Description
Background and Motivation
As far as I am aware, routable controller methods need to be public.
However, there seems to be no rule against applying route attributes (e.g. [Route], [AcceptVerbs], ..., possibly all inheritors of IRouteTemplateProvider) to non-public methods.
I just accidentally left a method private and wondered why its route would not be mapped before thinking about checking its access modifiers.
This can happen when extracting methods via automated IDE refactorings (in Visual Studio the extracted method is set to private by default).
Proposed Analyzer
Analyzer Behavior and Message
The analyzer should notify when a route attribute is applied to an invalid method:
- non-public methods
- methods marked with
[NonAction](ideally considering inheritance)
This should apply to [Route], [AcceptVerbs], [HttpGet] and the like. This might coincide with inheritors of IRouteTemplateProvider (I do not know the internals of the framework enough to say).
Category
- Design
- Documentation
- Globalization
- Interoperability
- Maintainability
- Naming
- Performance
- Reliability
- Security
- Style
- Usage
Severity Level
- Error
- Warning
- Info
- Hidden
Usage Scenarios
[HttpGet]
[Route("myRoute")]
private IActionResult SomeMethod() { /* ... */ }Proposed corrections:
- make the method
public - remove the inapplicable attributes
Risks
This might break some non-explicit ways of declaring routes I am not aware of.