Rule csharpsquid:S2857 is showing false positives

Clean Code Report False-positive / False-negative...
1

Hello,
we have some issue with the rule S2857 in our project. We are using the ORM Dapper for our database which is using plain sql. Here is an example code:

return transaction.QueryFirstOrDefaultAsync<Entity>(
                $"SELECT * FROM Entities WHERE {nameof(Entity.EntityId)} = @{nameof(entityId)}",
                new { entityId},
                transaction,
                commandTimeout);

SELECT * FROM Entities WHERE EntityId = @entityId

The sonarcloud shows now an error like ‘Bug: Add a space before ‘entityId’.’
That goes away if you put a whitespace between the @ and the {nameof(entityId)} which is not correct, because its not valid sql anymore.

return transaction.QueryFirstOrDefaultAsync<Entity>(
                $"SELECT * FROM Entities WHERE {nameof(Entity.EntityId)} = @[whitespace]{nameof(entityId)}",
                new { entityId},
                transaction,
                commandTimeout);

SELECT * FROM Entities WHERE EntityId = @[whitespace]entityId

How can we fix that?
Thank you :slight_smile:

2

Hey there.

Thanks for the report! It has already been raised on the GitHub repository for the .NET analyzer – S2857 reports false positive for some lines and false negatives for others · Issue #6126 · SonarSource/sonar-dotnet · GitHub