Skip to content

C#: Fix some new compiler warnings #18246

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
michaelnebel merged 5 commits into from
Dec 12, 2024
Merged

C#: Fix some new compiler warnings #18246

michaelnebel merged 5 commits into from
Dec 12, 2024

Conversation

@michaelnebel
Copy link
Contributor

@michaelnebel michaelnebel commented Dec 9, 2024
edited
Loading

A couple of new compiler warnings (since Friday)

  • A compiler warning for MessagePack 3.0.3 (I think the package was just renamed to 3.0.300, which is not flagged as having a security vulnerability).
  • Possible null de-reference warnings (fixed by adding some null checks).

DCA looks good.

@github-actions github-actions bot added the C# label Dec 9, 2024
@michaelnebel michaelnebel added the no-change-note-required This PR does not need a change note label Dec 9, 2024
@michaelnebel michaelnebel marked this pull request as ready for review December 9, 2024 10:19
@michaelnebel michaelnebel requested review from a team as code owners December 9, 2024 10:19
tamasvajk
tamasvajk reviewed Dec 9, 2024
View reviewed changes
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs
Comment on lines 607 to 611
if (chain is null || cert is null)
{
return false;
}
Copy link
Contributor

@tamasvajk tamasvajk Dec 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we log something in this case? Do we expect any of these to be null in any circumstance?

Copy link
Contributor Author

@michaelnebel michaelnebel Dec 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good question, I am not really familiar with this API. This was the minimal change I could make that just replaced a potential crash with a failed validation instead.
@mbg : Do you have an opinion about it?

Copy link
Member

@mbg mbg Dec 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No opinion. I couldn't see anything obvious in the docs about when these might be null and they were never null during testing. I didn't implement any checks for whether these are null, since I figured that would be more helpful to know under what circumstances they end up being null than just return false.

Copy link
Contributor Author

@michaelnebel michaelnebel Dec 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, that indicates that we should add a log message in case these are null.

Copy link
Member

@mbg mbg Dec 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, I was just about to add that I guess logging it as @tamasvajk suggested would make sense.

@michaelnebel michaelnebel requested a review from mbg December 11, 2024 08:58
mbg
mbg approved these changes Dec 12, 2024
View reviewed changes
Copy link
Member

@mbg mbg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for addressing those details!

@michaelnebel michaelnebel merged commit a52a549 into github:main Dec 12, 2024
9 checks passed
@michaelnebel michaelnebel deleted the csharp/fixwarnings branch December 12, 2024 14:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mbg mbg mbg approved these changes

@tamasvajk tamasvajk Awaiting requested review from tamasvajk

Assignees

No one assigned

Labels

C# no-change-note-required This PR does not need a change note

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@michaelnebel @mbg @tamasvajk