Skip to content

Commit

Permalink
Merge pull request #2720 from dotnet/merges/master-to-3.x
Browse files Browse the repository at this point in the history 
Merge master to 3.x
  • Loading branch information
@mavasani
mavasani committed Aug 1, 2019
2 parents dc8c6fb + 03abe77 commit 2d26adf
Show file tree
Hide file tree
Showing 27 changed files with 881 additions and 5 deletions.
2 changes: 1 addition & 1 deletion .github/ISSUE_TEMPLATE.md
View file
Expand Up @@ -4,7 +4,7 @@ Example: [Microsoft.CodeAnalysis.FxCopAnalyzers](https://www.nuget.org/packages/

#### Package Version

Example: v2.9.3 (Latest)
Example: v2.9.4 (Latest)

#### Diagnostic ID

Expand Down
26 changes: 26 additions & 0 deletions PostReleaseActivities.md
View file
@@ -0,0 +1,26 @@
Post-release activities
=================================================================

Please follow the below steps after publishing analyzer NuGet packages from this repo onto NuGet.org:

1. Create a new release OR Update an existing draft release:
1. Draft: Either click [here](https://github.com/dotnet/roslyn-analyzers/releases/new) to draft a new release OR update an [existing draft release](https://github.com/dotnet/roslyn-analyzers/releases). For reference, you can look at any of the existing releases, say [v2.9.3](https://github.com/dotnet/roslyn-analyzers/releases/edit/v2.9.3).
2. Release notes: Follow the steps in the *Steps to generate Release Notes* below to generate Release notes and copy the generated notes to the description section of the new release.
3. Publish: Mark the release as a pre-release if appropriate and click "Publish Release".
2. Repo changes:
1. Checkout a new branch from latest sources of release branch.
2. Update `VERSIONING.md`: Add a new row in the released version table.
3. Update `.github\ISSUE_TEMPLATE.md`: Update the package version in the example section to the latest released package version.
4. Update `eng\Versions.props`:
1. Bump up the `VersionPrefix`.
2. Reset `PreReleaseVersionLabel` to `beta1`.
3. Update `MicrosoftCodeAnalysisFXCopAnalyersVersion` to the latest released package version. Build the repo by invoking `Build.cmd` and fix/suppress any new CA diagnostics, as appropriate.
5. Create and submit a PR with the above changes.

Steps to generate Release Notes
=================================================================

1. Checkout the sources for the release branch locally. This would normally be the master branch.
2. Build ReleaseNotesUtil tool: `msbuild /t:restore /t:rebuild /v:m /m src\ReleaseNotesUtil\ReleaseNotesUtil.csproj`.
3. Ensure that nuget.exe is on path.
4. Generate notes: Switch to the output directory, say `artifacts\bin\ReleaseNotesUtil\Debug\netcoreapp2.0` and execute `GenDiffNotes.cmd` from an admin command prompt to generate release notes.
1 change: 1 addition & 0 deletions VERSIONING.md
View file
Expand Up @@ -39,3 +39,4 @@ Sr. No. | Release Version | Commit Tag | Commit SHA
19 | 2.9.2 | v2.9.2 | [dcad84f](https://github.com/dotnet/roslyn-analyzers/commit/dcad84faf700d501edd8cb3c79279abd328c1ad0) | Microsoft.CodeAnalysis.Analyzers, Microsoft.CodeAnalysis.FxCopAnalyzers, Microsoft.CodeAnalysis.Metrics, Microsoft.CodeAnalysis.VersionCheckAnalyzer, Microsoft.CodeQuality.Analyzers, Microsoft.NetCore.Analyzers, Microsoft.NetFramework.Analyzers, Roslyn.Diagnostics.Analyzers, Microsoft.CodeAnalysis.PublicApiAnalyzers, Microsoft.CodeAnalysis.BannedApiAnalyzers
20 | 2.9.3 | v2.9.3 | [7f096af](https://github.com/dotnet/roslyn-analyzers/commit/7f096aff22c1fd35652d55a9405e13d421dfe512) | Microsoft.CodeAnalysis.Analyzers, Microsoft.CodeAnalysis.FxCopAnalyzers, Microsoft.CodeAnalysis.Metrics, Microsoft.CodeAnalysis.VersionCheckAnalyzer, Microsoft.CodeQuality.Analyzers, Microsoft.NetCore.Analyzers, Microsoft.NetFramework.Analyzers, Roslyn.Diagnostics.Analyzers, Microsoft.CodeAnalysis.PublicApiAnalyzers, Microsoft.CodeAnalysis.BannedApiAnalyzers
21 | 2.9.4-beta1.final (pre-release) | v2.9.4-beta1.final | [3b22a6a](https://github.com/dotnet/roslyn-analyzers/commit/3b22a6a82d450350ab0cf27504adab8d1226b2a8) | Microsoft.CodeAnalysis.Analyzers, Microsoft.CodeAnalysis.FxCopAnalyzers, Microsoft.CodeAnalysis.Metrics, Microsoft.CodeAnalysis.VersionCheckAnalyzer, Microsoft.CodeQuality.Analyzers, Microsoft.NetCore.Analyzers, Microsoft.NetFramework.Analyzers, Roslyn.Diagnostics.Analyzers, Microsoft.CodeAnalysis.PublicApiAnalyzers, Microsoft.CodeAnalysis.BannedApiAnalyzers, Microsoft.CodeAnalysis.FlowAnalysis.Utilities
22 | 2.9.4 | v2.9.4 | [a1a198d](https://github.com/dotnet/roslyn-analyzers/commit/a1a198d1c5d2359e93dd4ab4b1c4f7421512724e) | Microsoft.CodeAnalysis.Analyzers, Microsoft.CodeAnalysis.FxCopAnalyzers, Microsoft.CodeAnalysis.Metrics, Microsoft.CodeAnalysis.VersionCheckAnalyzer, Microsoft.CodeQuality.Analyzers, Microsoft.NetCore.Analyzers, Microsoft.NetFramework.Analyzers, Roslyn.Diagnostics.Analyzers, Microsoft.CodeAnalysis.PublicApiAnalyzers, Microsoft.CodeAnalysis.BannedApiAnalyzers, Microsoft.CodeAnalysis.FlowAnalysis.Utilities
2 changes: 1 addition & 1 deletion docs/Analyzer Configuration.md
View file
Expand Up @@ -113,7 +113,7 @@ Examples:
### Excluded symbol names
Option Name: `excluded_symbol_names`

Configurable Rules: [CA1303](https://docs.microsoft.com/visualstudio/code-quality/ca1303-do-not-pass-literals-as-localized-parameters), [CA1062](https://docs.microsoft.com/visualstudio/code-quality/ca1062-validate-arguments-of-public-methods), CA1508, [CA2000](https://docs.microsoft.com/visualstudio/code-quality/ca2000-dispose-objects-before-losing-scope), [CA2100](https://docs.microsoft.com/visualstudio/code-quality/ca2100-review-sql-queries-for-security-vulnerabilities), [CA2301](https://docs.microsoft.com/visualstudio/code-quality/ca2301-do-not-call-binaryformatter-deserialize-without-first-setting-binaryformatter-binder), [CA2302](https://docs.microsoft.com/visualstudio/code-quality/ca2302-ensure-binaryformatter-binder-is-set-before-calling-binaryformatter-deserialize), [CA2311](https://docs.microsoft.com/visualstudio/code-quality/ca2311-do-not-deserialize-without-first-setting-netdatacontractserializer-binder), [CA2312](https://docs.microsoft.com/visualstudio/code-quality/ca2312-ensure-netdatacontractserializer-binder-is-set-before-deserializing), [CA2321](https://docs.microsoft.com/visualstudio/code-quality/ca2321), [CA2322](https://docs.microsoft.com/visualstudio/code-quality/ca2322), CA2327, CA2328, [CA3001](https://docs.microsoft.com/visualstudio/code-quality/ca3001-review-code-for-sql-injection-vulnerabilities), [CA3002](https://docs.microsoft.com/visualstudio/code-quality/ca3002-review-code-for-xss-vulnerabilities), [CA3003](https://docs.microsoft.com/visualstudio/code-quality/ca3003-review-code-for-file-path-injection-vulnerabilities), [CA3004](https://docs.microsoft.com/visualstudio/code-quality/ca3004-review-code-for-information-disclosure-vulnerabilities), [CA3005](https://docs.microsoft.com/visualstudio/code-quality/ca3005-review-code-for-ldap-injection-vulnerabilities), [CA3006](https://docs.microsoft.com/visualstudio/code-quality/ca3006-review-code-for-process-command-injection-vulnerabilities), [CA3007](https://docs.microsoft.com/visualstudio/code-quality/ca3007-review-code-for-open-redirect-vulnerabilities), [CA3008](https://docs.microsoft.com/visualstudio/code-quality/ca3008-review-code-for-xpath-injection-vulnerabilities), [CA3009](https://docs.microsoft.com/visualstudio/code-quality/ca3009-review-code-for-xml-injection-vulnerabilities), [CA3010](https://docs.microsoft.com/visualstudio/code-quality/ca3010-review-code-for-xaml-injection-vulnerabilities), [CA3011](https://docs.microsoft.com/visualstudio/code-quality/ca3011-review-code-for-dll-injection-vulnerabilities), [CA3012](https://docs.microsoft.com/visualstudio/code-quality/ca3012-review-code-for-regex-injection-vulnerabilities), CA5361, CA5376, CA5377, CA5378, CA5380, CA5381, CA5382, CA5383, CA5384, CA5387, CA5388, CA5389, CA5390
Configurable Rules: [CA1303](https://docs.microsoft.com/visualstudio/code-quality/ca1303-do-not-pass-literals-as-localized-parameters), [CA1062](https://docs.microsoft.com/visualstudio/code-quality/ca1062-validate-arguments-of-public-methods), CA1508, [CA2000](https://docs.microsoft.com/visualstudio/code-quality/ca2000-dispose-objects-before-losing-scope), [CA2100](https://docs.microsoft.com/visualstudio/code-quality/ca2100-review-sql-queries-for-security-vulnerabilities), [CA2301](https://docs.microsoft.com/visualstudio/code-quality/ca2301-do-not-call-binaryformatter-deserialize-without-first-setting-binaryformatter-binder), [CA2302](https://docs.microsoft.com/visualstudio/code-quality/ca2302-ensure-binaryformatter-binder-is-set-before-calling-binaryformatter-deserialize), [CA2311](https://docs.microsoft.com/visualstudio/code-quality/ca2311-do-not-deserialize-without-first-setting-netdatacontractserializer-binder), [CA2312](https://docs.microsoft.com/visualstudio/code-quality/ca2312-ensure-netdatacontractserializer-binder-is-set-before-deserializing), [CA2321](https://docs.microsoft.com/visualstudio/code-quality/ca2321), [CA2322](https://docs.microsoft.com/visualstudio/code-quality/ca2322), CA2327, CA2328, CA2329, CA2330, [CA3001](https://docs.microsoft.com/visualstudio/code-quality/ca3001-review-code-for-sql-injection-vulnerabilities), [CA3002](https://docs.microsoft.com/visualstudio/code-quality/ca3002-review-code-for-xss-vulnerabilities), [CA3003](https://docs.microsoft.com/visualstudio/code-quality/ca3003-review-code-for-file-path-injection-vulnerabilities), [CA3004](https://docs.microsoft.com/visualstudio/code-quality/ca3004-review-code-for-information-disclosure-vulnerabilities), [CA3005](https://docs.microsoft.com/visualstudio/code-quality/ca3005-review-code-for-ldap-injection-vulnerabilities), [CA3006](https://docs.microsoft.com/visualstudio/code-quality/ca3006-review-code-for-process-command-injection-vulnerabilities), [CA3007](https://docs.microsoft.com/visualstudio/code-quality/ca3007-review-code-for-open-redirect-vulnerabilities), [CA3008](https://docs.microsoft.com/visualstudio/code-quality/ca3008-review-code-for-xpath-injection-vulnerabilities), [CA3009](https://docs.microsoft.com/visualstudio/code-quality/ca3009-review-code-for-xml-injection-vulnerabilities), [CA3010](https://docs.microsoft.com/visualstudio/code-quality/ca3010-review-code-for-xaml-injection-vulnerabilities), [CA3011](https://docs.microsoft.com/visualstudio/code-quality/ca3011-review-code-for-dll-injection-vulnerabilities), [CA3012](https://docs.microsoft.com/visualstudio/code-quality/ca3012-review-code-for-regex-injection-vulnerabilities), CA5361, CA5376, CA5377, CA5378, CA5380, CA5381, CA5382, CA5383, CA5384, CA5387, CA5388, CA5389, CA5390

Option Values: Names of symbols (separated by '|') that are excluded for analysis.
Allowed symbol name formats:
Expand Down
2 changes: 1 addition & 1 deletion eng/Versions.props
View file
Expand Up @@ -20,7 +20,7 @@
<!-- Roslyn -->
<MicrosoftCodeAnalysisVersion>3.0.0</MicrosoftCodeAnalysisVersion>
<MicrosoftNetCompilersVersion>3.0.0</MicrosoftNetCompilersVersion>
<MicrosoftCodeAnalysisFXCopAnalyersVersion>2.9.4-beta1.final</MicrosoftCodeAnalysisFXCopAnalyersVersion>
<MicrosoftCodeAnalysisFXCopAnalyersVersion>2.9.4</MicrosoftCodeAnalysisFXCopAnalyersVersion>
<MicrosoftCodeAnalysisAnalyersVersion>3.0.0-beta2.19218.3+e96bad97</MicrosoftCodeAnalysisAnalyersVersion>
<CodeStyleAnalyersVersion>2.11.0-beta2-63603-03</CodeStyleAnalyersVersion>
<MicrosoftCodeAnalysisTestResourcesProprietaryVersion>2.0.0-pre-20160714</MicrosoftCodeAnalysisTestResourcesProprietaryVersion>
Expand Down
12 changes: 12 additions & 0 deletions src/Microsoft.NetCore.Analyzers/Core/MicrosoftNetCoreAnalyzersResources.resx
View file
Expand Up @@ -1062,4 +1062,16 @@
<data name="DoNotCreateTasksWithoutPassingATaskSchedulerMessage" xml:space="preserve">
<value>Do not create tasks without passing a TaskScheduler</value>
</data>
<data name="JsonNetInsecureSerializerMessage" xml:space="preserve">
<value>When deserializing untrusted input, allowing arbitrary types to be deserialized is insecure. When using deserializing JsonSerializer, use TypeNameHandling.None, or for values other than None, restrict deserialized types with a SerializationBinder.</value>
</data>
<data name="JsonNetInsecureSerializerTitle" xml:space="preserve">
<value>Do not deserialize with JsonSerializer using an insecure configuration</value>
</data>
<data name="JsonNetMaybeInsecureSerializerMessage" xml:space="preserve">
<value>When deserializing untrusted input, allowing arbitrary types to be deserialized is insecure. When using deserializing JsonSerializer, use TypeNameHandling.None, or for values other than None, restrict deserialized types with a SerializationBinder.</value>
</data>
<data name="JsonNetMaybeInsecureSerializerTitle" xml:space="preserve">
<value>Ensure that JsonSerializer has a secure configuration when deserializing</value>
</data>
</root>

0 comments on commit 2d26adf

Please sign in to comment.