New rule S6934: You should specify the RouteAttribute when an HttpMethodAttribute is specified at an action level #8954
Conversation
costin-zaharia-sonarsource
force-pushed
the
Martin/New_S6934
branch
4 times, most recently
from
1951a32
to
cf8f8bd
Compare
analyzers/tests/SonarAnalyzer.Test/TestCases/SpecifyRouteAttribute.cs
Outdated
Show resolved
Hide resolved
analyzers/tests/SonarAnalyzer.Test/TestCases/SpecifyRouteAttribute.cs
Outdated
Show resolved
Hide resolved
analyzers/tests/SonarAnalyzer.Test/TestCases/SpecifyRouteAttribute.cs
Outdated
Show resolved
Hide resolved
costin-zaharia-sonarsource
force-pushed
the
Martin/New_S6934
branch
from
b3a695a
to
5a159d1
Compare
| using Microsoft.AspNetCore.Mvc.Routing; | ||
|
|
||
| public partial class HomeController : Controller | ||
| { |
There was a problem hiding this comment.
Add a non-compliant action here. I'm not sure if secondary locations are filtered or not. I'm also not sure if reporting a secondary location in a generated file is a problem or not. But it would be interesting to learn.
There was a problem hiding this comment.
Good point. These are not filtered.
There was a problem hiding this comment.
I will not change the behavior, I will just document it.
analyzers/src/SonarAnalyzer.CSharp/Rules/SpecifyRouteAttribute.cs
Outdated
Show resolved
Hide resolved
costin-zaharia-sonarsource
force-pushed
the
Martin/New_S6934
branch
from
a13fc77
to
8ad9358
Compare
costin-zaharia-sonarsource
force-pushed
the
Martin/New_S6934
branch
from
7099130
to
9b498e4
Compare
analyzers/src/SonarAnalyzer.CSharp/Rules/SpecifyRouteAttribute.cs
Outdated
Show resolved
Hide resolved
analyzers/tests/SonarAnalyzer.Test/Rules/SpecifyRouteAttributeTest.cs
Outdated
Show resolved
Hide resolved
analyzers/tests/SonarAnalyzer.Test/Rules/SpecifyRouteAttributeTest.cs
Outdated
Show resolved
Hide resolved
analyzers/src/SonarAnalyzer.CSharp/Rules/SpecifyRouteAttribute.cs
Outdated
Show resolved
Hide resolved
analyzers/src/SonarAnalyzer.CSharp/Rules/SpecifyRouteAttribute.cs
Outdated
Show resolved
Hide resolved
analyzers/src/SonarAnalyzer.CSharp/Rules/SpecifyRouteAttribute.cs
Outdated
Show resolved
Hide resolved
analyzers/src/SonarAnalyzer.CSharp/Rules/SpecifyRouteAttribute.cs
Outdated
Show resolved
Hide resolved
|
@costin-zaharia-sonarsource Coverage is almost 100%. I think we should be able to cover |
costin-zaharia-sonarsource
force-pushed
the
Martin/New_S6934
branch
from
53d9045
to
5c7cb06
Compare
I have mixed feelings about this. Do you see a specific risk that we take if we don't cover this case? |
costin-zaharia-sonarsource
force-pushed
the
Martin/New_S6934
branch
from
5c7cb06
to
1eb7a39
Compare
costin-zaharia-sonarsource
force-pushed
the
Martin/New_S6934
branch
from
1eb7a39
to
3042fd3
Compare
| } | ||
|
|
||
| private static bool CanBeIgnored(string template) => | ||
| string.IsNullOrWhiteSpace(template) |
There was a problem hiding this comment.
Very minor concern. I have tried the following out:
public class SomeController : Controller
{
[Route(" ")]
public IActionResult WithRouteAttribute() => View();
}It registers the route https://localhost:7010/%20. The same happens with [Route("/t")]
So technically, the rule would apply for any non-null template, including space, tabs, and probably other whitespace.
There was a problem hiding this comment.
Ok, I've changed the behavior.
|
|
||
| using MA = Microsoft.AspNetCore; | ||
|
|
||
| public class RouteTemplateIsNotSpecifiedController : Controller |
There was a problem hiding this comment.
We don't seem to have tests for:
- routes with whitespace chars: space and tab in particular
- multiple attributes on the same action
- one attribute with a non-empty route template and one without (non-compliant)
- both attributes without non-empty route templates (compliant)
- both attributes with non-empty route templates (non-compliant)
- mix of
HttpMethodAttributeandRouteAttribute
There was a problem hiding this comment.
We have already some test cases with a mix:
I'll check and add the others
|
|
||
| public class RouteTemplateIsNotSpecifiedController : Controller | ||
| { | ||
| public IActionResult Index() => View(); // Compliant |
There was a problem hiding this comment.
Personal opinion: I would use the name of the method to convey the meaning for the test. For example:
Index->WithoutHttpAttributeIndex2->WithHttpAttributeNoRouteIndex3->WithHttpAttributeAndArgumentListNoRoute- etc.
This way the intent for the test becomes clearer, and the list is also easy to rearrange, since the increasing numbering doesn't have to be honored.
| public IActionResult AbsoluteUri2(string sortBy) => View(); // Compliant, absolute uri | ||
|
|
||
| public IActionResult Error() => View(); // Compliant | ||
| } |
There was a problem hiding this comment.
I would add the following, to document that the "null or whitespace" behavior also applies to Route:
[Route(" ")]
public IActionResult WithSpaceRouteInRouteAttribute() => View(); // Compliant
[Route("\t")]
public IActionResult WithTabRouteInRouteAttribute() => View(); // CompliantThere was a problem hiding this comment.
I've made them noncompliant, according to: #8954 (comment)
| ]); | ||
|
|
||
| [TestMethod] | ||
| public void SpecifyRouteAttribute_CS() => |
There was a problem hiding this comment.
The test should have the _CSharp12 suffix, instead of _CS.
|
|
I missed this question. I think it's fine. I tried to do something like the following: class X {
virtual void (string x) { }
}But I got an You can have a missing identifier in a class X {
~() { }
}
However, Moreover, the identifier is not optional in the production rule of So I don't see an easy way of generating a case where the Identifier is |
Fixes #8872
Remaining: