Skip to content

Commit

Permalink
Use real-world example
Browse files Browse the repository at this point in the history
  • Loading branch information
zsolt-kolbay-sonarsource committed Aug 8, 2024
1 parent d4e675f commit f79180f
Show file tree
Hide file tree
Showing 3 changed files with 53 additions and 44 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,16 @@ public void StringLiteralShouldNotBeDuplicated_CSharp11() =>
.WithOptions(ParseOptionsHelper.FromCSharp11)
.Verify();

[TestMethod]
public void StringLiteralShouldNotBeDuplicated_CSharp_Dapper() =>
builderCS.AddPaths("StringLiteralShouldNotBeDuplicated.Dapper.cs")
.AddReferences([
CoreMetadataReference.SystemDataCommon,
CoreMetadataReference.SystemComponentModelPrimitives,
..NuGetMetadataReference.Dapper(),
..NuGetMetadataReference.SystemDataSqlClient()])
.Verify();

#endif

[TestMethod]
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
using Dapper;
using System.Data.SqlClient;

// https://github.com/SonarSource/sonar-dotnet/issues/9569
public class RepeatedParameterNamesInDatabase
{
public void ExecuteSqlCommandsForUsers(SqlConnection connection)
{
var query = "SELECT * FROM Users WHERE Name = @name";
var param = new DynamicParameters();
param.Add("@name", "John Doe"); // Noncompliant - FP: @Name refers to parameters in different SQL tables.
var result = connection.Query<User>(query, param); // Renaming one does not necessitate renaming of parameters with the same name from other tables.
}

public void ExecuteSqlCommandsForCompanies(SqlConnection connection)
{
var query = "SELECT * FROM Companies WHERE Name = @name";
var param = new DynamicParameters();
param.Add("@name", "Constosco"); // Secondary - FP
var result = connection.Query<Company>(query, param);
}

public void ExecuteSqlCommandsForProducts(SqlConnection connection)
{
var query = "SELECT * FROM Companies WHERE Name = @name";
var param = new DynamicParameters();
param.Add("@name", "CleanBot 9000"); // Secondary - FP
var result = connection.Query<Product>(query, param);
}

public void ExecuteSqlCommandsForCountries(SqlConnection connection)
{
var query = "SELECT * FROM Countries WHERE Name = @name";
var param = new DynamicParameters();
param.Add("@name", "Norway"); // Secondary - FP
var result = connection.Query<Country>(query, param);
}

public class Product { }
public class Country { }
public class Company { }
public class User { }
}
Original file line number Diff line number Diff line change
Expand Up @@ -130,47 +130,3 @@ public class SpecialChar
}
}

// https://github.com/SonarSource/sonar-dotnet/issues/9569
namespace SqlNamedParameters
{
public class Program
{
public void ExecuteSqlCommands()
{
var userCommand = new SqlCommand("SELECT * FROM Users WHERE Name = @Name");
userCommand.AddParameter(new SqlParameter("@Name", "John Doe")); // Noncompliant - FP: @Name refers to parameters in different SQL tables.
var users = userCommand.ExecuteQuery(); // Renaming one does not necessitate renaming of parameters with the same name from other tables.

var companyCommand = new SqlCommand("SELECT * FROM Companies WHERE Name = @Name");
companyCommand.AddParameter(new SqlParameter("@Name", "Contosco")); // Secondary - FP
var companies = companyCommand.ExecuteQuery();

var productCommand = new SqlCommand("SELECT * FROM Products WHERE Name = @Name");
productCommand.AddParameter(new SqlParameter("@Name", "CleanBot 9000")); // Secondary - FP
var products = productCommand.ExecuteQuery();

var countryCommand = new SqlCommand("SELECT * FROM Countries WHERE Name = @Name");
countryCommand.AddParameter(new SqlParameter("@Name", "Norway")); // Secondary - FP
var countries = countryCommand.ExecuteQuery();
}
}

public class SqlCommand
{
public string CommandText { get; }
public SqlCommand(string commandText) => CommandText = commandText;
public void AddParameter(SqlParameter parameter) { }
public object ExecuteQuery() => null;
}

public class SqlParameter
{
public string Name { get; }
public string Value { get; }
public SqlParameter(string name, string value)
{
Name = name;
Value = value;
}
}
}

0 comments on commit f79180f

Please sign in to comment.