From 21018727011ec2c80c96bfd15ebe91fb1ebabc50 Mon Sep 17 00:00:00 2001
From: Costin Zaharia <costin.zaharia@sonarsource.com>
Date: Thu, 20 Jan 2022 14:25:18 +0100
Subject: [PATCH 1/3] Cleanup around ExecutingSqlQueries
---
.../Rules/Hotspots/ExecutingSqlQueries.cs | 5 +-
.../Rules/Hotspots/ExecutingSqlQueriesBase.cs | 67 +++++++++----------
.../Rules/Hotspots/ExecutingSqlQueriesTest.cs | 54 +++++++--------
3 files changed, 61 insertions(+), 65 deletions(-)
diff --git a/analyzers/src/SonarAnalyzer.CSharp/Rules/Hotspots/ExecutingSqlQueries.cs b/analyzers/src/SonarAnalyzer.CSharp/Rules/Hotspots/ExecutingSqlQueries.cs
index 96150e1c75e..ada9e461477 100644
--- a/analyzers/src/SonarAnalyzer.CSharp/Rules/Hotspots/ExecutingSqlQueries.cs
+++ b/analyzers/src/SonarAnalyzer.CSharp/Rules/Hotspots/ExecutingSqlQueries.cs
@@ -71,8 +71,7 @@ protected override Location SecondaryLocationForExpression(ExpressionSyntax node
return Location.None;
}
- if (node.Parent is EqualsValueClauseSyntax equalsValueClause
- && equalsValueClause.Parent is VariableDeclaratorSyntax declarationSyntax)
+ if (node.Parent is EqualsValueClauseSyntax {Parent: VariableDeclaratorSyntax declarationSyntax})
{
return declarationSyntax.Identifier.GetLocation();
}
@@ -95,7 +94,7 @@ private static bool AllConstants(IEnumerable<ArgumentSyntax> arguments, Semantic
private static bool IsConcatenationOfConstants(BinaryExpressionSyntax binaryExpression, SemanticModel semanticModel)
{
System.Diagnostics.Debug.Assert(binaryExpression.IsKind(SyntaxKind.AddExpression), "Binary expression should be of syntax kind add expression.");
- if ((semanticModel.GetTypeInfo(binaryExpression).Type is ITypeSymbol) && binaryExpression.Right.HasConstantValue(semanticModel))
+ if ((semanticModel.GetTypeInfo(binaryExpression).Type != null) && binaryExpression.Right.HasConstantValue(semanticModel))
{
var nestedLeft = binaryExpression.Left;
var nestedBinary = nestedLeft as BinaryExpressionSyntax;
diff --git a/analyzers/src/SonarAnalyzer.Common/Rules/Hotspots/ExecutingSqlQueriesBase.cs b/analyzers/src/SonarAnalyzer.Common/Rules/Hotspots/ExecutingSqlQueriesBase.cs
index dd7d7837244..6f5bd046eaf 100644
--- a/analyzers/src/SonarAnalyzer.Common/Rules/Hotspots/ExecutingSqlQueriesBase.cs
+++ b/analyzers/src/SonarAnalyzer.Common/Rules/Hotspots/ExecutingSqlQueriesBase.cs
@@ -29,7 +29,7 @@ public abstract class ExecutingSqlQueriesBase<TSyntaxKind, TExpressionSyntax, TI
where TExpressionSyntax : SyntaxNode
where TIdentifierNameSyntax : SyntaxNode
{
- protected const string DiagnosticId = "S2077";
+ private const string DiagnosticId = "S2077";
private const string AssignmentWithFormattingMessage = "SQL Query is dynamically formatted and assigned to {0}.";
private const string AssignmentMessage = "SQL query is assigned to {0}.";
private const string MessageFormat = "Make sure using a dynamically formatted SQL query is safe here.";
@@ -38,11 +38,12 @@ public abstract class ExecutingSqlQueriesBase<TSyntaxKind, TExpressionSyntax, TI
private readonly KnownType[] constructorsForFirstArgument =
{
- KnownType.Microsoft_EntityFrameworkCore_RawSqlString,
- KnownType.System_Data_SqlClient_SqlCommand,
- KnownType.System_Data_SqlClient_SqlDataAdapter,
KnownType.System_Data_Odbc_OdbcCommand,
KnownType.System_Data_Odbc_OdbcDataAdapter,
+ KnownType.System_Data_SqlClient_SqlCommand,
+ KnownType.System_Data_SqlClient_SqlDataAdapter,
+ KnownType.System_Data_Sqlite_SqliteCommand,
+ KnownType.System_Data_Sqlite_SQLiteDataAdapter,
KnownType.System_Data_SqlServerCe_SqlCeCommand,
KnownType.System_Data_SqlServerCe_SqlCeDataAdapter,
KnownType.System_Data_OracleClient_OracleCommand,
@@ -51,52 +52,51 @@ public abstract class ExecutingSqlQueriesBase<TSyntaxKind, TExpressionSyntax, TI
KnownType.MySql_Data_MySqlClient_MySqlDataAdapter,
KnownType.MySql_Data_MySqlClient_MySqlScript,
KnownType.Microsoft_Data_Sqlite_SqliteCommand,
- KnownType.System_Data_Sqlite_SqliteCommand,
- KnownType.System_Data_Sqlite_SQLiteDataAdapter,
+ KnownType.Microsoft_EntityFrameworkCore_RawSqlString
};
private readonly KnownType[] constructorsForSecondArgument =
{
- KnownType.MySql_Data_MySqlClient_MySqlScript,
+ KnownType.MySql_Data_MySqlClient_MySqlScript
};
private readonly MemberDescriptor[] invocationsForFirstTwoArguments =
{
- new MemberDescriptor(KnownType.Microsoft_EntityFrameworkCore_RelationalDatabaseFacadeExtensions, "ExecuteSqlCommandAsync"),
- new MemberDescriptor(KnownType.Microsoft_EntityFrameworkCore_RelationalDatabaseFacadeExtensions, "ExecuteSqlCommand"),
- new MemberDescriptor(KnownType.Microsoft_EntityFrameworkCore_RelationalQueryableExtensions, "FromSql"),
+ new(KnownType.Microsoft_EntityFrameworkCore_RelationalDatabaseFacadeExtensions, "ExecuteSqlCommandAsync"),
+ new(KnownType.Microsoft_EntityFrameworkCore_RelationalDatabaseFacadeExtensions, "ExecuteSqlCommand"),
+ new(KnownType.Microsoft_EntityFrameworkCore_RelationalQueryableExtensions, "FromSql")
};
private readonly MemberDescriptor[] invocationsForFirstArgument =
{
- new MemberDescriptor(KnownType.System_Data_Sqlite_SqliteCommand, "Execute"),
+ new(KnownType.System_Data_Sqlite_SqliteCommand, "Execute")
};
private readonly MemberDescriptor[] invocationsForSecondArgument =
{
- new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteDataRow"),
- new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteDataRowAsync"),
- new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteDataset"),
- new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteDatasetAsync"),
- new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteNonQuery"),
- new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteNonQueryAsync"),
- new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteReader"),
- new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteReaderAsync"),
- new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteScalar"),
- new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteScalarAsync"),
- new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "UpdateDataSet"),
- new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "UpdateDataSetAsync"),
+ new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteDataRow"),
+ new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteDataRowAsync"),
+ new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteDataset"),
+ new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteDatasetAsync"),
+ new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteNonQuery"),
+ new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteNonQueryAsync"),
+ new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteReader"),
+ new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteReaderAsync"),
+ new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteScalar"),
+ new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteScalarAsync"),
+ new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "UpdateDataSet"),
+ new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "UpdateDataSetAsync")
};
private readonly MemberDescriptor[] properties =
{
- new MemberDescriptor(KnownType.System_Data_Odbc_OdbcCommand, "CommandText"),
- new MemberDescriptor(KnownType.System_Data_OracleClient_OracleCommand, "CommandText"),
- new MemberDescriptor(KnownType.System_Data_SqlClient_SqlCommand, "CommandText"),
- new MemberDescriptor(KnownType.System_Data_SqlServerCe_SqlCeCommand, "CommandText"),
- new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlCommand, "CommandText"),
- new MemberDescriptor(KnownType.Microsoft_Data_Sqlite_SqliteCommand, "CommandText"),
- new MemberDescriptor(KnownType.System_Data_Sqlite_SqliteCommand, "CommandText"),
+ new(KnownType.System_Data_Odbc_OdbcCommand, "CommandText"),
+ new(KnownType.System_Data_OracleClient_OracleCommand, "CommandText"),
+ new(KnownType.System_Data_SqlClient_SqlCommand, "CommandText"),
+ new(KnownType.System_Data_Sqlite_SqliteCommand, "CommandText"),
+ new(KnownType.System_Data_SqlServerCe_SqlCeCommand, "CommandText"),
+ new(KnownType.Microsoft_Data_Sqlite_SqliteCommand, "CommandText"),
+ new(KnownType.MySql_Data_MySqlClient_MySqlCommand, "CommandText")
};
protected abstract TExpressionSyntax GetArgumentAtIndex(InvocationContext context, int index);
@@ -113,10 +113,7 @@ protected override void Initialize(TrackerInput input)
var inv = Language.Tracker.Invocation;
inv.Track(input,
inv.MatchMethod(invocationsForFirstTwoArguments),
- inv.And(
- MethodHasRawSqlQueryParameter(),
- inv.Or(ArgumentAtIndexIsTracked(0), ArgumentAtIndexIsTracked(1))
- ),
+ inv.And(MethodHasRawSqlQueryParameter(), inv.Or(ArgumentAtIndexIsTracked(0), ArgumentAtIndexIsTracked(1))),
inv.ExceptWhen(inv.ArgumentAtIndexIsConstant(0)));
TrackInvocations(input, invocationsForFirstArgument, FirstArgumentIndex);
@@ -161,7 +158,7 @@ private void TrackObjectCreation(TrackerInput input, KnownType[] objectCreationT
t.Track(input,
t.MatchConstructor(objectCreationTypes),
t.ArgumentAtIndexIs(argumentIndex, KnownType.System_String),
- c => IsTracked(GetArgumentAtIndex(c, argumentIndex), c),
+ c => IsTracked(GetArgumentAtIndex(c, argumentIndex), c),
t.ExceptWhen(t.ArgumentAtIndexIsConst(argumentIndex)));
}
diff --git a/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs b/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs
index 5b574c7f916..5a6b16d2838 100644
--- a/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs
+++ b/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs
@@ -33,22 +33,23 @@ namespace SonarAnalyzer.UnitTest.Rules
[TestClass]
public class ExecutingSqlQueriesTest
{
+ private readonly VerifierBuilder builderCs = new VerifierBuilder().AddAnalyzer(() => new CS.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled));
+ private readonly VerifierBuilder builderVb = new VerifierBuilder().AddAnalyzer(() => new VB.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled));
+
#if NETFRAMEWORK // System.Data.OracleClient.dll is not available on .Net Core
[TestMethod]
public void ExecutingSqlQueries_CS_Net46() =>
- OldVerifier.VerifyAnalyzer(
- @"TestCases\Hotspots\ExecutingSqlQueries_Net46.cs",
- new CS.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled),
- GetReferencesNet46(Constants.NuGetLatestVersion));
+ builderCs.AddPaths(@"Hotspots\ExecutingSqlQueries_Net46.cs")
+ .AddReferences(GetReferencesNet46(Constants.NuGetLatestVersion))
+ .Verify();
[TestMethod]
public void ExecutingSqlQueries_VB_Net46() =>
- OldVerifier.VerifyAnalyzer(
- @"TestCases\Hotspots\ExecutingSqlQueries_Net46.vb",
- new VB.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled),
- ParseOptionsHelper.FromVisualBasic15,
- GetReferencesNet46(Constants.NuGetLatestVersion));
+ builderVb.AddPaths(@"Hotspots\ExecutingSqlQueries_Net46.vb")
+ .WithOptions(ParseOptionsHelper.FromVisualBasic15)
+ .AddReferences(GetReferencesNet46(Constants.NuGetLatestVersion))
+ .Verify();
internal static IEnumerable<MetadataReference> GetReferencesNet46(string sqlServerCeVersion) =>
NetStandardMetadataReference.Netstandard
@@ -63,33 +64,32 @@ internal static IEnumerable<MetadataReference> GetReferencesNet46(string sqlServ
[TestMethod]
public void ExecutingSqlQueries_CS_NetCore() =>
- OldVerifier.VerifyAnalyzer(
- @"TestCases\Hotspots\ExecutingSqlQueries_NetCore.cs",
- new CS.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled),
- ParseOptionsHelper.FromCSharp8,
- GetReferencesNetCore(Constants.DotNetCore220Version));
+ builderCs.AddPaths(@"Hotspots\ExecutingSqlQueries_NetCore.cs")
+ .WithOptions(ParseOptionsHelper.FromCSharp8)
+ .AddReferences(GetReferencesNetCore(Constants.DotNetCore220Version))
+ .Verify();
[TestMethod]
public void ExecutingSqlQueries_CSharp9() =>
- OldVerifier.VerifyAnalyzerFromCSharp9Console(
- @"TestCases\Hotspots\ExecutingSqlQueries.CSharp9.cs",
- new CS.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled),
- GetReferencesNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore()));
+ builderCs.AddPaths(@"Hotspots\ExecutingSqlQueries.CSharp9.cs")
+ .WithTopLevelStatements()
+ .AddReferences(GetReferencesNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore()))
+ .Verify();
[TestMethod]
public void ExecutingSqlQueries_CSharp10() =>
- OldVerifier.VerifyAnalyzerFromCSharp10Console(
- @"TestCases\Hotspots\ExecutingSqlQueries.CSharp10.cs",
- new CS.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled),
- GetReferencesNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore()));
+ builderCs.AddPaths(@"Hotspots\ExecutingSqlQueries.CSharp10.cs")
+ .WithOptions(ParseOptionsHelper.FromCSharp10)
+ .WithTopLevelStatements()
+ .AddReferences(GetReferencesNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore()))
+ .Verify();
[TestMethod]
public void ExecutingSqlQueries_VB_NetCore() =>
- OldVerifier.VerifyAnalyzer(
- @"TestCases\Hotspots\ExecutingSqlQueries_NetCore.vb",
- new VB.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled),
- ParseOptionsHelper.FromVisualBasic15,
- GetReferencesNetCore(Constants.DotNetCore220Version));
+ builderVb.AddPaths(@"Hotspots\ExecutingSqlQueries_NetCore.vb")
+ .WithOptions(ParseOptionsHelper.FromVisualBasic15)
+ .AddReferences(GetReferencesNetCore(Constants.DotNetCore220Version))
+ .Verify();
internal static IEnumerable<MetadataReference> GetReferencesNetCore(string entityFrameworkVersion) =>
Enumerable.Empty<MetadataReference>()
From f63cb8e85bf8ee8c5472415391098506a163320c Mon Sep 17 00:00:00 2001
From: Costin Zaharia <costin.zaharia@sonarsource.com>
Date: Fri, 21 Jan 2022 09:43:21 +0100
Subject: [PATCH 2/3] Add test cases with the latest version of
EntityFrameworkCore
---
.../Rules/Hotspots/ExecutingSqlQueriesBase.cs | 12 ++
.../Trackers/VisualBasicInvocationTracker.cs | 2 +-
.../Common/SecurityHotspotTest.cs | 4 +-
.../Rules/Hotspots/ExecutingSqlQueriesTest.cs | 48 +++++---
...ecutingSqlQueries_EntityFrameworkCore2.cs} | 0
...ecutingSqlQueries_EntityFrameworkCore2.vb} | 0
...ingSqlQueries_EntityFrameworkCoreLatest.cs | 96 ++++++++++++++++
...ingSqlQueries_EntityFrameworkCoreLatest.vb | 104 ++++++++++++++++++
8 files changed, 250 insertions(+), 16 deletions(-)
rename analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/{ExecutingSqlQueries_NetCore.cs => ExecutingSqlQueries_EntityFrameworkCore2.cs} (100%)
rename analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/{ExecutingSqlQueries_NetCore.vb => ExecutingSqlQueries_EntityFrameworkCore2.vb} (100%)
create mode 100644 analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCoreLatest.cs
create mode 100644 analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCoreLatest.vb
diff --git a/analyzers/src/SonarAnalyzer.Common/Rules/Hotspots/ExecutingSqlQueriesBase.cs b/analyzers/src/SonarAnalyzer.Common/Rules/Hotspots/ExecutingSqlQueriesBase.cs
index 6f5bd046eaf..a90dc62cae8 100644
--- a/analyzers/src/SonarAnalyzer.Common/Rules/Hotspots/ExecutingSqlQueriesBase.cs
+++ b/analyzers/src/SonarAnalyzer.Common/Rules/Hotspots/ExecutingSqlQueriesBase.cs
@@ -67,6 +67,13 @@ public abstract class ExecutingSqlQueriesBase<TSyntaxKind, TExpressionSyntax, TI
new(KnownType.Microsoft_EntityFrameworkCore_RelationalQueryableExtensions, "FromSql")
};
+ private readonly MemberDescriptor[] invocationsForFirstTwoArgumentsAfterV2 =
+ {
+ new(KnownType.Microsoft_EntityFrameworkCore_RelationalDatabaseFacadeExtensions, "ExecuteSqlRaw"),
+ new(KnownType.Microsoft_EntityFrameworkCore_RelationalDatabaseFacadeExtensions, "ExecuteSqlRawAsync"),
+ new(KnownType.Microsoft_EntityFrameworkCore_RelationalQueryableExtensions, "FromSqlRaw")
+ };
+
private readonly MemberDescriptor[] invocationsForFirstArgument =
{
new(KnownType.System_Data_Sqlite_SqliteCommand, "Execute")
@@ -116,6 +123,11 @@ protected override void Initialize(TrackerInput input)
inv.And(MethodHasRawSqlQueryParameter(), inv.Or(ArgumentAtIndexIsTracked(0), ArgumentAtIndexIsTracked(1))),
inv.ExceptWhen(inv.ArgumentAtIndexIsConstant(0)));
+ inv.Track(input,
+ inv.MatchMethod(invocationsForFirstTwoArgumentsAfterV2),
+ inv.Or(ArgumentAtIndexIsTracked(0), ArgumentAtIndexIsTracked(1)),
+ inv.ExceptWhen(inv.ArgumentAtIndexIsConstant(0)));
+
TrackInvocations(input, invocationsForFirstArgument, FirstArgumentIndex);
TrackInvocations(input, invocationsForSecondArgument, SecondArgumentIndex);
diff --git a/analyzers/src/SonarAnalyzer.VisualBasic/Trackers/VisualBasicInvocationTracker.cs b/analyzers/src/SonarAnalyzer.VisualBasic/Trackers/VisualBasicInvocationTracker.cs
index 883665f1978..808b936aec0 100644
--- a/analyzers/src/SonarAnalyzer.VisualBasic/Trackers/VisualBasicInvocationTracker.cs
+++ b/analyzers/src/SonarAnalyzer.VisualBasic/Trackers/VisualBasicInvocationTracker.cs
@@ -29,7 +29,7 @@ namespace SonarAnalyzer.Helpers.Trackers
public class VisualBasicInvocationTracker : InvocationTracker<SyntaxKind>
{
protected override ILanguageFacade<SyntaxKind> Language => VisualBasicFacade.Instance;
- protected override SyntaxKind[] TrackedSyntaxKinds { get; } = new[] { SyntaxKind.InvocationExpression };
+ protected override SyntaxKind[] TrackedSyntaxKinds { get; } = { SyntaxKind.InvocationExpression };
public override Condition ArgumentAtIndexIsConstant(int index) =>
context => ((InvocationExpressionSyntax)context.Node).ArgumentList is { } argumentList
diff --git a/analyzers/tests/SonarAnalyzer.UnitTest/Common/SecurityHotspotTest.cs b/analyzers/tests/SonarAnalyzer.UnitTest/Common/SecurityHotspotTest.cs
index eefdd027ccd..f23d2cc1e3e 100644
--- a/analyzers/tests/SonarAnalyzer.UnitTest/Common/SecurityHotspotTest.cs
+++ b/analyzers/tests/SonarAnalyzer.UnitTest/Common/SecurityHotspotTest.cs
@@ -85,7 +85,7 @@ private static string GetTestCaseFileName(string analyzerName) =>
"UsingCookies" => "UsingCookies_Net46",
"LooseFilePermissions" => "LooseFilePermissions.Windows",
#else
- "ExecutingSqlQueries" => "ExecutingSqlQueries_NetCore",
+ "ExecutingSqlQueries" => "ExecutingSqlQueries_EntityFrameworkCoreLatest",
"UsingCookies" => "UsingCookies_NetCore",
"LooseFilePermissions" => "LooseFilePermissions.Unix",
"PermissiveCors" => "PermissiveCors.Net",
@@ -120,7 +120,7 @@ private static IEnumerable<MetadataReference> GetAdditionalReferences(string ana
nameof(UsingRegularExpressions) => MetadataReferenceFacade.RegularExpressions,
#if NET
nameof(DisablingCsrfProtection) => DisablingCsrfProtectionTest.AdditionalReferences(),
- nameof(ExecutingSqlQueries) => ExecutingSqlQueriesTest.GetReferencesNetCore(Constants.DotNetCore220Version),
+ nameof(ExecutingSqlQueries) => ExecutingSqlQueriesTest.GetReferencesEntityFrameworkNetCore(Constants.NuGetLatestVersion),
nameof(LooseFilePermissions) => NuGetMetadataReference.MonoPosixNetStandard(),
nameof(PermissiveCors) => PermissiveCorsTest.AdditionalReferences,
nameof(UsingCookies) => UsingCookies.GetAdditionalReferencesForNetCore(Constants.DotNetCore220Version),
diff --git a/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs b/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs
index 5a6b16d2838..644c3acc2b8 100644
--- a/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs
+++ b/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs
@@ -40,13 +40,15 @@ public class ExecutingSqlQueriesTest
[TestMethod]
public void ExecutingSqlQueries_CS_Net46() =>
- builderCs.AddPaths(@"Hotspots\ExecutingSqlQueries_Net46.cs")
+ builderCs
+ .AddPaths(@"Hotspots\ExecutingSqlQueries_Net46.cs")
.AddReferences(GetReferencesNet46(Constants.NuGetLatestVersion))
.Verify();
[TestMethod]
public void ExecutingSqlQueries_VB_Net46() =>
- builderVb.AddPaths(@"Hotspots\ExecutingSqlQueries_Net46.vb")
+ builderVb
+ .AddPaths(@"Hotspots\ExecutingSqlQueries_Net46.vb")
.WithOptions(ParseOptionsHelper.FromVisualBasic15)
.AddReferences(GetReferencesNet46(Constants.NuGetLatestVersion))
.Verify();
@@ -63,35 +65,55 @@ internal static IEnumerable<MetadataReference> GetReferencesNet46(string sqlServ
#else
[TestMethod]
- public void ExecutingSqlQueries_CS_NetCore() =>
- builderCs.AddPaths(@"Hotspots\ExecutingSqlQueries_NetCore.cs")
+ public void ExecutingSqlQueries_CS_EntityFrameworkCore2() =>
+ builderCs
+ .AddPaths(@"Hotspots\ExecutingSqlQueries_EntityFrameworkCore2.cs")
.WithOptions(ParseOptionsHelper.FromCSharp8)
- .AddReferences(GetReferencesNetCore(Constants.DotNetCore220Version))
+ .AddReferences(GetReferencesEntityFrameworkNetCore("2.2.6"))
+ .Verify();
+
+ [TestMethod]
+ public void ExecutingSqlQueries_CS_EntityFrameworkCoreLatest() =>
+ builderCs
+ .AddPaths(@"Hotspots\ExecutingSqlQueries_EntityFrameworkCoreLatest.cs")
+ .WithOptions(ParseOptionsHelper.FromCSharp8)
+ .AddReferences(GetReferencesEntityFrameworkNetCore(Constants.NuGetLatestVersion))
.Verify();
[TestMethod]
public void ExecutingSqlQueries_CSharp9() =>
- builderCs.AddPaths(@"Hotspots\ExecutingSqlQueries.CSharp9.cs")
+ builderCs
+ .AddPaths(@"Hotspots\ExecutingSqlQueries.CSharp9.cs")
.WithTopLevelStatements()
- .AddReferences(GetReferencesNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore()))
+ .AddReferences(GetReferencesEntityFrameworkNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore()))
.Verify();
[TestMethod]
public void ExecutingSqlQueries_CSharp10() =>
- builderCs.AddPaths(@"Hotspots\ExecutingSqlQueries.CSharp10.cs")
+ builderCs
+ .AddPaths(@"Hotspots\ExecutingSqlQueries.CSharp10.cs")
.WithOptions(ParseOptionsHelper.FromCSharp10)
.WithTopLevelStatements()
- .AddReferences(GetReferencesNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore()))
+ .AddReferences(GetReferencesEntityFrameworkNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore()))
+ .Verify();
+
+ [TestMethod]
+ public void ExecutingSqlQueries_VB_EntityFrameworkCore2() =>
+ builderVb
+ .AddPaths(@"Hotspots\ExecutingSqlQueries_EntityFrameworkCore2.vb")
+ .WithOptions(ParseOptionsHelper.FromVisualBasic15)
+ .AddReferences(GetReferencesEntityFrameworkNetCore(Constants.DotNetCore220Version))
.Verify();
[TestMethod]
- public void ExecutingSqlQueries_VB_NetCore() =>
- builderVb.AddPaths(@"Hotspots\ExecutingSqlQueries_NetCore.vb")
+ public void ExecutingSqlQueries_VB_EntityFrameworkCoreLatest() =>
+ builderVb
+ .AddPaths(@"Hotspots\ExecutingSqlQueries_EntityFrameworkCoreLatest.vb")
.WithOptions(ParseOptionsHelper.FromVisualBasic15)
- .AddReferences(GetReferencesNetCore(Constants.DotNetCore220Version))
+ .AddReferences(GetReferencesEntityFrameworkNetCore(Constants.NuGetLatestVersion))
.Verify();
- internal static IEnumerable<MetadataReference> GetReferencesNetCore(string entityFrameworkVersion) =>
+ internal static IEnumerable<MetadataReference> GetReferencesEntityFrameworkNetCore(string entityFrameworkVersion) =>
Enumerable.Empty<MetadataReference>()
.Concat(NuGetMetadataReference.MicrosoftEntityFrameworkCore(entityFrameworkVersion))
.Concat(NuGetMetadataReference.MicrosoftEntityFrameworkCoreRelational(entityFrameworkVersion));
diff --git a/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_NetCore.cs b/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCore2.cs
similarity index 100%
rename from analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_NetCore.cs
rename to analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCore2.cs
diff --git a/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_NetCore.vb b/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCore2.vb
similarity index 100%
rename from analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_NetCore.vb
rename to analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCore2.vb
diff --git a/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCoreLatest.cs b/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCoreLatest.cs
new file mode 100644
index 00000000000..aceda2bec7c
--- /dev/null
+++ b/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCoreLatest.cs
@@ -0,0 +1,96 @@
+using System;
+using Microsoft.EntityFrameworkCore;
+
+namespace Tests.Diagnostics
+{
+ class Program
+ {
+ private const string ConstQuery = "";
+
+ public void Foo(DbContext context, string query, int x, Guid guid, params object[] parameters)
+ {
+ context.Database.ExecuteSqlRaw($""); // Compliant
+ context.Database.ExecuteSqlRaw(""); // Compliant, constants are safe
+ context.Database.ExecuteSqlRaw(ConstQuery); // Compliant, constants are safe
+ context.Database.ExecuteSqlRaw("" + ""); // Compliant, constants are safe
+ context.Database.ExecuteSqlRaw(query); // Compliant, not concat or format
+ context.Database.ExecuteSqlRaw("" + query); // Noncompliant
+ context.Database.ExecuteSqlRaw($"", parameters); // Compliant
+ context.Database.ExecuteSqlRaw(query, parameters); // Compliant, not concat or format
+
+ context.Database.ExecuteSqlRaw("" + query, parameters); // Noncompliant
+ context.Database.ExecuteSqlRaw($"SELECT * FROM mytable WHERE mycol={query} AND mycol2={0}", parameters[0]); // Noncompliant
+ context.Database.ExecuteSqlRaw($"SELECT * FROM mytable WHERE mycol={query}{query}", x, guid); // Noncompliant
+ context.Database.ExecuteSqlRaw(@$"SELECT * FROM mytable WHERE mycol={query}{query}", x, guid); // Noncompliant
+ context.Database.ExecuteSqlRaw($@"SELECT * FROM mytable WHERE mycol={query}{query}", x, guid); // Noncompliant
+ context.Database.ExecuteSqlRaw($"SELECT * FROM mytable WHERE mycol={query}"); // Noncompliant
+
+ RelationalDatabaseFacadeExtensions.ExecuteSqlRaw(context.Database, query); // Compliant
+ RelationalDatabaseFacadeExtensions.ExecuteSqlRaw(context.Database, $"SELECT * FROM mytable WHERE mycol={query}{query}", x, guid); // Noncompliant
+
+ context.Database.ExecuteSqlRawAsync($""); // Compliant, constants are safe
+ context.Database.ExecuteSqlRawAsync(""); // Compliant, constants are safe
+ context.Database.ExecuteSqlRawAsync(ConstQuery); // Compliant, constants are safe
+ context.Database.ExecuteSqlRawAsync("" + ""); // Compliant, constants are safe
+ context.Database.ExecuteSqlRawAsync(query); // Compliant, not concat
+ context.Database.ExecuteSqlRawAsync("" + query); // Noncompliant
+ context.Database.ExecuteSqlRawAsync(query + ""); // Noncompliant
+ context.Database.ExecuteSqlRawAsync("" + query + ""); // Noncompliant
+ context.Database.ExecuteSqlRawAsync($"", parameters); // Compliant
+ context.Database.ExecuteSqlRawAsync(query, parameters); // Compliant, not concat or format
+
+ context.Database.ExecuteSqlRawAsync("" + query, parameters); // Noncompliant
+ RelationalDatabaseFacadeExtensions.ExecuteSqlRawAsync(context.Database, "" + query, parameters); // Noncompliant
+
+ context.Set<User>().FromSqlRaw($""); // Compliant
+ context.Set<User>().FromSqlRaw(""); // Compliant, constants are safe
+ context.Set<User>().FromSqlRaw(ConstQuery); // Compliant, constants are safe
+ context.Set<User>().FromSqlRaw(query); // Compliant, not concat/format
+ context.Set<User>().FromSqlRaw("" + ""); // Compliant
+ context.Set<User>().FromSqlRaw($"", parameters); // Compliant
+ context.Set<User>().FromSqlRaw("", parameters); // Compliant, the parameters are sanitized
+ context.Set<User>().FromSqlRaw(query, parameters); // Compliant
+ context.Set<User>().FromSqlRaw("" + query, parameters); // Noncompliant
+ RelationalQueryableExtensions.FromSqlRaw(context.Set<User>(), "" + query, parameters); // Noncompliant
+ }
+
+ public void ConcatAndFormat(DbContext context, string query, params object[] parameters)
+ {
+ var concatenated = string.Concat(query, parameters); // Secondary [1,2,3]
+ var formatted = string.Format("INSERT INTO Users (name) VALUES (\"{0}\")", parameters); // Secondary [4,5,6]
+ var interpolated = $"SELECT * FROM mytable WHERE mycol={parameters[0]}"; // Secondary [7,8,9]
+
+ context.Database.ExecuteSqlRaw(string.Concat(query, parameters)); // Noncompliant
+ context.Database.ExecuteSqlRaw(string.Format(query, parameters)); // Noncompliant
+ context.Database.ExecuteSqlRaw(string.Format("INSERT INTO Users (name) VALUES (\"{0}\")", parameters)); // Noncompliant
+ context.Database.ExecuteSqlRaw($"SELECT * FROM mytable WHERE mycol={parameters[0]}"); // Noncompliant
+ context.Database.ExecuteSqlRaw("SELECT * FROM mytable WHERE mycol=" + parameters[0]); // Noncompliant
+ context.Database.ExecuteSqlRaw(formatted); // Noncompliant [4]
+ context.Database.ExecuteSqlRaw(concatenated); // Noncompliant [1]
+ context.Database.ExecuteSqlRaw(interpolated); // Noncompliant [7]
+
+ context.Database.ExecuteSqlRawAsync(string.Concat(query, parameters)); // Noncompliant
+ context.Database.ExecuteSqlRawAsync(string.Format(query, parameters)); // Noncompliant
+ context.Database.ExecuteSqlRawAsync(string.Format("INSERT INTO Users (name) VALUES (\"{0}\")", parameters)); // Noncompliant
+ context.Database.ExecuteSqlRawAsync($"SELECT * FROM mytable WHERE mycol={parameters[0]}"); // Noncompliant
+ context.Database.ExecuteSqlRawAsync("SELECT * FROM mytable WHERE mycol=" + parameters[0]); // Noncompliant
+ context.Database.ExecuteSqlRawAsync(formatted); // Noncompliant [5]
+ context.Database.ExecuteSqlRawAsync(concatenated); // Noncompliant [2]
+ context.Database.ExecuteSqlRawAsync(interpolated); // Noncompliant [8]
+
+ context.Set<User>().FromSqlRaw(string.Concat(query, parameters)); // Noncompliant
+ context.Set<User>().FromSqlRaw(string.Format("INSERT INTO Users (name) VALUES (\"{0}\")", parameters)); // Noncompliant
+ context.Set<User>().FromSqlRaw($"SELECT * FROM mytable WHERE mycol={parameters[0]}"); // Noncompliant
+ context.Set<User>().FromSqlRaw("SELECT * FROM mytable WHERE mycol=" + parameters[0]); // Noncompliant
+ context.Set<User>().FromSqlRaw(formatted); // Noncompliant [6]
+ context.Set<User>().FromSqlRaw(concatenated); // Noncompliant [3]
+ context.Set<User>().FromSqlRaw(interpolated); // Noncompliant [9]
+ }
+ }
+
+ class User
+ {
+ string Id { get; set; }
+ string Name { get; set; }
+ }
+}
diff --git a/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCoreLatest.vb b/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCoreLatest.vb
new file mode 100644
index 00000000000..d48deab5ce3
--- /dev/null
+++ b/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCoreLatest.vb
@@ -0,0 +1,104 @@
+Imports System
+Imports System.Linq
+Imports Microsoft.EntityFrameworkCore
+
+Namespace Tests.Diagnostics
+ Class Program
+ Private Const ConstQuery As String = ""
+
+ Public Sub Foo(ByVal context As DbContext, ByVal query As String, ByVal x As Int32, ParamArray parameters As Object())
+ context.Database.ExecuteSqlRaw($"") ' Noncompliant
+ context.Database.ExecuteSqlRaw("") ' Compliant, constants are safe
+ context.Database.ExecuteSqlRaw(ConstQuery) ' Compliant, constants are safe
+ context.Database.ExecuteSqlRaw("" & "") ' Compliant, constants are safe
+ context.Database.ExecuteSqlRaw("" + "") ' Compliant, constants are safe
+ context.Database.ExecuteSqlRaw(query) ' Compliant, not concat or format
+ context.Database.ExecuteSqlRaw("" & query) ' Noncompliant
+ context.Database.ExecuteSqlRaw("" + query) ' Noncompliant
+ context.Database.ExecuteSqlRaw($"", parameters) ' Noncompliant
+ context.Database.ExecuteSqlRaw(query, parameters) ' Compliant, not concat or format
+ context.Database.ExecuteSqlRaw("" & query, parameters) ' Noncompliant
+ context.Database.ExecuteSqlRaw("" + query, parameters) ' Noncompliant
+
+ context.Database.ExecuteSqlRaw($"SELECT * FROM mytable WHERE mycol={query}", parameters(0)) ' Noncompliant
+ context.Database.ExecuteSqlRaw($"SELECT * FROM mytable WHERE mycol={query}", x) ' Noncompliant
+ context.Database.ExecuteSqlRaw($"SELECT * FROM mytable WHERE mycol={query}") ' Noncompliant
+
+ RelationalDatabaseFacadeExtensions.ExecuteSqlRaw(context.Database, query) ' Compliant
+ RelationalDatabaseFacadeExtensions.ExecuteSqlRaw(context.Database, $"SELECT * FROM mytable WHERE mycol={query} AND col2={0}", x) ' Noncompliant
+
+ context.Database.ExecuteSqlRawAsync($"") ' Noncompliant
+ context.Database.ExecuteSqlRawAsync("") ' Compliant, constants are safe
+ context.Database.ExecuteSqlRawAsync(ConstQuery) ' Compliant, constants are safe
+ context.Database.ExecuteSqlRawAsync("" & "") ' Compliant, constants are safe
+ context.Database.ExecuteSqlRawAsync("" + "") ' Compliant, constants are safe
+ context.Database.ExecuteSqlRawAsync("" + "" & "") ' Compliant, constants are safe
+ context.Database.ExecuteSqlRawAsync("" & "" + "") ' Compliant, constants are safe
+ context.Database.ExecuteSqlRawAsync(query) ' Compliant, not concat or format
+ context.Database.ExecuteSqlRawAsync("" & query) ' Noncompliant
+ context.Database.ExecuteSqlRawAsync("" + query) ' Noncompliant
+ context.Database.ExecuteSqlRawAsync($"", parameters) ' Noncompliant
+ context.Database.ExecuteSqlRawAsync(query, parameters) ' Compliant, not concat or format
+ context.Database.ExecuteSqlRawAsync("" & query, parameters) ' Noncompliant
+ context.Database.ExecuteSqlRawAsync("" + query, parameters) ' Noncompliant
+ context.Database.ExecuteSqlRawAsync(query + "", parameters) ' Noncompliant
+ context.Database.ExecuteSqlRawAsync(query & "", parameters) ' Noncompliant
+ context.Database.ExecuteSqlRawAsync("" & query + "", parameters) ' Noncompliant
+ context.Database.ExecuteSqlRawAsync("" + query & "", parameters) ' Noncompliant
+ context.Database.ExecuteSqlRawAsync($"SELECT * FROM mytable WHERE mycol={query}") ' Noncompliant
+ context.Database.ExecuteSqlRawAsync($"SELECT * FROM mytable WHERE mycol={query}", x) ' Noncompliant
+ RelationalDatabaseFacadeExtensions.ExecuteSqlRawAsync(context.Database, "" & query, parameters) ' Noncompliant
+ RelationalDatabaseFacadeExtensions.ExecuteSqlRawAsync(context.Database, "" + query, parameters) ' Noncompliant
+
+ context.Set(Of User)().FromSqlRaw($"") ' Noncompliant
+ context.Set(Of User)().FromSqlRaw("") ' Compliant, constants are safe
+ context.Set(Of User)().FromSqlRaw(ConstQuery) ' Compliant, constants are safe
+ context.Set(Of User)().FromSqlRaw(query) ' Compliant, not concat or format
+ context.Set(Of User)().FromSqlRaw("" & "") ' Compliant, constants are safe
+ context.Set(Of User)().FromSqlRaw("" + "") ' Compliant, constants are safe
+ context.Set(Of User)().FromSqlRaw($"", parameters) ' Noncompliant
+ context.Set(Of User)().FromSqlRaw("", parameters) ' Compliant, the parameters are sanitized
+ context.Set(Of User)().FromSqlRaw(query, parameters) ' Compliant, not concat or format
+ context.Set(Of User)().FromSqlRaw("" & query, parameters) ' Noncompliant
+ context.Set(Of User)().FromSqlRaw("" + query, parameters) ' Noncompliant
+ context.Set(Of User)().FromSqlRaw($"SELECT * FROM mytable WHERE mycol={query}") ' Noncompliant
+ context.Set(Of User)().FromSqlRaw($"SELECT * FROM mytable WHERE mycol={query}", x) ' Noncompliant
+ RelationalQueryableExtensions.FromSqlRaw(context.Set(Of User)(), "" & query, parameters) ' Noncompliant
+ RelationalQueryableExtensions.FromSqlRaw(context.Set(Of User)(), "" + query, parameters) ' Noncompliant
+
+ End Sub
+
+ Public Sub ConcatAndFormat(ByVal context As DbContext, ByVal query As String, ParamArray parameters As Object())
+ Dim formatted = String.Format("INSERT INTO Users (name) VALUES (""{0}"")", parameters) ' Secondary [1,2,3]
+ Dim concatenated = String.Concat(query, parameters) ' Secondary [4,5,6]
+ Dim interpolated = $"SELECT * FROM mytable WHERE mycol={query}" ' Secondary [7,8,9]
+
+ context.Database.ExecuteSqlRaw(String.Concat(query, parameters)) ' Noncompliant
+ context.Database.ExecuteSqlRaw(String.Format(query, parameters)) ' Noncompliant
+ context.Database.ExecuteSqlRaw(String.Format("INSERT INTO Users (name) VALUES (""{0}"")", parameters)) ' Noncompliant
+ context.Database.ExecuteSqlRaw($"SELECT * FROM mytable WHERE mycol={parameters(0)}") ' Noncompliant
+ context.Database.ExecuteSqlRaw(formatted) ' Noncompliant [1]
+ context.Database.ExecuteSqlRaw(concatenated) ' Noncompliant [4]
+ context.Database.ExecuteSqlRaw(interpolated) ' Noncompliant [7]
+
+ context.Database.ExecuteSqlRawAsync(String.Concat(query, parameters)) ' Noncompliant
+ context.Database.ExecuteSqlRawAsync(String.Format(query, parameters)) ' Noncompliant
+ context.Database.ExecuteSqlRawAsync(String.Format("INSERT INTO Users (name) VALUES (""{0}"")", parameters)) ' Noncompliant
+ context.Database.ExecuteSqlRawAsync(formatted) ' Noncompliant [2]
+ context.Database.ExecuteSqlRawAsync(concatenated) ' Noncompliant [5]
+ context.Database.ExecuteSqlRawAsync(interpolated) ' Noncompliant [8]
+
+ context.Set(Of User)().FromSqlRaw(String.Concat(query, parameters)) ' Noncompliant
+ context.Set(Of User)().FromSqlRaw(String.Format("INSERT INTO Users (name) VALUES (""{0}"")", parameters)) ' Noncompliant
+ context.Set(Of User)().FromSqlRaw(formatted) ' Noncompliant [3]
+ context.Set(Of User)().FromSqlRaw(concatenated) ' Noncompliant [6]
+ context.Set(Of User)().FromSqlRaw(interpolated) ' Noncompliant [9]
+ End Sub
+
+ End Class
+
+ Class User
+ Private Property Id As String
+ Private Property Name As String
+ End Class
+End Namespace
From af03a3cb5babf3e184ad9e31badf623727ff76d8 Mon Sep 17 00:00:00 2001
From: Costin Zaharia <costin.zaharia@sonarsource.com>
Date: Mon, 24 Jan 2022 16:44:49 +0100
Subject: [PATCH 3/3] Address code review comments
---
.../Rules/Hotspots/ExecutingSqlQueriesTest.cs | 36 +++++++++----------
1 file changed, 18 insertions(+), 18 deletions(-)
diff --git a/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs b/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs
index 644c3acc2b8..3c6804dcaf8 100644
--- a/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs
+++ b/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs
@@ -33,22 +33,22 @@ namespace SonarAnalyzer.UnitTest.Rules
[TestClass]
public class ExecutingSqlQueriesTest
{
- private readonly VerifierBuilder builderCs = new VerifierBuilder().AddAnalyzer(() => new CS.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled));
- private readonly VerifierBuilder builderVb = new VerifierBuilder().AddAnalyzer(() => new VB.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled));
+ private readonly VerifierBuilder builderCS = new VerifierBuilder().AddAnalyzer(() => new CS.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled)).WithBasePath("Hotspots");
+ private readonly VerifierBuilder builderVB = new VerifierBuilder().AddAnalyzer(() => new VB.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled)).WithBasePath("Hotspots");
#if NETFRAMEWORK // System.Data.OracleClient.dll is not available on .Net Core
[TestMethod]
public void ExecutingSqlQueries_CS_Net46() =>
- builderCs
- .AddPaths(@"Hotspots\ExecutingSqlQueries_Net46.cs")
+ builderCS
+ .AddPaths(@"ExecutingSqlQueries_Net46.cs")
.AddReferences(GetReferencesNet46(Constants.NuGetLatestVersion))
.Verify();
[TestMethod]
public void ExecutingSqlQueries_VB_Net46() =>
- builderVb
- .AddPaths(@"Hotspots\ExecutingSqlQueries_Net46.vb")
+ builderVB
+ .AddPaths(@"ExecutingSqlQueries_Net46.vb")
.WithOptions(ParseOptionsHelper.FromVisualBasic15)
.AddReferences(GetReferencesNet46(Constants.NuGetLatestVersion))
.Verify();
@@ -66,32 +66,32 @@ internal static IEnumerable<MetadataReference> GetReferencesNet46(string sqlServ
[TestMethod]
public void ExecutingSqlQueries_CS_EntityFrameworkCore2() =>
- builderCs
- .AddPaths(@"Hotspots\ExecutingSqlQueries_EntityFrameworkCore2.cs")
+ builderCS
+ .AddPaths(@"ExecutingSqlQueries_EntityFrameworkCore2.cs")
.WithOptions(ParseOptionsHelper.FromCSharp8)
.AddReferences(GetReferencesEntityFrameworkNetCore("2.2.6"))
.Verify();
[TestMethod]
public void ExecutingSqlQueries_CS_EntityFrameworkCoreLatest() =>
- builderCs
- .AddPaths(@"Hotspots\ExecutingSqlQueries_EntityFrameworkCoreLatest.cs")
+ builderCS
+ .AddPaths(@"ExecutingSqlQueries_EntityFrameworkCoreLatest.cs")
.WithOptions(ParseOptionsHelper.FromCSharp8)
.AddReferences(GetReferencesEntityFrameworkNetCore(Constants.NuGetLatestVersion))
.Verify();
[TestMethod]
public void ExecutingSqlQueries_CSharp9() =>
- builderCs
- .AddPaths(@"Hotspots\ExecutingSqlQueries.CSharp9.cs")
+ builderCS
+ .AddPaths(@"ExecutingSqlQueries.CSharp9.cs")
.WithTopLevelStatements()
.AddReferences(GetReferencesEntityFrameworkNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore()))
.Verify();
[TestMethod]
public void ExecutingSqlQueries_CSharp10() =>
- builderCs
- .AddPaths(@"Hotspots\ExecutingSqlQueries.CSharp10.cs")
+ builderCS
+ .AddPaths(@"ExecutingSqlQueries.CSharp10.cs")
.WithOptions(ParseOptionsHelper.FromCSharp10)
.WithTopLevelStatements()
.AddReferences(GetReferencesEntityFrameworkNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore()))
@@ -99,16 +99,16 @@ public void ExecutingSqlQueries_CSharp10() =>
[TestMethod]
public void ExecutingSqlQueries_VB_EntityFrameworkCore2() =>
- builderVb
- .AddPaths(@"Hotspots\ExecutingSqlQueries_EntityFrameworkCore2.vb")
+ builderVB
+ .AddPaths(@"ExecutingSqlQueries_EntityFrameworkCore2.vb")
.WithOptions(ParseOptionsHelper.FromVisualBasic15)
.AddReferences(GetReferencesEntityFrameworkNetCore(Constants.DotNetCore220Version))
.Verify();
[TestMethod]
public void ExecutingSqlQueries_VB_EntityFrameworkCoreLatest() =>
- builderVb
- .AddPaths(@"Hotspots\ExecutingSqlQueries_EntityFrameworkCoreLatest.vb")
+ builderVB
+ .AddPaths(@"ExecutingSqlQueries_EntityFrameworkCoreLatest.vb")
.WithOptions(ParseOptionsHelper.FromVisualBasic15)
.AddReferences(GetReferencesEntityFrameworkNetCore(Constants.NuGetLatestVersion))
.Verify();