Roslyn Cookbook

Roslyn Cookbook

Overview of this book

Open-sourcing the C# and Visual Basic compilers is one of the most appreciated things by the .NET community, especially as it exposes rich code analysis APIs to analyze and edit code. If you want to use Roslyn API to write powerful extensions and contribute to the C# developer tool chain, then this book is for you. Additionally, if you are just a .NET developer and want to use this rich Roslyn-based functionality in Visual Studio to improve the code quality and maintenance of your code base, then this book is also for you. This book is divided into the following broad modules: 1. Writing and consuming analyzers/fixers (Chapters 1 - 5): You will learn to write different categories of Roslyn analyzers and harness and configure analyzers in your C# projects to catch quality, security and performance issues. Moving ahead, you will learn how to improve code maintenance and readability by using code fixes and refactorings and also learn how to write them. 2. Using Roslyn-based agile development features (Chapters 6 and 7): You will learn how to improve developer productivity in Visual Studio by using features such as live unit testing, C# interactive and scripting. 3. Contributing to the C# language and compiler tool chain (Chapters 8 - 10): You will see the power of open-sourcing the Roslyn compiler via the simple steps this book provides; thus, you will contribute a completely new C# language feature and implement it in the Roslyn compiler codebase. Finally, you will write simple command line tools based on the Roslyn service API to analyze and edit C# code.

Title Page

Credits

About the Author

Acknowledgments

About the Reviewer

www.PacktPub.com

Customer Feedback

Preface

Dedication

Free Chapter

Writing Diagnostic Analyzers

Introduction

Creating, debugging, and executing an analyzer project in Visual Studio

Creating a symbol analyzer to report issues about symbol declarations

Creating a syntax node analyzer to report issues about language syntax

Creating a syntax tree analyzer to analyze the source file and report syntax issues

Creating a method body analyzer to analyze whole method and report issues

Creating a compilation analyzer to analyze whole compilation and report issues

Writing unit tests for an analyzer project

Publishing NuGet package and VSIX for an analyzer project

Consuming Diagnostic Analyzers in .NET Projects

Introduction

Searching and installing analyzers through the NuGet package manager

Searching and installing VSIX analyzers through the VS extension gallery

Viewing and configuring analyzers in solution explorer in Visual Studio

Using the ruleset file and Rule Set editor to configure analyzers

Writing IDE Code Fixes, Refactorings, and Intellisense Completion Providers

Introduction

Creating, debugging, and executing a CodeFixProvider to fix a compiler warning

Applying batch code fixes (FixAll) across different scopes: document, project, and solution

Creating a custom FixAllProvider to fix all occurrences of an issue across a scope

Creating a CodeRefactoringProvider to refactor source code to recommend using C# 7.0 tuples

Creating a CompletionProvider to provide additional intellisense items while editing code.

Writing unit tests for a CodeFixProvider

Improving Code Maintenance of C# Code Base

Introduction

Configuring C# code style rules built into Visual Studio 2017

Using the .editorconfig file for configuration of code style rules

Using the public API analyzer for API surface maintenance

Using third-party StyleCop analyzers for code style rules

Catch Security Vulnerabilities and Performance Issues in C# Code

Introduction

Identifying configuration-related security vulnerabilities in web applications

Identifying cross-site scripting vulnerabilities in view markup files (.cshtml, .aspx files) in web applications

Identifying insecure method calls that can lead to SQL and LDAP injection attacks

Identifying weak password protection and management in web applications

Identifying weak validation of data from external components to prevent attacks such as cross-site request forgery and path tampering

Identifying performance improvements to source code using FxCop analyzers

Live Unit Testing in Visual Studio Enterprise

Introduction

Running live unit tests in Visual Studio for unit test projects based on NUnit, XUnit, and MSTest frameworks

Viewing and navigating live unit test results

Understanding incremental live unit test execution with code changes

Understanding Start/Stop/Pause/Continue/Restart functionality for fine grain control of LUT

Including and excluding subset of tests for live execution

Configuring different options for live unit testing using the Tools Options dialog

C# Interactive and Scripting

Introduction

Writing a simple C# script and evaluating it within the Visual Studio interactive window

Using script directives and REPL commands in the C# interactive window

Using keyboard shortcuts for evaluating and navigating through script sessions in the C# interactive window

Initializing the C# interactive session from the existing C# project

Executing the C# script on a Visual Studio developer command prompt using csi.exe

Using the Roslyn scripting API to execute C# code snippets

Contribute Simple Functionality to Roslyn C# Compiler Open Source Code

Introduction

Setting up Roslyn enlistment

Implementing a new syntax error in the C# compiler code base

Implementing a new semantic error in the C# compiler code base

Writing unit tests for a new error in the C# compiler code base

Using Roslyn Syntax Visualizer to view Roslyn syntax tokens and nodes for a source file

Sending a Roslyn pull request to contribute to next version of C# compiler and VS IDE

Design and Implement a New C# Language Feature

Introduction

Designing syntax and grammar for a new C# language feature

Implementing parser support for a new C# language feature

Implementing binding/semantic analysis support for a new C# language feature

Implementing lowering/code generation support for a new C# language feature

Writing unit tests for C# parsing, binding, and codegen phases

Command-Line Tools Based on Roslyn API

Introduction

Writing an application based on the Compiler Syntax API to parse and transform source files

Writing an application based on the Compiler Semantic API to display diagnostics and overload resolution results

Writing an application based on the Compiler Analyzer API to execute diagnostic analyzers and display analyzer diagnostics

Writing an application based on the Workspaces API to format and simplify all source files in the solution

Writing an application based on the Workspaces API to edit projects in a solution and display project properties

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Identifying weak validation of data from external components to prevent attacks such as cross-site request forgery and path tampering

In this section, we will walk you through the rules in PUMA scan analyzers to catch security vulnerabilities that can lead to following types of security attacks due to insufficient validation of input:

Cross-Site request forgery (https://en.wikipedia.org/wiki/Cross-site_request_forgery): Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser

Path tampering (https://en.wikipedia.org/wiki/Directory_traversal_attack): A directory traversal (or path traversal) consists in exploiting insufficient security validation/sanitization...

Roslyn Cookbook

Roslyn Cookbook

Overview of this book

Related Content you might be interested in

Current Title:

Roslyn Cookbook

Mastering Visual Studio 2019.

Refactoring with C#

Metaprogramming in C#

Identifying weak validation of data from external components to prevent attacks such as cross-site request forgery and path tampering