Add analyzer for detecting misplaced attributes on delegates

captainsafia · web-flow · commit 83303491636e · 2021-08-26T21:04:41.000Z
diff --git a/src/Framework/Analyzer/src/DelegateEndpoints/DelegateEndpointAnalyzer.cs b/src/Framework/Analyzer/src/DelegateEndpoints/DelegateEndpointAnalyzer.cs
@@ -18,6 +18,7 @@ public partial class DelegateEndpointAnalyzer : DiagnosticAnalyzer
     {
         DiagnosticDescriptors.DoNotUseModelBindingAttributesOnDelegateEndpointParameters,
         DiagnosticDescriptors.DoNotReturnActionResultsFromMapActions,
+        DiagnosticDescriptors.DetectMisplacedLambdaAttribute
     });
 
     public override void Initialize(AnalysisContext context)
@@ -54,6 +55,7 @@ public override void Initialize(AnalysisContext context)
                     var lambda = ((IAnonymousFunctionOperation)delegateCreation.Target);
                     DisallowMvcBindArgumentsOnParameters(in operationAnalysisContext, wellKnownTypes, invocation, lambda.Symbol);
                     DisallowReturningActionResultFromMapMethods(in operationAnalysisContext, wellKnownTypes, invocation, lambda);
+                    DetectMisplacedLambdaAttribute(operationAnalysisContext, invocation, lambda);
                 }
                 else if (delegateCreation.Target.Kind == OperationKind.MethodReference)
                 {
diff --git a/src/Framework/Analyzer/src/DelegateEndpoints/DetectMisplacedLambdaAttribute.cs b/src/Framework/Analyzer/src/DelegateEndpoints/DetectMisplacedLambdaAttribute.cs
@@ -0,0 +1,62 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Linq;
+using Microsoft.CodeAnalysis;
+using Microsoft.CodeAnalysis.CSharp.Syntax;
+using Microsoft.CodeAnalysis.Diagnostics;
+using Microsoft.CodeAnalysis.Operations;
+
+namespace Microsoft.AspNetCore.Analyzers.DelegateEndpoints;
+
+public partial class DelegateEndpointAnalyzer : DiagnosticAnalyzer
+{
+    private static void DetectMisplacedLambdaAttribute(
+        in OperationAnalysisContext context,
+        IInvocationOperation invocation,
+        IAnonymousFunctionOperation lambda)
+    {
+        // This analyzer will only process invocations that are immediate children of the
+        // AnonymousFunctionOperation provided as the delegate endpoint. We'll support checking
+        // for misplaced attributes in `() => Hello()` and `() => { return Hello(); }` but not in:
+        // () => {
+        //    Hello();
+        //    return "foo";
+        // }
+        InvocationExpressionSyntax? targetInvocation = null;
+
+        // () => Hello() has a single child which is a BlockOperation so we check to see if
+        // expression associated with that operation is an invocation expression
+        if (lambda.Children.First().Syntax is InvocationExpressionSyntax innerInvocation)
+        {
+            targetInvocation = innerInvocation;
+        }
+
+        if (lambda.Children.First().Children.First() is IReturnOperation returnOperation
+            && returnOperation.ReturnedValue is IInvocationOperation returnedInvocation)
+
+        {
+            targetInvocation = (InvocationExpressionSyntax)returnedInvocation.Syntax;
+        }
+
+        if (targetInvocation is null)
+        {
+            return;
+        }
+
+
+        var methodOperation = invocation.SemanticModel.GetSymbolInfo(targetInvocation);
+
+        var attributes = methodOperation.Symbol.GetAttributes();
+        var location = lambda.Syntax.GetLocation();
+
+        foreach (var attribute in attributes)
+        {
+            context.ReportDiagnostic(Diagnostic.Create(
+                DiagnosticDescriptors.DetectMisplacedLambdaAttribute,
+                location,
+                attribute.AttributeClass?.Name,
+                methodOperation.Symbol.Name));
+        }
+    }
+}
diff --git a/src/Framework/Analyzer/src/DelegateEndpoints/DiagnosticDescriptors.cs b/src/Framework/Analyzer/src/DelegateEndpoints/DiagnosticDescriptors.cs
@@ -25,5 +25,14 @@ internal static class DiagnosticDescriptors
             DiagnosticSeverity.Warning,
             isEnabledByDefault: true,
             helpLinkUri: "https://aka.ms/aspnet/analyzers");
+
+        internal static readonly DiagnosticDescriptor DetectMisplacedLambdaAttribute = new(
+            "ASP0005",
+            "Do not place attribute on invoked method",
+            "'{0}' should not be placed on '{1}'. Place '{0}' on the endpoint delegate instead.",
+            "Usage",
+            DiagnosticSeverity.Warning,
+            isEnabledByDefault: true,
+            helpLinkUri: "https://aka.ms/aspnet/analyzers");
     }
 }
diff --git a/src/Framework/Analyzer/test/MinimalActions/DetectMisplacedLambdaAttributeTest.cs b/src/Framework/Analyzer/test/MinimalActions/DetectMisplacedLambdaAttributeTest.cs
@@ -0,0 +1,154 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Globalization;
+using Microsoft.AspNetCore.Analyzer.Testing;
+using Xunit;
+
+namespace Microsoft.AspNetCore.Analyzers.DelegateEndpoints;
+
+public partial class DetectMisplacedLambdaAttributeTest
+{
+    private TestDiagnosticAnalyzerRunner Runner { get; } = new(new DelegateEndpointAnalyzer());
+
+    [Fact]
+    public async Task MinimalAction_WithCorrectlyPlacedAttribute_Works()
+    {
+        // Arrange
+        var source = @"
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Builder;
+var app = WebApplication.Create();
+app.MapGet(""/"", [Authorize] () => Hello());
+void Hello() { }
+";
+        // Act
+        var diagnostics = await Runner.GetDiagnosticsAsync(source);
+
+        // Assert
+        Assert.Empty(diagnostics);
+    }
+
+    [Fact]
+    public async Task MinimalAction_WithMisplacedAttribute_ProducesDiagnostics()
+    {
+        // Arrange
+        var source = TestSource.Read(@"
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Builder;
+var app = WebApplication.Create();
+app.MapGet(""/"", /*MM*/() => Hello());
+[Authorize]
+void Hello() { }
+");
+        // Act
+        var diagnostics = await Runner.GetDiagnosticsAsync(source.Source);
+
+        // Assert
+        var diagnostic = Assert.Single(diagnostics);
+        Assert.Same(DiagnosticDescriptors.DetectMisplacedLambdaAttribute, diagnostic.Descriptor);
+        AnalyzerAssert.DiagnosticLocation(source.DefaultMarkerLocation, diagnostic.Location);
+        Assert.Equal("'AuthorizeAttribute' should not be placed on 'Hello'. Place 'AuthorizeAttribute' on the endpoint delegate instead.", diagnostic.GetMessage(CultureInfo.InvariantCulture));
+    }
+
+    [Fact]
+    public async Task MinimalAction_WithMisplacedAttributeAndBlockSyntax_ProducesDiagnostics()
+    {
+        // Arrange
+        var source = TestSource.Read(@"
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Builder;
+var app = WebApplication.Create();
+app.MapGet(""/"", /*MM*/() => { return Hello(); });
+[Authorize]
+string Hello() { return ""foo""; }
+");
+        // Act
+        var diagnostics = await Runner.GetDiagnosticsAsync(source.Source);
+
+        // Assert
+        var diagnostic = Assert.Single(diagnostics);
+        Assert.Same(DiagnosticDescriptors.DetectMisplacedLambdaAttribute, diagnostic.Descriptor);
+        AnalyzerAssert.DiagnosticLocation(source.DefaultMarkerLocation, diagnostic.Location);
+        Assert.Equal("'AuthorizeAttribute' should not be placed on 'Hello'. Place 'AuthorizeAttribute' on the endpoint delegate instead.", diagnostic.GetMessage(CultureInfo.InvariantCulture));
+    }
+
+    [Fact]
+    public async Task MinimalAction_WithMultipleMisplacedAttributes_ProducesDiagnostics()
+    {
+        // Arrange
+        var source = TestSource.Read(@"
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Mvc;
+var app = WebApplication.Create();
+app.MapGet(""/"", /*MM*/() => Hello());
+[Authorize]
+[Produces(""application/xml"")]
+void Hello() { }
+");
+        // Act
+        var diagnostics = await Runner.GetDiagnosticsAsync(source.Source);
+
+        // Assert
+        Assert.Collection(diagnostics,
+            diagnostic => {
+                Assert.Same(DiagnosticDescriptors.DetectMisplacedLambdaAttribute, diagnostic.Descriptor);
+                AnalyzerAssert.DiagnosticLocation(source.DefaultMarkerLocation, diagnostic.Location);
+                Assert.Equal("'AuthorizeAttribute' should not be placed on 'Hello'. Place 'AuthorizeAttribute' on the endpoint delegate instead.", diagnostic.GetMessage(CultureInfo.InvariantCulture));
+            },
+            diagnostic => {
+                Assert.Same(DiagnosticDescriptors.DetectMisplacedLambdaAttribute, diagnostic.Descriptor);
+                AnalyzerAssert.DiagnosticLocation(source.DefaultMarkerLocation, diagnostic.Location);
+                Assert.Equal("'ProducesAttribute' should not be placed on 'Hello'. Place 'ProducesAttribute' on the endpoint delegate instead.", diagnostic.GetMessage(CultureInfo.InvariantCulture));
+            }
+        );
+    }
+
+    [Fact]
+    public async Task MinimalAction_WithSingleMisplacedAttribute_ProducesDiagnostics()
+    {
+        // Arrange
+        var source = TestSource.Read(@"
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Mvc;
+var app = WebApplication.Create();
+app.MapGet(""/"", /*MM*/[Authorize]() => Hello());
+[Produces(""application/xml"")]
+void Hello() { }
+");
+        // Act
+        var diagnostics = await Runner.GetDiagnosticsAsync(source.Source);
+
+        // Assert
+        Assert.Collection(diagnostics,
+            diagnostic => {
+                Assert.Same(DiagnosticDescriptors.DetectMisplacedLambdaAttribute, diagnostic.Descriptor);
+                AnalyzerAssert.DiagnosticLocation(source.DefaultMarkerLocation, diagnostic.Location);
+                Assert.Equal("'ProducesAttribute' should not be placed on 'Hello'. Place 'ProducesAttribute' on the endpoint delegate instead.", diagnostic.GetMessage(CultureInfo.InvariantCulture));
+            }
+        );
+    }
+
+    [Fact]
+    public async Task MinimalAction_DoesNotWarnOnNonReturningMethods()
+    {
+        // Arrange
+        var source = @"
+using System;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Builder;
+var app = WebApplication.Create();
+app.MapGet(""/"", /*MM*/() => {
+    Console.WriteLine(""foo"");
+    return ""foo"";
+});";
+        // Act
+        var diagnostics = await Runner.GetDiagnosticsAsync(source);
+
+        // Assert
+        Assert.Empty(diagnostics);
+    }
+}
+

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,7 @@ public partial class DelegateEndpointAnalyzer : DiagnosticAnalyzer`
`18`	`18`	`{`
`19`	`19`	`DiagnosticDescriptors.DoNotUseModelBindingAttributesOnDelegateEndpointParameters,`
`20`	`20`	`DiagnosticDescriptors.DoNotReturnActionResultsFromMapActions,`
	`21`	`+ DiagnosticDescriptors.DetectMisplacedLambdaAttribute`
`21`	`22`	`});`
`22`	`23`
`23`	`24`	`public override void Initialize(AnalysisContext context)`
`@@ -54,6 +55,7 @@ public override void Initialize(AnalysisContext context)`
`54`	`55`	`var lambda = ((IAnonymousFunctionOperation)delegateCreation.Target);`
`55`	`56`	`DisallowMvcBindArgumentsOnParameters(in operationAnalysisContext, wellKnownTypes, invocation, lambda.Symbol);`
`56`	`57`	`DisallowReturningActionResultFromMapMethods(in operationAnalysisContext, wellKnownTypes, invocation, lambda);`
	`58`	`+ DetectMisplacedLambdaAttribute(operationAnalysisContext, invocation, lambda);`
`57`	`59`	`}`
`58`	`60`	`else if (delegateCreation.Target.Kind == OperationKind.MethodReference)`
`59`	`61`	`{`