Sunday 16 June 2013

Customizing my first NDepend CQL rule (Potentially dead Methods)

After Installing NDepend, I was looking at the rules execution result of TeamMentor/Master and saw that there were a result of 21 Potential dead methods:


... which when clicked opened up the rule source code and the 21 matched methods:


Double clicking on one of the methods, will open the selected method in Visual Studio (it would be nice it opened inside this UI), which in this case looked like this:


It looks like we have 21 'potentially dead' matches, because the script is not picking up the fact that this is a Unit Test (although it is weird why the other NUnit test also don't show up as 'potential dead methods').

So I read the C# CQL rule that opened up above the results:

image image

...and decided to try to see how hard it would be to customize it.

The compilation and execution is quite fast, with errors showing below


So, I duplicated the … .HasAttribute("System.Runtime.Serialization.OnDeserializedAttribute". … line


… changed it to NUnit.Framework.TestAttribute

… and the results where shown almost immediately (note how there are only 8 methods matched now)


I have to say that this was a really nice experience and I’m looking forward to taking these CQL rules for a bigger spin.

I wonder if they could be used to create SAST rules, namely rules to find SQL Injection or XSS :)