Harden AddValidation check in validations generator

captainsafia · captainsafia · commit e4e3ab3724f8 · 2025-03-27T13:27:33.000-07:00
diff --git a/src/Http/Http.Extensions/gen/Microsoft.AspNetCore.Http.ValidationsGenerator/Parsers/ValidationsGenerator.AddValidation.cs b/src/Http/Http.Extensions/gen/Microsoft.AspNetCore.Http.ValidationsGenerator/Parsers/ValidationsGenerator.AddValidation.cs
@@ -26,6 +26,13 @@ internal bool FindAddValidation(SyntaxNode syntaxNode, CancellationToken cancell
     {
         var node = (InvocationExpressionSyntax)context.Node;
         var semanticModel = context.SemanticModel;
+        var symbol = semanticModel.GetSymbolInfo(node, cancellationToken).Symbol;
+        if (symbol is not IMethodSymbol methodSymbol
+            || methodSymbol.ContainingType.Name != "ValidationServiceCollectionExtensions"
+            || methodSymbol.ContainingAssembly.Name != "Microsoft.AspNetCore.Http.Abstractions")
+        {
+            return null;
+        }
         return semanticModel.GetInterceptableLocation(node, cancellationToken);
     }
 }
diff --git a/src/Http/Http.Extensions/test/ValidationsGenerator/ValidationsGenerator.NoOp.cs b/src/Http/Http.Extensions/test/ValidationsGenerator/ValidationsGenerator.NoOp.cs
@@ -51,6 +51,62 @@ await VerifyEndpoint(compilation, "/complex-type", async (endpoint, serviceProvi
         });
     }
 
+    [Fact]
+    public async Task DoesNotEmitIfNotCorrectAddValidationCallExists()
+    {
+        // Arrange
+        var source = """
+using System;
+using System.ComponentModel.DataAnnotations;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Routing;
+using Microsoft.Extensions.DependencyInjection;
+
+var builder = WebApplication.CreateBuilder();
+
+builder.Services.AddValidation("example");
+
+var app = builder.Build();
+
+app.MapPost("/complex-type", (ComplexType complexType) => Results.Ok("Passed"));
+
+app.Run();
+
+public class ComplexType
+{
+    [Range(10, 100)]
+    public int IntegerWithRange { get; set; } = 10;
+}
+
+public static class SomeExtensions
+{
+    public static IServiceCollection AddValidation(this IServiceCollection services, string someString)
+    {
+        // This is not the correct AddValidation method
+        return services;
+    }
+}
+""";
+        await Verify(source, out var compilation);
+        // Verify that we don't validate types if no AddValidation call exists
+        await VerifyEndpoint(compilation, "/complex-type", async (endpoint, serviceProvider) =>
+        {
+            var payload = """
+                {
+                    "IntegerWithRange": 5
+                }
+                """;
+            var context = CreateHttpContextWithPayload(payload, serviceProvider);
+
+            await endpoint.RequestDelegate(context);
+
+            Assert.Equal(StatusCodes.Status200OK, context.Response.StatusCode);
+        });
+    }
+
     [Fact]
     public async Task DoesNotEmitForExemptTypes()
     {

Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,13 @@ internal bool FindAddValidation(SyntaxNode syntaxNode, CancellationToken cancell`
`26`	`26`	`{`
`27`	`27`	`var node = (InvocationExpressionSyntax)context.Node;`
`28`	`28`	`var semanticModel = context.SemanticModel;`
	`29`	`+ var symbol = semanticModel.GetSymbolInfo(node, cancellationToken).Symbol;`
	`30`	`+ if (symbol is not IMethodSymbol methodSymbol`
	`31`	`+ \|\| methodSymbol.ContainingType.Name != "ValidationServiceCollectionExtensions"`
	`32`	`+ \|\| methodSymbol.ContainingAssembly.Name != "Microsoft.AspNetCore.Http.Abstractions")`
	`33`	`+ {`
	`34`	`+ return null;`
	`35`	`+ }`
`29`	`36`	`return semanticModel.GetInterceptableLocation(node, cancellationToken);`
`30`	`37`	`}`
`31`	`38`	`}`