Many analyzers throw ArgumentNullException when compiling VB.NET code

[reduckted]

Analyzer

Diagnostic ID:

• Microsoft.NetCore.Analyzers.Security.ReviewCodeForCommandExecutionVulnerabilities
• Microsoft.NetCore.Analyzers.Security.DoNotHardCodeCertificate
• Microsoft.NetCore.Analyzers.Security.ReviewCodeForXPathInjectionVulnerabilities
• Microsoft.NetCore.Analyzers.Security.ReviewCodeForSqlInjectionVulnerabilities
• Microsoft.NetCore.Analyzers.Security.ReviewCodeForDllInjectionVulnerabilities
• Microsoft.NetCore.Analyzers.Security.DoNotHardCodeEncryptionKey
• Microsoft.NetCore.Analyzers.Security.ReviewCodeForRegexInjectionVulnerabilities
• Microsoft.NetCore.Analyzers.Security.ReviewCodeForFilePathInjectionVulnerabilities
• Microsoft.NetCore.Analyzers.Security.DoNotAddArchiveItemPathToTheTargetFileSystemPath
• Microsoft.NetCore.Analyzers.Security.ReviewCodeForXmlInjectionVulnerabilities

Analyzer source

SDK: Built-in CA analyzers in .NET 5 SDK or later

Version: SDK 5.0.103

Describe the bug

Using an AnalysisMode of AllEnabledByDefault causes the analyzers listed above to throw an ArgumentNullException in VB.NET projects. This occurs in even the most minimal application.

Steps To Reproduce

Use this code file:

Module Program
    Sub Main()
    End Sub
End Module

and this project file:

<Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <OutputType>Exe</OutputType>
    <RootNamespace>ConsoleApp4</RootNamespace>
    <TargetFramework>net5.0</TargetFramework>
    <AnalysisMode>AllEnabledByDefault</AnalysisMode>
  </PropertyGroup>
</Project>

Compile the code:

dotnet build

The output is:

vbc : warning CA1014: Mark assemblies with CLSCompliant [D:\...\ConsoleApp4.vbproj]
vbc : warning AD0001: Analyzer 'Microsoft.NetCore.Analyzers.Security.ReviewCodeForCommandExecutionVulnerabilities' threw an exception of type 'System.ArgumentNullException' with message 'Value cannot be null. (Parameter 'key')'. [D:\...\ConsoleApp4.vbproj]
vbc : warning AD0001: Analyzer 'Microsoft.NetCore.Analyzers.Security.ReviewCodeForCommandExecutionVulnerabilities' threw an exception of type 'System.ArgumentNullException' with message 'Value cannot be null. (Parameter 'key')'. [D:\...\ConsoleApp4.vbproj]
vbc : warning AD0001: Analyzer 'Microsoft.NetCore.Analyzers.Security.DoNotHardCodeCertificate' threw an exception of type 'System.ArgumentNullException' with message 'Value cannot be null. (Parameter 'key')'. [D:\...\ConsoleApp4.vbproj]
vbc : warning AD0001: Analyzer 'Microsoft.NetCore.Analyzers.Security.DoNotHardCodeCertificate' threw an exception of type 'System.ArgumentNullException' with message 'Value cannot be null. (Parameter 'key')'. [D:\...\ConsoleApp4.vbproj]
vbc : warning AD0001: Analyzer 'Microsoft.NetCore.Analyzers.Security.ReviewCodeForXPathInjectionVulnerabilities' threw an exception of type 'System.ArgumentNullException' with message 'Value cannot be null. (Parameter 'key')'. [D:\...\ConsoleApp4.vbproj]
vbc : warning AD0001: Analyzer 'Microsoft.NetCore.Analyzers.Security.ReviewCodeForXPathInjectionVulnerabilities' threw an exception of type 'System.ArgumentNullException' with message 'Value cannot be null. (Parameter 'key')'. [D:\...\ConsoleApp4.vbproj]
vbc : warning AD0001: Analyzer 'Microsoft.NetCore.Analyzers.Security.ReviewCodeForSqlInjectionVulnerabilities' threw an exception of type 'System.ArgumentNullException' with message 'Value cannot be null. (Parameter 'key')'. [D:\...\ConsoleApp4.vbproj]
vbc : warning AD0001: Analyzer 'Microsoft.NetCore.Analyzers.Security.ReviewCodeForSqlInjectionVulnerabilities' threw an exception of type 'System.ArgumentNullException' with message 'Value cannot be null. (Parameter 'key')'. [D:\...\ConsoleApp4.vbproj]
vbc : warning AD0001: Analyzer 'Microsoft.NetCore.Analyzers.Security.ReviewCodeForDllInjectionVulnerabilities' threw an exception of type 'System.ArgumentNullException' with message 'Value cannot be null. (Parameter 'key')'. [D:\...\ConsoleApp4.vbproj]
vbc : warning AD0001: Analyzer 'Microsoft.NetCore.Analyzers.Security.ReviewCodeForDllInjectionVulnerabilities' threw an exception of type 'System.ArgumentNullException' with message 'Value cannot be null. (Parameter 'key')'. [D:\...\ConsoleApp4.vbproj]
vbc : warning AD0001: Analyzer 'Microsoft.NetCore.Analyzers.Security.DoNotHardCodeEncryptionKey' threw an exception of type 'System.ArgumentNullException' with message 'Value cannot be null. (Parameter 'key')'. [D:\...\ConsoleApp4.vbproj]
vbc : warning AD0001: Analyzer 'Microsoft.NetCore.Analyzers.Security.DoNotHardCodeEncryptionKey' threw an exception of type 'System.ArgumentNullException' with message 'Value cannot be null. (Parameter 'key')'. [D:\...\ConsoleApp4.vbproj]
vbc : warning AD0001: Analyzer 'Microsoft.NetCore.Analyzers.Security.ReviewCodeForRegexInjectionVulnerabilities' threw an exception of type 'System.ArgumentNullException' with message 'Value cannot be null. (Parameter 'key')'. [D:\...\ConsoleApp4.vbproj]
vbc : warning AD0001: Analyzer 'Microsoft.NetCore.Analyzers.Security.ReviewCodeForRegexInjectionVulnerabilities' threw an exception of type 'System.ArgumentNullException' with message 'Value cannot be null. (Parameter 'key')'. [D:\...\ConsoleApp4.vbproj]
vbc : warning AD0001: Analyzer 'Microsoft.NetCore.Analyzers.Security.ReviewCodeForFilePathInjectionVulnerabilities' threw an exception of type 'System.ArgumentNullException' with message 'Value cannot be null. (Parameter 'key')'. [D:\...\ConsoleApp4.vbproj]
vbc : warning AD0001: Analyzer 'Microsoft.NetCore.Analyzers.Security.ReviewCodeForFilePathInjectionVulnerabilities' threw an exception of type 'System.ArgumentNullException' with message 'Value cannot be null. (Parameter 'key')'. [D:\...\ConsoleApp4.vbproj]
vbc : warning AD0001: Analyzer 'Microsoft.NetCore.Analyzers.Security.DoNotAddArchiveItemPathToTheTargetFileSystemPath' threw an exception of type 'System.ArgumentNullException' with message 'Value cannot be null. (Parameter 'key')'. [D:\...\ConsoleApp4.vbproj]
vbc : warning AD0001: Analyzer 'Microsoft.NetCore.Analyzers.Security.DoNotAddArchiveItemPathToTheTargetFileSystemPath' threw an exception of type 'System.ArgumentNullException' with message 'Value cannot be null. (Parameter 'key')'. [D:\...\ConsoleApp4.vbproj]
vbc : warning AD0001: Analyzer 'Microsoft.NetCore.Analyzers.Security.ReviewCodeForXmlInjectionVulnerabilities' threw an exception of type 'System.ArgumentNullException' with message 'Value cannot be null. (Parameter 'key')'. [D:\...\ConsoleApp4.vbproj]
vbc : warning AD0001: Analyzer 'Microsoft.NetCore.Analyzers.Security.ReviewCodeForXmlInjectionVulnerabilities' threw an exception of type 'System.ArgumentNullException' with message 'Value cannot be null. (Parameter 'key')'. [D:\...\ConsoleApp4.vbproj]
    21 Warning(s)
    0 Error(s)

The exceptions all seem to be the same. I've attached a truncated log from a build that used detailed verbosity.

 System.ArgumentNullException: Value cannot be null. (Parameter 'key')
    at System.Collections.Immutable.Requires.FailArgumentNullException(String parameterName)
    at System.Collections.Immutable.ImmutableDictionary`2.TryGetValue(TKey key, TValue& value)
    at Analyzer.Utilities.AggregateCategorizedAnalyzerConfigOptions.TryGetOptionValue[T](String optionName, OptionKind kind, SyntaxTree tree, DiagnosticDescriptor rule, TryParseValue`1 tryParseValue, T defaultValue, T& value)
    at Analyzer.Utilities.AggregateCategorizedAnalyzerConfigOptions.GetOptionValue[T](String optionName, SyntaxTree tree, DiagnosticDescriptor rule, TryParseValue`1 tryParseValue, T defaultValue, OptionKind kind)
    at Analyzer.Utilities.AnalyzerOptionsExtensions.GetNonFlagsEnumOptionValue[TEnum](AnalyzerOptions options, String optionName, DiagnosticDescriptor rule, SyntaxTree tree, Compilation compilation, TEnum defaultValue, CancellationToken cancellationToken)
    at Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisConfiguration.Create(AnalyzerOptions analyzerOptions, ImmutableArray`1 rules, SyntaxTree tree, Compilation compilation, InterproceduralAnalysisKind defaultInterproceduralAnalysisKind, CancellationToken cancellationToken, UInt32 defaultMaxInterproceduralMethodCallChain, UInt32 defaultMaxInterproceduralLambdaOrLocalFunctionCallChain)
    at Microsoft.NetCore.Analyzers.Security.SourceTriggeredTaintedDataAnalyzerBase.<>c__DisplayClass6_0.<Initialize>b__1(OperationBlockStartAnalysisContext operationBlockStartContext)
    at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.<>c__66`6.<ExecuteBlockActionsCore>b__66_2(ValueTuple`5 data)
    at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.ExecuteAndCatchIfThrows_NoLock[TArg](DiagnosticAnalyzer analyzer, Action`1 analyze, TArg argument, Nullable`1 info)

Expected behavior

The analyzers don't throw exceptions.

Actual behavior

The analyzers throw exceptions.

Additional context

• Compiling the equivalent C# code doesn't throw any exceptions.
• Setting the TargetFramework to netcoreapp3.1 and enabling EnableNETAnalyzers doesn't throw any exceptions.
• Could be related to ArgumentNullException in SourceTriggeredTaintedDataAnalyzerBase for VB assembly attributes #4491 or AD0001: Analyzer 'Microsoft.NetCore.Analyzers.Security.UseAutoValidateAntiforgeryToken' threw an exception of type 'System.ArgumentNullException' with message 'Value cannot be null.' #4772.
• Truncated build log with detailed verbosity.

[Youssef1313]

The stack trace showing the exception around:

roslyn-analyzers/src/Utilities/Compiler/Options/AggregateCategorizedAnalyzerConfigOptions.cs

Lines 110 to 122 in 5102a0d

	if (tree is null)
	{
	if (_globalOptions is null)
	{
	value = defaultValue;
	return false;
	}
	return _globalOptions.Value.TryGetOptionValue(optionName, kind, rule, tryParseValue, defaultValue, out value);
	}
	return _perTreeOptions.TryGetValue(tree, out var lazyTreeOptions) &&
	lazyTreeOptions.Value.TryGetOptionValue(optionName, kind, rule, tryParseValue, defaultValue, out value);

As far as I understand, the key passed to TryGetValue (which is tree) happens to be null. But how could that be if there is a null check above. Confusing :/

[mavasani]

Probably worth checking the package version, I think I fixed a similar issue recently.

[mavasani]

Can you please try latest NuGet package instead of analyzers in the 5.0 SDK?

[reduckted]

Adding a package reference to Microsoft.CodeAnalysis.NetAnalyzers v5.0.3 fixed it. No exceptions were thrown.

In fact, looks like it was fixed in v5.0.1. Installing 5.0.0 caused the exceptions to be thrown, but 5.0.1 worked fine.