Open noloader opened 2 years ago
IEvangelist
commented
2 years ago Hi @noloader - Thank you for posting this issue. I agree it would be nice to have that additional context. I've marked this issue as up-for-grabs and I'd happily review a pull request to add this content if you're willing to add it?
BartoszKlonowski
commented
11 months ago @IEvangelist I will work on this, please assign me if possible.
IEvangelist
commented
11 months ago @IEvangelist I will work on this, please assign me if possible.
Awesome, thank you @BartoszKlonowski - once you create a PR, tag me for review and mention this issue and I'll see to it.
BartoszKlonowski
commented
11 months ago @IEvangelist Unfortunately I don't have any Windows Server environment setup to either reproduce the CA3005 or test the fixing code. I'm afraid I won't be able to provide this with PR, unless I'm given with some alternative approach/hint/guide.
Otherwise let's unassign me so some other dev can take it.
This document shows an example of a violation, but it does not provide a "fixed" example.
Ideally, we should see an example of manual filtering (perhaps with a Regular Expression) and an example of a parameterized LDAP query (like using
SqlCommandandSqlParameterfor a db query).I'm here for the example of a parameterized LDAP query because I cannot find the name of the classes that should be used in C# (and the web is full of junk answers).
And one other comment... The page only shows developers how to stop analyzing for this finding. I think that's a poor choice. The docs should show a developer how to fix the finding, not how to turn the analyzer off. Developers can get the poor answers on Stack Overflow, if they are inclined.
In case it helps, here is the page I was on: https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca3005 . I landed there while searching for "C# parameterized LDAP query" (without the quotes).
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.