Fix S6964 FP: Do not raise in properties with required modifier

Question

Fix S6964 FP: Do not raise in properties with required modifier

Closed this issue 3 months ago · 3 comments

Description

The rule S6964 should not be active for model properties that use the required keyword. Those properties can never be under-posted because the JSON deserialization for them fails.

Repro steps

Create a new ASP.NET Core Web API project.
Add a model with required properties (e.g. required int) and use it in a POST controller method.
Call the POST method without providing the property. See that ASP.NET Core returns an error, even though you didn't apply the [Required] attribute manually.

Expected behavior

Rule should not be reported.

Actual behavior

Rule is reported.

Known workarounds

I had to create a new quality profile in SonarCloud to disable the rule completely.

Related information

C#/VB.NET Plugins version: 9.25.0.90414 (used by the SonarCloudPrepare@1 task)
Visual Studio version: not relevant
MSBuild / dotnet version: 8.0.300
SonarScanner for .NET version: SonarScanner for MSBuild 5.15 (used by the SonarCloudAnalyze@1 task)
Operating System: windows-latest build agent on Azure DevOps

Answer 1 · 2024-05-17T12:59:38.000Z

Hello @cremor.

The rule does take into consideration the RequiredAttribute.
Could you please provide me with a reproducer so I can investigate further?

Thanks!

Answer 2 · 2024-05-17T13:01:33.000Z

My issue is about the required C# keyword. Not about the RequiredAttribute class.

Answer 3 · 2024-05-17T13:13:48.000Z

@cremor I misread - my bad. Thanks a lot!

I confirm this is a false positive. We'll tackle it soon, as we plan to harden the ASP.NET rules in the following weeks.