Why do you believe it’s a false-positive/false-negative? In my case this is kind of a false positive. We use private setters on IDs that EFcore manages. so the analyzer is correct that we aren’t using the setter directly. I see we could mark these classes as serializable but that isn’t something that otherwise makes sense on these classes. There are a handfull of efcore attributes which could indicate its usage, Key, Column… maybe others.
Are you using
SonarAnalyzer.CSharp happened when moving from 9.23.2.88755 to 9.25.1.91650
SonarCloud? No
SonarQube - which version? No
SonarLint - which IDE/version? No
in connected mode with SonarQube or SonarCloud?
How can we reproduce the problem? Give us a self-contained snippet of code (formatted text, no screenshots)
I have a feeling this won’t be enough for our devs to reproduce the issue on their own. Can you provide a more complete reproducer (a zipped up solution / csproj would be ideal)
The analyzer can’t necessarily see more than this in this library. Entity framework is often setup in a different csproj. So the analyzer then wouldn’t be able to see the EFCore usage.
public class Person
{
public Guid Id { get; private set; }
...other properties
}
So, i’m mostly wondering if there are (or should be) any other options than the Serializable attribute to prevent this error.