From b76ac90c6b168ebbc9d4112eb8f50bbfeddceb71 Mon Sep 17 00:00:00 2001 From: Mary Georgiou <89914005+mary-georgiou-sonarsource@users.noreply.github.com> Date: Mon, 27 May 2024 14:46:57 +0200 Subject: [PATCH] S6964: Issue is reported on the attribute instead of the property (#9332) --- .../S6964-IntentionalFindings-net8.0.json | 2 +- .../SonarAnalyzer.CSharp/Rules/AspNet/AvoidUnderPosting.cs | 2 +- .../TestCases/AspNet/AvoidUnderPosting.CSharp12.cs | 4 ++-- .../SonarAnalyzer.Test/TestCases/AspNet/AvoidUnderPosting.cs | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/analyzers/its/expected/ManuallyAddedNoncompliantIssues.CS/S6964-IntentionalFindings-net8.0.json b/analyzers/its/expected/ManuallyAddedNoncompliantIssues.CS/S6964-IntentionalFindings-net8.0.json index 9d4a4d1973a..05a624fc5d2 100644 --- a/analyzers/its/expected/ManuallyAddedNoncompliantIssues.CS/S6964-IntentionalFindings-net8.0.json +++ b/analyzers/its/expected/ManuallyAddedNoncompliantIssues.CS/S6964-IntentionalFindings-net8.0.json @@ -4,7 +4,7 @@ "Id": "S6964", "Message": "Property used as input in a controller action should be nullable or annotated with the Required attribute to avoid under-posting.", "Uri": "https://github.com/SonarSource/sonar-dotnet/blob/master/analyzers/its/Projects/ManuallyAddedNoncompliantIssues.CS/IntentionalFindings/S6964.cs#L9", - "Location": "Line 9 Position 13-51" + "Location": "Line 9 Position 24-37" } ] } \ No newline at end of file diff --git a/analyzers/src/SonarAnalyzer.CSharp/Rules/AspNet/AvoidUnderPosting.cs b/analyzers/src/SonarAnalyzer.CSharp/Rules/AspNet/AvoidUnderPosting.cs index 78f14e70517..6f71be7024a 100644 --- a/analyzers/src/SonarAnalyzer.CSharp/Rules/AspNet/AvoidUnderPosting.cs +++ b/analyzers/src/SonarAnalyzer.CSharp/Rules/AspNet/AvoidUnderPosting.cs @@ -82,7 +82,7 @@ private static void CheckInvalidProperties(INamedTypeSymbol parameterType, Sonar .Where(x => !CanBeNull(x.Type) && !x.HasAnyAttribute(ValidationAttributes) && !x.IsRequired()); foreach (var property in invalidProperties) { - context.ReportIssue(Rule, property.GetFirstSyntaxRef().GetLocation()); + context.ReportIssue(Rule, property.GetFirstSyntaxRef().GetIdentifier()?.GetLocation()); } } diff --git a/analyzers/tests/SonarAnalyzer.Test/TestCases/AspNet/AvoidUnderPosting.CSharp12.cs b/analyzers/tests/SonarAnalyzer.Test/TestCases/AspNet/AvoidUnderPosting.CSharp12.cs index add187fe05e..5f37cf7af16 100644 --- a/analyzers/tests/SonarAnalyzer.Test/TestCases/AspNet/AvoidUnderPosting.CSharp12.cs +++ b/analyzers/tests/SonarAnalyzer.Test/TestCases/AspNet/AvoidUnderPosting.CSharp12.cs @@ -30,8 +30,8 @@ public class Model { public int ValueProperty { get; set; } // Noncompliant - [Custom] // Noncompliant repro for https://github.com/SonarSource/sonar-dotnet/issues/9282 - public int ValuePropertyAnnotatedWithCustomAttribute { get; set; } + [Custom] + public int ValuePropertyAnnotatedWithCustomAttribute { get; set; } // Noncompliant [JsonRequired] // Compliant - the property is annotated with JsonRequiredAttribute public int AnotherValueProperty { get; set; } diff --git a/analyzers/tests/SonarAnalyzer.Test/TestCases/AspNet/AvoidUnderPosting.cs b/analyzers/tests/SonarAnalyzer.Test/TestCases/AspNet/AvoidUnderPosting.cs index e7da2626b7c..237aed24ceb 100644 --- a/analyzers/tests/SonarAnalyzer.Test/TestCases/AspNet/AvoidUnderPosting.cs +++ b/analyzers/tests/SonarAnalyzer.Test/TestCases/AspNet/AvoidUnderPosting.cs @@ -14,7 +14,7 @@ public class ClassNotUsedInRequests public class ModelUsedInController { public int ValueProperty { get; set; } // Noncompliant {{Property used as input in a controller action should be nullable or annotated with the Required attribute to avoid under-posting.}} -// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +// ^^^^^^^^^^^^^ public int? NullableValueProperty { get; set; } [Required] public int RequiredValueProperty { get; set; } [Range(0, 10)] public int ValuePropertyWithRangeValidation { get; set; } // Noncompliant