First version Test Coverage and .NET 9 upgrade #2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ruudkobes
commented
May 16, 2025
| - [`src/Hyperledger.Aries/Utils/CryptoUtils.cs`](src/Hyperledger.Aries/Utils/CryptoUtils.cs:68) | ||
| - [`src/Hyperledger.Aries/Utils/CryptoUtils.cs`](src/Hyperledger.Aries/Utils/CryptoUtils.cs:80) | ||
|
|
||
| **Fix Applied:** Modified the deserialization calls in `UnpackAsync` methods to explicitly use `Newtonsoft.Json.JsonConvert.DeserializeObject<T>` with `TypeNameHandling.None` to prevent the deserialization of unexpected types. |
Member
Author
There was a problem hiding this comment.
Core observation that TypeNameHandling.None is the only value that should be allowed is correct.
- That's the default value. Nowhere in this code is anything else used, i.e. the code is secure wrt this point
- There is a .NET analyzer to validate this, although not enabled by default
On the supposed fix:
- The described modifications (few lines below this) are NOT what it actually did.
- The introduced change is identical from a security perspective, it just bypasses the preconfigured serializer settings for the library, likely causing regression issues around JSON parsing.
The best protection solution would be to suggest/fix to enable the analyzer:
# CA2326: Do not use TypeNameHandling values other than None
dotnet_diagnostic.CA2326.severity = error
…work-dotnet into Test-Coverage
…work-dotnet into Test-Coverage
There was a problem hiding this comment.
Pull Request Overview
This PR introduces the first suite of analysis reports for test coverage, security, performance, documentation, and code comprehension, and upgrades the project to .NET 9 with updated dependency versions and build scripts.
- Add comprehensive analysis reports under
analysis_reports/refinement-analysis-20250515-190428/ - Upgrade project target/framework and bump package versions in
Directory.Build.props,README.md - Introduce build tooling (Makefile, Dockerfile) and a GitHub Actions CI workflow
Reviewed Changes
Copilot reviewed 276 out of 276 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| analysis_reports/refinement-analysis-20250515-190428/test_coverage_report.md | New test coverage analysis and recommendations |
| analysis_reports/refinement-analysis-20250515-190428/security_review_report.md | New security review findings |
| analysis_reports/refinement-analysis-20250515-190428/security_fix_report.md | Security fixes applied |
| analysis_reports/refinement-analysis-20250515-190428/optimization_report.md | Performance bottleneck analysis |
| analysis_reports/refinement-analysis-20250515-190428/optimization_fix_report.md | Refactoring and retry-policy fixes |
| analysis_reports/refinement-analysis-20250515-190428/documentation_report.md | Documentation gaps and update plan |
| analysis_reports/refinement-analysis-20250515-190428/code_comprehension_report.md | Code comprehension overview for src/ |
| analysis_reports/WalletFrameworkCoreTestsFix/code_comprehension_report.md | Comprehension of Core/tests structure |
| analysis_reports/BUG-789/code_comprehension_report_WalletFrameworkCore.md | Analysis of Base64Url bug in Core |
| README.md | Changelog for 2.0.0 and package upgrades |
| Makefile | Add build, test, publish, and clean targets |
| Dockerfile | Multi-stage build (SDK 6.0) and runtime (ASP.NET 6.0) |
| Directory.Build.props | Bump to .NET 9 targets and update dependency version variables |
| .github/workflows/ci.yml | New .NET CI pipeline |
| .editorconfig | Enforce CA2326 (TypeNameHandling) as error |
| .docsregistry | Register new documentation artifacts |
| .roo/mcp.json | Add (disabled) MCP server config |
| .memory | Add orchestration signals |
Comments suppressed due to low confidence (2)
Codebase Xray.md:1
- [nitpick] This file appears to be an internal analysis prompt; consider removing it from the repo or moving it to a private documentation location, as it does not belong in the production codebase.
# CodeBase-Xray-Prompt
.docsregistry:47
- The entry for
package_upgrades_20250519.mdis duplicated; remove one of the entries to maintain a clean registry.
{ "path": "docs/updates/package_upgrades_20250519.md",
| <RoslynatorAnalyzersVersion>4.12.0</RoslynatorAnalyzersVersion> | ||
| <PeterOCborVersion>4.5.3</PeterOCborVersion> | ||
| <SdJwtVersion>0.1.0-rc.67</SdJwtVersion> | ||
| <PeterOCborVersion>4.5.3</PeterOCborVersion> |
There was a problem hiding this comment.
The <PeterOCborVersion> property is declared twice; remove the duplicate to avoid confusion and potential merge conflicts.
Suggested change
| <PeterOCborVersion>4.5.3</PeterOCborVersion> |
| dotnet-version: | | ||
| 6.0.x | ||
| 7.0.x | ||
| 8.0.x # Assuming support for multiple .NET versions based on project structure |
There was a problem hiding this comment.
Since the project has been upgraded to target .NET 9, include 9.0.x in the dotnet-version matrix to ensure CI builds and tests against .NET 9.
Suggested change
| 8.0.x # Assuming support for multiple .NET versions based on project structure | |
| 8.0.x # Assuming support for multiple .NET versions based on project structure | |
| 9.0.x |
| @@ -0,0 +1,23 @@ | |||
| # Use the official .NET SDK image for building | |||
| FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build | |||
There was a problem hiding this comment.
Update the base SDK image to a .NET 9 SDK (e.g. mcr.microsoft.com/dotnet/sdk:9.0) to match the project’s target framework upgrade.
Suggested change
| FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build | |
| FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Short description of what this resolves:
Changes proposed in this pull request:
Fixes: #