Roslyn-analyzers: NullReferenceException with AD0001 Microsoft.NetCore.Analyzers.Security.SetViewStateUserKey
Analyzer package
Example: Microsoft.CodeAnalysis.FxCopAnalyzers
Package Version
Example: v2.9.1
Diagnostic ID
AD0001 Analyzer 'Microsoft.NetCore.Analyzers.Security.SetViewStateUserKey' threw an exception of type 'System.NullReferenceException' with message 'Object reference not set to an instance of an object.'
Repro steps
There were no AD0001 errors with 2.9.0
Upgraded to 2.9.1 and errors started appearing
Reverted back to 2.9.0 and it stopped.
Expected behavior
I expect no error, or some explanation for what I need to change in my code or project settings to avoid it.
Actual behavior
AD0001 Analyzer 'Microsoft.NetCore.Analyzers.Security.SetViewStateUserKey' threw an exception of type 'System.NullReferenceException' with message 'Object reference not set to an instance of an object.'
lorenh
All 15 comments
Tagging @dotpaul
mavasani
on 29 Mar 2019
@lorenh do you have a repro project?
mavasani
on 29 Mar 2019
@genlu this seems like a new security rule that was added just after 2.9.0 release. We probably need to test the 2.9.1 packages against some real world projects to identify if this AD0001 is widespread for us to need to release 2.9.2 with a fix for this issue.
mavasani
on 29 Mar 2019
I was afraid you'd ask for a repro project :-) I don't have one whittled down to bare minimum at present that I can share, but I'll put it on my to-do list. Perhaps I can isolate just the offending parts, I have a suspicion I know what portion of the source in this one project it might be.
lorenh
on 29 Mar 2019
@lorenh if you are unable to create a small repro, can you please provide the exception call stack with following steps:
- Open your solution in Visual Studio
- Ensure you have turned on full solution analysis
- Wait for AD0001 to show up in error list (do not perform an explicit “Build”). If you know which source file likely caused the exception, open it in the editor so it is analyzed first.
- Expand the AD0001 diagnostic in error list, which should contain the exception call stack and analysis context for which the exception was thrown. You can copy all of this and provide it to us.
mavasani
on 29 Mar 2019
I might have a fix with #2261. If it's not too much trouble, it would be good to confirm if it's the same issue.
dotpaul
on 29 Mar 2019
@genlu @dotpaul can we point @lorenh to the myget package with the fix to verify it fixes his AD0001?
mavasani
on 30 Mar 2019
@lorenh if you chance, would you mind trying out https://dotnet.myget.org/feed/roslyn-analyzers/package/nuget/Microsoft.CodeAnalysis.FxCopAnalyzers/2.9.1-beta2.19180.1+1c0148f2 and seeing if that fixes the issue for you?
If you don't have time, no worries!
dotpaul
on 1 Apr 2019
@dotpaul: I had the same issue as @lorenh, and I can confirm that the beta build fixes it.
jmosbech
on 1 Apr 2019
Sorry for delay, just had a chance to try it, and the updated version fixes the issue on our code base.
lorenh
on 1 Apr 2019
@lorenh and @jmosbech, thank you both!
dotpaul
on 1 Apr 2019
I encounter same issue. Is any update on the fix?
IlyaGrebnov
on 9 Apr 2019
We will be releasing the fix very soon. Thanks!
genlu
on 9 Apr 2019
This seems to be solved in latest 2.9.2, suggest to close.
CaringDev
on 24 Apr 2019
Yes, that is correct. Closing...
mavasani
on 24 Apr 2019
Related issues
lgolding
·
4Comments
sharwell
·
4Comments
SixFive7
·
4Comments
x3ntrix
·
3Comments
paulomorgado
·
3Comments