Merge pull request #3423 from mavasani/RepoForward

Move forward the version of analyzer packages generated and dogfooded in the repo

.editorconfig

@@ -225,3 +225,6 @@ dotnet_code_quality.CA1720.api_surface = public
 # Exclude single letter type parameter names
 # CA1715: Identifiers should have correct prefix
 dotnet_code_quality.CA1715.exclude_single_letter_type_parameters = true
+
+# Skipped due to https://github.com/dotnet/roslyn-analyzers/issues/3414
+dotnet_diagnostic.CA1710.severity = none

.github/ISSUE_TEMPLATE.md

@@ -4,7 +4,7 @@
 
 #### Package Version
 
-v2.9.8 (Latest)
+v2.9.8 (latest release) OR v3.0.0-beta2.final (latest pre-release)
 
 #### Diagnostic ID
 

VERSIONING.md

@@ -45,3 +45,4 @@ Sr. No. |  Release Version | Commit Tag       | Commit SHA
 25       | 2.9.6             | v2.9.6          | [b377a16](https://github.com/dotnet/roslyn-analyzers/commit/b377a1612025bc51a737b69305d1546db9808f18)   | Microsoft.CodeAnalysis.Analyzers, Microsoft.CodeAnalysis.FxCopAnalyzers, Microsoft.CodeAnalysis.Metrics, Microsoft.CodeAnalysis.VersionCheckAnalyzer, Microsoft.CodeQuality.Analyzers, Microsoft.NetCore.Analyzers, Microsoft.NetFramework.Analyzers, Roslyn.Diagnostics.Analyzers, Microsoft.CodeAnalysis.PublicApiAnalyzers, Microsoft.CodeAnalysis.BannedApiAnalyzers, Microsoft.CodeAnalysis.FlowAnalysis.Utilities
 26       | 2.9.7             | v2.9.7          | [89f1193](https://github.com/dotnet/roslyn-analyzers/commit/89f1193364ef535a508f63e89d7c0e701b52c45c)   | Microsoft.CodeAnalysis.Analyzers, Microsoft.CodeAnalysis.FxCopAnalyzers, Microsoft.CodeAnalysis.Metrics, Microsoft.CodeAnalysis.VersionCheckAnalyzer, Microsoft.CodeQuality.Analyzers, Microsoft.NetCore.Analyzers, Microsoft.NetFramework.Analyzers, Roslyn.Diagnostics.Analyzers, Microsoft.CodeAnalysis.PublicApiAnalyzers, Microsoft.CodeAnalysis.BannedApiAnalyzers
 27       | 2.9.8             | v2.9.8          | [1d07ec7](https://github.com/dotnet/roslyn-analyzers/commit/1d07ec78d0094b99c4f9f21864bb811e44344b99)   | Microsoft.CodeAnalysis.Analyzers, Microsoft.CodeAnalysis.FxCopAnalyzers, Microsoft.CodeAnalysis.Metrics, Microsoft.CodeAnalysis.VersionCheckAnalyzer, Microsoft.CodeQuality.Analyzers, Microsoft.NetCore.Analyzers, Microsoft.NetFramework.Analyzers, Roslyn.Diagnostics.Analyzers, Microsoft.CodeAnalysis.PublicApiAnalyzers, Microsoft.CodeAnalysis.BannedApiAnalyzers
+28       | 3.0.0-beta2.final (pre-release)             | v3.0.0-beta2.final          | [6dc3658](https://github.com/dotnet/roslyn-analyzers/commit/6dc3658cb0b16fc57997979afce092245b087c1c)   | Microsoft.CodeAnalysis.Analyzers, Microsoft.CodeAnalysis.AnalyzerUtilities, Microsoft.CodeAnalysis.FxCopAnalyzers, Microsoft.CodeAnalysis.Metrics, Microsoft.CodeAnalysis.VersionCheckAnalyzer, Microsoft.CodeQuality.Analyzers, Microsoft.NetCore.Analyzers, Microsoft.NetFramework.Analyzers, Roslyn.Diagnostics.Analyzers, Microsoft.CodeAnalysis.PublicApiAnalyzers, Microsoft.CodeAnalysis.BannedApiAnalyzers

eng/Versions.props

@@ -4,7 +4,7 @@
 
     <VersionPrefix>3.0.0</VersionPrefix>
     <AnalyzerUtilitiesVersionPrefix>$(VersionPrefix)</AnalyzerUtilitiesVersionPrefix>
-    <PreReleaseVersionLabel>beta2</PreReleaseVersionLabel>
+    <PreReleaseVersionLabel>beta3</PreReleaseVersionLabel>
 
     <!-- Opt-in repo features -->
     <UsingToolVSSDK>true</UsingToolVSSDK>
@@ -23,7 +23,7 @@
     <MicrosoftCodeAnalysisVersion>3.0.0</MicrosoftCodeAnalysisVersion>
     <MicrosoftCodeAnalysisForShippedApisVersion>3.5.0-beta2-20056-01</MicrosoftCodeAnalysisForShippedApisVersion>
     <MicrosoftNetCompilersVersion>3.6.0-1.final</MicrosoftNetCompilersVersion>
-    <DogfoodAnalyzersVersion>3.0.0-beta2.19529.2+e119d9cf</DogfoodAnalyzersVersion>
+    <DogfoodAnalyzersVersion>3.0.0-beta2.final</DogfoodAnalyzersVersion>
     <MicrosoftCodeAnalysisBannedApiAnalyzersVersion>$(DogfoodAnalyzersVersion)</MicrosoftCodeAnalysisBannedApiAnalyzersVersion>
     <MicrosoftCodeAnalysisFXCopAnalyersVersion>$(DogfoodAnalyzersVersion)</MicrosoftCodeAnalysisFXCopAnalyersVersion>
     <MicrosoftCodeAnalysisAnalyersVersion>$(DogfoodAnalyzersVersion)</MicrosoftCodeAnalysisAnalyersVersion>

src/Microsoft.CodeAnalysis.Analyzers/Core/MetaAnalyzers/CompareSymbolsCorrectlyAnalyzer.cs

@@ -57,7 +57,7 @@ public override void Initialize(AnalysisContext context)
             });
         }
 
-        private void HandleOperation(in OperationAnalysisContext context, INamedTypeSymbol symbolType)
+        private static void HandleOperation(in OperationAnalysisContext context, INamedTypeSymbol symbolType)
         {
             if (context.Operation is IBinaryOperation)
             {

src/Microsoft.CodeAnalysis.Analyzers/Core/MetaAnalyzers/DiagnosticAnalyzerAPIUsageAnalyzer.cs

@@ -178,7 +178,9 @@ private ImmutableHashSet<INamedTypeSymbol> GetUsedNamedTypes(INamedTypeSymbol na
                 // GetSyntax for VB returns the StatementSyntax instead of BlockSyntax node.
                 syntax = syntax.FirstAncestorOrSelf<SyntaxNode>(node => IsNamedTypeDeclarationBlock(node), ascendOutOfTrivia: false) ?? syntax;
 
+#pragma warning disable RS1030 // Do not invoke Compilation.GetSemanticModel() method within a diagnostic analyzer
                 var semanticModel = compilation.GetSemanticModel(syntax.SyntaxTree);
+#pragma warning restore RS1030 // Do not invoke Compilation.GetSemanticModel() method within a diagnostic analyzer
                 var nodesToProcess = new Queue<(SyntaxNode node, bool inExecutableCode)>();
                 nodesToProcess.Enqueue((node: syntax, inExecutableCode: false));
 

src/Microsoft.CodeAnalysis.Analyzers/Core/MetaAnalyzers/Fixers/CompareSymbolsCorrectlyFix.cs

@@ -37,7 +37,7 @@ public override Task RegisterCodeFixesAsync(CodeFixContext context)
             return Task.CompletedTask;
         }
 
-        private async Task<Document> ConvertToEqualsAsync(Document document, TextSpan sourceSpan, CancellationToken cancellationToken)
+        private static async Task<Document> ConvertToEqualsAsync(Document document, TextSpan sourceSpan, CancellationToken cancellationToken)
         {
             var semanticModel = await document.GetSemanticModelAsync(cancellationToken).ConfigureAwait(false);
             var root = await document.GetSyntaxRootAsync(cancellationToken).ConfigureAwait(false);

src/Microsoft.CodeAnalysis.Analyzers/Core/MetaAnalyzers/Fixers/ConfigureGeneratedCodeAnalysisFix.cs

@@ -39,7 +39,7 @@ public override Task RegisterCodeFixesAsync(CodeFixContext context)
             return Task.CompletedTask;
         }
 
-        private async Task<Document> ConfigureGeneratedCodeAnalysisAsync(Document document, TextSpan sourceSpan, CancellationToken cancellationToken)
+        private static async Task<Document> ConfigureGeneratedCodeAnalysisAsync(Document document, TextSpan sourceSpan, CancellationToken cancellationToken)
         {
             var semanticModel = await document.GetSemanticModelAsync(cancellationToken).ConfigureAwait(false);
             var generatedCodeAnalysisFlags = semanticModel.Compilation.GetOrCreateTypeByMetadataName(WellKnownTypeNames.MicrosoftCodeAnalysisDiagnosticsGeneratedCodeAnalysisFlags);

src/Microsoft.CodeAnalysis.Analyzers/Core/MetaAnalyzers/Fixers/EnableConcurrentExecutionFix.cs

@@ -38,7 +38,7 @@ public override Task RegisterCodeFixesAsync(CodeFixContext context)
             return Task.CompletedTask;
         }
 
-        private async Task<Document> EnableConcurrentExecutionAsync(Document document, TextSpan sourceSpan, CancellationToken cancellationToken)
+        private static async Task<Document> EnableConcurrentExecutionAsync(Document document, TextSpan sourceSpan, CancellationToken cancellationToken)
         {
             var root = await document.GetSyntaxRootAsync(cancellationToken).ConfigureAwait(false);
             var analysisContextParameter = root.FindNode(sourceSpan, getInnermostNodeForTie: true);

src/Microsoft.CodeAnalysis.FxCopAnalyzers/Microsoft.CodeAnalysis.FxCopAnalyzers.md

@@ -5,7 +5,7 @@ Rule ID | Title | Category | Enabled | Severity | CodeFix | Description |
 [CA1001](https://docs.microsoft.com/visualstudio/code-quality/ca1001) | Types that own disposable fields should be disposable | Design | True | Warning | True | A class declares and implements an instance field that is a System.IDisposable type, and the class does not implement IDisposable. A class that declares an IDisposable field indirectly owns an unmanaged resource and should implement the IDisposable interface. |
 [CA1003](https://docs.microsoft.com/visualstudio/code-quality/ca1003) | Use generic event handler instances | Design | False | Warning | False | A type contains an event that declares an EventHandler delegate that returns void, whose signature contains two parameters (the first an object and the second a type that is assignable to EventArgs), and the containing assembly targets Microsoft .NET Framework?2.0. |
 [CA1008](https://docs.microsoft.com/visualstudio/code-quality/ca1008) | Enums should have zero value | Design | False | Warning | True | The default value of an uninitialized enumeration, just as other value types, is zero. A nonflags-attributed enumeration should define a member by using the value of zero so that the default value is a valid value of the enumeration. If an enumeration that has the FlagsAttribute attribute applied defines a zero-valued member, its name should be ""None"" to indicate that no values have been set in the enumeration. |
-[CA1010](https://docs.microsoft.com/visualstudio/code-quality/ca1010) | Collections should implement generic interface | Design | True | Warning | False | To broaden the usability of a collection, implement one of the generic collection interfaces. Then the collection can be used to populate generic collection types. |
+[CA1010](https://docs.microsoft.com/visualstudio/code-quality/ca1010) | Generic interface should also be implemented | Design | True | Warning | False | To broaden the usability of a type, implement one of the generic interfaces. This is especially true for collections as they can then be used to populate generic collection types. |
 [CA1012](https://docs.microsoft.com/visualstudio/code-quality/ca1012) | Abstract types should not have constructors | Design | False | Warning | True | Constructors on abstract types can be called only by derived types. Because public constructors create instances of a type, and you cannot create instances of an abstract type, an abstract type that has a public constructor is incorrectly designed. |
 [CA1014](https://docs.microsoft.com/visualstudio/code-quality/ca1014) | Mark assemblies with CLSCompliant | Design | False | Warning | False | The Common Language Specification (CLS) defines naming restrictions, data types, and rules to which assemblies must conform if they will be used across programming languages. Good design dictates that all assemblies explicitly indicate CLS compliance by using CLSCompliantAttribute . If this attribute is not present on an assembly, the assembly is not compliant. |
 [CA1016](https://docs.microsoft.com/visualstudio/code-quality/ca1016) | Mark assemblies with assembly version | Design | True | Warning | False | The .NET Framework uses the version number to uniquely identify an assembly, and to bind to types in strongly named assemblies. The version number is used together with version and publisher policy. By default, applications run only with the assembly version with which they were built. |
@@ -98,7 +98,8 @@ Rule ID | Title | Category | Enabled | Severity | CodeFix | Description |
 [CA2009](https://docs.microsoft.com/visualstudio/code-quality/ca2009) | Do not call ToImmutableCollection on an ImmutableCollection value | Reliability | True | Warning | True | Do not call {0} on an {1} value |
 [CA2010](https://docs.microsoft.com/visualstudio/code-quality/ca2010) | Always consume the value returned by methods marked with PreserveSigAttribute | Reliability | True | Warning | False | PreserveSigAttribute indicates that a method will return an HRESULT, rather than throwing an exception. Therefore, it is important to consume the HRESULT returned by the method, so that errors can be detected. Generally, this is done by calling Marshal.ThrowExceptionForHR. |
 [CA2011](https://docs.microsoft.com/visualstudio/code-quality/ca2011) | Avoid infinite recursion | Reliability | True | Warning | False | Do not assign the property within its setter. This call might result in an infinite recursion. |
-[CA2012](https://docs.microsoft.com/visualstudio/code-quality/ca2012) | Use ValueTasks correctly | Reliability | True | Warning | False | ValueTasks must only be consumed once, generally by directly awaiting them.  Attempts to consume a ValueTask multiple times may result in an exception or corruption. |
+[CA2012](https://docs.microsoft.com/visualstudio/code-quality/ca2012) | Use ValueTasks correctly | Reliability | True | Warning | False | ValueTasks returned from member invocations are intended to be directly awaited.  Attempts to consume a ValueTask multiple times or to directly access one's result before it's known to be completed may result in an exception or corruption.  Ignoring such a ValueTask is likely an indication of a functional bug and may degrade performance. |
+[CA2013](https://docs.microsoft.com/visualstudio/code-quality/ca2013) | Do not use ReferenceEquals with value types | Reliability | True | Warning | False | Value type typed arguments are uniquely boxed for each call to this method, therefore the result is always false. |
 [CA2100](https://docs.microsoft.com/visualstudio/code-quality/ca2100) | Review SQL queries for security vulnerabilities | Security | True | Warning | False | SQL queries that directly use user input can be vulnerable to SQL injection attacks. Review this SQL query for potential vulnerabilities, and consider using a parameterized SQL query. |
 [CA2101](https://docs.microsoft.com/visualstudio/code-quality/ca2101) | Specify marshaling for P/Invoke string arguments | Globalization | True | Warning | True | A platform invoke member allows partially trusted callers, has a string parameter, and does not explicitly marshal the string. This can cause a potential security vulnerability. |
 [CA2119](https://docs.microsoft.com/visualstudio/code-quality/ca2119) | Seal methods that satisfy private interfaces | Security | True | Warning | True | An inheritable public type provides an overridable method implementation of an internal (Friend in Visual Basic) interface. To fix a violation of this rule, prevent the method from being overridden outside the assembly. |
@@ -164,7 +165,7 @@ Rule ID | Title | Category | Enabled | Severity | CodeFix | Description |
 [CA3147](https://docs.microsoft.com/visualstudio/code-quality/ca3147) | Mark Verb Handlers With Validate Antiforgery Token | Security | True | Warning | False | Missing ValidateAntiForgeryTokenAttribute on controller action {0}. |
 [CA5350](https://docs.microsoft.com/visualstudio/code-quality/ca5350) | Do Not Use Weak Cryptographic Algorithms | Security | True | Warning | False | Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. |
 [CA5351](https://docs.microsoft.com/visualstudio/code-quality/ca5351) | Do Not Use Broken Cryptographic Algorithms | Security | True | Warning | False | An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. |
-[CA5358](https://docs.microsoft.com/visualstudio/code-quality/ca5358) | Do Not Use Unsafe Cipher Modes | Security | False | Warning | False | These modes are vulnerable to attacks. Use only approved modes (CBC, CTS). |
+[CA5358](https://docs.microsoft.com/visualstudio/code-quality/ca5358) | Review cipher mode usage with cryptography experts | Security | False | Warning | False | These cipher modes might be vulnerable to attacks. Consider using recommended modes (CBC, CTS). |
 [CA5359](https://docs.microsoft.com/visualstudio/code-quality/ca5359) | Do Not Disable Certificate Validation | Security | True | Warning | False | A certificate can help authenticate the identity of the server. Clients should validate the server certificate to ensure requests are sent to the intended server. If the ServerCertificateValidationCallback always returns 'true', any certificate will pass validation. |
 [CA5360](https://docs.microsoft.com/visualstudio/code-quality/ca5360) | Do Not Call Dangerous Methods In Deserialization | Security | True | Warning | False | Insecure Deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application, inflict a Denial-of-Service (DoS) attack, or even execute arbitrary code upon it being deserialized. It’s frequently possible for malicious users to abuse these deserialization features when the application is deserializing untrusted data which is under their control. Specifically, invoke dangerous methods in the process of deserialization. Successful insecure deserialization attacks could allow an attacker to carry out attacks such as DoS attacks, authentication bypasses, and remote code execution. |
 [CA5361](https://docs.microsoft.com/visualstudio/code-quality/ca5361) | Do Not Disable SChannel Use of Strong Crypto | Security | False | Warning | False | Starting with the .NET Framework 4.6, the System.Net.ServicePointManager and System.Net.Security.SslStream classes are recommeded to use new protocols. The old ones have protocol weaknesses and are not supported. Setting Switch.System.Net.DontEnableSchUseStrongCrypto with true will use the old weak crypto check and opt out of the protocol migration. |