New rule S3063: "StringBuilder" data should be used

[cristian-ambrosini-sonarsource]

Fixes #6659

[martin-strecker-sonarsource]

First round of comments.

[martin-strecker-sonarsource]

Cool stuff, great test coverage, and a really nice find with the interpolation 👍

We need to find a better way to detect the reads but you can read more about this below.

[martin-strecker-sonarsource]

I found a couple of things that could be improved but nothing is blocking the rule from being merged.

Feel free to prioritize and cut branches by creating tickets or leaving a comment. I'm on a hardening sprint with Tim next week and we can pick up from there.

[martin-strecker-sonarsource]

Some cosmetic changes are left and there are some cases which need clarification.

[martin-strecker-sonarsource]

The or part looks wrong to me. Can it be removed without breaking things?

If not make the "or" part it's own pattern matching branch (this reads better IMO).

Try to get rid of the model.GetOperation call if possible.

[cristian-ambrosini-sonarsource]

This line is meant to support indexers:
Dim a = sb(0)

Unfortunately, I wasn't able to find any other way to detect a property reference in VB other than looking at the operation kind. In CS indexers are treated differently and I can register for them with ElementAccessExpressionSyntax, thus avoiding the check on the operation.

[martin-strecker-sonarsource]

You are right about the syntax check: There is no way to detect whether the invocation is a method or an indexer. You can use IPropertySymbol.IsIndexer instead of IOperation though.

[cristian-ambrosini-sonarsource]

You are right! Nice find 👍

[martin-strecker-sonarsource]

Educational: Can you give me an example for EqualsValueClauseSyntax (VB too), please?

[cristian-ambrosini-sonarsource]

Sure!
Here for CS and here for VB.

[martin-strecker-sonarsource]

I see. There is propably no problem with this but there other places the syntax is used (VB and CS):

• EnumMemberDeclarationSyntax (Initilaizer)
• PropertyDeclarationSyntax (Initilaizer)
• ParameterSyntax (Default)

You better check for { Parent: VariableDeclaratorSyntax } or even better VariableDeclaratorSyntax { Initializer.Value: { .. } }

(The only way I'm aware of to check for something like this is to checkout Roslyn and use "FindAllReferences" on the SyntaxNode.)

[cristian-ambrosini-sonarsource]

I will add coverage for the GetIdentifier method in the facade on a separate PR.

[martin-strecker-sonarsource]

Can you increase the code coverage here?

[martin-strecker-sonarsource]

LGTM. There is one fishy looking syntax kind. Also if you have time

• Increase the coverage a bit so we can merge without admin approval
• There seems to be no test for top-level statements

[martin-strecker-sonarsource]

Why is this?

[cristian-ambrosini-sonarsource]

In the case of top-level statements we are not going through the children of the using directives (see here).

• The test for top-level statements is called UnusedStringBuilder_TopLevelStatements and it's a parameterized test.

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

95.9% Coverage
0.0% Duplication