Adding reference to MessagePackAnalyzer to check for MsgPack001 / MsgPack002 (Banned API) (#19989)

2020-03-20 00:05:45 +01:00 · 2020-03-20 00:05:45 +01:00 · d3e10b7def
parent aff01ebd7f
commit d3e10b7def
6 changed files with 41 additions and 24 deletions
--- a/.gitignore
+++ b/.gitignore
@ -13,6 +13,7 @@ BenchmarkDotNet.Artifacts/
 .gradle/
 src/SignalR/clients/**/dist/
 modules/
+.ionide/

 # File extensions
 *.aps
@ -41,4 +42,4 @@ launchSettings.json
 msbuild.ProjectImports.zip
 StyleCop.Cache
 UpgradeLog.htm
-.idea
+.idea
--- a/eng/Dependencies.props
+++ b/eng/Dependencies.props
@ -163,6 +163,7 @@ and are generated based on the last package release.
    <LatestPackageReference Include="IdentityServer4.Storage" Version="$(IdentityServer4StoragePackageVersion)" />
    <LatestPackageReference Include="Libuv" Version="$(LibuvPackageVersion)" />
    <LatestPackageReference Include="MessagePack" Version="$(MessagePackPackageVersion)" />
+    <LatestPackageReference Include="MessagePackAnalyzer" Version="$(MessagePackPackageVersion)" />
    <LatestPackageReference Include="Mono.Cecil" Version="$(MonoCecilPackageVersion)" />
    <LatestPackageReference Include="Moq" Version="$(MoqPackageVersion)" />
    <LatestPackageReference Include="Newtonsoft.Json.Bson" Version="$(NewtonsoftJsonBsonPackageVersion)" />
--- a/eng/Versions.props
+++ b/eng/Versions.props
@ -225,7 +225,7 @@
    <IdentityServer4PackageVersion>3.0.0</IdentityServer4PackageVersion>
    <IdentityServer4StoragePackageVersion>3.0.0</IdentityServer4StoragePackageVersion>
    <IdentityServer4EntityFrameworkStoragePackageVersion>3.0.0</IdentityServer4EntityFrameworkStoragePackageVersion>
-    <MessagePackPackageVersion>2.1.80</MessagePackPackageVersion>
+    <MessagePackPackageVersion>2.1.90</MessagePackPackageVersion>
    <MoqPackageVersion>4.10.0</MoqPackageVersion>
    <MonoCecilPackageVersion>0.10.1</MonoCecilPackageVersion>
    <NewtonsoftJsonBsonPackageVersion>1.0.2</NewtonsoftJsonBsonPackageVersion>
--- a/src/SignalR/common/Protocols.MessagePack/src/.editorconfig
+++ b/src/SignalR/common/Protocols.MessagePack/src/.editorconfig
@ -0,0 +1,12 @@
+# EditorConfig is awesome:http://EditorConfig.org
+# NOTE: Requires **VS2019 16.3** or later
+
+# New Rule Set
+# Description:
+# MsgPack001 : MsgPack001 Avoid static default for MessagePackSerializerOptions
+# MsgPack002 : MsgPack002 Avoid using a mutable static value for MessagePackSerializerOptions
+
+# Code files
+[*.{cs,vb}]
+dotnet_diagnostic.MsgPack001.severity = error
+dotnet_diagnostic.MsgPack002.severity = error
--- a/src/SignalR/common/Protocols.MessagePack/src/Microsoft.AspNetCore.SignalR.Protocols.MessagePack.csproj
+++ b/src/SignalR/common/Protocols.MessagePack/src/Microsoft.AspNetCore.SignalR.Protocols.MessagePack.csproj
@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <Description>Implements the SignalR Hub Protocol over MsgPack.</Description>
@ -17,6 +17,7 @@
  <ItemGroup>
    <Reference Include="Microsoft.AspNetCore.SignalR.Common" />
    <Reference Include="MessagePack" />
+    <Reference Include="MessagePackAnalyzer" PrivateAssets="All" />
  </ItemGroup>

 </Project>
--- a/src/SignalR/common/Protocols.MessagePack/src/Protocol/MessagePackHubProtocol.cs
+++ b/src/SignalR/common/Protocols.MessagePack/src/Protocol/MessagePackHubProtocol.cs
@ -26,7 +26,7 @@ namespace Microsoft.AspNetCore.SignalR.Protocol
        private const int VoidResult = 2;
        private const int NonVoidResult = 3;

-        private MessagePackSerializerOptions _msgPackSerializerOptions;
+        private readonly MessagePackSerializerOptions _msgPackSerializerOptions;
        private static readonly string ProtocolName = "messagepack";
        private static readonly int ProtocolVersion = 1;

@ -53,34 +53,36 @@ namespace Microsoft.AspNetCore.SignalR.Protocol
        public MessagePackHubProtocol(IOptions<MessagePackHubProtocolOptions> options)
        {
            var msgPackOptions = options.Value;
-            SetupResolver(msgPackOptions);
-            _msgPackSerializerOptions.WithSecurity(MessagePackSecurity.UntrustedData);
-        }
+            var resolver = SignalRResolver.Instance;
+            var hasCustomFormatterResolver = false;

-        private void SetupResolver(MessagePackHubProtocolOptions options)
-        {
-            // if counts don't match then we know users customized resolvers so we set up the options
-            // with the provided resolvers
-            if (options.FormatterResolvers.Count != SignalRResolver.Resolvers.Count)
+            // if counts don't match then we know users customized resolvers so we set up the options with the provided resolvers
+            if (msgPackOptions.FormatterResolvers.Count != SignalRResolver.Resolvers.Count)
            {
-                var resolver = CompositeResolver.Create(Array.Empty<IMessagePackFormatter>(), (IReadOnlyList<IFormatterResolver>)options.FormatterResolvers);
-                _msgPackSerializerOptions = MessagePackSerializerOptions.Standard.WithResolver(resolver);
-                return;
+                hasCustomFormatterResolver = true;
            }
-
-            for (var i = 0; i < options.FormatterResolvers.Count; i++)
+            else
            {
-                // check if the user customized the resolvers
-                if (options.FormatterResolvers[i] != SignalRResolver.Resolvers[i])
+                // Compare each "reference" in the FormatterResolvers IList<> against the default "SignalRResolver.Resolvers" IList<>
+                for (var i = 0; i < msgPackOptions.FormatterResolvers.Count; i++)
                {
-                    var resolver = CompositeResolver.Create(Array.Empty<IMessagePackFormatter>(), (IReadOnlyList<IFormatterResolver>)options.FormatterResolvers);
-                    _msgPackSerializerOptions = MessagePackSerializerOptions.Standard.WithResolver(resolver);
-                    return;
+                    // check if the user customized the resolvers
+                    if (msgPackOptions.FormatterResolvers[i] != SignalRResolver.Resolvers[i])
+                    {
+                        hasCustomFormatterResolver = true;
+                        break;
+                    }
                }
            }

-            // Use optimized cached resolver if the default is chosen
-            _msgPackSerializerOptions = MessagePackSerializerOptions.Standard.WithResolver(SignalRResolver.Instance);
+            if (hasCustomFormatterResolver)
+            {
+                resolver = CompositeResolver.Create(Array.Empty<IMessagePackFormatter>(), (IReadOnlyList<IFormatterResolver>)msgPackOptions.FormatterResolvers);
+            }
+
+            _msgPackSerializerOptions = MessagePackSerializerOptions.Standard
+                                                                    .WithResolver(resolver)
+                                                                    .WithSecurity(MessagePackSecurity.UntrustedData);
        }

        /// <inheritdoc />