New rule for Web Apis

[PaymonK]

If we have a web api action method such as:

[HttpPost, Route("myUrl")]
public async Task<IActionResult> MyApi(SomeType param1)
{
   ....
}

If the following conditions are met:

• The method's Http action is HttpPost, HttpPut, HttpPatch or HttpDelete
• The parameter type is a type defined in the application (i.e. not in the .NET framework)
• The argument does not have any [FromXXX] attribute (such as FromQuery, FromRoute, ....)

Then show a warning to say: "For a {Post} Web Api, specify the parameter binding source explicitly. Did you mean to add [FromBody]?"

Instead of {Post} use the actual http verb.

[Foroughi]

@reporter : Fixed on NuGetPackages\05a4462c76c454e0fd0c2a31043b4674d1dab70e

[Foroughi]

Here are some details of the new rule :

General Details:

• ID : 182
• Category : Design
• Message : For a {0} Web Api, specify the parameter binding source explicitly. Did you mean to add [FromBody]?
• Severity : Warning
• Package : GCop.Common

Technical Details :

The Rule will look for a method with the following specs :

• Should be public
• Should be decorated with an Http action like HttpPost
• Should have at least one parameter with a user-defined type which has not binding source attribute

Test Result :

• [HttpPost] private void TestMethod(DefinedUserClass x) {}
• [HttpPost] public void TestMethod(DefinedUserClass x) {}
• [HttpPost] public void TestMethod(int x) {}
• [HttpPost] public void TestMethod([FromForm] DefinedUserClass x) {}
• [HttpPost] public void TestMethod(int x , DefinedUserClass y) {}

In case of any changes needs to be done on this rule please let me know.

[marjanjavid]

This rule is not working. It just warn when we don't defined the parameter type.
In the picture below we don't see any warning about GCop182 because the parameter is defined by programmer

but here after removing the class we can see the error

This happen because of line 62 in the rule is written like this
public bool IsUserDefinedType(SyntaxNodeAnalysisContext context, ParameterSyntax param) => context.SemanticModel.GetTypeInfo(param.Type).Type?.Kind == SymbolKind.ErrorType;

Also it does not warn about string parameters
@Karvan Am I write? Can I edit this rule?

[marjanjavid]

This is Edited on This

Test Result :

• [HttpPost] private void TestMethod(DefinedUserClass x) {}
• [HttpPost] public void TestMethod(DefinedUserClass x) {}
• [HttpPost] public void TestMethod(int x , DefinedUserClass y) {}
• [HttpPost] public void TestMethod(object x) {}
• [HttpPost] public void TestMethod(int x) {}
• [HttpPost] public void TestMethod(string x) {}
• [HttpPost] public void TestMethod(System.DateTime x) {}
• [HttpPost] public void TestMethod(Decimal x) {}
• [HttpPost] public void TestMethod(bool x) {}
• [HttpPost] public void TestMethod(char x) {}
• [HttpPost] public void TestMethod(double x) {}
• [HttpPost] public void TestMethod(single x) {}
• [HttpPost] public void TestMethod([FromForm] DefinedUserClass x) {}

@Karvan I have a question :
As mentioned here

If the parameter is a "simple" type, Web API tries to get the value from the URI. Simple types include the .NET primitive types (int, bool, double, and so forth), plus TimeSpan, DateTime, Guid, decimal, and string, plus any type with a type converter that can convert from a string.

we should not warn about TimeSpan and Guid parameters. But I couldn't find anyway to add these types to our rule. Because none of theme exist in SpecialType enum.

Also I saw Roslyn consider Nullable<T> and Enum as primitive types, while these were not mentioned in the above link.

So @PaymonK @Karvan @Foroughi I am not sure about Nullable<T> and Enum and TimeSpan and Guid. please help me to take care of these.

[marjanjavid]

The changes are available on GCop2.6.1