create-csharp-custom-rule.adoc

Creating a custom C# rule

You can create custom rules for C# applications based on the following example.

You can use the following custom rule to check if {ProductShortName} triggers an incident when it detects the WebMatrix.WebData.WebSecurity class in a C# example project.

Prerequisites

• You installed the ilspycmd and paket dependencies.

• You installed the dotnet tools and exported the dotnet tools path by using the export PATH="$PATH:<path/to/.dotnet/tools" command.

Procedure

1. Create a csharp-rule.yaml file in your Home directory.

2. Copy the following rule in the csharp-rule.yaml file:

   - category: mandatory
     customVariables: []
     description: WebMatrix.WebData.WebSecurity is not available in .NET Core
     effort: 8
     labels:
     - konveyor.io/source=dotnet
     - konveyor.io/target=dotnet-core
     links:
     - title: Introduction to Identity on ASP.NET Core
       url: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity
     - title: Migrate Authentication and Identity to ASP.NET Core
       url: https://learn.microsoft.com/en-us/aspnet/core/migration/identity
     message: |
       WebMatrix.WebData.WebSecurity is not available in .NET Core and must be replaced with ASP.NET Core Identity.
   
       Migration actions:
       - Add Microsoft.AspNetCore.Identity.EntityFrameworkCore NuGet package
       - Create ApplicationUser class inheriting from IdentityUser
       - Update DbContext to inherit from IdentityDbContext<ApplicationUser>
       - Replace WebSecurity.Login with SignInManager.PasswordSignInAsync
       - Replace WebSecurity.Logout with SignInManager.SignOutAsync
       - Replace WebSecurity.CreateUserAndAccount with UserManager.CreateAsync
       - Replace WebSecurity.ChangePassword with UserManager.ChangePasswordAsync
       - Configure Identity in Startup.ConfigureServices with AddIdentity or AddDefaultIdentity
     ruleID: dotnet-core-websecurity-01
     when:
       csharp.referenced:
         location: ALL
         pattern: WebMatrix.WebData.WebSecurity

3. Open a C# project that has the WebMatrix.WebData.WebSecurity class.

4. Run an analysis with the following command in the {ProductShortName} CLI:

   $ ./mta-cli analyze -i _path_to_nerd-dinner_ -o _path_to_report_ --overwrite --run-local=false --enable-default-rulesets=false --mode source-only --rules ~/csharp-rule.yaml

   Note	Add the --overwrite option if you want to use the same directory for the report when you run subsequent tests. {ProductShortName} overwrites the current report with the result of the latest analysis that you ran.

5. Open the static report at path_to_report in your browser.

6. Navigate to the issues to verify the WebMatrix.WebData.WebSecurity is not available in .NET Core issue.