Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

C#: Fix some new compiler warnings #18246

Merged
merged 5 commits into from
Dec 12, 2024
Merged

C#: Fix some new compiler warnings #18246

merged 5 commits into from
Dec 12, 2024

Conversation

michaelnebel
Copy link
Contributor

@michaelnebel michaelnebel commented Dec 9, 2024
edited
Loading

A couple of new compiler warnings (since Friday)

  • A compiler warning for MessagePack 3.0.3 (I think the package was just renamed to 3.0.300, which is not flagged as having a security vulnerability).
  • Possible null de-reference warnings (fixed by adding some null checks).

DCA looks good.

@github-actions github-actions bot added the C# label Dec 9, 2024
@michaelnebel michaelnebel added the no-change-note-required This PR does not need a change note label Dec 9, 2024
@michaelnebel michaelnebel marked this pull request as ready for review December 9, 2024 10:19
@michaelnebel michaelnebel requested review from a team as code owners December 9, 2024 10:19
tamasvajk
tamasvajk reviewed Dec 9, 2024
View reviewed changes
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs Outdated
Comment on lines 607 to 611
if (chain is null || cert is null)
{
return false;
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we log something in this case? Do we expect any of these to be null in any circumstance?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good question, I am not really familiar with this API. This was the minimal change I could make that just replaced a potential crash with a failed validation instead.
@mbg : Do you have an opinion about it?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No opinion. I couldn't see anything obvious in the docs about when these might be null and they were never null during testing. I didn't implement any checks for whether these are null, since I figured that would be more helpful to know under what circumstances they end up being null than just return false.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, that indicates that we should add a log message in case these are null.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, I was just about to add that I guess logging it as @tamasvajk suggested would make sense.

@michaelnebel michaelnebel requested a review from mbg December 11, 2024 08:58
mbg
mbg approved these changes Dec 12, 2024
View reviewed changes
Copy link
Member

@mbg mbg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for addressing those details!

@michaelnebel michaelnebel merged commit a52a549 into github:main Dec 12, 2024
17 checks passed
@michaelnebel michaelnebel deleted the csharp/fixwarnings branch December 12, 2024 14:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mbg mbg mbg approved these changes

@tamasvajk tamasvajk Awaiting requested review from tamasvajk

Assignees
No one assigned
Labels
C# no-change-note-required This PR does not need a change note
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@michaelnebel @mbg @tamasvajk