Analyzers.props b/eng/Analyzers.props
@@ -6,7 +6,7 @@
   </PropertyGroup>
   <ItemGroup Condition="'$(EnableAnalyzers)' == 'true'">
     <PackageReference Include="Microsoft.DotNet.CodeAnalysis" Version="$(MicrosoftDotNetCodeAnalysisVersion)" PrivateAssets="all" IsImplicitlyDefined="true" />
-    <PackageReference Include="Microsoft.CodeAnalysis.NetAnalyzers" Version="3.3.0-beta1.20355.1" PrivateAssets="all" />
+    <PackageReference Include="Microsoft.CodeAnalysis.NetAnalyzers" Version="3.3.0-beta3.20407.4" PrivateAssets="all" />
     <PackageReference Include="StyleCop.Analyzers" Version="1.2.0-beta.164" PrivateAssets="all" />
   </ItemGroup>
 </Project>
diff --git a/eng/CodeAnalysis.ruleset b/eng/CodeAnalysis.ruleset
@@ -64,6 +64,7 @@
       <Rule Id="CA1308" Action="None" />             <!-- Normalize strings to uppercase -->
       <Rule Id="CA1309" Action="None" />             <!-- Use ordinal stringcomparison -->
       <Rule Id="CA1401" Action="Warning" />          <!-- P/Invokes should not be visible -->
+      <Rule Id="CA1417" Action="Warning" />          <!-- Do not use 'OutAttribute' on string parameters for P/Invokes -->
       <Rule Id="CA1501" Action="None" />             <!-- Avoid excessive inheritance -->
       <Rule Id="CA1502" Action="None" />             <!-- Avoid excessive complexity -->
       <Rule Id="CA1505" Action="None" />             <!-- Avoid unmaintainable code -->
@@ -112,6 +113,8 @@
       <Rule Id="CA1834" Action="Warning" />          <!-- Consider using 'StringBuilder.Append(char)' when applicable. -->
       <Rule Id="CA1835" Action="Warning" />          <!-- Prefer the 'Memory'-based overloads for 'ReadAsync' and 'WriteAsync' -->
       <Rule Id="CA1836" Action="Info" />             <!-- Prefer IsEmpty over Count -->
+      <Rule Id="CA1837" Action="Warning" />          <!-- Use 'Environment.ProcessId' -->
+      <Rule Id="CA1838" Action="Warning" />          <!-- Avoid 'StringBuilder' parameters for P/Invokes -->
       <Rule Id="CA2000" Action="None" />             <!-- Dispose objects before losing scope -->
       <Rule Id="CA2002" Action="None" />             <!-- Do not lock on objects with weak identity -->
       <Rule Id="CA2007" Action="Warning" />          <!-- Consider calling ConfigureAwait on the awaited task -->
@@ -174,6 +177,15 @@
       <Rule Id="CA2328" Action="None" />             <!-- Ensure that JsonSerializerSettings are secure -->
       <Rule Id="CA2329" Action="None" />             <!-- Do not deserialize with JsonSerializer using an insecure configuration -->
       <Rule Id="CA2330" Action="None" />             <!-- Ensure that JsonSerializer has a secure configuration when deserializing -->
+      <Rule Id="CA2350" Action="None" />             <!-- Do not use DataTable.ReadXml() with untrusted data -->
+      <Rule Id="CA2351" Action="None" />             <!-- Do not use DataSet.ReadXml() with untrusted data -->
+      <Rule Id="CA2352" Action="None" />             <!-- Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks -->
+      <Rule Id="CA2353" Action="None" />             <!-- Unsafe DataSet or DataTable in serializable type -->
+      <Rule Id="CA2354" Action="None" />             <!-- Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attacks -->
+      <Rule Id="CA2355" Action="None" />             <!-- Unsafe DataSet or DataTable type found in deserializable object graph -->
+      <Rule Id="CA2356" Action="None" />             <!-- Unsafe DataSet or DataTable type in web deserializable object graph -->
+      <Rule Id="CA2361" Action="None" />             <!-- Ensure autogenerated class containing DataSet.ReadXml() is not used with untrusted data -->
+      <Rule Id="CA2362" Action="None" />             <!-- Unsafe DataSet or DataTable in autogenerated serializable type can be vulnerable to remote code execution attacks -->
       <Rule Id="CA3001" Action="None" />             <!-- Review code for SQL injection vulnerabilities -->
       <Rule Id="CA3002" Action="None" />             <!-- Review code for XSS vulnerabilities -->
       <Rule Id="CA3003" Action="None" />             <!-- Review code for file path injection vulnerabilities -->
@@ -239,6 +251,8 @@
       <Rule Id="CA5401" Action="None" />             <!-- Do not use CreateEncryptor with non-default IV -->
       <Rule Id="CA5402" Action="None" />             <!-- Use CreateEncryptor with the default IV  -->
       <Rule Id="CA5403" Action="None" />             <!-- Do not hard-code certificate -->
+      <Rule Id="IL3000" Action="None" />             <!-- Avoid using accessing Assembly file path when publishing as a single-file -->
+      <Rule Id="IL3001" Action="None" />             <!-- Avoid using accessing Assembly file path when publishing as a single-file -->
   </Rules>
   <Rules AnalyzerId="StyleCop.Analyzers" RuleNamespace="StyleCop.Analyzers">
     <Rule Id="AD0001" Action="None" /> <!-- Analyzer threw an exception -->

diff --git a/src/libraries/Common/src/Interop/Windows/Advapi32/Interop.CreateProcessWithLogon.cs b/src/libraries/Common/src/Interop/Windows/Advapi32/Interop.CreateProcessWithLogon.cs
@@ -18,7 +18,9 @@ internal static extern bool CreateProcessWithLogonW(
             IntPtr password,
             LogonFlags logonFlags,
             string? appName,
+#pragma warning disable CA1838 // reasonable use of StringBuilder to build up a command line
             [In] StringBuilder cmdLine,
+#pragma warning restore CA1838
             int creationFlags,
             IntPtr environmentBlock,
             string lpCurrentDirectory,

diff --git a/src/libraries/Common/src/Interop/Windows/Advapi32/Interop.CryptGetDefaultProvider.cs b/src/libraries/Common/src/Interop/Windows/Advapi32/Interop.CryptGetDefaultProvider.cs
@@ -20,7 +20,9 @@ public static extern bool CryptGetDefaultProvider(
             int dwProvType,
             IntPtr pdwReserved,
             GetDefaultProviderFlags dwFlags,
-            StringBuilder? pszProvName,
+#pragma warning disable CA1838 // not on a hot path
+            [Out] StringBuilder? pszProvName,
+#pragma warning restore CA1838
             ref int pcbProvName);
     }
 }
diff --git a/src/libraries/Common/src/Interop/Windows/Kernel32/Interop.CreateProcess.cs b/src/libraries/Common/src/Interop/Windows/Kernel32/Interop.CreateProcess.cs
@@ -15,7 +15,9 @@ internal partial class Kernel32
         [DllImport(Libraries.Kernel32, CharSet = CharSet.Unicode, SetLastError = true, BestFitMapping = false, EntryPoint = "CreateProcessW")]
         internal static extern bool CreateProcess(
             string? lpApplicationName,
+#pragma warning disable CA1838 // reasonable use of StringBuilder to build up a command line
             [In] StringBuilder lpCommandLine,
+#pragma warning restore CA1838
             ref SECURITY_ATTRIBUTES procSecAttrs,
             ref SECURITY_ATTRIBUTES threadSecAttrs,
             bool bInheritHandles,

diff --git a/src/libraries/Common/src/Interop/Windows/WinHttp/Interop.winhttp.cs b/src/libraries/Common/src/Interop/Windows/WinHttp/Interop.winhttp.cs
@@ -43,7 +43,9 @@ public static extern SafeWinHttpHandle WinHttpOpenRequest(
         [return: MarshalAs(UnmanagedType.Bool)]
         public static extern bool WinHttpAddRequestHeaders(
             SafeWinHttpHandle requestHandle,
+#pragma warning disable CA1838 // Uses pooled StringBuilder
             [In] StringBuilder headers,
+#pragma warning restore CA1838
             uint headersLength,
             uint modifiers);
 
@@ -59,7 +61,7 @@ public static extern bool WinHttpAddRequestHeaders(
         [return: MarshalAs(UnmanagedType.Bool)]
         public static extern bool WinHttpSendRequest(
             SafeWinHttpHandle requestHandle,
-            [In] StringBuilder headers,
+            IntPtr headers,
             uint headersLength,
             IntPtr optional,
             uint optionalLength,

diff --git a/src/libraries/System.Data.Odbc/src/System.Data.Odbc.csproj b/src/libraries/System.Data.Odbc/src/System.Data.Odbc.csproj
@@ -3,7 +3,7 @@
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
     <TargetFrameworks>$(NetCoreAppCurrent)-Windows_NT;$(NetCoreAppCurrent)-FreeBSD;$(NetCoreAppCurrent)-illumos;$(NetCoreAppCurrent)-Solaris;$(NetCoreAppCurrent)-Linux;$(NetCoreAppCurrent)-OSX;$(NetCoreAppCurrent)-iOS;$(NetCoreAppCurrent)-tvOS;$(NetCoreAppCurrent);netcoreapp2.0-FreeBSD;netcoreapp2.0-Linux;netcoreapp2.0-OSX;netcoreapp2.0-Windows_NT;netstandard2.0;net461-Windows_NT</TargetFrameworks>
     <ExcludeCurrentNetCoreAppFromPackage>true</ExcludeCurrentNetCoreAppFromPackage>
-    <NoWarn>$(NoWarn);CA2249</NoWarn>
+    <NoWarn>$(NoWarn);CA2249;CA1838</NoWarn>
     <Nullable>enable</Nullable>
   </PropertyGroup>
   <!-- DesignTimeBuild requires all the TargetFramework Derived Properties to not be present in the first property group. -->

diff --git a/src/libraries/System.Diagnostics.EventLog/src/System.Diagnostics.EventLog.csproj b/src/libraries/System.Diagnostics.EventLog/src/System.Diagnostics.EventLog.csproj
@@ -3,6 +3,7 @@
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
     <TargetFrameworks>$(NetCoreAppCurrent)-Windows_NT;netcoreapp2.0-Windows_NT;net461;netstandard2.0</TargetFrameworks>
     <ExcludeCurrentNetCoreAppFromPackage>true</ExcludeCurrentNetCoreAppFromPackage>
+    <NoWarn>$(NoWarn);CA1838</NoWarn>
   </PropertyGroup>
   <!-- DesignTimeBuild requires all the TargetFramework Derived Properties to not be present in the first property group. -->
   <PropertyGroup>

diff --git a/src/libraries/System.Drawing.Common/src/System/Drawing/Printing/LibcupsNative.cs b/src/libraries/System.Drawing.Common/src/System/Drawing/Printing/LibcupsNative.cs
@@ -33,7 +33,9 @@ internal static IntPtr LoadLibcups()
         internal static extern void cupsFreeDests(int num_dests, IntPtr dests);
 
         [DllImport(LibraryName, ExactSpelling = true, CharSet = CharSet.Ansi)]
-        internal static extern IntPtr cupsTempFd(StringBuilder sb, int len);
+#pragma warning disable CA1838 // not hot-path enough to worry about the overheads of StringBuilder marshaling
+        internal static extern IntPtr cupsTempFd([Out] StringBuilder sb, int len);
+#pragma warning restore CA1838
 
         [DllImport(LibraryName, ExactSpelling = true)]
         internal static extern IntPtr cupsGetDefault();

diff --git a/src/libraries/System.Net.Http.WinHttpHandler/src/System/Net/Http/WinHttpHandler.cs b/src/libraries/System.Net.Http.WinHttpHandler/src/System/Net/Http/WinHttpHandler.cs
@@ -1406,7 +1406,7 @@ private RendezvousAwaitable<int> InternalSendRequestAsync(WinHttpRequestState st
                 state.Pin();
                 if (!Interop.WinHttp.WinHttpSendRequest(
                     state.RequestHandle,
-                    null,
+                    IntPtr.Zero,
                     0,
                     IntPtr.Zero,
                     0,

diff --git a/src/libraries/System.Net.Http.WinHttpHandler/tests/UnitTests/FakeInterop.cs b/src/libraries/System.Net.Http.WinHttpHandler/tests/UnitTests/FakeInterop.cs
@@ -157,7 +157,7 @@ public static SafeWinHttpHandle WinHttpOpenRequest(
 
         public static bool WinHttpSendRequest(
             SafeWinHttpHandle requestHandle,
-            StringBuilder headers,
+            IntPtr headers,
             uint headersLength,
             IntPtr optional,
             uint optionalLength,