Check whether method body conains ViewResult returns

Question

I'm trying to fix this issue https://github.com/dotnet-security-guard/roslyn-security-guard/issues/60 Affected file is https://github.com/dotnet-security-guard/roslyn-security-guard/blob/master/RoslynSecurityGuard/Analyzers/CsrfTokenAnalyzer.cs

There is DiagnosticAnalyzer implemented and the logic in VisitMethods(SyntaxNodeAnalysisContext ctx) method is not correct for API method. So that I want to add such check to that method to exclude all the controller methods which return ViewResult instance as API method will not return a view.

Can you suggest me how can I traverse a C# (and VB) method body and find if a body contains any statement which returns ViewResult instance?

@jeroen-vannevel is my question specific enough and have enough details now? — Andrii, Jul 15 '17 at 14:51

score 0 · Answer 1 · answered Jul 16 '17 at 02:11

Call .DescendantNodes() on the method's node and filter for all return statements.

For each return statement you find, check whether .Expression (which may not exist)'s TypeSymbol (from the semantic model) is / is convertible to ViewResult.

To handle expression-bodied members, do the same check for ArrowExpressionClause.

Check whether method body conains ViewResult returns

1 Answers1