Hi @StingyJack
From what I can tell, we already have a ticket about this - Fix S3900 FP: when object is validated with extension method. See the test cases with the ValidatedNotNullAttribute.
To give some context why we haven’t addressed it yet:
- our Symbolic Execution engine (for dataflow bug detection), based on our in-house control flow graph (CFG) implementation, has some structural limitations. Also, it is not cross-procedural, so it only analyzes the data flow in individual methods.
- because of that, we’re currently in the process of migrating to use the Roslyn CFG (which is much better) and writing a new Symbolic Execution engine on top of it (because the old one is tightly coupled with our in-house CFG). You can track progress of the end-to-end work here: MMF-2105, with the mention that once we migrate to the Roslyn CFG, our Symbolic Execution rules will work for C# 9, C# 10 and future language versions out of the box (as the Roslyn CFG normalizes new syntax and provides an abstraction layer for dealing with the program structure). S3900 will be handled in MMF-2401.
Having this said, I’ll look into how we can reduce the noise of the current implementation until we finish the migration.
Thanks for reporting this and sorry for the noise. We’re going to improve this in time. However it will take a while to go cross-procedural (this is not planned yet).
I’d like to understand better what happened here. Was it that there were no S3900 warnings at all before, or after these changes, the existing S3900 warnings were brought up in the new code period? (see details on terminology in Clean As You Code).
Enjoy the Christmas break!