-
Notifications
You must be signed in to change notification settings - Fork 226
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reproducer for S1192 FP: SQL Named Parameters #9593
Merged
sebastien-marichal
merged 5 commits into
master
from
Zsolt/S1192-FP-SQL-parameters-repro
Aug 9, 2024
Merged
Changes from all commits
Commits
Show all changes
5 commits
Select commit
Hold shift + click to select a range
a29e615
Reproducer for S1192 FP: SQL Named Parameters
zsolt-kolbay-sonarsource d4e675f
Add VB.NET test case
zsolt-kolbay-sonarsource f79180f
Use real-world example
zsolt-kolbay-sonarsource b6bdc35
Add VB.NET test case
zsolt-kolbay-sonarsource 89b748c
Fix QG issue
zsolt-kolbay-sonarsource File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
43 changes: 43 additions & 0 deletions
43
analyzers/tests/SonarAnalyzer.Test/TestCases/StringLiteralShouldNotBeDuplicated.Dapper.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
using Dapper; | ||
using System.Data.SqlClient; | ||
|
||
// https://github.com/SonarSource/sonar-dotnet/issues/9569 | ||
public class RepeatedParameterNamesInDatabase | ||
{ | ||
public void ExecuteSqlCommandsForUsers(SqlConnection connection) | ||
{ | ||
var query = "SELECT * FROM Users WHERE Name = @name"; | ||
var param = new DynamicParameters(); | ||
param.Add("@name", "John Doe"); // Noncompliant - FP: @Name refers to parameters in different SQL tables. | ||
var result = connection.Query<User>(query, param); // Renaming one does not necessitate renaming of parameters with the same name from other tables. | ||
} | ||
|
||
public void ExecuteSqlCommandsForCompanies(SqlConnection connection) | ||
{ | ||
var query = "SELECT * FROM Companies WHERE Name = @name"; | ||
var param = new DynamicParameters(); | ||
param.Add("@name", "Constosco"); // Secondary - FP | ||
var result = connection.Query<Company>(query, param); | ||
} | ||
|
||
public void ExecuteSqlCommandsForProducts(SqlConnection connection) | ||
{ | ||
var query = "SELECT * FROM Companies WHERE Name = @name"; | ||
var param = new DynamicParameters(); | ||
param.Add("@name", "CleanBot 9000"); // Secondary - FP | ||
var result = connection.Query<Product>(query, param); | ||
} | ||
|
||
public void ExecuteSqlCommandsForCountries(SqlConnection connection) | ||
{ | ||
var query = "SELECT * FROM Countries WHERE Name = @name"; | ||
var param = new DynamicParameters(); | ||
param.Add("@name", "Norway"); // Secondary - FP | ||
var result = connection.Query<Country>(query, param); | ||
} | ||
|
||
public class Product { } | ||
public class Country { } | ||
public class Company { } | ||
public class User { } | ||
} |
42 changes: 42 additions & 0 deletions
42
analyzers/tests/SonarAnalyzer.Test/TestCases/StringLiteralShouldNotBeDuplicated.Dapper.vb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
Imports Dapper | ||
Imports System.Data.SqlClient | ||
|
||
' https://github.com/SonarSource/sonar-dotnet/issues/9569 | ||
Public Class RepeatedParameterNamesInDatabase | ||
Public Sub ExecuteSqlCommandsForUsers(connection As SqlConnection) | ||
Dim query = "SELECT * FROM Users WHERE Name = @name" | ||
Dim param = New DynamicParameters() | ||
param.Add("@name", "John Doe") ' Noncompliant - FP: @Name refers to parameters in different SQL tables. | ||
Dim result = connection.Query(Of User)(query, param) ' Renaming one does not necessitate renaming of parameters with the same name from other tables. | ||
End Sub | ||
|
||
Public Sub ExecuteSqlCommandsForCompanies(connection As SqlConnection) | ||
Dim query = "SELECT * FROM Companies WHERE Name = @name" | ||
Dim param = New DynamicParameters() | ||
param.Add("@name", "Constosco") ' Secondary - FP | ||
Dim result = connection.Query(Of Company)(query, param) | ||
End Sub | ||
|
||
Public Sub ExecuteSqlCommandsForProducts(connection As SqlConnection) | ||
Dim query = "SELECT * FROM Companies WHERE Name = @name" | ||
Dim param = New DynamicParameters() | ||
param.Add("@name", "CleanBot 9000") ' Secondary - FP | ||
Dim result = connection.Query(Of Product)(query, param) | ||
End Sub | ||
|
||
Public Sub ExecuteSqlCommandsForCountries(connection As SqlConnection) | ||
Dim query = "SELECT * FROM Countries WHERE Name = @name" | ||
Dim param = New DynamicParameters() | ||
param.Add("@name", "Norway") ' Secondary - FP | ||
Dim result = connection.Query(Of Country)(query, param) | ||
End Sub | ||
|
||
Public Class Product | ||
End Class | ||
Public Class Country | ||
End Class | ||
Public Class Company | ||
End Class | ||
Public Class User | ||
End Class | ||
End Class |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -129,3 +129,4 @@ public class SpecialChar | |
+ "Say \"hello\""; // Secondary | ||
} | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Optional: I think those test cases could be in a dedicated
.Dapper.cs
file.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I changed the test case and moved it to a dedicated test file.