C#: Add cs/invalid-string-formatting to the codeql quality suite. #19148

michaelnebel · 2025-03-28T14:11:33Z

In this PR we

Add the cs/invalid-string-formatting to the code quality suite.
Re-write tests to use inline expectations tests; In this process a couple of faulty testcases were discovered and these were corrected (for instance - we only check that format strings are valid in case there are insertions).
Remove false positives related to Console.WriteLine(string) and friends. A saw some examples using MRVA where it was intentional to write Console.WriteLine("{0}") - so this shouldn't be flagged as an issue.
Add new results for string.Format where no additional arguments are provided (for instance string.Format("{") causes a runtime crash and this was not detected prior to this change).

The number of results produced by DCA Looks acceptable.
Also spot checked results with MRVA - they look fine as well.

…tions and adjust some of the testcases.

…valid-string-format.

github-actions bot added the C# label Mar 28, 2025

michaelnebel force-pushed the csharp/invalid-string-format branch 3 times, most recently from a90b204 to 375b3d0 Compare April 4, 2025 08:57

michaelnebel added 7 commits April 4, 2025 13:28

C#: Add cs/invalid-string-formatting to the codeql quality suite.

b4ceda7

C#: Convert testing of cs/invalid-string-formatting to inline expecta…

b449497

…tions and adjust some of the testcases.

C#: Re-factor FormatMethod.

1034bda

C#: Add more format testcases.

c4b3b9b

C#: Remove false positive example.

67148d9

C#: Remove some false positives and add more true positives for cs/in…

422a9bd

…valid-string-format.

C#: Update test expected output.

cfe6cbd

michaelnebel force-pushed the csharp/invalid-string-format branch from 375b3d0 to cfe6cbd Compare April 4, 2025 13:57

Provide feedback