Skip to content

Commit

Permalink
Fix S2077 FN: Add support for Mono.Data.Sqlite (#7466)
Browse files Browse the repository at this point in the history
  • Loading branch information
martin-strecker-sonarsource authored Jun 20, 2023
1 parent 544369e commit 3475861
Show file tree
Hide file tree
Showing 6 changed files with 80 additions and 0 deletions.
2 changes: 2 additions & 0 deletions analyzers/src/SonarAnalyzer.Common/Helpers/KnownType.cs
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,8 @@ public sealed partial class KnownType
public static readonly KnownType Microsoft_VisualStudio_TestTools_UnitTesting_TestInitializeAttribute = new("Microsoft.VisualStudio.TestTools.UnitTesting.TestInitializeAttribute");
public static readonly KnownType Microsoft_Web_XmlTransform_XmlFileInfoDocument = new("Microsoft.Web.XmlTransform.XmlFileInfoDocument");
public static readonly KnownType Microsoft_Web_XmlTransform_XmlTransformableDocument = new("Microsoft.Web.XmlTransform.XmlTransformableDocument");
public static readonly KnownType Mono_Data_Sqlite_SqliteCommand = new("Mono.Data.Sqlite.SqliteCommand");
public static readonly KnownType Mono_Data_Sqlite_SqliteDataAdapter = new("Mono.Data.Sqlite.SqliteDataAdapter");
public static readonly KnownType Mono_Unix_FileAccessPermissions = new("Mono.Unix.FileAccessPermissions");
public static readonly KnownType MySql_Data_MySqlClient_MySqlDataAdapter = new("MySql.Data.MySqlClient.MySqlDataAdapter");
public static readonly KnownType MySql_Data_MySqlClient_MySqlCommand = new("MySql.Data.MySqlClient.MySqlCommand");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@ public abstract class ExecutingSqlQueriesBase<TSyntaxKind, TExpressionSyntax, TI
KnownType.MySql_Data_MySqlClient_MySqlDataAdapter,
KnownType.MySql_Data_MySqlClient_MySqlScript,
KnownType.Microsoft_Data_Sqlite_SqliteCommand,
KnownType.Mono_Data_Sqlite_SqliteCommand,
KnownType.Mono_Data_Sqlite_SqliteDataAdapter,
KnownType.Microsoft_EntityFrameworkCore_RawSqlString,
KnownType.Dapper_CommandDefinition
};
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,7 @@ public static References MicrosoftNetSdkFunctions(string packageVersion = Consta
public static References MicrosoftSqlServerCompact(string packageVersion = "4.0.8876.1") => Create("Microsoft.SqlServer.Compact", packageVersion);
public static References MicrosoftWebXdt(string packageVersion = "3.0.0") => Create("Microsoft.Web.Xdt", packageVersion);
public static References MonoPosixNetStandard(string packageVersion = "1.0.0") => Create("Mono.Posix.NETStandard", packageVersion, "linux-x64");
public static References MonoDataSqlite(string packageVersion = Constants.NuGetLatestVersion) => Create("Mono.Data.Sqlite", packageVersion);
public static References Moq(string packageVersion) => Create("Moq", packageVersion);
public static References MSTestTestFramework(string packageVersion) => Create("MSTest.TestFramework", packageVersion);
public static References MvvmLightLibs(string packageVersion) => Create("MvvmLightLibs", packageVersion);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,22 @@ public void ExecutingSqlQueries_VB_Net46() =>
.AddReferences(GetReferencesNet46(Constants.NuGetLatestVersion))
.Verify();

[TestMethod]
public void ExecutingSqlQueries_MonoSqlLite_Net46_CS() =>
builderCS
.AddPaths(@"ExecutingSqlQueries.Net46.MonoSqlLite.cs")
.AddReferences(FrameworkMetadataReference.SystemData)
.AddReferences(NuGetMetadataReference.MonoDataSqlite())
.Verify();

[TestMethod]
public void ExecutingSqlQueries_MonoSqlLite_Net46_VB() =>
builderVB
.AddPaths(@"ExecutingSqlQueries.Net46.MonoSqlLite.vb")
.AddReferences(FrameworkMetadataReference.SystemData)
.AddReferences(NuGetMetadataReference.MonoDataSqlite())
.Verify();

internal static IEnumerable<MetadataReference> GetReferencesNet46(string sqlServerCeVersion) =>
NetStandardMetadataReference.Netstandard
.Concat(FrameworkMetadataReference.SystemData)
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
using System;
using System.Linq;
using Mono.Data.Sqlite;

public class Sample
{
string ConstQuery = "";

void Compliant(SqliteConnection connection)
{
var command = new SqliteCommand(); // Compliant
command = new SqliteCommand(connection); // Compliant
var adapter = new SqliteDataAdapter(); // Compliant
}

void Foo(SqliteConnection connection, string query, SqliteTransaction transaction, params object[] parameters)
{
var command = new SqliteCommand($"SELECT * FROM mytable WHERE mycol={query}", connection); // Noncompliant
command = new SqliteCommand($"SELECT * FROM mytable WHERE mycol={query}"); // Noncompliant
command = new SqliteCommand($"SELECT * FROM mytable WHERE mycol={query}", connection, transaction); // Noncompliant
var adapter = new SqliteDataAdapter(string.Concat(query, parameters), connection); // Noncompliant
adapter = new SqliteDataAdapter(string.Concat(query, parameters), "connection"); // Noncompliant
}

// https://github.com/SonarSource/sonar-dotnet/issues/7261
void Reproduce_7261(string connectionString, string query)
{
string sql = "select * from table where query = '" + query + "';"; // Secondary [adapter, command]

using (SqliteConnection connection = new SqliteConnection(connectionString))
{
connection.Open();

var adapter = new SqliteDataAdapter(sql, connection); // Noncompliant [adapter]
var command = new SqliteCommand(sql, connection); // Noncompliant [command]
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
Imports System
Imports System.Linq
Imports Mono.Data.Sqlite

Public Class Sample
Private ConstQuery As String = ""

Private Sub Compliant(ByVal connection As SqliteConnection)
Dim command = New SqliteCommand() ' Compliant
command = New SqliteCommand(connection) ' Compliant
Dim adapter = New SqliteDataAdapter() ' Compliant
End Sub

Private Sub Foo(ByVal connection As SqliteConnection, transaction As SqliteTransaction, ByVal query As String, ParamArray parameters As Object())
Dim command = New SqliteCommand($"SELECT * FROM mytable WHERE mycol={query}", connection) ' Noncompliant
command = New SqliteCommand($"SELECT * FROM mytable WHERE mycol={query}") ' Noncompliant
command = New SqliteCommand($"SELECT * FROM mytable WHERE mycol={query}", connection, transaction) ' Noncompliant
Dim adapter = New SqliteDataAdapter(String.Concat(query, parameters), connection) ' Noncompliant
adapter = New SqliteDataAdapter(String.Concat(query, parameters), "connection") ' Noncompliant
End Sub
End Class

0 comments on commit 3475861

Please sign in to comment.