Roslyn-analyzers: False positives in CA2235

What version of analyzer NuGet package are you using?

No Nuget, latest vsix.

Microsoft Code Analysis, version 2.6.0.6241303

Unfortunately, DateTime is not the only type with this problem. Nullable<T> is another one (and I'm afraid there may be more).

[Serializable]
class C
{
    long? l;
}

Field l is a member of type C which is serializable but is of type long? which is not serializable

The only real way to identify all types marked as serializable in metadata is to read the metadata type attribute flags. This information is not publically exposed on ITypeSymbol: http://source.roslyn.io/#Microsoft.CodeAnalysis.CSharp/Symbols/Metadata/PE/PENamedTypeSymbol.cs,2043. So our best option is to identify and special case all such types which are marked as Serialized in metadata but do not have SerializableAttribute. I will handle nullable types in the PR as well.

Filed https://github.com/dotnet/roslyn/issues/24133 to expose IsSerializable API in Roslyn. Until then, we can either switch to using reflection or detect such types by adding to our special case list. @dotnet/roslyn-analysis any preferences?

Verified that following code does work fine:

var isSerializableMetadataProperty = type.GetType().GetRuntimeProperties().FirstOrDefault(p => p.Name.Equals("IsSerializable", StringComparison.Ordinal));
if (isSerializableMetadataProperty != null &&
    isSerializableMetadataProperty.GetValue(type) is bool isSerializable &&
    isSerializable)
    {
        return true;
    }

+1 on reflection if it will be temporary until roslyn expose type attribute.

I am facing the same issue with nuget version 2.6.3, this is the latest.

Severity Code Description Project File Line Suppression State
Error CA2235 Field AllowAny is a member of type ApplicationEntity which is serializable but is of type bool which is not serializable DataConnector C:\views\trunk\ManagedServices\Dicom\Common\Sources\DataConnector\Configuration\ApplicationEntity.cs 25 N/A

Severity Code Description Project File Line Suppression State
Error CA2235 Field AeTitle is a member of type ApplicationEntity which is serializable but is of type string which is not serializable DataConnector C:\views\trunk\ManagedServices\Dicom\Common\Sources\DataConnector\Configuration\ApplicationEntity.cs 29 N/A

Please let me know in which when can the latest version of nuget be available with the fix.

@SriharshaAngadi - The new compiler API that fixes this in MS.CA 2.7, and the FxCop analyzers 2.6.3 is written against MS.CA 2.6.0 and hence does not have the fix. We already have a fix in place in features/dataflow branch which is targeting 2.9.0. Given the number of reports for this issue, I think we will move to newer MS.CA in master and ship a release package with the fix soon. I will post an update once that is done. Thanks for the patience!

@mavasani
Is this still a known problem? I'm getting CA2235 false positives for string types. I'm using Microsoft Code Analysis 2019 version 3.0.0.1925803 running in VS 2019 version 16.1.1

I've noticed that CA2235 false positives pop up after switching target framework from net472 to netstandard2.0 while using 2.9.4 analyzers in VS 16.2.5.

This is fixed in 2.9.5-beta1.final