Adding reference to MessagePackAnalyzer to check for MsgPack001 / MsgPack002 (Banned API) (#19989)

.gitignore

@@ -13,6 +13,7 @@ BenchmarkDotNet.Artifacts/
 .gradle/
 src/SignalR/clients/**/dist/
 modules/
+.ionide/
 
 # File extensions
 *.aps
@@ -41,4 +42,4 @@ launchSettings.json
 msbuild.ProjectImports.zip
 StyleCop.Cache
 UpgradeLog.htm
-.idea
+.idea

eng/Dependencies.props

@@ -163,6 +163,7 @@ and are generated based on the last package release.
     <LatestPackageReference Include="IdentityServer4.Storage" Version="$(IdentityServer4StoragePackageVersion)" />
     <LatestPackageReference Include="Libuv" Version="$(LibuvPackageVersion)" />
     <LatestPackageReference Include="MessagePack" Version="$(MessagePackPackageVersion)" />
+    <LatestPackageReference Include="MessagePackAnalyzer" Version="$(MessagePackPackageVersion)" />
     <LatestPackageReference Include="Mono.Cecil" Version="$(MonoCecilPackageVersion)" />
     <LatestPackageReference Include="Moq" Version="$(MoqPackageVersion)" />
     <LatestPackageReference Include="Newtonsoft.Json.Bson" Version="$(NewtonsoftJsonBsonPackageVersion)" />

eng/Versions.props

@@ -225,7 +225,7 @@
     <IdentityServer4PackageVersion>3.0.0</IdentityServer4PackageVersion>
     <IdentityServer4StoragePackageVersion>3.0.0</IdentityServer4StoragePackageVersion>
     <IdentityServer4EntityFrameworkStoragePackageVersion>3.0.0</IdentityServer4EntityFrameworkStoragePackageVersion>
-    <MessagePackPackageVersion>2.1.80</MessagePackPackageVersion>
+    <MessagePackPackageVersion>2.1.90</MessagePackPackageVersion>
     <MoqPackageVersion>4.10.0</MoqPackageVersion>
     <MonoCecilPackageVersion>0.10.1</MonoCecilPackageVersion>
     <NewtonsoftJsonBsonPackageVersion>1.0.2</NewtonsoftJsonBsonPackageVersion>

src/SignalR/common/Protocols.MessagePack/src/.editorconfig

@@ -0,0 +1,12 @@
+# EditorConfig is awesome:http://EditorConfig.org
+# NOTE: Requires **VS2019 16.3** or later
+
+# New Rule Set
+# Description:
+# MsgPack001 : MsgPack001 Avoid static default for MessagePackSerializerOptions
+# MsgPack002 : MsgPack002 Avoid using a mutable static value for MessagePackSerializerOptions
+
+# Code files
+[*.{cs,vb}]
+dotnet_diagnostic.MsgPack001.severity = error
+dotnet_diagnostic.MsgPack002.severity = error

src/SignalR/common/Protocols.MessagePack/src/Microsoft.AspNetCore.SignalR.Protocols.MessagePack.csproj

@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <Description>Implements the SignalR Hub Protocol over MsgPack.</Description>
@@ -17,6 +17,7 @@
   <ItemGroup>
     <Reference Include="Microsoft.AspNetCore.SignalR.Common" />
     <Reference Include="MessagePack" />
+    <Reference Include="MessagePackAnalyzer" PrivateAssets="All" />
   </ItemGroup>
 
 </Project>

src/SignalR/common/Protocols.MessagePack/src/Protocol/MessagePackHubProtocol.cs

@@ -26,7 +26,7 @@ namespace Microsoft.AspNetCore.SignalR.Protocol
         private const int VoidResult = 2;
         private const int NonVoidResult = 3;
 
-        private MessagePackSerializerOptions _msgPackSerializerOptions;
+        private readonly MessagePackSerializerOptions _msgPackSerializerOptions;
         private static readonly string ProtocolName = "messagepack";
         private static readonly int ProtocolVersion = 1;
 
@@ -53,34 +53,36 @@ namespace Microsoft.AspNetCore.SignalR.Protocol
         public MessagePackHubProtocol(IOptions<MessagePackHubProtocolOptions> options)
         {
             var msgPackOptions = options.Value;
-            SetupResolver(msgPackOptions);
-            _msgPackSerializerOptions.WithSecurity(MessagePackSecurity.UntrustedData);
-        }
+            var resolver = SignalRResolver.Instance;
+            var hasCustomFormatterResolver = false;
 
-        private void SetupResolver(MessagePackHubProtocolOptions options)
-        {
-            // if counts don't match then we know users customized resolvers so we set up the options
-            // with the provided resolvers
-            if (options.FormatterResolvers.Count != SignalRResolver.Resolvers.Count)
+            // if counts don't match then we know users customized resolvers so we set up the options with the provided resolvers
+            if (msgPackOptions.FormatterResolvers.Count != SignalRResolver.Resolvers.Count)
             {
-                var resolver = CompositeResolver.Create(Array.Empty<IMessagePackFormatter>(), (IReadOnlyList<IFormatterResolver>)options.FormatterResolvers);
-                _msgPackSerializerOptions = MessagePackSerializerOptions.Standard.WithResolver(resolver);
-                return;
+                hasCustomFormatterResolver = true;
             }
-
-            for (var i = 0; i < options.FormatterResolvers.Count; i++)
+            else
             {
-                // check if the user customized the resolvers
-                if (options.FormatterResolvers[i] != SignalRResolver.Resolvers[i])
+                // Compare each "reference" in the FormatterResolvers IList<> against the default "SignalRResolver.Resolvers" IList<>
+                for (var i = 0; i < msgPackOptions.FormatterResolvers.Count; i++)
                 {
-                    var resolver = CompositeResolver.Create(Array.Empty<IMessagePackFormatter>(), (IReadOnlyList<IFormatterResolver>)options.FormatterResolvers);
-                    _msgPackSerializerOptions = MessagePackSerializerOptions.Standard.WithResolver(resolver);
-                    return;
+                    // check if the user customized the resolvers
+                    if (msgPackOptions.FormatterResolvers[i] != SignalRResolver.Resolvers[i])
+                    {
+                        hasCustomFormatterResolver = true;
+                        break;
+                    }
                 }
             }
 
-            // Use optimized cached resolver if the default is chosen
-            _msgPackSerializerOptions = MessagePackSerializerOptions.Standard.WithResolver(SignalRResolver.Instance);
+            if (hasCustomFormatterResolver)
+            {
+                resolver = CompositeResolver.Create(Array.Empty<IMessagePackFormatter>(), (IReadOnlyList<IFormatterResolver>)msgPackOptions.FormatterResolvers);
+            }
+
+            _msgPackSerializerOptions = MessagePackSerializerOptions.Standard
+                                                                    .WithResolver(resolver)
+                                                                    .WithSecurity(MessagePackSecurity.UntrustedData);
         }
 
         /// <inheritdoc />