943,634 Members | Top Members by Rank

Software Development > C# > Custom FxCop Rule.
Ad:
  • C# Discussion Thread
  • Unsolved
  • Views: 2329
  • C# RSS
Permalink
Dec 30th, 2008
0

Custom FxCop Rule.

Expand Post »
Hi All,

We have a requirement to write a custom FxCop rule to generate a warning message when a SQL Query is encountered in the program and suggest to use a Stored Procedure instead.

I have written the following code which is generating a warning when an SQL object is present -- Warning is generated as soon as an object of SqlConnection is created. Hence even when there is only stored procedure and no query warning still pops.

Can anyone please suggest me how do I modify so that warning is generated only if there is a direct SQL Query ie., for SELECT, INSERT,UPDATE & DELETE statements.



using System;
using System.Collections.Generic;
using System.Text;
using Microsoft.Cci;
using Microsoft.FxCop.Sdk;
using Microsoft.FxCop.Sdk.Introspection;

namespace CompanyRules
{
    public class UseStoredProcedureForSQLQuery : BaseIntrospectionRule
    {
       public UseStoredProcedureForSQLQuery():
                    base("UseStoredProcedureForSQLQuery","CompanyRules.RuleData",      typeofUseStoredProcedureForSQLQuery).Assembly)
     {
     }

 public override ProblemCollection Check(TypeNode type)
 {
      return Problems;
 }

 public override ProblemCollection Check(Member member)
 {
      Method mainMethod = member as Method;
      Instruction instruction;
  
      if (mainMethod == null)
      {
           return null;
      }
      if (mainMethod.Instructions == null)
      {
           return null;
      }
  
      for (int count = 0; count <= mainMethod.Instructions.Length - 1; count++)
      {
           instruction = mainMethod.Instructions[count];

           if (instruction.OpCode == OpCode.Newobj)
           {
                if (((Microsoft.Cci.Method)(instruction.Value)).
                    FullName.Contains("System.Data.SqlClient.SqlConnection.#ctor"))
                {
                    Problems.Add(new Problem(GetResolution("SqlConnection","Cafe.net connection")));
                }

                if (((Microsoft.Cci.Method)(instruction.Value)).
                    FullName.Contains("System.Data.SqlClient.SqlCommand.#ctor"))
                {
                        Problems.Add(new Problem(GetResolution("SqlCommand", "Cafe.net command")));
                }
           }
      }
      return Problems;
    }
    }
}
Reputation Points: 10
Solved Threads: 0
Newbie Poster
smnadig is offline Offline
11 posts
since Aug 2008
Permalink
Dec 30th, 2008
0

Re: Custom FxCop Rule.

Stored procedure name as well SQL Statement may be in SqlCommand class, can you fetch some properties of SqlCommand class using Microsoft.Cci??
Last edited by Ramy Mahrous; Dec 30th, 2008 at 8:13 am.
Featured Poster
Reputation Points: 480
Solved Threads: 276
Postaholic
Ramy Mahrous is offline Offline
2,189 posts
since Aug 2006
Permalink
Jan 2nd, 2009
0

Re: Custom FxCop Rule.

Hi,

I am not unable to understand your question. Can you please be eloborate?

Regards,
Sahana
Reputation Points: 10
Solved Threads: 0
Newbie Poster
smnadig is offline Offline
11 posts
since Aug 2008
Permalink
Jan 2nd, 2009
0

Re: Custom FxCop Rule.

Look what makes difference is that you get SQLCommand.CommandType = ? "Text" or "StoredProcedure"
If you get CommandType value you'll solve your problem I didn't work before with Microsoft.Cci library!
Featured Poster
Reputation Points: 480
Solved Threads: 276
Postaholic
Ramy Mahrous is offline Offline
2,189 posts
since Aug 2006
Permalink
Jan 5th, 2009
0

Re: Custom FxCop Rule.

Hi Ramy,

I have tried the approach you have mentioned but am unable to get the desired result. Also, the check needs to be done not only with commandType.Text or StoredProcedure but with other SQL statements if any in the program. Please see the following code:

C# Syntax (Toggle Plain Text)
  1. using System;
  2. using System.Data;
  3. using System.Data.SqlClient;
  4.  
  5. namespace example
  6. {
  7.  
  8.     class Test
  9.     {
  10.  
  11.         public static void Main()
  12.         {
  13.             SqlConnection MyConnection = new SqlConnection(@"Data Source=(local); Initial Catalog = CaseManager; Integrated Security=true");
  14.             MyConnection.Open();
  15.  
  16.             SqlCommand MyCmd = new SqlCommand(@"INSERT INTO Test(ID, Contact, Email) VALUES(2, 'Greg', 'MacBeth')";, MyConnection);
  17.  
  18.            MyConnection.Close();
  19.         }
  20.     }
  21. }


There should be a warning generated in to remove the direct SQL query in the SqlCommand.

Can you please suggest how can i capture this?

Thank you.

Regards,
Sahana
Reputation Points: 10
Solved Threads: 0
Newbie Poster
smnadig is offline Offline
11 posts
since Aug 2008
Permalink
Jan 5th, 2009
0

Re: Custom FxCop Rule.

You can check if the Command Object's Text value has (Select, Insert, Update or Delete) ? using string operations ? I don't know how to use Cci !! Did you try googlize it?
Featured Poster
Reputation Points: 480
Solved Threads: 276
Postaholic
Ramy Mahrous is offline Offline
2,189 posts
since Aug 2006
Permalink
Jan 5th, 2009
0

Re: Custom FxCop Rule.

Yes I tried googling but did not find anything suitable. I too am working on Microsoft.CCi library for the first time !!

Thanks for your suggestion. I shall try to work on that.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
smnadig is offline Offline
11 posts
since Aug 2008

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in C# Forum Timeline: Webservice on port 9999 vs2008
Next Thread in C# Forum Timeline: Change fileNames using C# code





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC