Using IActionResult without also using [ProducesResponseType] should be flagged at least as a code smell

On controllers, a return type of IActionResult is equivalent to returning an object. There is no descriptor about the payload, so clients cant use code gen tools and have to rely on trial and error or documentation to manually work out the return payload types. The attribute [ProducesResponseType] addresses this when its applied with a Type` parameter.

So the specific proposed rule is that any function that has IActionResult as a return type for that is on a Controller (a class that derives from ContollerBase) must have a Type described for the OK/200 response in the [ProducesResponseType] attributes. The absence of the attribute or the type for the attribute should be a violation to the rule.

Hi @StingyJack

Thank you for the suggestion, I like the rule a lot.
In order to be able to implement the rule we first need a rule proposal.

Can you please take a look at this comment with instructions from Nicolas and try to specify it first?

You can also take a look at specification from that issue RSPEC-5770 to see what’s generally needed. In shorthand:

  • Name of the rule
  • Message
  • Proposal of other fields: highlighting (no secondary location in this case). severity, impact,likehood, sonar way?
  • Description
  • C# Compliant and Noncompliant example (see Sub-Tasks section of the RSPEC)
  • VB.NET Compliant and Noncompliant example (see Sub-Tasks section of the RSPEC)

After that we`ll review it and put in in Jira.