sonar-dotnet icon indicating copy to clipboard operation
sonar-dotnet copied to clipboard
verified publisher icon SonarSource

S2857 reports false positive for some lines and false negatives for others

Open Dzeneralen opened this issue 3 years ago • 0 comments

Description

Rule: S2857

Bug with false positive and negative for SQL when adding @ before nameof. The use of @ is for Dapper SQL statements.

Repro steps

class Example
{

    class Model
    {
        public int ColumnName { get; set; }
        public int OtherColumn { get; set; }
    }

    public void Case()
    {
        using var connection = new SqlConnection("...");

        const string sql = "UPDATE [some_table]" +
            $"SET [some_column] = @{nameof(Model.ColumnName)}," +
            $" [other_column] = @{nameof(Model.OtherColumn)}";

        connection.Execute(sql, new Model());
    }
}

Expected behavior

  • Line with SET is flagged.
  • Line with [other_column] is not flagged

Actual behavior

  • Does not flag the SET line which should be flagged (False negative).
  • Flags the line below with [other_column] even though it appears to be valid SQL and following its rule. (S2857: Add a space before 'OtherColumn'

Known workarounds

None

Related information

  • SonarLint for Visual Studio 2022, version 6.8.0.53188
  • Visual Studio 2022
  • dotnet 6
  • Windows 10

Dzeneralen avatar Sep 21 '22 15:09 Dzeneralen