protected override void Initialize(SonarAnalysisContext context) { InvocationTracker.Track(context, InvocationTracker.MatchMethod( new MemberDescriptor(KnownType.Microsoft_EntityFrameworkCore_RelationalQueryableExtensions, "FromSql")), Conditions.And( MethodHasRawSqlQueryParameter(), Conditions.Or( Conditions.Or(ArgumentAtIndexIsConcat(0), ArgumentAtIndexIsFormat(0), ArgumentAtIndexIsInterpolated(0)), Conditions.Or(ArgumentAtIndexIsConcat(1), ArgumentAtIndexIsFormat(1), ArgumentAtIndexIsInterpolated(1)) ) ), Conditions.ExceptWhen( InvocationTracker.ArgumentAtIndexIsConstant(0))); InvocationTracker.Track(context, InvocationTracker.MatchMethod( new MemberDescriptor(KnownType.Microsoft_EntityFrameworkCore_RelationalDatabaseFacadeExtensions, "ExecuteSqlCommandAsync"), new MemberDescriptor(KnownType.Microsoft_EntityFrameworkCore_RelationalDatabaseFacadeExtensions, "ExecuteSqlCommand")), Conditions.And( MethodHasRawSqlQueryParameter(), Conditions.Or( Conditions.Or(ArgumentAtIndexIsConcat(0), ArgumentAtIndexIsFormat(0), ArgumentAtIndexIsInterpolated(0)), Conditions.Or(ArgumentAtIndexIsConcat(1), ArgumentAtIndexIsFormat(1), ArgumentAtIndexIsInterpolated(1)) ) ), Conditions.ExceptWhen( InvocationTracker.ArgumentAtIndexIsConstant(0))); PropertyAccessTracker.Track(context, PropertyAccessTracker.MatchProperty( new MemberDescriptor(KnownType.System_Data_Odbc_OdbcCommand, "CommandText"), new MemberDescriptor(KnownType.System_Data_OracleClient_OracleCommand, "CommandText"), new MemberDescriptor(KnownType.System_Data_SqlClient_SqlCommand, "CommandText"), new MemberDescriptor(KnownType.System_Data_SqlServerCe_SqlCeCommand, "CommandText")), PropertyAccessTracker.MatchSetter(), Conditions.Or(SetterIsConcat(), SetterIsFormat(), SetterIsInterpolation()), Conditions.ExceptWhen( PropertyAccessTracker.AssignedValueIsConstant())); ObjectCreationTracker.Track(context, ObjectCreationTracker.MatchConstructor( KnownType.Microsoft_EntityFrameworkCore_RawSqlString, KnownType.System_Data_SqlClient_SqlCommand, KnownType.System_Data_SqlClient_SqlDataAdapter, KnownType.System_Data_Odbc_OdbcCommand, KnownType.System_Data_Odbc_OdbcDataAdapter, KnownType.System_Data_SqlServerCe_SqlCeCommand, KnownType.System_Data_SqlServerCe_SqlCeDataAdapter, KnownType.System_Data_OracleClient_OracleCommand, KnownType.System_Data_OracleClient_OracleDataAdapter), ObjectCreationTracker.ArgumentAtIndexIs(0, KnownType.System_String), Conditions.Or(FirstArgumentIsConcat(), FirstArgumentIsFormat(), FirstArgumentIsInterpolation()), Conditions.ExceptWhen( ObjectCreationTracker.ArgumentAtIndexIsConst(0))); }
protected override void Initialize(SonarAnalysisContext context) { InvocationTracker.Track(context, InvocationTracker.MatchMethod(invocationsForFirstTwoArguments), Conditions.And( MethodHasRawSqlQueryParameter(), Conditions.Or(ArgumentAtIndexIsTracked(0), ArgumentAtIndexIsTracked(1)) ), Conditions.ExceptWhen(InvocationTracker.ArgumentAtIndexIsConstant(0))); TrackInvocations(context, invocationsForFirstArgument, FirstArgumentIndex); TrackInvocations(context, invocationsForSecondArgument, SecondArgumentIndex); PropertyAccessTracker.Track(context, PropertyAccessTracker.MatchProperty(properties), PropertyAccessTracker.MatchSetter(), c => IsTracked(GetSetValue(c), c), Conditions.ExceptWhen(PropertyAccessTracker.AssignedValueIsConstant())); TrackObjectCreation(context, constructorsForFirstArgument, FirstArgumentIndex); TrackObjectCreation(context, constructorsForSecondArgument, SecondArgumentIndex); }
private void TrackInvocations(SonarAnalysisContext context, MemberDescriptor[] incovationsDescriptors, int argumentIndex) => InvocationTracker.Track(context, InvocationTracker.MatchMethod(incovationsDescriptors), ArgumentAtIndexIsTracked(argumentIndex), Conditions.ExceptWhen(InvocationTracker.ArgumentAtIndexIsConstant(argumentIndex)));