如何使用FxCop自定义规则验证DataReader是否实际上已关闭? [英] How to validate DataReader is actually closed using FxCop custom rule?

问题描述

我在FxCop 1.36中编写了一些自定义规则.我已经编写了代码来查找打开的DataReader是否关闭的天气.但是它不会检查哪个DataReader对象正在调用Close()方法，因此我不能确定是否所有打开的DataReader对象都已关闭！

I have written couple of custom rules in for FxCop 1.36. I have written code to find weather an opened DataReader is closed or not. But it does not check which DataReader object is calling the Close() method so I can't be sure if all opened DataReader objects are closed!!

2nd:如果我是

if 1=2
 dr = cmd.ExecuteReader();
else
 dr = cmd2.ExecuteReader();
end if

在这种情况下，它将搜索2个要关闭的DataReader对象.

In this case it will search for 2 DataReader objects to be closed.

为了使代码更加清晰，我正在放置代码.

I am putting my code for more clarity.

public override ProblemCollection Check(Member member)
{
    Method method = member as Method;
    int countCatch =0;
    int countErrLog = 0;
    Instruction objInstr = null;
    if (method != null)
    {
        for (int i = 0; i < method.Instructions.Count; i++)
        {
            objInstr = method.Instructions[i];
            if (objInstr.Value != null)
            {
                if (objInstr.Value.ToString()
                    .Contains("System.Data.SqlClient.SqlDataReader"))
                {
                    countCatch += 1;
                }
                if (countCatch>0)
                {
                    if (objInstr.Value.ToString().Contains(
                        "System.Data.SqlClient.SqlDataReader.Close"))
                    {          
                        countErrLog += 1;
                    }
                }
            }
        }
    }
    if (countErrLog!=countCatch)
    {
        Resolution resolu = 
            GetResolution(new string[] { method.ToString() });
        Problems.Add(new Problem(resolu));
    }
    return Problems;
}

推荐答案

使用FxCop，这实际上非常困难(如果不可能的话).当他们想为VS2010的FxCop添加一些安全分析规则时，Microsoft也发现了这一点.问题在于FxCop的数据流分析还不够好.因此，Microsoft构建了一个新的分析引擎，实际上可以做到这一点.它被称为凤凰，但我只使用Visual Studio 2010 Ultimate Edition包含此引擎(没有免费版本可用).进一步了解它

With FxCop this actually very hard (if not possible). Microsoft found this out too when they wanted to add some security analysis rules to FxCop for VS2010. The problem is that the Dataflow Analysis of FxCop isn't good enough. For this reason Microsoft built a new analysis engine that actually can do this. it is called Phoenix, but I only the Visual Studio 2010 Ultimate edition contains this engine (there is no free version available). Read more about it here.

这篇关于如何使用FxCop自定义规则验证DataReader是否实际上已关闭?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！