From 21018727011ec2c80c96bfd15ebe91fb1ebabc50 Mon Sep 17 00:00:00 2001 From: Costin Zaharia <costin.zaharia@sonarsource.com> Date: Thu, 20 Jan 2022 14:25:18 +0100 Subject: [PATCH 1/3] Cleanup around ExecutingSqlQueries --- .../Rules/Hotspots/ExecutingSqlQueries.cs | 5 +- .../Rules/Hotspots/ExecutingSqlQueriesBase.cs | 67 +++++++++---------- .../Rules/Hotspots/ExecutingSqlQueriesTest.cs | 54 +++++++-------- 3 files changed, 61 insertions(+), 65 deletions(-) diff --git a/analyzers/src/SonarAnalyzer.CSharp/Rules/Hotspots/ExecutingSqlQueries.cs b/analyzers/src/SonarAnalyzer.CSharp/Rules/Hotspots/ExecutingSqlQueries.cs index 96150e1c75e..ada9e461477 100644 --- a/analyzers/src/SonarAnalyzer.CSharp/Rules/Hotspots/ExecutingSqlQueries.cs +++ b/analyzers/src/SonarAnalyzer.CSharp/Rules/Hotspots/ExecutingSqlQueries.cs @@ -71,8 +71,7 @@ protected override Location SecondaryLocationForExpression(ExpressionSyntax node return Location.None; } - if (node.Parent is EqualsValueClauseSyntax equalsValueClause - && equalsValueClause.Parent is VariableDeclaratorSyntax declarationSyntax) + if (node.Parent is EqualsValueClauseSyntax {Parent: VariableDeclaratorSyntax declarationSyntax}) { return declarationSyntax.Identifier.GetLocation(); } @@ -95,7 +94,7 @@ private static bool AllConstants(IEnumerable<ArgumentSyntax> arguments, Semantic private static bool IsConcatenationOfConstants(BinaryExpressionSyntax binaryExpression, SemanticModel semanticModel) { System.Diagnostics.Debug.Assert(binaryExpression.IsKind(SyntaxKind.AddExpression), "Binary expression should be of syntax kind add expression."); - if ((semanticModel.GetTypeInfo(binaryExpression).Type is ITypeSymbol) && binaryExpression.Right.HasConstantValue(semanticModel)) + if ((semanticModel.GetTypeInfo(binaryExpression).Type != null) && binaryExpression.Right.HasConstantValue(semanticModel)) { var nestedLeft = binaryExpression.Left; var nestedBinary = nestedLeft as BinaryExpressionSyntax; diff --git a/analyzers/src/SonarAnalyzer.Common/Rules/Hotspots/ExecutingSqlQueriesBase.cs b/analyzers/src/SonarAnalyzer.Common/Rules/Hotspots/ExecutingSqlQueriesBase.cs index dd7d7837244..6f5bd046eaf 100644 --- a/analyzers/src/SonarAnalyzer.Common/Rules/Hotspots/ExecutingSqlQueriesBase.cs +++ b/analyzers/src/SonarAnalyzer.Common/Rules/Hotspots/ExecutingSqlQueriesBase.cs @@ -29,7 +29,7 @@ public abstract class ExecutingSqlQueriesBase<TSyntaxKind, TExpressionSyntax, TI where TExpressionSyntax : SyntaxNode where TIdentifierNameSyntax : SyntaxNode { - protected const string DiagnosticId = "S2077"; + private const string DiagnosticId = "S2077"; private const string AssignmentWithFormattingMessage = "SQL Query is dynamically formatted and assigned to {0}."; private const string AssignmentMessage = "SQL query is assigned to {0}."; private const string MessageFormat = "Make sure using a dynamically formatted SQL query is safe here."; @@ -38,11 +38,12 @@ public abstract class ExecutingSqlQueriesBase<TSyntaxKind, TExpressionSyntax, TI private readonly KnownType[] constructorsForFirstArgument = { - KnownType.Microsoft_EntityFrameworkCore_RawSqlString, - KnownType.System_Data_SqlClient_SqlCommand, - KnownType.System_Data_SqlClient_SqlDataAdapter, KnownType.System_Data_Odbc_OdbcCommand, KnownType.System_Data_Odbc_OdbcDataAdapter, + KnownType.System_Data_SqlClient_SqlCommand, + KnownType.System_Data_SqlClient_SqlDataAdapter, + KnownType.System_Data_Sqlite_SqliteCommand, + KnownType.System_Data_Sqlite_SQLiteDataAdapter, KnownType.System_Data_SqlServerCe_SqlCeCommand, KnownType.System_Data_SqlServerCe_SqlCeDataAdapter, KnownType.System_Data_OracleClient_OracleCommand, @@ -51,52 +52,51 @@ public abstract class ExecutingSqlQueriesBase<TSyntaxKind, TExpressionSyntax, TI KnownType.MySql_Data_MySqlClient_MySqlDataAdapter, KnownType.MySql_Data_MySqlClient_MySqlScript, KnownType.Microsoft_Data_Sqlite_SqliteCommand, - KnownType.System_Data_Sqlite_SqliteCommand, - KnownType.System_Data_Sqlite_SQLiteDataAdapter, + KnownType.Microsoft_EntityFrameworkCore_RawSqlString }; private readonly KnownType[] constructorsForSecondArgument = { - KnownType.MySql_Data_MySqlClient_MySqlScript, + KnownType.MySql_Data_MySqlClient_MySqlScript }; private readonly MemberDescriptor[] invocationsForFirstTwoArguments = { - new MemberDescriptor(KnownType.Microsoft_EntityFrameworkCore_RelationalDatabaseFacadeExtensions, "ExecuteSqlCommandAsync"), - new MemberDescriptor(KnownType.Microsoft_EntityFrameworkCore_RelationalDatabaseFacadeExtensions, "ExecuteSqlCommand"), - new MemberDescriptor(KnownType.Microsoft_EntityFrameworkCore_RelationalQueryableExtensions, "FromSql"), + new(KnownType.Microsoft_EntityFrameworkCore_RelationalDatabaseFacadeExtensions, "ExecuteSqlCommandAsync"), + new(KnownType.Microsoft_EntityFrameworkCore_RelationalDatabaseFacadeExtensions, "ExecuteSqlCommand"), + new(KnownType.Microsoft_EntityFrameworkCore_RelationalQueryableExtensions, "FromSql") }; private readonly MemberDescriptor[] invocationsForFirstArgument = { - new MemberDescriptor(KnownType.System_Data_Sqlite_SqliteCommand, "Execute"), + new(KnownType.System_Data_Sqlite_SqliteCommand, "Execute") }; private readonly MemberDescriptor[] invocationsForSecondArgument = { - new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteDataRow"), - new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteDataRowAsync"), - new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteDataset"), - new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteDatasetAsync"), - new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteNonQuery"), - new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteNonQueryAsync"), - new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteReader"), - new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteReaderAsync"), - new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteScalar"), - new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteScalarAsync"), - new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "UpdateDataSet"), - new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "UpdateDataSetAsync"), + new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteDataRow"), + new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteDataRowAsync"), + new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteDataset"), + new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteDatasetAsync"), + new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteNonQuery"), + new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteNonQueryAsync"), + new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteReader"), + new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteReaderAsync"), + new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteScalar"), + new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteScalarAsync"), + new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "UpdateDataSet"), + new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "UpdateDataSetAsync") }; private readonly MemberDescriptor[] properties = { - new MemberDescriptor(KnownType.System_Data_Odbc_OdbcCommand, "CommandText"), - new MemberDescriptor(KnownType.System_Data_OracleClient_OracleCommand, "CommandText"), - new MemberDescriptor(KnownType.System_Data_SqlClient_SqlCommand, "CommandText"), - new MemberDescriptor(KnownType.System_Data_SqlServerCe_SqlCeCommand, "CommandText"), - new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlCommand, "CommandText"), - new MemberDescriptor(KnownType.Microsoft_Data_Sqlite_SqliteCommand, "CommandText"), - new MemberDescriptor(KnownType.System_Data_Sqlite_SqliteCommand, "CommandText"), + new(KnownType.System_Data_Odbc_OdbcCommand, "CommandText"), + new(KnownType.System_Data_OracleClient_OracleCommand, "CommandText"), + new(KnownType.System_Data_SqlClient_SqlCommand, "CommandText"), + new(KnownType.System_Data_Sqlite_SqliteCommand, "CommandText"), + new(KnownType.System_Data_SqlServerCe_SqlCeCommand, "CommandText"), + new(KnownType.Microsoft_Data_Sqlite_SqliteCommand, "CommandText"), + new(KnownType.MySql_Data_MySqlClient_MySqlCommand, "CommandText") }; protected abstract TExpressionSyntax GetArgumentAtIndex(InvocationContext context, int index); @@ -113,10 +113,7 @@ protected override void Initialize(TrackerInput input) var inv = Language.Tracker.Invocation; inv.Track(input, inv.MatchMethod(invocationsForFirstTwoArguments), - inv.And( - MethodHasRawSqlQueryParameter(), - inv.Or(ArgumentAtIndexIsTracked(0), ArgumentAtIndexIsTracked(1)) - ), + inv.And(MethodHasRawSqlQueryParameter(), inv.Or(ArgumentAtIndexIsTracked(0), ArgumentAtIndexIsTracked(1))), inv.ExceptWhen(inv.ArgumentAtIndexIsConstant(0))); TrackInvocations(input, invocationsForFirstArgument, FirstArgumentIndex); @@ -161,7 +158,7 @@ private void TrackObjectCreation(TrackerInput input, KnownType[] objectCreationT t.Track(input, t.MatchConstructor(objectCreationTypes), t.ArgumentAtIndexIs(argumentIndex, KnownType.System_String), - c => IsTracked(GetArgumentAtIndex(c, argumentIndex), c), + c => IsTracked(GetArgumentAtIndex(c, argumentIndex), c), t.ExceptWhen(t.ArgumentAtIndexIsConst(argumentIndex))); } diff --git a/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs b/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs index 5b574c7f916..5a6b16d2838 100644 --- a/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs +++ b/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs @@ -33,22 +33,23 @@ namespace SonarAnalyzer.UnitTest.Rules [TestClass] public class ExecutingSqlQueriesTest { + private readonly VerifierBuilder builderCs = new VerifierBuilder().AddAnalyzer(() => new CS.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled)); + private readonly VerifierBuilder builderVb = new VerifierBuilder().AddAnalyzer(() => new VB.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled)); + #if NETFRAMEWORK // System.Data.OracleClient.dll is not available on .Net Core [TestMethod] public void ExecutingSqlQueries_CS_Net46() => - OldVerifier.VerifyAnalyzer( - @"TestCases\Hotspots\ExecutingSqlQueries_Net46.cs", - new CS.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled), - GetReferencesNet46(Constants.NuGetLatestVersion)); + builderCs.AddPaths(@"Hotspots\ExecutingSqlQueries_Net46.cs") + .AddReferences(GetReferencesNet46(Constants.NuGetLatestVersion)) + .Verify(); [TestMethod] public void ExecutingSqlQueries_VB_Net46() => - OldVerifier.VerifyAnalyzer( - @"TestCases\Hotspots\ExecutingSqlQueries_Net46.vb", - new VB.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled), - ParseOptionsHelper.FromVisualBasic15, - GetReferencesNet46(Constants.NuGetLatestVersion)); + builderVb.AddPaths(@"Hotspots\ExecutingSqlQueries_Net46.vb") + .WithOptions(ParseOptionsHelper.FromVisualBasic15) + .AddReferences(GetReferencesNet46(Constants.NuGetLatestVersion)) + .Verify(); internal static IEnumerable<MetadataReference> GetReferencesNet46(string sqlServerCeVersion) => NetStandardMetadataReference.Netstandard @@ -63,33 +64,32 @@ internal static IEnumerable<MetadataReference> GetReferencesNet46(string sqlServ [TestMethod] public void ExecutingSqlQueries_CS_NetCore() => - OldVerifier.VerifyAnalyzer( - @"TestCases\Hotspots\ExecutingSqlQueries_NetCore.cs", - new CS.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled), - ParseOptionsHelper.FromCSharp8, - GetReferencesNetCore(Constants.DotNetCore220Version)); + builderCs.AddPaths(@"Hotspots\ExecutingSqlQueries_NetCore.cs") + .WithOptions(ParseOptionsHelper.FromCSharp8) + .AddReferences(GetReferencesNetCore(Constants.DotNetCore220Version)) + .Verify(); [TestMethod] public void ExecutingSqlQueries_CSharp9() => - OldVerifier.VerifyAnalyzerFromCSharp9Console( - @"TestCases\Hotspots\ExecutingSqlQueries.CSharp9.cs", - new CS.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled), - GetReferencesNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore())); + builderCs.AddPaths(@"Hotspots\ExecutingSqlQueries.CSharp9.cs") + .WithTopLevelStatements() + .AddReferences(GetReferencesNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore())) + .Verify(); [TestMethod] public void ExecutingSqlQueries_CSharp10() => - OldVerifier.VerifyAnalyzerFromCSharp10Console( - @"TestCases\Hotspots\ExecutingSqlQueries.CSharp10.cs", - new CS.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled), - GetReferencesNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore())); + builderCs.AddPaths(@"Hotspots\ExecutingSqlQueries.CSharp10.cs") + .WithOptions(ParseOptionsHelper.FromCSharp10) + .WithTopLevelStatements() + .AddReferences(GetReferencesNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore())) + .Verify(); [TestMethod] public void ExecutingSqlQueries_VB_NetCore() => - OldVerifier.VerifyAnalyzer( - @"TestCases\Hotspots\ExecutingSqlQueries_NetCore.vb", - new VB.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled), - ParseOptionsHelper.FromVisualBasic15, - GetReferencesNetCore(Constants.DotNetCore220Version)); + builderVb.AddPaths(@"Hotspots\ExecutingSqlQueries_NetCore.vb") + .WithOptions(ParseOptionsHelper.FromVisualBasic15) + .AddReferences(GetReferencesNetCore(Constants.DotNetCore220Version)) + .Verify(); internal static IEnumerable<MetadataReference> GetReferencesNetCore(string entityFrameworkVersion) => Enumerable.Empty<MetadataReference>() From f63cb8e85bf8ee8c5472415391098506a163320c Mon Sep 17 00:00:00 2001 From: Costin Zaharia <costin.zaharia@sonarsource.com> Date: Fri, 21 Jan 2022 09:43:21 +0100 Subject: [PATCH 2/3] Add test cases with the latest version of EntityFrameworkCore --- .../Rules/Hotspots/ExecutingSqlQueriesBase.cs | 12 ++ .../Trackers/VisualBasicInvocationTracker.cs | 2 +- .../Common/SecurityHotspotTest.cs | 4 +- .../Rules/Hotspots/ExecutingSqlQueriesTest.cs | 48 +++++--- ...ecutingSqlQueries_EntityFrameworkCore2.cs} | 0 ...ecutingSqlQueries_EntityFrameworkCore2.vb} | 0 ...ingSqlQueries_EntityFrameworkCoreLatest.cs | 96 ++++++++++++++++ ...ingSqlQueries_EntityFrameworkCoreLatest.vb | 104 ++++++++++++++++++ 8 files changed, 250 insertions(+), 16 deletions(-) rename analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/{ExecutingSqlQueries_NetCore.cs => ExecutingSqlQueries_EntityFrameworkCore2.cs} (100%) rename analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/{ExecutingSqlQueries_NetCore.vb => ExecutingSqlQueries_EntityFrameworkCore2.vb} (100%) create mode 100644 analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCoreLatest.cs create mode 100644 analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCoreLatest.vb diff --git a/analyzers/src/SonarAnalyzer.Common/Rules/Hotspots/ExecutingSqlQueriesBase.cs b/analyzers/src/SonarAnalyzer.Common/Rules/Hotspots/ExecutingSqlQueriesBase.cs index 6f5bd046eaf..a90dc62cae8 100644 --- a/analyzers/src/SonarAnalyzer.Common/Rules/Hotspots/ExecutingSqlQueriesBase.cs +++ b/analyzers/src/SonarAnalyzer.Common/Rules/Hotspots/ExecutingSqlQueriesBase.cs @@ -67,6 +67,13 @@ public abstract class ExecutingSqlQueriesBase<TSyntaxKind, TExpressionSyntax, TI new(KnownType.Microsoft_EntityFrameworkCore_RelationalQueryableExtensions, "FromSql") }; + private readonly MemberDescriptor[] invocationsForFirstTwoArgumentsAfterV2 = + { + new(KnownType.Microsoft_EntityFrameworkCore_RelationalDatabaseFacadeExtensions, "ExecuteSqlRaw"), + new(KnownType.Microsoft_EntityFrameworkCore_RelationalDatabaseFacadeExtensions, "ExecuteSqlRawAsync"), + new(KnownType.Microsoft_EntityFrameworkCore_RelationalQueryableExtensions, "FromSqlRaw") + }; + private readonly MemberDescriptor[] invocationsForFirstArgument = { new(KnownType.System_Data_Sqlite_SqliteCommand, "Execute") @@ -116,6 +123,11 @@ protected override void Initialize(TrackerInput input) inv.And(MethodHasRawSqlQueryParameter(), inv.Or(ArgumentAtIndexIsTracked(0), ArgumentAtIndexIsTracked(1))), inv.ExceptWhen(inv.ArgumentAtIndexIsConstant(0))); + inv.Track(input, + inv.MatchMethod(invocationsForFirstTwoArgumentsAfterV2), + inv.Or(ArgumentAtIndexIsTracked(0), ArgumentAtIndexIsTracked(1)), + inv.ExceptWhen(inv.ArgumentAtIndexIsConstant(0))); + TrackInvocations(input, invocationsForFirstArgument, FirstArgumentIndex); TrackInvocations(input, invocationsForSecondArgument, SecondArgumentIndex); diff --git a/analyzers/src/SonarAnalyzer.VisualBasic/Trackers/VisualBasicInvocationTracker.cs b/analyzers/src/SonarAnalyzer.VisualBasic/Trackers/VisualBasicInvocationTracker.cs index 883665f1978..808b936aec0 100644 --- a/analyzers/src/SonarAnalyzer.VisualBasic/Trackers/VisualBasicInvocationTracker.cs +++ b/analyzers/src/SonarAnalyzer.VisualBasic/Trackers/VisualBasicInvocationTracker.cs @@ -29,7 +29,7 @@ namespace SonarAnalyzer.Helpers.Trackers public class VisualBasicInvocationTracker : InvocationTracker<SyntaxKind> { protected override ILanguageFacade<SyntaxKind> Language => VisualBasicFacade.Instance; - protected override SyntaxKind[] TrackedSyntaxKinds { get; } = new[] { SyntaxKind.InvocationExpression }; + protected override SyntaxKind[] TrackedSyntaxKinds { get; } = { SyntaxKind.InvocationExpression }; public override Condition ArgumentAtIndexIsConstant(int index) => context => ((InvocationExpressionSyntax)context.Node).ArgumentList is { } argumentList diff --git a/analyzers/tests/SonarAnalyzer.UnitTest/Common/SecurityHotspotTest.cs b/analyzers/tests/SonarAnalyzer.UnitTest/Common/SecurityHotspotTest.cs index eefdd027ccd..f23d2cc1e3e 100644 --- a/analyzers/tests/SonarAnalyzer.UnitTest/Common/SecurityHotspotTest.cs +++ b/analyzers/tests/SonarAnalyzer.UnitTest/Common/SecurityHotspotTest.cs @@ -85,7 +85,7 @@ private static string GetTestCaseFileName(string analyzerName) => "UsingCookies" => "UsingCookies_Net46", "LooseFilePermissions" => "LooseFilePermissions.Windows", #else - "ExecutingSqlQueries" => "ExecutingSqlQueries_NetCore", + "ExecutingSqlQueries" => "ExecutingSqlQueries_EntityFrameworkCoreLatest", "UsingCookies" => "UsingCookies_NetCore", "LooseFilePermissions" => "LooseFilePermissions.Unix", "PermissiveCors" => "PermissiveCors.Net", @@ -120,7 +120,7 @@ private static IEnumerable<MetadataReference> GetAdditionalReferences(string ana nameof(UsingRegularExpressions) => MetadataReferenceFacade.RegularExpressions, #if NET nameof(DisablingCsrfProtection) => DisablingCsrfProtectionTest.AdditionalReferences(), - nameof(ExecutingSqlQueries) => ExecutingSqlQueriesTest.GetReferencesNetCore(Constants.DotNetCore220Version), + nameof(ExecutingSqlQueries) => ExecutingSqlQueriesTest.GetReferencesEntityFrameworkNetCore(Constants.NuGetLatestVersion), nameof(LooseFilePermissions) => NuGetMetadataReference.MonoPosixNetStandard(), nameof(PermissiveCors) => PermissiveCorsTest.AdditionalReferences, nameof(UsingCookies) => UsingCookies.GetAdditionalReferencesForNetCore(Constants.DotNetCore220Version), diff --git a/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs b/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs index 5a6b16d2838..644c3acc2b8 100644 --- a/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs +++ b/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs @@ -40,13 +40,15 @@ public class ExecutingSqlQueriesTest [TestMethod] public void ExecutingSqlQueries_CS_Net46() => - builderCs.AddPaths(@"Hotspots\ExecutingSqlQueries_Net46.cs") + builderCs + .AddPaths(@"Hotspots\ExecutingSqlQueries_Net46.cs") .AddReferences(GetReferencesNet46(Constants.NuGetLatestVersion)) .Verify(); [TestMethod] public void ExecutingSqlQueries_VB_Net46() => - builderVb.AddPaths(@"Hotspots\ExecutingSqlQueries_Net46.vb") + builderVb + .AddPaths(@"Hotspots\ExecutingSqlQueries_Net46.vb") .WithOptions(ParseOptionsHelper.FromVisualBasic15) .AddReferences(GetReferencesNet46(Constants.NuGetLatestVersion)) .Verify(); @@ -63,35 +65,55 @@ internal static IEnumerable<MetadataReference> GetReferencesNet46(string sqlServ #else [TestMethod] - public void ExecutingSqlQueries_CS_NetCore() => - builderCs.AddPaths(@"Hotspots\ExecutingSqlQueries_NetCore.cs") + public void ExecutingSqlQueries_CS_EntityFrameworkCore2() => + builderCs + .AddPaths(@"Hotspots\ExecutingSqlQueries_EntityFrameworkCore2.cs") .WithOptions(ParseOptionsHelper.FromCSharp8) - .AddReferences(GetReferencesNetCore(Constants.DotNetCore220Version)) + .AddReferences(GetReferencesEntityFrameworkNetCore("2.2.6")) + .Verify(); + + [TestMethod] + public void ExecutingSqlQueries_CS_EntityFrameworkCoreLatest() => + builderCs + .AddPaths(@"Hotspots\ExecutingSqlQueries_EntityFrameworkCoreLatest.cs") + .WithOptions(ParseOptionsHelper.FromCSharp8) + .AddReferences(GetReferencesEntityFrameworkNetCore(Constants.NuGetLatestVersion)) .Verify(); [TestMethod] public void ExecutingSqlQueries_CSharp9() => - builderCs.AddPaths(@"Hotspots\ExecutingSqlQueries.CSharp9.cs") + builderCs + .AddPaths(@"Hotspots\ExecutingSqlQueries.CSharp9.cs") .WithTopLevelStatements() - .AddReferences(GetReferencesNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore())) + .AddReferences(GetReferencesEntityFrameworkNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore())) .Verify(); [TestMethod] public void ExecutingSqlQueries_CSharp10() => - builderCs.AddPaths(@"Hotspots\ExecutingSqlQueries.CSharp10.cs") + builderCs + .AddPaths(@"Hotspots\ExecutingSqlQueries.CSharp10.cs") .WithOptions(ParseOptionsHelper.FromCSharp10) .WithTopLevelStatements() - .AddReferences(GetReferencesNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore())) + .AddReferences(GetReferencesEntityFrameworkNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore())) + .Verify(); + + [TestMethod] + public void ExecutingSqlQueries_VB_EntityFrameworkCore2() => + builderVb + .AddPaths(@"Hotspots\ExecutingSqlQueries_EntityFrameworkCore2.vb") + .WithOptions(ParseOptionsHelper.FromVisualBasic15) + .AddReferences(GetReferencesEntityFrameworkNetCore(Constants.DotNetCore220Version)) .Verify(); [TestMethod] - public void ExecutingSqlQueries_VB_NetCore() => - builderVb.AddPaths(@"Hotspots\ExecutingSqlQueries_NetCore.vb") + public void ExecutingSqlQueries_VB_EntityFrameworkCoreLatest() => + builderVb + .AddPaths(@"Hotspots\ExecutingSqlQueries_EntityFrameworkCoreLatest.vb") .WithOptions(ParseOptionsHelper.FromVisualBasic15) - .AddReferences(GetReferencesNetCore(Constants.DotNetCore220Version)) + .AddReferences(GetReferencesEntityFrameworkNetCore(Constants.NuGetLatestVersion)) .Verify(); - internal static IEnumerable<MetadataReference> GetReferencesNetCore(string entityFrameworkVersion) => + internal static IEnumerable<MetadataReference> GetReferencesEntityFrameworkNetCore(string entityFrameworkVersion) => Enumerable.Empty<MetadataReference>() .Concat(NuGetMetadataReference.MicrosoftEntityFrameworkCore(entityFrameworkVersion)) .Concat(NuGetMetadataReference.MicrosoftEntityFrameworkCoreRelational(entityFrameworkVersion)); diff --git a/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_NetCore.cs b/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCore2.cs similarity index 100% rename from analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_NetCore.cs rename to analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCore2.cs diff --git a/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_NetCore.vb b/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCore2.vb similarity index 100% rename from analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_NetCore.vb rename to analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCore2.vb diff --git a/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCoreLatest.cs b/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCoreLatest.cs new file mode 100644 index 00000000000..aceda2bec7c --- /dev/null +++ b/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCoreLatest.cs @@ -0,0 +1,96 @@ +using System; +using Microsoft.EntityFrameworkCore; + +namespace Tests.Diagnostics +{ + class Program + { + private const string ConstQuery = ""; + + public void Foo(DbContext context, string query, int x, Guid guid, params object[] parameters) + { + context.Database.ExecuteSqlRaw($""); // Compliant + context.Database.ExecuteSqlRaw(""); // Compliant, constants are safe + context.Database.ExecuteSqlRaw(ConstQuery); // Compliant, constants are safe + context.Database.ExecuteSqlRaw("" + ""); // Compliant, constants are safe + context.Database.ExecuteSqlRaw(query); // Compliant, not concat or format + context.Database.ExecuteSqlRaw("" + query); // Noncompliant + context.Database.ExecuteSqlRaw($"", parameters); // Compliant + context.Database.ExecuteSqlRaw(query, parameters); // Compliant, not concat or format + + context.Database.ExecuteSqlRaw("" + query, parameters); // Noncompliant + context.Database.ExecuteSqlRaw($"SELECT * FROM mytable WHERE mycol={query} AND mycol2={0}", parameters[0]); // Noncompliant + context.Database.ExecuteSqlRaw($"SELECT * FROM mytable WHERE mycol={query}{query}", x, guid); // Noncompliant + context.Database.ExecuteSqlRaw(@$"SELECT * FROM mytable WHERE mycol={query}{query}", x, guid); // Noncompliant + context.Database.ExecuteSqlRaw($@"SELECT * FROM mytable WHERE mycol={query}{query}", x, guid); // Noncompliant + context.Database.ExecuteSqlRaw($"SELECT * FROM mytable WHERE mycol={query}"); // Noncompliant + + RelationalDatabaseFacadeExtensions.ExecuteSqlRaw(context.Database, query); // Compliant + RelationalDatabaseFacadeExtensions.ExecuteSqlRaw(context.Database, $"SELECT * FROM mytable WHERE mycol={query}{query}", x, guid); // Noncompliant + + context.Database.ExecuteSqlRawAsync($""); // Compliant, constants are safe + context.Database.ExecuteSqlRawAsync(""); // Compliant, constants are safe + context.Database.ExecuteSqlRawAsync(ConstQuery); // Compliant, constants are safe + context.Database.ExecuteSqlRawAsync("" + ""); // Compliant, constants are safe + context.Database.ExecuteSqlRawAsync(query); // Compliant, not concat + context.Database.ExecuteSqlRawAsync("" + query); // Noncompliant + context.Database.ExecuteSqlRawAsync(query + ""); // Noncompliant + context.Database.ExecuteSqlRawAsync("" + query + ""); // Noncompliant + context.Database.ExecuteSqlRawAsync($"", parameters); // Compliant + context.Database.ExecuteSqlRawAsync(query, parameters); // Compliant, not concat or format + + context.Database.ExecuteSqlRawAsync("" + query, parameters); // Noncompliant + RelationalDatabaseFacadeExtensions.ExecuteSqlRawAsync(context.Database, "" + query, parameters); // Noncompliant + + context.Set<User>().FromSqlRaw($""); // Compliant + context.Set<User>().FromSqlRaw(""); // Compliant, constants are safe + context.Set<User>().FromSqlRaw(ConstQuery); // Compliant, constants are safe + context.Set<User>().FromSqlRaw(query); // Compliant, not concat/format + context.Set<User>().FromSqlRaw("" + ""); // Compliant + context.Set<User>().FromSqlRaw($"", parameters); // Compliant + context.Set<User>().FromSqlRaw("", parameters); // Compliant, the parameters are sanitized + context.Set<User>().FromSqlRaw(query, parameters); // Compliant + context.Set<User>().FromSqlRaw("" + query, parameters); // Noncompliant + RelationalQueryableExtensions.FromSqlRaw(context.Set<User>(), "" + query, parameters); // Noncompliant + } + + public void ConcatAndFormat(DbContext context, string query, params object[] parameters) + { + var concatenated = string.Concat(query, parameters); // Secondary [1,2,3] + var formatted = string.Format("INSERT INTO Users (name) VALUES (\"{0}\")", parameters); // Secondary [4,5,6] + var interpolated = $"SELECT * FROM mytable WHERE mycol={parameters[0]}"; // Secondary [7,8,9] + + context.Database.ExecuteSqlRaw(string.Concat(query, parameters)); // Noncompliant + context.Database.ExecuteSqlRaw(string.Format(query, parameters)); // Noncompliant + context.Database.ExecuteSqlRaw(string.Format("INSERT INTO Users (name) VALUES (\"{0}\")", parameters)); // Noncompliant + context.Database.ExecuteSqlRaw($"SELECT * FROM mytable WHERE mycol={parameters[0]}"); // Noncompliant + context.Database.ExecuteSqlRaw("SELECT * FROM mytable WHERE mycol=" + parameters[0]); // Noncompliant + context.Database.ExecuteSqlRaw(formatted); // Noncompliant [4] + context.Database.ExecuteSqlRaw(concatenated); // Noncompliant [1] + context.Database.ExecuteSqlRaw(interpolated); // Noncompliant [7] + + context.Database.ExecuteSqlRawAsync(string.Concat(query, parameters)); // Noncompliant + context.Database.ExecuteSqlRawAsync(string.Format(query, parameters)); // Noncompliant + context.Database.ExecuteSqlRawAsync(string.Format("INSERT INTO Users (name) VALUES (\"{0}\")", parameters)); // Noncompliant + context.Database.ExecuteSqlRawAsync($"SELECT * FROM mytable WHERE mycol={parameters[0]}"); // Noncompliant + context.Database.ExecuteSqlRawAsync("SELECT * FROM mytable WHERE mycol=" + parameters[0]); // Noncompliant + context.Database.ExecuteSqlRawAsync(formatted); // Noncompliant [5] + context.Database.ExecuteSqlRawAsync(concatenated); // Noncompliant [2] + context.Database.ExecuteSqlRawAsync(interpolated); // Noncompliant [8] + + context.Set<User>().FromSqlRaw(string.Concat(query, parameters)); // Noncompliant + context.Set<User>().FromSqlRaw(string.Format("INSERT INTO Users (name) VALUES (\"{0}\")", parameters)); // Noncompliant + context.Set<User>().FromSqlRaw($"SELECT * FROM mytable WHERE mycol={parameters[0]}"); // Noncompliant + context.Set<User>().FromSqlRaw("SELECT * FROM mytable WHERE mycol=" + parameters[0]); // Noncompliant + context.Set<User>().FromSqlRaw(formatted); // Noncompliant [6] + context.Set<User>().FromSqlRaw(concatenated); // Noncompliant [3] + context.Set<User>().FromSqlRaw(interpolated); // Noncompliant [9] + } + } + + class User + { + string Id { get; set; } + string Name { get; set; } + } +} diff --git a/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCoreLatest.vb b/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCoreLatest.vb new file mode 100644 index 00000000000..d48deab5ce3 --- /dev/null +++ b/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCoreLatest.vb @@ -0,0 +1,104 @@ +Imports System +Imports System.Linq +Imports Microsoft.EntityFrameworkCore + +Namespace Tests.Diagnostics + Class Program + Private Const ConstQuery As String = "" + + Public Sub Foo(ByVal context As DbContext, ByVal query As String, ByVal x As Int32, ParamArray parameters As Object()) + context.Database.ExecuteSqlRaw($"") ' Noncompliant + context.Database.ExecuteSqlRaw("") ' Compliant, constants are safe + context.Database.ExecuteSqlRaw(ConstQuery) ' Compliant, constants are safe + context.Database.ExecuteSqlRaw("" & "") ' Compliant, constants are safe + context.Database.ExecuteSqlRaw("" + "") ' Compliant, constants are safe + context.Database.ExecuteSqlRaw(query) ' Compliant, not concat or format + context.Database.ExecuteSqlRaw("" & query) ' Noncompliant + context.Database.ExecuteSqlRaw("" + query) ' Noncompliant + context.Database.ExecuteSqlRaw($"", parameters) ' Noncompliant + context.Database.ExecuteSqlRaw(query, parameters) ' Compliant, not concat or format + context.Database.ExecuteSqlRaw("" & query, parameters) ' Noncompliant + context.Database.ExecuteSqlRaw("" + query, parameters) ' Noncompliant + + context.Database.ExecuteSqlRaw($"SELECT * FROM mytable WHERE mycol={query}", parameters(0)) ' Noncompliant + context.Database.ExecuteSqlRaw($"SELECT * FROM mytable WHERE mycol={query}", x) ' Noncompliant + context.Database.ExecuteSqlRaw($"SELECT * FROM mytable WHERE mycol={query}") ' Noncompliant + + RelationalDatabaseFacadeExtensions.ExecuteSqlRaw(context.Database, query) ' Compliant + RelationalDatabaseFacadeExtensions.ExecuteSqlRaw(context.Database, $"SELECT * FROM mytable WHERE mycol={query} AND col2={0}", x) ' Noncompliant + + context.Database.ExecuteSqlRawAsync($"") ' Noncompliant + context.Database.ExecuteSqlRawAsync("") ' Compliant, constants are safe + context.Database.ExecuteSqlRawAsync(ConstQuery) ' Compliant, constants are safe + context.Database.ExecuteSqlRawAsync("" & "") ' Compliant, constants are safe + context.Database.ExecuteSqlRawAsync("" + "") ' Compliant, constants are safe + context.Database.ExecuteSqlRawAsync("" + "" & "") ' Compliant, constants are safe + context.Database.ExecuteSqlRawAsync("" & "" + "") ' Compliant, constants are safe + context.Database.ExecuteSqlRawAsync(query) ' Compliant, not concat or format + context.Database.ExecuteSqlRawAsync("" & query) ' Noncompliant + context.Database.ExecuteSqlRawAsync("" + query) ' Noncompliant + context.Database.ExecuteSqlRawAsync($"", parameters) ' Noncompliant + context.Database.ExecuteSqlRawAsync(query, parameters) ' Compliant, not concat or format + context.Database.ExecuteSqlRawAsync("" & query, parameters) ' Noncompliant + context.Database.ExecuteSqlRawAsync("" + query, parameters) ' Noncompliant + context.Database.ExecuteSqlRawAsync(query + "", parameters) ' Noncompliant + context.Database.ExecuteSqlRawAsync(query & "", parameters) ' Noncompliant + context.Database.ExecuteSqlRawAsync("" & query + "", parameters) ' Noncompliant + context.Database.ExecuteSqlRawAsync("" + query & "", parameters) ' Noncompliant + context.Database.ExecuteSqlRawAsync($"SELECT * FROM mytable WHERE mycol={query}") ' Noncompliant + context.Database.ExecuteSqlRawAsync($"SELECT * FROM mytable WHERE mycol={query}", x) ' Noncompliant + RelationalDatabaseFacadeExtensions.ExecuteSqlRawAsync(context.Database, "" & query, parameters) ' Noncompliant + RelationalDatabaseFacadeExtensions.ExecuteSqlRawAsync(context.Database, "" + query, parameters) ' Noncompliant + + context.Set(Of User)().FromSqlRaw($"") ' Noncompliant + context.Set(Of User)().FromSqlRaw("") ' Compliant, constants are safe + context.Set(Of User)().FromSqlRaw(ConstQuery) ' Compliant, constants are safe + context.Set(Of User)().FromSqlRaw(query) ' Compliant, not concat or format + context.Set(Of User)().FromSqlRaw("" & "") ' Compliant, constants are safe + context.Set(Of User)().FromSqlRaw("" + "") ' Compliant, constants are safe + context.Set(Of User)().FromSqlRaw($"", parameters) ' Noncompliant + context.Set(Of User)().FromSqlRaw("", parameters) ' Compliant, the parameters are sanitized + context.Set(Of User)().FromSqlRaw(query, parameters) ' Compliant, not concat or format + context.Set(Of User)().FromSqlRaw("" & query, parameters) ' Noncompliant + context.Set(Of User)().FromSqlRaw("" + query, parameters) ' Noncompliant + context.Set(Of User)().FromSqlRaw($"SELECT * FROM mytable WHERE mycol={query}") ' Noncompliant + context.Set(Of User)().FromSqlRaw($"SELECT * FROM mytable WHERE mycol={query}", x) ' Noncompliant + RelationalQueryableExtensions.FromSqlRaw(context.Set(Of User)(), "" & query, parameters) ' Noncompliant + RelationalQueryableExtensions.FromSqlRaw(context.Set(Of User)(), "" + query, parameters) ' Noncompliant + + End Sub + + Public Sub ConcatAndFormat(ByVal context As DbContext, ByVal query As String, ParamArray parameters As Object()) + Dim formatted = String.Format("INSERT INTO Users (name) VALUES (""{0}"")", parameters) ' Secondary [1,2,3] + Dim concatenated = String.Concat(query, parameters) ' Secondary [4,5,6] + Dim interpolated = $"SELECT * FROM mytable WHERE mycol={query}" ' Secondary [7,8,9] + + context.Database.ExecuteSqlRaw(String.Concat(query, parameters)) ' Noncompliant + context.Database.ExecuteSqlRaw(String.Format(query, parameters)) ' Noncompliant + context.Database.ExecuteSqlRaw(String.Format("INSERT INTO Users (name) VALUES (""{0}"")", parameters)) ' Noncompliant + context.Database.ExecuteSqlRaw($"SELECT * FROM mytable WHERE mycol={parameters(0)}") ' Noncompliant + context.Database.ExecuteSqlRaw(formatted) ' Noncompliant [1] + context.Database.ExecuteSqlRaw(concatenated) ' Noncompliant [4] + context.Database.ExecuteSqlRaw(interpolated) ' Noncompliant [7] + + context.Database.ExecuteSqlRawAsync(String.Concat(query, parameters)) ' Noncompliant + context.Database.ExecuteSqlRawAsync(String.Format(query, parameters)) ' Noncompliant + context.Database.ExecuteSqlRawAsync(String.Format("INSERT INTO Users (name) VALUES (""{0}"")", parameters)) ' Noncompliant + context.Database.ExecuteSqlRawAsync(formatted) ' Noncompliant [2] + context.Database.ExecuteSqlRawAsync(concatenated) ' Noncompliant [5] + context.Database.ExecuteSqlRawAsync(interpolated) ' Noncompliant [8] + + context.Set(Of User)().FromSqlRaw(String.Concat(query, parameters)) ' Noncompliant + context.Set(Of User)().FromSqlRaw(String.Format("INSERT INTO Users (name) VALUES (""{0}"")", parameters)) ' Noncompliant + context.Set(Of User)().FromSqlRaw(formatted) ' Noncompliant [3] + context.Set(Of User)().FromSqlRaw(concatenated) ' Noncompliant [6] + context.Set(Of User)().FromSqlRaw(interpolated) ' Noncompliant [9] + End Sub + + End Class + + Class User + Private Property Id As String + Private Property Name As String + End Class +End Namespace From af03a3cb5babf3e184ad9e31badf623727ff76d8 Mon Sep 17 00:00:00 2001 From: Costin Zaharia <costin.zaharia@sonarsource.com> Date: Mon, 24 Jan 2022 16:44:49 +0100 Subject: [PATCH 3/3] Address code review comments --- .../Rules/Hotspots/ExecutingSqlQueriesTest.cs | 36 +++++++++---------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs b/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs index 644c3acc2b8..3c6804dcaf8 100644 --- a/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs +++ b/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs @@ -33,22 +33,22 @@ namespace SonarAnalyzer.UnitTest.Rules [TestClass] public class ExecutingSqlQueriesTest { - private readonly VerifierBuilder builderCs = new VerifierBuilder().AddAnalyzer(() => new CS.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled)); - private readonly VerifierBuilder builderVb = new VerifierBuilder().AddAnalyzer(() => new VB.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled)); + private readonly VerifierBuilder builderCS = new VerifierBuilder().AddAnalyzer(() => new CS.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled)).WithBasePath("Hotspots"); + private readonly VerifierBuilder builderVB = new VerifierBuilder().AddAnalyzer(() => new VB.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled)).WithBasePath("Hotspots"); #if NETFRAMEWORK // System.Data.OracleClient.dll is not available on .Net Core [TestMethod] public void ExecutingSqlQueries_CS_Net46() => - builderCs - .AddPaths(@"Hotspots\ExecutingSqlQueries_Net46.cs") + builderCS + .AddPaths(@"ExecutingSqlQueries_Net46.cs") .AddReferences(GetReferencesNet46(Constants.NuGetLatestVersion)) .Verify(); [TestMethod] public void ExecutingSqlQueries_VB_Net46() => - builderVb - .AddPaths(@"Hotspots\ExecutingSqlQueries_Net46.vb") + builderVB + .AddPaths(@"ExecutingSqlQueries_Net46.vb") .WithOptions(ParseOptionsHelper.FromVisualBasic15) .AddReferences(GetReferencesNet46(Constants.NuGetLatestVersion)) .Verify(); @@ -66,32 +66,32 @@ internal static IEnumerable<MetadataReference> GetReferencesNet46(string sqlServ [TestMethod] public void ExecutingSqlQueries_CS_EntityFrameworkCore2() => - builderCs - .AddPaths(@"Hotspots\ExecutingSqlQueries_EntityFrameworkCore2.cs") + builderCS + .AddPaths(@"ExecutingSqlQueries_EntityFrameworkCore2.cs") .WithOptions(ParseOptionsHelper.FromCSharp8) .AddReferences(GetReferencesEntityFrameworkNetCore("2.2.6")) .Verify(); [TestMethod] public void ExecutingSqlQueries_CS_EntityFrameworkCoreLatest() => - builderCs - .AddPaths(@"Hotspots\ExecutingSqlQueries_EntityFrameworkCoreLatest.cs") + builderCS + .AddPaths(@"ExecutingSqlQueries_EntityFrameworkCoreLatest.cs") .WithOptions(ParseOptionsHelper.FromCSharp8) .AddReferences(GetReferencesEntityFrameworkNetCore(Constants.NuGetLatestVersion)) .Verify(); [TestMethod] public void ExecutingSqlQueries_CSharp9() => - builderCs - .AddPaths(@"Hotspots\ExecutingSqlQueries.CSharp9.cs") + builderCS + .AddPaths(@"ExecutingSqlQueries.CSharp9.cs") .WithTopLevelStatements() .AddReferences(GetReferencesEntityFrameworkNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore())) .Verify(); [TestMethod] public void ExecutingSqlQueries_CSharp10() => - builderCs - .AddPaths(@"Hotspots\ExecutingSqlQueries.CSharp10.cs") + builderCS + .AddPaths(@"ExecutingSqlQueries.CSharp10.cs") .WithOptions(ParseOptionsHelper.FromCSharp10) .WithTopLevelStatements() .AddReferences(GetReferencesEntityFrameworkNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore())) @@ -99,16 +99,16 @@ public void ExecutingSqlQueries_CSharp10() => [TestMethod] public void ExecutingSqlQueries_VB_EntityFrameworkCore2() => - builderVb - .AddPaths(@"Hotspots\ExecutingSqlQueries_EntityFrameworkCore2.vb") + builderVB + .AddPaths(@"ExecutingSqlQueries_EntityFrameworkCore2.vb") .WithOptions(ParseOptionsHelper.FromVisualBasic15) .AddReferences(GetReferencesEntityFrameworkNetCore(Constants.DotNetCore220Version)) .Verify(); [TestMethod] public void ExecutingSqlQueries_VB_EntityFrameworkCoreLatest() => - builderVb - .AddPaths(@"Hotspots\ExecutingSqlQueries_EntityFrameworkCoreLatest.vb") + builderVB + .AddPaths(@"ExecutingSqlQueries_EntityFrameworkCoreLatest.vb") .WithOptions(ParseOptionsHelper.FromVisualBasic15) .AddReferences(GetReferencesEntityFrameworkNetCore(Constants.NuGetLatestVersion)) .Verify();