... which when clicked opened up the rule source code and the 21 matched methods:
Double clicking on one of the methods, will open the selected method in Visual Studio (it would be nice it opened inside this UI), which in this case looked like this:
It looks like we have 21 'potentially dead' matches, because the script is not picking up the fact that this is a Unit Test (although it is weird why the other NUnit test also don't show up as 'potential dead methods').
So I read the C# CQL rule that opened up above the results:
...and decided to try to see how hard it would be to customize it.
The compilation and execution is quite fast, with errors showing below
So, I duplicated the … .HasAttribute("System.Runtime.Serialization.OnDeserializedAttribute". … line
… changed it to NUnit.Framework.TestAttribute
… and the results where shown almost immediately (note how there are only 8 methods matched now)
I have to say that this was a really nice experience and I’m looking forward to taking these CQL rules for a bigger spin.
I wonder if they could be used to create SAST rules, namely rules to find SQL Injection or XSS :)
