Improve S6964: Report on Controller Action parameters when Model type is in a different project

Question

Improve S6964: Report on Controller Action parameters when Model type is in a different project

Opened this issue 4 months ago · 1 comments

zsolt-kolbay-sonarsource commented 4 months ago

Improve #9094
S6964 currently only raises an issue when the (neither nullable nor [Required]) property is declared in the same assembly as the Controller (see this test case). This is due to Roslyn not being able to raise an issue if the location is in a different project than the one being analyzed.
Improve the rule by raising an issue even if the property is declared in a different project. In that case, the issue location should be Controller Action parameter. In the previous example it should raise an issue pointing to the person parameter with the message This model parameter can be under-posted due to the Person.Age property not being nullable or being decorated with the [Required] attribute.

Answer 1 · 2024-05-28T13:53:23.000Z

~~This is currently unfeasible. Roslyn doesn't support it. We would have to make radical changes to the rule (like analyzer projects in two passes), which doesn't seem to be worth it.~~