C# RSS C# RSS

Custom FxCop Rule.

Please support our C# advertiser: Intel Parallel Studio Home
Reply

Join Date: Aug 2008
Posts: 11
Reputation: smnadig is an unknown quantity at this point 
Solved Threads: 0
smnadig smnadig is offline Offline
Newbie Poster

Custom FxCop Rule.

 
0
  #1
Dec 30th, 2008
Hi All,

We have a requirement to write a custom FxCop rule to generate a warning message when a SQL Query is encountered in the program and suggest to use a Stored Procedure instead.

I have written the following code which is generating a warning when an SQL object is present -- Warning is generated as soon as an object of SqlConnection is created. Hence even when there is only stored procedure and no query warning still pops.

Can anyone please suggest me how do I modify so that warning is generated only if there is a direct SQL Query ie., for SELECT, INSERT,UPDATE & DELETE statements.



using System;
using System.Collections.Generic;
using System.Text;
using Microsoft.Cci;
using Microsoft.FxCop.Sdk;
using Microsoft.FxCop.Sdk.Introspection;

namespace CompanyRules
{
    public class UseStoredProcedureForSQLQuery : BaseIntrospectionRule
    {
       public UseStoredProcedureForSQLQuery():
                    base("UseStoredProcedureForSQLQuery","CompanyRules.RuleData",      typeofUseStoredProcedureForSQLQuery).Assembly)
     {
     }

 public override ProblemCollection Check(TypeNode type)
 {
      return Problems;
 }

 public override ProblemCollection Check(Member member)
 {
      Method mainMethod = member as Method;
      Instruction instruction;
  
      if (mainMethod == null)
      {
           return null;
      }
      if (mainMethod.Instructions == null)
      {
           return null;
      }
  
      for (int count = 0; count <= mainMethod.Instructions.Length - 1; count++)
      {
           instruction = mainMethod.Instructions[count];

           if (instruction.OpCode == OpCode.Newobj)
           {
                if (((Microsoft.Cci.Method)(instruction.Value)).
                    FullName.Contains("System.Data.SqlClient.SqlConnection.#ctor"))
                {
                    Problems.Add(new Problem(GetResolution("SqlConnection","Cafe.net connection")));
                }

                if (((Microsoft.Cci.Method)(instruction.Value)).
                    FullName.Contains("System.Data.SqlClient.SqlCommand.#ctor"))
                {
                        Problems.Add(new Problem(GetResolution("SqlCommand", "Cafe.net command")));
                }
           }
      }
      return Problems;
    }
    }
}
Thanks & Regards
Reply With Quote Quick reply to this message  
Join Date: Aug 2006
Posts: 2,065
Reputation: Ramy Mahrous is just really nice Ramy Mahrous is just really nice Ramy Mahrous is just really nice Ramy Mahrous is just really nice 
Solved Threads: 256
Featured Poster
Ramy Mahrous's Avatar
Ramy Mahrous Ramy Mahrous is offline Offline
Postaholic

Re: Custom FxCop Rule.

 
0
  #2
Dec 30th, 2008
Stored procedure name as well SQL Statement may be in SqlCommand class, can you fetch some properties of SqlCommand class using Microsoft.Cci??
Last edited by Ramy Mahrous; Dec 30th, 2008 at 8:13 am.
BI Developer | LINKdotNET
B.Sc Computer Science, Helwan University
Technical blog | http://ramymahrous.wordpress.com
LinkedIn | http://www.linkedin.com/in/ramymahrous
Reply With Quote Quick reply to this message  
Join Date: Aug 2008
Posts: 11
Reputation: smnadig is an unknown quantity at this point 
Solved Threads: 0
smnadig smnadig is offline Offline
Newbie Poster

Re: Custom FxCop Rule.

 
0
  #3
Jan 2nd, 2009
Hi,

I am not unable to understand your question. Can you please be eloborate?

Regards,
Sahana
Thanks & Regards
Reply With Quote Quick reply to this message  
Join Date: Aug 2006
Posts: 2,065
Reputation: Ramy Mahrous is just really nice Ramy Mahrous is just really nice Ramy Mahrous is just really nice Ramy Mahrous is just really nice 
Solved Threads: 256
Featured Poster
Ramy Mahrous's Avatar
Ramy Mahrous Ramy Mahrous is offline Offline
Postaholic

Re: Custom FxCop Rule.

 
0
  #4
Jan 2nd, 2009
Look what makes difference is that you get SQLCommand.CommandType = ? "Text" or "StoredProcedure"
If you get CommandType value you'll solve your problem I didn't work before with Microsoft.Cci library!
BI Developer | LINKdotNET
B.Sc Computer Science, Helwan University
Technical blog | http://ramymahrous.wordpress.com
LinkedIn | http://www.linkedin.com/in/ramymahrous
Reply With Quote Quick reply to this message  
Join Date: Aug 2008
Posts: 11
Reputation: smnadig is an unknown quantity at this point 
Solved Threads: 0
smnadig smnadig is offline Offline
Newbie Poster

Re: Custom FxCop Rule.

 
0
  #5
Jan 5th, 2009
Hi Ramy,

I have tried the approach you have mentioned but am unable to get the desired result. Also, the check needs to be done not only with commandType.Text or StoredProcedure but with other SQL statements if any in the program. Please see the following code:

C# Syntax (Toggle Plain Text) 
  1. using System;
  2. using System.Data;
  3. using System.Data.SqlClient;
  4.  
  5. namespace example
  6. {
  7.  
  8.     class Test
  9.     {
  10.  
  11.         public static void Main()
  12.         {
  13.             SqlConnection MyConnection = new SqlConnection(@"Data Source=(local); Initial Catalog = CaseManager; Integrated Security=true");
  14.             MyConnection.Open();
  15.  
  16.             SqlCommand MyCmd = new SqlCommand(@"INSERT INTO Test(ID, Contact, Email) VALUES(2, 'Greg', 'MacBeth')";, MyConnection);
  17.  
  18.            MyConnection.Close();
  19.         }
  20.     }
  21. }


There should be a warning generated in to remove the direct SQL query in the SqlCommand.

Can you please suggest how can i capture this?

Thank you.

Regards,
Sahana
Thanks & Regards
Reply With Quote Quick reply to this message  
Join Date: Aug 2006
Posts: 2,065
Reputation: Ramy Mahrous is just really nice Ramy Mahrous is just really nice Ramy Mahrous is just really nice Ramy Mahrous is just really nice 
Solved Threads: 256
Featured Poster
Ramy Mahrous's Avatar
Ramy Mahrous Ramy Mahrous is offline Offline
Postaholic

Re: Custom FxCop Rule.

 
0
  #6
Jan 5th, 2009
You can check if the Command Object's Text value has (Select, Insert, Update or Delete) ? using string operations ? I don't know how to use Cci !! Did you try googlize it?
BI Developer | LINKdotNET
B.Sc Computer Science, Helwan University
Technical blog | http://ramymahrous.wordpress.com
LinkedIn | http://www.linkedin.com/in/ramymahrous
Reply With Quote Quick reply to this message  
Join Date: Aug 2008
Posts: 11
Reputation: smnadig is an unknown quantity at this point 
Solved Threads: 0
smnadig smnadig is offline Offline
Newbie Poster

Re: Custom FxCop Rule.

 
0
  #7
Jan 5th, 2009
Yes I tried googling but did not find anything suitable. I too am working on Microsoft.CCi library for the first time !!

Thanks for your suggestion. I shall try to work on that.
Thanks & Regards
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Other Threads in the C# Forum
Thread Tools Search this Thread



.net access algorithm array asp barchart bitmap box broadcast c# check checkbox client column combobox control conversion csharp custom database datagrid datagridview datagridviewcheckbox dataset datetime degrees development display draganddrop drawing encryption enum event excel file form format formatting formbox forms formupdate function gdi+ httpwebrequest image index input install java label linux list listbox mandelbrot math mouseclick mysql namevaluepairs networking operator packaging parse path photoshop picturebox pixelinversion post programming radians regex remote remoting reporting richtextbox robot server sleep socket sql statistics stream string table text textbox thread time timer transform treeview update usercontrol validation visualstudio webbrowser wfa windows winforms wpf xml
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC