Please update Puma.Security.Rules.csproj to reference latest version of Microsoft.Net.Compilers

[gras1]

Hi,

I am having issues compiling a Visual Studio 2015 solution I have with project properties "Treat warnings as errors" enabled using version 1.0.5 of Puma Security because it is referencing an old version of Microsoft.Net.Compilers. The error I am recieving is: CSC error CS8032: An instance of analyzer Puma.Security.Rules.Suites.CertificateValidationDiagnosticSuite cannot be created from ...\packages\Puma.Security.Rules.1.0.5\analyzers\dotnet\cs\Puma.Security.Rules.dll : Could not load file or assembly 'Microsoft.CodeAnalysis, Version=1.3.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified.

Please could you provide a timeframe when this could be addressed and fixed.

Thanks.

[ejohn20]

I've run into this before after installing the nuget package. Restating the IDE seems to resolve it.

We can update this, but it will require testing in order versions, etc. No time table on the upgrade yet. I'll let you know when we have this ready.

[ejohn20]

@gras1 I'm currently looking in the analyzer references and we do not rely on this component. Did you resolve this by adding the dependency locally to your project?

[ejohn20]

I've created a new branch and updated all of the CodeAnalysis assemblies to the latest version. This does not solve the problem. The error message simply changes to this:

AD1000 An instance of analyzer Puma.Security.Rules.Suites.WebFormsSyntaxDiagnosticSuite cannot be created from C:\USERS\ERIC\APPDATA\LOCAL\MICROSOFT\VISUALSTUDIO\15.0_8FE767A0ROSLYN\EXTENSIONS\PUMA SECURITY, LLC\PUMA SCAN\1.0.6\Puma.Security.Rules.dll: Could not load file or assembly 'Microsoft.CodeAnalysis, Version=2.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified..

I think this is an issue with Visual Studio 2017. Potential work around below, I'm still trying to figure out how to force these assemblies to be pulled into the local packages directory.

http://tahirhassan.blogspot.co.uk/2017/06/getting-code-analysis-2017-to-work.html

[ejohn20]

This seems to be resolved in the latest version. Tested the install via vsix and nuget and could not reproduce in VS2017.

[ejohn20]

Scratch that, this does appear after building the application. However, the diagnostic warnings do also correctly appear. Are you seeing this on your side as well?

[gregpakes]

I am getting this issue too. Installed both the extension and the nuget packages.

EDIT - Restart of VS fixed the issue for me.

[ejohn20]

Same here, I'm not sure why this is happening. The warning appears in both VS2015 and VS2017. I'm going to ask some folks on the Roslyn team and see if they have any suggestions.

The error goes away and appears again when re-building the application. For now, i'm placing this in the backlog until we have a confirmed way tot fix it.

In short, definitely having warnings stop the compile from working isn't going to be an option here. That setting will need to be disabled. I also changed the filter to stop showing me warning id CS8032.

[ejohn20]

Okay. Made some headway. It has to do with what the target framework of the app is and if it’s a target framework that includes Microsoft.CodeDom.Providers.DotNetCompilerPlatform. If it includes the DotNotCompPlatform, it needs to be version >=1.0.3. 

One solution is to add a dependency in our nuget to Microsoft.CodeDom.Providers.DotNetCompilerPlatform >=1.0.3 or above. However it’s not valid for all target frameworks. For example .net 3.5 can not reference this. So when installing Puma on a .net 3.5 project it would show an error. I don’t believe there is a way to add target specific dependencies. I think we’d have to have separate packages. i.e Puma.Security.Rules.nupkg and a Puma.Security.Rules.dotNet3.nupkg etc, etc. 

Additionally, maybe we can narrow the problem down to only a specify target framework/DotNetCompilerPlatform combination. For example, the project that these errors show up for me is a 4.6.1 target framework with DotNetCompilierPlatform 1.0.0.

[ejohn20]

Close this issue. Duplicate from #32.