rspec/rules/S1944/csharp/rule.adoc

== Why is this an issue?

A cast is an https://learn.microsoft.com/en-us/dotnet/csharp/programming-guide/types/casting-and-type-conversions#explicit-conversions[explicit conversion], which is a way to tell the compiler the intent to convert from one type to another.

[source,csharp]
----
void Method(object value)
{
    int i;
    i = (int)value;   // Casting (explicit conversion) from float to int
}
----

In most cases, the compiler will be able to catch invalid casts between incompatible value types or reference types.

However, the compiler will not be able to detect invalid casts to https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/keywords/interface[interfaces].

=== What is the potential impact?

Invalid casts will lead to unexpected behaviors or runtime errors such as https://learn.microsoft.com/en-us/dotnet/api/system.invalidcastexception[InvalidCastException].

=== Exceptions

No issue is reported if the interface has no implementing class in the assembly.

== How to fix it

To prevent an `InvalidCastException` from raising during an explicit conversion, it is recommended to use the https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/operators/type-testing-and-cast#as-operator[`as` operator].
When the conversion is not possible, the `as` operator returns `null` and will never raise an exception.

=== Code examples

==== Noncompliant code example

[source,csharp,diff-id=1,diff-type=noncompliant]
----
public interface IMyInterface
{ /* ... */ }

public class Implementer : IMyInterface
{ /* ... */ }

public class AnotherClass
{ /* ... */ }

public static class Program
{
  public static void Main()
  {
    var another = new AnotherClass();
    var x = (IMyInterface)another;     // Noncompliant: InvalidCastException is being thrown
  }
}
----

==== Compliant solution

[source,csharp,diff-id=1,diff-type=compliant]
----
public interface IMyInterface
{ /* ... */ }

public class Implementer : IMyInterface
{ /* ... */ }

public class AnotherClass
{ /* ... */ }

public static class Program
{
  public static void Main()
  {
    var another = new AnotherClass();
    var x = another as IMyInterface;    // Compliant: but will always be null
  }
}
----

== Resources

=== Documentation

* https://learn.microsoft.com/en-us/dotnet/csharp/programming-guide/types/casting-and-type-conversions#explicit-conversions[Casting and type conversions - Explicit conversion]
* https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/operators/type-testing-and-cast[Type-testing operators and cast expressions]
** https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/operators/type-testing-and-cast#is-operator[`is` operator]
** https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/operators/type-testing-and-cast#as-operator[`as` operator]
* https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/language-specification/conversions#103-explicit-conversions[Conversions - Explicit conversions in C#]
** https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/language-specification/conversions#1035-explicit-reference-conversions[Conversions - Explicit reference conversions in C#]
* CWE - https://cwe.mitre.org/data/definitions/588[CWE-588 - Attempt to Access Child of a Non-structure Pointer]
* CWE - https://cwe.mitre.org/data/definitions/704[CWE-704 - Incorrect Type Conversion or Cast]

include::../rspecator-dotnet.adoc[]
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Why is this an issue?`

Modify rule S1944: LaYC format (#2131) 2023-06-13 10:52:19 +02:00			`A cast is an https://learn.microsoft.com/en-us/dotnet/csharp/programming-guide/types/casting-and-type-conversions#explicit-conversions[explicit conversion], which is a way to tell the compiler the intent to convert from one type to another.`
Add rules 1000-1999 2020-06-30 12:47:33 +02:00
Modify rule S1944: LaYC format (#2131) 2023-06-13 10:52:19 +02:00			`[source,csharp]`
			`----`
			`void Method(object value)`
			`{`
			`int i;`
			`i = (int)value; // Casting (explicit conversion) from float to int`
			`}`
			`----`
Add rules 1000-1999 2020-06-30 12:47:33 +02:00
Modify rule S1944: LaYC format (#2131) 2023-06-13 10:52:19 +02:00			`In most cases, the compiler will be able to catch invalid casts between incompatible value types or reference types.`
Add rules 1000-1999 2020-06-30 12:47:33 +02:00
Modify rule S1944: LaYC format (#2131) 2023-06-13 10:52:19 +02:00			`However, the compiler will not be able to detect invalid casts to https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/keywords/interface[interfaces].`

			`=== What is the potential impact?`

			`Invalid casts will lead to unexpected behaviors or runtime errors such as https://learn.microsoft.com/en-us/dotnet/api/system.invalidcastexception[InvalidCastException].`

			`=== Exceptions`

			`No issue is reported if the interface has no implementing class in the assembly.`

			`== How to fix it`

			To prevent an `InvalidCastException` from raising during an explicit conversion, it is recommended to use the https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/operators/type-testing-and-cast#as-operator[`as` operator].
			When the conversion is not possible, the `as` operator returns `null` and will never raise an exception.

			`=== Code examples`

			`==== Noncompliant code example`

			`[source,csharp,diff-id=1,diff-type=noncompliant]`
Add rules 1000-1999 2020-06-30 12:47:33 +02:00			`----`
Update S1944: Remove nullable cast from C# in favor of S3655 (#2066) 2023-06-07 09:10:48 +02:00			`public interface IMyInterface`
Add rules 1000-1999 2020-06-30 12:47:33 +02:00			`{ /* ... */ }`

			`public class Implementer : IMyInterface`
			`{ /* ... */ }`

Modify rule S1944: LaYC format (#2131) 2023-06-13 10:52:19 +02:00			`public class AnotherClass`
Add rules 1000-1999 2020-06-30 12:47:33 +02:00			`{ /* ... */ }`

			`public static class Program`
			`{`
			`public static void Main()`
			`{`
Modify rule S1944: LaYC format (#2131) 2023-06-13 10:52:19 +02:00			`var another = new AnotherClass();`
			`var x = (IMyInterface)another; // Noncompliant: InvalidCastException is being thrown`
Add rules 1000-1999 2020-06-30 12:47:33 +02:00			`}`
			`}`
			`----`

Modify rule S1944: LaYC format (#2131) 2023-06-13 10:52:19 +02:00			`==== Compliant solution`
Add rules 1000-1999 2020-06-30 12:47:33 +02:00
Modify rule S1944: LaYC format (#2131) 2023-06-13 10:52:19 +02:00			`[source,csharp,diff-id=1,diff-type=compliant]`
Add rules 1000-1999 2020-06-30 12:47:33 +02:00			`----`
Update S1944: Remove nullable cast from C# in favor of S3655 (#2066) 2023-06-07 09:10:48 +02:00			`public interface IMyInterface`
Add rules 1000-1999 2020-06-30 12:47:33 +02:00			`{ /* ... */ }`

			`public class Implementer : IMyInterface`
			`{ /* ... */ }`

Modify rule S1944: LaYC format (#2131) 2023-06-13 10:52:19 +02:00			`public class AnotherClass`
Add rules 1000-1999 2020-06-30 12:47:33 +02:00			`{ /* ... */ }`

			`public static class Program`
			`{`
			`public static void Main()`
			`{`
Modify rule S1944: LaYC format (#2131) 2023-06-13 10:52:19 +02:00			`var another = new AnotherClass();`
			`var x = another as IMyInterface; // Compliant: but will always be null`
Add rules 1000-1999 2020-06-30 12:47:33 +02:00			`}`
			`}`
			`----`

Modify rule S1944: LaYC format (#2131) 2023-06-13 10:52:19 +02:00			`== Resources`
Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00
Modify rule S1944: LaYC format (#2131) 2023-06-13 10:52:19 +02:00			`=== Documentation`
Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00
Modify rule S1944: LaYC format (#2131) 2023-06-13 10:52:19 +02:00			`* https://learn.microsoft.com/en-us/dotnet/csharp/programming-guide/types/casting-and-type-conversions#explicit-conversions[Casting and type conversions - Explicit conversion]`
			`* https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/operators/type-testing-and-cast[Type-testing operators and cast expressions]`
			** https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/operators/type-testing-and-cast#is-operator[`is` operator]
			** https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/operators/type-testing-and-cast#as-operator[`as` operator]
			`* https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/language-specification/conversions#103-explicit-conversions[Conversions - Explicit conversions in C#]`
			`** https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/language-specification/conversions#1035-explicit-reference-conversions[Conversions - Explicit reference conversions in C#]`
Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529) * Fix all CWE references * Fix all OWASP references * Fix missing CWE prefixes 2024-01-15 17:15:56 +01:00			`* CWE - https://cwe.mitre.org/data/definitions/588[CWE-588 - Attempt to Access Child of a Non-structure Pointer]`
			`* CWE - https://cwe.mitre.org/data/definitions/704[CWE-704 - Incorrect Type Conversion or Cast]`
Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00
Modify rule S1944: LaYC format (#2131) 2023-06-13 10:52:19 +02:00			`include::../rspecator-dotnet.adoc[]`