Limit the Highlighting of Code for SG0016

dotnet-security-guard / roslyn-security-guard

Roslyn analyzers that aim to help security audit on .NET applications.

https://dotnet-security-guard.github.io

GNU Lesser General Public License v3.0

208 stars 38 forks source link

Limit the Highlighting of Code for SG0016 #74

Closed kyleherzog closed 7 years ago

kyleherzog commented 7 years ago

I'm using VS2017 and when SG0016 is flagged I get the entire function highlighted with the green underline. This is too much highlighting and makes it hard to see other issues highlighted within the method. It would be more appropriate to highlight just the method name or return type.

h3xstream commented 7 years ago

I had a hard time figuring how to highlight a the first line of the method.. I realized I could simply put the error on one of the attribute preferably the one describing the HTTP verb [HttpPost], [HttpPut], etc.

Here is a preview : csrf

h3xstream commented 7 years ago

Changeset : https://github.com/dotnet-security-guard/roslyn-security-guard/commit/b5f1524ca1e6208126f4043ef2be7fd8cff729be