MTA-6471 C# Provider Documentation

assemblies/rules-development-guide/assembly_creating-rule.adoc

@@ -30,6 +30,7 @@ include::topics/rules-development/create-nodejs-custom-rule.adoc[leveloffset=+1]
 
 include::topics/rules-development/create-python-custom-rule.adoc[leveloffset=+1]
 
+include::topics/rules-development/create-csharp-custom-rule.adoc[leveloffset=+1]
 
 ifdef::parent-context-of-creating-rule[:context: {parent-context-of-creating-rule}]
 ifndef::parent-context-of-creating-rule[:!context:]

assemblies/rules-development-guide/assembly_rule-yaml-conditions.adoc

@@ -16,25 +16,25 @@
 :context: rules-prov-cond
 
 [role="_abstract"]
-The providers are the modular components in charge of analyzing a given language. Providers are able to analyze code by leveraging the Language Server Protocol (LSP). Through the LSP, all code analysis is abstracted away from the analysis engine and left to the specific LSP server to run the search query defined in the rule on the source code. 
+The providers are the modular components in charge of analyzing a given language. The external providers, except `C#`, are able to analyze code by leveraging the Language Server Protocol (LSP). Through the LSP, all code analysis is abstracted away from the analysis engine and left to the specific LSP server to run the search query defined in the rule on the source code. 
 
 Additionally, {ProductShortName} provides a built-in provider with abilities such as XML parsing, running regular expressions on files, and so on.
 
 Currently, {ProductShortName} supports the following providers:
 
 * builtin
 * Java 
-* Go 
-* External providers (for `Python`, `Dotnet` and `Node.js` applications) initialized by the generic provider binary
+* C#
+* External providers (for `Python`, `Go`, and `Node.js` applications) initialized by the generic provider binary
 
 [NOTE]
 ====
 You can use the generic provider binary to create an external provider for any language that is compliant with link:https://microsoft.github.io/language-server-protocol/specifications/lsp/3.17/specification/[LSP 3.17 specifications].
 ====
 
-.Using the provider capability in custom rules
+== Using the provider capability in custom rules
 
-In a rule, the when block is where the conditions for matching the rule are specified. Each provider offers a series of capabilities to do matching.. The search query in the rule condition can contain patterns, code locations, specific dependencies to be found, and so on, to evaluate the source code and dependencies. The provider sends the LSP server a request to check the search query against the application being analyzed. When the LSP server returns a match for the search in the source code, the analyzer triggers a violation.
+In a rule, the when block is where the conditions for matching the rule are specified. Each provider offers a series of capabilities to do matching. The search query in the rule condition can contain patterns, code locations, specific dependencies to be found, and so on, to evaluate the source code and dependencies. The provider sends the LSP server a request to check the search query against the application being analyzed. When the LSP server returns a match for the search in the source code, the analyzer triggers a violation.
 
 The syntax for the when block is as follows: contains one condition, but that condition can have multiple conditions nested under it.
 

docs/topics/release-notes-topics/ref_new-features-and-enhancements-8-0.adoc

@@ -8,8 +8,8 @@
 [role="_abstract"]
 {ProductFirstRef} ({ProductShortName}) version 8.0.0 provides the following major new features and enhancements.
 
-{mta-dl-plugin} is available in the Visual Studio Code extension::
-You can opt to use {mta-dl-plugin} features in the Visual Studio Code extension. With the Developer Lightspeed feature, you can use a large language model (LLM) of your choice to request code changes for resolving the issues found through a static code analysis of your Java application.
+{mta-dl-plugin} is available in the VS Code extension::
+You can opt to use {mta-dl-plugin} features in the VS Code extension. With the Developer Lightspeed feature, you can use a large language model (LLM) of your choice to request code changes for resolving the issues found through a static code analysis of your Java application.
 +
 --
 The {mta-dl-plugin} core features are the following:

docs/topics/rules-development/create-csharp-custom-rule.adoc

@@ -0,0 +1,77 @@
+// Module included in the following assemblies:
+//
+// * docs/rules-development-guide/master.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="create-csharp-custom-rule_{context}"]
+= Creating a custom C# rule
+
+[role="_abstract"]
+You can create custom rules to analyze `C#` applications by using the {ProductShortName} CLI, user interface, or IDE extension. The following example shows how to run a CLI analysis for a C# application.
+
+You can use a custom rule to check if {ProductShortName} triggers an incident when it detects the `WebMatrix.WebData.WebSecurity` class in a `C#` example project.
+
+.Prerequisites
+
+* You installed the `ilspycmd` and `paket` dependencies.
+* You installed the `dotnet tools` and exported the `dotnet tools` path by using the `export PATH="$PATH:<path/to/.dotnet/tools"` command.
+
+.Procedure
+. Create a `csharp-rule.yaml` file in your `Home` directory. 
+
+. Copy the following rule in the `csharp-rule.yaml` file:
++
+
+[source, yaml]
+----
+- category: mandatory
+  customVariables: []
+  description: WebMatrix.WebData.WebSecurity is not available in .NET Core
+  effort: 8
+  labels:
+  - konveyor.io/source=dotnet
+  - konveyor.io/target=dotnet-core
+  links:
+  - title: Introduction to Identity on ASP.NET Core
+    url: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity
+  - title: Migrate Authentication and Identity to ASP.NET Core
+    url: https://learn.microsoft.com/en-us/aspnet/core/migration/identity
+  message: |
+    WebMatrix.WebData.WebSecurity is not available in .NET Core and must be replaced with ASP.NET Core Identity.
+
+    Migration actions:
+    - Add Microsoft.AspNetCore.Identity.EntityFrameworkCore NuGet package
+    - Create ApplicationUser class inheriting from IdentityUser
+    - Update DbContext to inherit from IdentityDbContext<ApplicationUser>
+    - Replace WebSecurity.Login with SignInManager.PasswordSignInAsync
+    - Replace WebSecurity.Logout with SignInManager.SignOutAsync
+    - Replace WebSecurity.CreateUserAndAccount with UserManager.CreateAsync
+    - Replace WebSecurity.ChangePassword with UserManager.ChangePasswordAsync
+    - Configure Identity in Startup.ConfigureServices with AddIdentity or AddDefaultIdentity
+  ruleID: dotnet-core-websecurity-01
+  when:
+    csharp.referenced:
+      location: ALL
+      pattern: WebMatrix.WebData.WebSecurity
+----
+
+. Open a C# project that has the `WebMatrix.WebData.WebSecurity` class.
+
+. Run an analysis with the following command in the {ProductShortName} CLI:
++
+
+[source, terminal]
+----
+$ ./mta-cli analyze -i _path_to_C#_app_ -o _path_to_report_ --overwrite --run-local=false --enable-default-rulesets=false --mode source-only --rules ~/csharp-rule.yaml 
+----
++
+
+[NOTE]
+====
+Add the `--overwrite` option if you want to use the same directory for the report when you run subsequent tests. {ProductShortName} overwrites the current report with the result of the latest analysis that you ran.
+====
+
+. Open the static report at _path_to_report_ in your browser.
+
+. Navigate to the issues to verify the *`WebMatrix.WebData.WebSecurity` is not available in `.NET Core`* issue.
+

docs/topics/rules-development/yaml-dotnet-provider.adoc

@@ -4,21 +4,23 @@
 
 :_mod-docs-content-type: REFERENCE
 [id="yaml-dotnet-provider_{context}"]
-= Dotnet provider
+= C# provider
 
 [role="_abstract"]
-The `dotnet` provider is an external provider used to analyze .NET and C# source code. Currently, the provider supports the `referenced` capability.
+The `C#` provider is an external provider used to analyze `.NET Core` and `C#` source code. Currently, the provider supports the `referenced` capability.
 
-.`referenced`
+The `C#` provider uses a gRPC interface to perform a semantic analysis of an application source code in the `source-only` mode. The provider parses the source code by using tree-sitter and uses stack graph for the analysis to find references to types, methods, classes, and fields. Based on the `C#` custom rule definition, the analyzer identifies violations in your code that you must resolve before the application migration. 
 
-By using the `referenced` capability, the provider finds references in the source code.
+`referenced`::
+
+The `C#` provider supports `referenced` capability in rules to define fields such as `pattern` and `location` based on which the provider searches the code for violations. 
 
 [source,yaml]
 ----
 when:
-  dotnet.referenced:
+  csharp.referenced:
     pattern: "<pattern>" 
-    namespace: "<namespace>" 
+    location: CLASS 
 ----
 where:
 

docs/topics/vscode/proc_vscode-analyzing-application.adoc

@@ -7,7 +7,12 @@ You can run a static code analysis of an application with or without enabling th
 
 .Prerequisites
 
-* You opened a Java project in your Visual Studio Code workspace.
+* You opened a project in your Visual Studio Code workspace.
+* You installed the following for `.NET Core` or `C#` application analysis:
+.. The {ProductShortName} Core and `C#` extensions 
+.. `dotnet tools` and added it to the `$PATH` environment variable
+.. `ilspycmd` command line tool for the `ILSpy.NET` decompiler
+.. `paket` package manager
 * You configured an analysis profile on the *{ProductShortName} Analysis View* page. For more information, see xref:configuring-profile-settings_vsc-extension-guide[Configuring the {ProductShortName} profile settings].
 
 .Procedure