Open Trivivium opened 3 years ago
The commit fb3e88f0a7328b0db7228a58e5756c7e6aeb67c8 prototyped an implementation where a combination of the AssemblyMetadata
and ReferenceAssembly
attributes on a project is detected. If the former has a value of .NETFrameworkAssembly
and the latter exists the assembly reference was considered from the SDK.
However, further tests indicate this leads to false positives. The example Microsoft.Extensions.Logging.Abstractions
has the former attribute. However, it is not bundled with the base SDK as far as I can tell. It should also be noted that project references are considered a reference assembly along with many of the actual SDK assemblies. Thus, the combination is insufficient to filter by.
The inspection tool should inspect NuGet packages that have Mircosoft as the author, while still excluding any assemblies/packages from the SDK. An example is
Microsoft.Extensions.Logging
should be inspected, whileMicrosoft.CSharp
should not. Another example is theSystem.Reflection.MetadataLoadContext
package, which is as far I can tell loaded exclusively as a NuGet package.The implementation needs to take different types of SDKs into consideration. The default SDK is named
Microsoft.Sdk.NET
, while the SDK used by ASPNET Core isMicrosoft.Sdk.NET.Web
. The latter extends the list of bundled packages. If a project uses the web SDK theMicrosoft.Extensions.Logging
packages from the example above becomes bundled.