C# static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C# code

All rules 493

Vulnerability46

Filtered: 11 rules found

asp.net

Impact

Clean code attribute

Actions that return a value should be annotated with ProducesResponseTypeAttribute containing the return type
Code Smell
ModelState.IsValid should be called in controller actions
Code Smell
REST API actions should be annotated with an HTTP verb attribute
Code Smell
Value type property used as input in a controller action should be nullable, required or annotated with the JsonRequiredAttribute to avoid under-posting.
Code Smell
You should pool HTTP connections with HttpClientFactory
Code Smell
API Controllers should derive from ControllerBase instead of Controller
Code Smell
Controllers should not have mixed responsibilities
Code Smell
A Route attribute should be added to the controller when a route template is specified at the action level
Code Smell
Use model binding instead of reading raw request data
Code Smell
ASP.NET controller actions should not have a route template starting with "/"
Code Smell
Backslash should be avoided in route templates
Bug

Actions that return a value should be annotated with ProducesResponseTypeAttribute containing the return type

intentionality - clear

maintainability

Code Smell

Quick FixIDE quick fixes available with SonarLint

In an ASP.NET Core Web API, controller actions can optionally return a result value. If a controller action returns a value in the happy path, for example ControllerBase.Ok(Object), annotating the action with one of the [ProducesResponseType] overloads that describe the type is recommended.

Why is this an issue?

How can I fix it?

More Info

If an ASP.NET Core Web API uses Swagger, the API documentation will be generated based on the input/output types of the controller actions, as well as the attributes annotating the actions. If an action returns IActionResult or IResult, Swagger cannot infer the type of the response. From the consumer’s perspective, this can be confusing and lead to unexpected results and bugs in the long run without the API provider’s awareness.

This rule raises an issue on a controller action when:

The action returns a value in the happy path. This can be either:
There is no [ProducesResponseType] attribute containing the return type, either at controller or action level.
There is no [SwaggerResponse] attribute containing the return type, either at controller or action level.
The controller is annotated with the [ApiController] attribute.
The controller action returns either IActionResult or IResult.
The application has enabled the Swagger middleware.

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

Available Since
10.6

Analyze code in your
on-premise CI

Developer Edition
Available Since
10.6

In-IDE

SaaS

Self-Hosted