Tips, Expertise, Articles and Advice from the Pro's for Your Website or Blog to Succeed
.NET 7 has been released! It's time for us to dig into its source code and start looking for errors and strange code fragments. In this article, you'll see comments on our findings from the .NET developers. After all, they know the platform code better than anyone else. Buckle up!
I analyzed the release code of .NET 7.
Suppose we need to sort the collection by multiple keys. In C#, we can do this with the help of OrderBy().OrderBy() or OrderBy().ThenBy(). But what is the difference between these calls? To answer this question, we need to delve into the source code.
The article has three chapters:
Some believe that experienced developers do not make silly errors. Comparison errors? Dereferencing null references? Bet you think: "No, it's definitely not about me..." ;) By the way, what about errors with sorting? As the title suggests, there are some nuances.
Let me give you an example to describe the problem. Let's say we have some type (Wrapper) with two integer properties (Primary and Secondary). There's an array of instances of this type. We need to sort it in ascending order. First — by the primary key, then — by the secondary key.
Vulnerabilities produce enormous reputational and financial risks. As a result, many companies are fascinated by security and desire to build a secure development life cycle (SSDLC). So, today we're going to discuss SAST — one of the SSDLC components.
SAST (static application security testing) searches for security defects in application source code. SAST examines the code for potential vulnerabilities — possible SQL injections, XSS, SSRF, data encryption issues, etc. These vulnerabilities are included in OWASP Top 10, CWE Top 25, and other lists.
Today, we discuss C# code quality and a variety of errors by the example of CMS DotNetNuke. We're going to dig into its source code. You're going to need a cup of coffee...
DotNetNuke is an open-source content management system (CMS) written mainly in C#. The source code is available on GitHub. The project is part of the .NET Foundation.
People often see work in support as something negative. Today we'll look at it from a different perspective. This article is about a real communication of 100+ messages, exceptions, the analysis that didn't complete in three days.
Actually, bug reports are great If a bug report is adequately handled from both sides, it means that both the user and the software developer are interested in solving the problem. If both sides achieve the desired result, it's a win-win situation.
In April 2021 Microsoft announced a new version of its IDE – Visual Studio 2022 – while also announcing that the IDE would be 64-bit. We've been waiting for this for so long – no more 4 GB memory limitations! However, as it turned out, it's not all that simple...
By the way, if you missed it, here's a link to the announcement post.
One old and simple idea runs like a golden thread through this article: Premature optimizations are evil.
Sometimes it happens that optimization and readability go in slightly different directions. Code may work better, but it is harder to read and maintain. And vice versa — code is easy to read and modify but has some performance problems. Therefore, it is important to understand what we are willing to sacrifice in such cases.
Do you like the ?. operator? Well, who doesn't? Many people like these concise null checks. However, today's article shows that the ?. operator may be tricky sometimes. That is, it can create an illusion of safety when used in the foreach loop.
Let's start with a small task. Take a look at the following code:
We continue to develop PVS-Studio as a SAST solution. Thus, one of our major goals is expanding OWASP coverage. You might ask, what's the use when there's no taint analysis? That's exactly what we thought - and decided to implement taint analysis in the C# analyzer. Curious about what we accomplished? Read on!
Note. This article briefly touches upon the topics of SQL injections and working with SQL in C#. This theory serves as context. For in-depth information on these topics, do additional research.
Recently nullable reference types have become trendy. Meanwhile, the good old nullable value types are still here and actively used. How well do you remember the nuances of working with them? Let's jog your memory or test your knowledge by reading this article. Examples of C# and IL code, references to the CLI specification, and CoreCLR code are provided. Let's start with an interesting case.
Note. If you are interested in nullable reference types, you can read several articles by my colleagues: "Nullable Reference types in C# 8.0 and static analysis", "Nullable Reference will not protect you, and here is the proof".
In the third article in our three-part series, we further discuss the results of checking the .NET Core Libraries' source code with the PVS-Studio Static Analyzer. Part one of the series can be found here, part two can be found here.
You may also like: .NET Core 3.0 Preview Now Available.
Going back to constructors with unused parameters:
Note: This article is the first in a series of three pieces that will cover a static analysis of .NET Core Libraries' source code.
I've been making my way toward this article for over a year and a half. At some point, I had an idea settled in my head that the .NET Core libraries had great promise. I was checking the project several times, and the analyzer I used kept finding more and more interesting code fragments, but it didn't go further than just scrolling through the list of warnings. And here it is — it finally happened! The project is checked, and the article is right in front of you.
This is a short story about how PVS-Studio helped us find an error in the source code of the library used in PVS-Studio. And it was not a theoretical error but an actual one — the error appeared in practice when using the library in the analyzer.
In PVS-Studio_Cmd (as well as some other utilities), we use a special library for parsing command line arguments: CommandLine.