startup_analyzers.md

Summary

ASP.NET Core startup code follows regular patterns that are suitable for code analysis and enhancements to the coding experience through analyzers, code fixes, and smarter scaffolding.

What things that analyzers could provide would be most valuable?

Things that analyzers can easily understand:

• What services are registered? (ex: AddMvc() includes AddRouting())
• What options are set? (ex: AddMvcOptions(options => options.EnableEndpointRouting = false)
• What middleware do you have? (ex: UseHealthChecks())
• What order are middleware in? (ex: is UseStaticFiles() before routing?)
• What routes/endpoints are registered? (ex: MapHealthChecks())

Examples

Here are some examples of the kinds of things we can do.

I did actually implement these - they aren't canned demos - it's prototype status. They don't yet have code fixes, but you could image that as well.

Find Missing AddXyz() Calls

Have you ever forgotten to register something in DI?

This is generic functionality and can be driven from attributes or a text file shipped with the analyzer/SDK. If based on attributes, it can be extensible.

Recommended Middleware Ordering

Middleware try to be flexible, but there are some cases that are always a mistake.

This is generic functionality and can be driven from attributes or a text file shipped with the analyzer/SDK. If based on attributes, it can be extensible.

Migration Guidance / Fixes

What happens when things change?

This is an example of something highly tailored. If we deliver migration guidance and code fixes we recommend the more modern way to using the framework without the need for breaking compatibility and breaking APIs. This is a softer/nicer way to evolve ASP.NET Core.

Feedback?

Leave a comment here, open an issue at https://github.com/aspnet/AspNetCore or tweet @aVerySpicyBoi. The POWER IS YOURS!

Things I've heard so far that I like:

• Validating DI config at build-time is valuable, anything we can do here would help.
• Provide the same level of support for generic-host or the Program.cs equivalents of Startup code.
• Analyze all of my code! Not just startup.
• The other way around would be nice: “Authentication was added using AddAuthentication but no authentication middleware is invoked”.
• Calling app inside a lamda declared for another app call is probably a bug: app.MyBranchHelper(a=>app.BadCall());

Some detection around if number of requests stays roughly the same but there is a sudden spike in cpu usage.

@jarrettv these are static code analyzers, not operational/runtime.

Maybe out of context, but something that find [FromBody] and other cases where these attributes are obsolete with the new [ApiController] attribute? Probably even more tricky, be able detect the ModelState.IsValid pattern. Of course, it is necessary to deal with the SuppressModelStateInvalidFilter and SuppressInferBindingSourcesForParameters (disable the warning if the tokens are found somewhere in the assembly?).
Otherwise it should be possible to log some information at runtime, but it is not a static analysis.

@Yves57 we already have this. Will be shipping it in the box in 3.0

@rynowak Great! I have no specific idea about Startup: I don't write new projects evey day, so in my opinion I don't expect Microsoft spends too much time too create tools to help users :-).