Analyzer to warn against using Exception.Message in an exception filter

WiseTechGlobal / WTG.Analyzers

Analyzers from WiseTech Global to enforce our styles, behaviours, and prevent common mistakes.

Other

16 stars 3 forks source link

Analyzer to warn against using Exception.Message in an exception filter #140

Open yaakov-h opened 3 years ago

yaakov-h commented 3 years ago

e.g. catch (Exception ex) when (ex.Message.Contains("some English string"))

brian-reichle commented 3 years ago

I would suggest that the issue here isn't so much that Exception.Message is used in a filter, but that a decision is being made based on it. Using ex.Message.Contains(...) should probably be considered just as bad if it had appeared in the body of the catch block or in some other method.

yaakov-h commented 3 years ago

Agreed, but I thought that may be trickier.

Should we perhaps blacklist certain string methods or extension methods when called on Exception.Message?

brian-reichle commented 3 years ago

I would suggest blacklisting any string method that returns a bool or int and possibly any regex method.