From 4274af4f734b18eaff1356ea1b3353233bb790f8 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Tue, 25 Nov 2025 13:44:29 +0100 Subject: [PATCH 1/5] C#: Set AllowMissingPrunePackageData=true to true when purposely using non-existing framework targets. --- .../Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs index 635b901397b1..c60127c68351 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs @@ -77,7 +77,7 @@ private string GetRestoreArgs(RestoreSettings restoreSettings) Directory.CreateDirectory(path); } - args += $" /p:TargetFrameworkRootPath=\"{path}\" /p:NetCoreTargetingPackRoot=\"{path}\""; + args += $" /p:TargetFrameworkRootPath=\"{path}\" /p:NetCoreTargetingPackRoot=\"{path}\" /p:AllowMissingPrunePackageData=true"; } if (restoreSettings.PathToNugetConfig != null) From 1b84f70d1c9c4b60c7a335ff9a9dc5cc01b47546 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Tue, 25 Nov 2025 13:48:03 +0100 Subject: [PATCH 2/5] C#: Use NuGet version sorting instead of lexicographic directory name sorting for finding newest package version. --- .../BUILD.bazel | 1 + .../DependencyManager.cs | 2 +- .../NugetPackageRestorer.cs | 16 ++++++++++++++-- .../paket.references | 1 + csharp/paket.dependencies | 1 + csharp/paket.lock | 1 + csharp/paket.main.bzl | 1 + 7 files changed, 20 insertions(+), 3 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/BUILD.bazel b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/BUILD.bazel index 96ecccc31aa0..0dc2a3661250 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/BUILD.bazel +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/BUILD.bazel @@ -16,5 +16,6 @@ codeql_csharp_library( "//csharp/extractor/Semmle.Extraction.CSharp", "//csharp/extractor/Semmle.Util", "@paket.main//newtonsoft.json", + "@paket.main//nuget.versioning", ], ) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs index 040e89dcec1d..ad69d0c85c37 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs @@ -283,7 +283,7 @@ private void AddNetFrameworkDlls(ISet dllLocations, ISet { foreach (var fp in frameworkPaths) { - dotnetFrameworkVersionVariantCount += NugetPackageRestorer.GetOrderedPackageVersionSubDirectories(fp.Path!).Length; + dotnetFrameworkVersionVariantCount += nugetPackageRestorer.GetOrderedPackageVersionSubDirectories(fp.Path!).Length; } var folder = nugetPackageRestorer.GetNewestNugetPackageVersionFolder(frameworkPath.Path, ".NET Framework"); diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs index e2e548a46a96..29cec8a0e339 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs @@ -10,6 +10,7 @@ using System.Text.RegularExpressions; using System.Threading; using System.Threading.Tasks; +using NuGet.Versioning; using Semmle.Util; using Semmle.Util.Logging; @@ -87,11 +88,22 @@ public string GetNewestNugetPackageVersionFolder(string packagePath, string pack return selectedFrameworkFolder; } - public static DirectoryInfo[] GetOrderedPackageVersionSubDirectories(string packagePath) + public DirectoryInfo[] GetOrderedPackageVersionSubDirectories(string packagePath) { + // Only consider directories with valid NuGet version names. return new DirectoryInfo(packagePath) .EnumerateDirectories("*", new EnumerationOptions { MatchCasing = MatchCasing.CaseInsensitive, RecurseSubdirectories = false }) - .OrderByDescending(d => d.Name) // TODO: Improve sorting to handle pre-release versions. + .SelectMany(d => + { + if (NuGetVersion.TryParse(d.Name, out var version)) + { + return new[] { new { Directory = d, NuGetVersion = version } }; + } + logger.LogInfo($"Ignoring package directory '{d.FullName}' as it does not have a valid NuGet version name."); + return []; + }) + .OrderByDescending(dw => dw.NuGetVersion) + .Select(dw => dw.Directory) .ToArray(); } diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/paket.references b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/paket.references index 99e44f5d76ed..f4c783b379aa 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/paket.references +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/paket.references @@ -1 +1,2 @@ Newtonsoft.Json +NuGet.Versioning diff --git a/csharp/paket.dependencies b/csharp/paket.dependencies index cd2ac36422bc..336a61e40e05 100644 --- a/csharp/paket.dependencies +++ b/csharp/paket.dependencies @@ -7,6 +7,7 @@ strategy: max nuget Basic.CompilerLog.Util 0.9.21 nuget Mono.Posix.NETStandard nuget Newtonsoft.Json +nuget NuGet.Versioning nuget xunit nuget xunit.runner.visualstudio nuget xunit.runner.utility diff --git a/csharp/paket.lock b/csharp/paket.lock index d503e19d87df..7e5b0d5bc944 100644 --- a/csharp/paket.lock +++ b/csharp/paket.lock @@ -123,6 +123,7 @@ NUGET System.Collections.Immutable (>= 8.0) NaturalSort.Extension (4.4) Newtonsoft.Json (13.0.4) + NuGet.Versioning (7.0.1) System.Buffers (4.6.1) System.Collections.Immutable (9.0.10) System.Composition (9.0.10) diff --git a/csharp/paket.main.bzl b/csharp/paket.main.bzl index 1ef6f63df8f4..0778182f8b97 100644 --- a/csharp/paket.main.bzl +++ b/csharp/paket.main.bzl @@ -38,6 +38,7 @@ def main(): {"name": "MSBuild.StructuredLogger", "id": "MSBuild.StructuredLogger", "version": "2.3.71", "sha512": "sha512-u2Tw1WLYy+2VdccrQWyN3AY8zcFj4evfwqWMd7aBiicX3eGfkWkME7lsh9K2XS/+S8KVkjGNPI/g78E2A7Zx0g==", "sources": ["https://api.nuget.org/v3/index.json"], "dependencies": {"net11": [], "net20": [], "net30": [], "net35": [], "net40": [], "net403": [], "net45": [], "net451": [], "net452": [], "net46": [], "net461": ["Microsoft.Build.Framework", "Microsoft.Build.Utilities.Core", "System.Collections.Immutable", "System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net462": ["Microsoft.Build.Framework", "Microsoft.Build.Utilities.Core", "System.Collections.Immutable", "System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net47": ["Microsoft.Build.Framework", "Microsoft.Build.Utilities.Core", "System.Collections.Immutable", "System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net471": ["Microsoft.Build.Framework", "Microsoft.Build.Utilities.Core", "System.Collections.Immutable", "System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net472": ["Microsoft.Build.Framework", "Microsoft.Build.Utilities.Core", "System.Collections.Immutable", "System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net48": ["Microsoft.Build.Framework", "Microsoft.Build.Utilities.Core", "System.Collections.Immutable", "System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net5.0": ["Microsoft.Build.Framework", "Microsoft.Build.Utilities.Core", "System.Collections.Immutable", "System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net6.0": ["Microsoft.Build.Framework", "Microsoft.Build.Utilities.Core", "System.Collections.Immutable", "System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net7.0": ["Microsoft.Build.Framework", "Microsoft.Build.Utilities.Core", "System.Collections.Immutable", "System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net8.0": ["Microsoft.Build.Framework", "Microsoft.Build.Utilities.Core", "System.Collections.Immutable"], "net9.0": ["Microsoft.Build.Framework", "Microsoft.Build.Utilities.Core", "System.Collections.Immutable"], "netcoreapp1.0": [], "netcoreapp1.1": [], "netcoreapp2.0": ["Microsoft.Build.Framework", "Microsoft.Build.Utilities.Core", "System.Collections.Immutable", "System.Memory", "System.Runtime.CompilerServices.Unsafe"], "netcoreapp2.1": ["Microsoft.Build.Framework", "Microsoft.Build.Utilities.Core", "System.Collections.Immutable", "System.Memory", "System.Runtime.CompilerServices.Unsafe"], "netcoreapp2.2": ["Microsoft.Build.Framework", "Microsoft.Build.Utilities.Core", "System.Collections.Immutable", "System.Memory", "System.Runtime.CompilerServices.Unsafe"], "netcoreapp3.0": ["Microsoft.Build.Framework", "Microsoft.Build.Utilities.Core", "System.Collections.Immutable", "System.Memory", "System.Runtime.CompilerServices.Unsafe"], "netcoreapp3.1": ["Microsoft.Build.Framework", "Microsoft.Build.Utilities.Core", "System.Collections.Immutable", "System.Memory", "System.Runtime.CompilerServices.Unsafe"], "netstandard": [], "netstandard1.0": [], "netstandard1.1": [], "netstandard1.2": [], "netstandard1.3": [], "netstandard1.4": [], "netstandard1.5": [], "netstandard1.6": [], "netstandard2.0": ["Microsoft.Build.Framework", "Microsoft.Build.Utilities.Core", "System.Collections.Immutable", "System.Memory", "System.Runtime.CompilerServices.Unsafe"], "netstandard2.1": ["Microsoft.Build.Framework", "Microsoft.Build.Utilities.Core", "System.Collections.Immutable", "System.Memory", "System.Runtime.CompilerServices.Unsafe"]}, "targeting_pack_overrides": [], "framework_list": []}, {"name": "NaturalSort.Extension", "id": "NaturalSort.Extension", "version": "4.4.0", "sha512": "sha512-lcwYGJO2xZylcLW6B64tp6wE9UAt6fSn6el8MSAly5+6QG1vc/9uXQz+dsi69q1DxFv2TOaWrrheHNzg4yvy3Q==", "sources": ["https://api.nuget.org/v3/index.json"], "dependencies": {"net11": [], "net20": [], "net30": [], "net35": [], "net40": [], "net403": [], "net45": [], "net451": [], "net452": [], "net46": [], "net461": [], "net462": [], "net47": [], "net471": [], "net472": [], "net48": [], "net5.0": [], "net6.0": [], "net7.0": [], "net8.0": [], "net9.0": [], "netcoreapp1.0": [], "netcoreapp1.1": [], "netcoreapp2.0": [], "netcoreapp2.1": [], "netcoreapp2.2": [], "netcoreapp3.0": [], "netcoreapp3.1": [], "netstandard": [], "netstandard1.0": [], "netstandard1.1": [], "netstandard1.2": [], "netstandard1.3": [], "netstandard1.4": [], "netstandard1.5": [], "netstandard1.6": [], "netstandard2.0": [], "netstandard2.1": []}, "targeting_pack_overrides": [], "framework_list": []}, {"name": "Newtonsoft.Json", "id": "Newtonsoft.Json", "version": "13.0.4", "sha512": "sha512-bR+v+E/yJ6g7GV2uXw2OrUSjYYfjLkOLC8JD4kCS23msLapnKtdJPBJA75fwHH++ErIffeIqzYITLxAur4KAXA==", "sources": ["https://api.nuget.org/v3/index.json"], "dependencies": {"net11": [], "net20": [], "net30": [], "net35": [], "net40": [], "net403": [], "net45": [], "net451": [], "net452": [], "net46": [], "net461": [], "net462": [], "net47": [], "net471": [], "net472": [], "net48": [], "net5.0": [], "net6.0": [], "net7.0": [], "net8.0": [], "net9.0": [], "netcoreapp1.0": [], "netcoreapp1.1": [], "netcoreapp2.0": [], "netcoreapp2.1": [], "netcoreapp2.2": [], "netcoreapp3.0": [], "netcoreapp3.1": [], "netstandard": [], "netstandard1.0": [], "netstandard1.1": [], "netstandard1.2": [], "netstandard1.3": [], "netstandard1.4": [], "netstandard1.5": [], "netstandard1.6": [], "netstandard2.0": [], "netstandard2.1": []}, "targeting_pack_overrides": [], "framework_list": []}, + {"name": "NuGet.Versioning", "id": "NuGet.Versioning", "version": "7.0.1", "sha512": "sha512-ibGcrpgA8foidKNcnf+AQ4zEaVZu4OyWjcPITii6mNgwt2uhd8VFsEq7/Mb0KDxrEJaew+nWJQb7Ju166SAyzw==", "sources": ["https://api.nuget.org/v3/index.json"], "dependencies": {"net11": [], "net20": [], "net30": [], "net35": [], "net40": [], "net403": [], "net45": [], "net451": [], "net452": [], "net46": [], "net461": [], "net462": [], "net47": [], "net471": [], "net472": [], "net48": [], "net5.0": [], "net6.0": [], "net7.0": [], "net8.0": [], "net9.0": [], "netcoreapp1.0": [], "netcoreapp1.1": [], "netcoreapp2.0": [], "netcoreapp2.1": [], "netcoreapp2.2": [], "netcoreapp3.0": [], "netcoreapp3.1": [], "netstandard": [], "netstandard1.0": [], "netstandard1.1": [], "netstandard1.2": [], "netstandard1.3": [], "netstandard1.4": [], "netstandard1.5": [], "netstandard1.6": [], "netstandard2.0": [], "netstandard2.1": []}, "targeting_pack_overrides": [], "framework_list": []}, {"name": "System.Buffers", "id": "System.Buffers", "version": "4.6.1", "sha512": "sha512-qve/dFwECwehSWlZmpkrrlIeATCvo/Hw2koyMrUVcDBy5gXAQrnwX8pHEoqgj8DgkrWuWW1DrQbFqoMbo+Fvrg==", "sources": ["https://api.nuget.org/v3/index.json"], "dependencies": {"net11": [], "net20": [], "net30": [], "net35": [], "net40": [], "net403": [], "net45": [], "net451": [], "net452": [], "net46": [], "net461": [], "net462": [], "net47": [], "net471": [], "net472": [], "net48": [], "net5.0": [], "net6.0": [], "net7.0": [], "net8.0": [], "net9.0": [], "netcoreapp1.0": [], "netcoreapp1.1": [], "netcoreapp2.0": [], "netcoreapp2.1": [], "netcoreapp2.2": [], "netcoreapp3.0": [], "netcoreapp3.1": [], "netstandard": [], "netstandard1.0": [], "netstandard1.1": [], "netstandard1.2": [], "netstandard1.3": [], "netstandard1.4": [], "netstandard1.5": [], "netstandard1.6": [], "netstandard2.0": [], "netstandard2.1": []}, "targeting_pack_overrides": [], "framework_list": []}, {"name": "System.Collections.Immutable", "id": "System.Collections.Immutable", "version": "9.0.10", "sha512": "sha512-00LI4a7blU063Z0lCdRVLlh0Mzl1yYLZaxlOZe0MiNH+TELklX0Mne/XKU7UuCZQQh6FHrcEUPDjxIsy2jZUxg==", "sources": ["https://api.nuget.org/v3/index.json"], "dependencies": {"net11": [], "net20": [], "net30": [], "net35": [], "net40": [], "net403": [], "net45": [], "net451": [], "net452": [], "net46": [], "net461": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net462": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net47": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net471": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net472": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net48": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net5.0": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net6.0": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net7.0": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "net8.0": [], "net9.0": [], "netcoreapp1.0": [], "netcoreapp1.1": [], "netcoreapp2.0": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "netcoreapp2.1": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "netcoreapp2.2": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "netcoreapp3.0": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "netcoreapp3.1": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "netstandard": [], "netstandard1.0": [], "netstandard1.1": [], "netstandard1.2": [], "netstandard1.3": [], "netstandard1.4": [], "netstandard1.5": [], "netstandard1.6": [], "netstandard2.0": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"], "netstandard2.1": ["System.Memory", "System.Runtime.CompilerServices.Unsafe"]}, "targeting_pack_overrides": [], "framework_list": []}, {"name": "System.Composition", "id": "System.Composition", "version": "9.0.10", "sha512": "sha512-PyUH0f6tdjlQBntP/73cqaR53fjAZkaqGRatIi1BgZIfQH/Z0k1rPHaklBZqFV5+wKUkL74+49TrFPnB/zw+2Q==", "sources": ["https://api.nuget.org/v3/index.json"], "dependencies": {"net11": [], "net20": [], "net30": [], "net35": [], "net40": [], "net403": [], "net45": [], "net451": [], "net452": [], "net46": [], "net461": ["System.Composition.AttributedModel", "System.Composition.Convention", "System.Composition.Hosting", "System.Composition.Runtime", "System.Composition.TypedParts"], "net462": ["System.Composition.AttributedModel", "System.Composition.Convention", "System.Composition.Hosting", "System.Composition.Runtime", "System.Composition.TypedParts"], "net47": ["System.Composition.AttributedModel", "System.Composition.Convention", "System.Composition.Hosting", "System.Composition.Runtime", "System.Composition.TypedParts"], "net471": ["System.Composition.AttributedModel", "System.Composition.Convention", "System.Composition.Hosting", "System.Composition.Runtime", "System.Composition.TypedParts"], "net472": ["System.Composition.AttributedModel", "System.Composition.Convention", "System.Composition.Hosting", "System.Composition.Runtime", "System.Composition.TypedParts"], "net48": ["System.Composition.AttributedModel", "System.Composition.Convention", "System.Composition.Hosting", "System.Composition.Runtime", "System.Composition.TypedParts"], "net5.0": ["System.Composition.AttributedModel", "System.Composition.Convention", "System.Composition.Hosting", "System.Composition.Runtime", "System.Composition.TypedParts"], "net6.0": ["System.Composition.AttributedModel", "System.Composition.Convention", "System.Composition.Hosting", "System.Composition.Runtime", "System.Composition.TypedParts"], "net7.0": ["System.Composition.AttributedModel", "System.Composition.Convention", "System.Composition.Hosting", "System.Composition.Runtime", "System.Composition.TypedParts"], "net8.0": ["System.Composition.AttributedModel", "System.Composition.Convention", "System.Composition.Hosting", "System.Composition.Runtime", "System.Composition.TypedParts"], "net9.0": ["System.Composition.AttributedModel", "System.Composition.Convention", "System.Composition.Hosting", "System.Composition.Runtime", "System.Composition.TypedParts"], "netcoreapp1.0": [], "netcoreapp1.1": [], "netcoreapp2.0": ["System.Composition.AttributedModel", "System.Composition.Convention", "System.Composition.Hosting", "System.Composition.Runtime", "System.Composition.TypedParts"], "netcoreapp2.1": ["System.Composition.AttributedModel", "System.Composition.Convention", "System.Composition.Hosting", "System.Composition.Runtime", "System.Composition.TypedParts"], "netcoreapp2.2": ["System.Composition.AttributedModel", "System.Composition.Convention", "System.Composition.Hosting", "System.Composition.Runtime", "System.Composition.TypedParts"], "netcoreapp3.0": ["System.Composition.AttributedModel", "System.Composition.Convention", "System.Composition.Hosting", "System.Composition.Runtime", "System.Composition.TypedParts"], "netcoreapp3.1": ["System.Composition.AttributedModel", "System.Composition.Convention", "System.Composition.Hosting", "System.Composition.Runtime", "System.Composition.TypedParts"], "netstandard": [], "netstandard1.0": [], "netstandard1.1": [], "netstandard1.2": [], "netstandard1.3": [], "netstandard1.4": [], "netstandard1.5": [], "netstandard1.6": [], "netstandard2.0": ["System.Composition.AttributedModel", "System.Composition.Convention", "System.Composition.Hosting", "System.Composition.Runtime", "System.Composition.TypedParts"], "netstandard2.1": ["System.Composition.AttributedModel", "System.Composition.Convention", "System.Composition.Hosting", "System.Composition.Runtime", "System.Composition.TypedParts"]}, "targeting_pack_overrides": [], "framework_list": []}, From a3e545ddd5b5d636f76ac6fefd930fc8890cfa13 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 4 Dec 2025 14:26:27 +0100 Subject: [PATCH 3/5] C#: Use NuGetVersion instead of homemade version implementation. --- .../DotNetVersion.cs | 47 ++++--------------- .../Runtime.cs | 7 +-- .../Sdk.cs | 9 ++-- 3 files changed, 17 insertions(+), 46 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetVersion.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetVersion.cs index b4273d02b77a..31a4ac2292dc 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetVersion.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetVersion.cs @@ -1,24 +1,16 @@ using System; using System.IO; +using NuGet.Versioning; namespace Semmle.Extraction.CSharp.DependencyFetching { internal record DotNetVersion : IComparable { private readonly string dir; - private readonly Version version; - private readonly Version? preReleaseVersion; - private readonly string? preReleaseVersionType; - private bool IsPreRelease => preReleaseVersionType is not null && preReleaseVersion is not null; + private readonly NuGetVersion version; - private string FullVersion - { - get - { - var preRelease = IsPreRelease ? $"-{preReleaseVersionType}.{preReleaseVersion}" : ""; - return this.version + preRelease; - } - } + private string FullVersion => + version.ToString(); public string FullPath => Path.Combine(dir, FullVersion); @@ -48,37 +40,14 @@ public string? FullPathReferenceAssemblies } - public DotNetVersion(string dir, string version, string preReleaseVersionType, string preReleaseVersion) + public DotNetVersion(string dir, NuGetVersion version) { this.dir = dir; - this.version = Version.Parse(version); - if (!string.IsNullOrEmpty(preReleaseVersion) && !string.IsNullOrEmpty(preReleaseVersionType)) - { - this.preReleaseVersionType = preReleaseVersionType; - this.preReleaseVersion = Version.Parse(preReleaseVersion); - } + this.version = version; } - public int CompareTo(DotNetVersion? other) - { - var c = version.CompareTo(other?.version); - if (c == 0 && IsPreRelease) - { - if (!other!.IsPreRelease) - { - return -1; - } - - // Both are pre-release like runtime versions. - // The pre-release version types are sorted alphabetically (e.g. alpha, beta, preview, rc) - // and the pre-release version types are more important that the pre-release version numbers. - return preReleaseVersionType != other!.preReleaseVersionType - ? preReleaseVersionType!.CompareTo(other!.preReleaseVersionType) - : preReleaseVersion!.CompareTo(other!.preReleaseVersion); - } - - return c; - } + public int CompareTo(DotNetVersion? other) => + version.CompareTo(other?.version); public override string ToString() => FullPath; } diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Runtime.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Runtime.cs index a489ec504c45..64c835d27fcc 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Runtime.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Runtime.cs @@ -4,6 +4,7 @@ using System.Linq; using System.Runtime.InteropServices; using System.Text.RegularExpressions; +using NuGet.Versioning; using Semmle.Util; using Semmle.Util.Logging; @@ -27,7 +28,7 @@ public Runtime(IDotNet dotNet) this.newestRuntimes = new(GetNewestRuntimes); } - [GeneratedRegex(@"^(\S+)\s(\d+\.\d+\.\d+)(-([a-z]+)\.(\d+\.\d+\.\d+))?\s\[(.+)\]$")] + [GeneratedRegex(@"^(\S+)\s(\d+\.\d+\.\d+(-[a-z]+\.\d+\.\d+\.\d+)?)\s\[(.+)\]$")] private static partial Regex RuntimeRegex(); /// @@ -44,9 +45,9 @@ private static Dictionary ParseRuntimes(IList lis listed.ForEach(r => { var match = regex.Match(r); - if (match.Success) + if (match.Success && NuGetVersion.TryParse(match.Groups[2].Value, out var version)) { - runtimes.AddOrUpdateToLatest(match.Groups[1].Value, new DotNetVersion(match.Groups[6].Value, match.Groups[2].Value, match.Groups[4].Value, match.Groups[5].Value)); + runtimes.AddOrUpdateToLatest(match.Groups[1].Value, new DotNetVersion(match.Groups[4].Value, version)); } }); diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Sdk.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Sdk.cs index 848350bce982..c4d1ba9ac087 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Sdk.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Sdk.cs @@ -3,6 +3,7 @@ using System.IO; using System.Linq; using System.Text.RegularExpressions; +using NuGet.Versioning; using Semmle.Util; using Semmle.Util.Logging; @@ -27,7 +28,7 @@ public Sdk(IDotNet dotNet, ILogger logger) cscPath = new Lazy(GetCscPath); } - [GeneratedRegex(@"^(\d+\.\d+\.\d+)(-([a-z]+)\.(\d+\.\d+\.\d+))?\s\[(.+)\]$")] + [GeneratedRegex(@"^(\d+\.\d+\.\d+(-[a-z]+\.\d+\.\d+\.\d+)?)\s\[(.+)\]$")] private static partial Regex SdkRegex(); private static HashSet ParseSdks(IList listed) @@ -37,9 +38,9 @@ private static HashSet ParseSdks(IList listed) listed.ForEach(r => { var match = regex.Match(r); - if (match.Success) + if (match.Success && NuGetVersion.TryParse(match.Groups[1].Value, out var version)) { - sdks.Add(new DotNetVersion(match.Groups[5].Value, match.Groups[1].Value, match.Groups[3].Value, match.Groups[4].Value)); + sdks.Add(new DotNetVersion(match.Groups[3].Value, version)); } }); @@ -73,4 +74,4 @@ private static HashSet ParseSdks(IList listed) return path; } } -} \ No newline at end of file +} From 4112cfc8f1684071a8e9a2c1931bc81f4d596ec9 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 4 Dec 2025 15:42:18 +0100 Subject: [PATCH 4/5] C#: Add change note. --- csharp/ql/lib/change-notes/2025-12-04-bmn-dotnet-fixes.md | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 csharp/ql/lib/change-notes/2025-12-04-bmn-dotnet-fixes.md diff --git a/csharp/ql/lib/change-notes/2025-12-04-bmn-dotnet-fixes.md b/csharp/ql/lib/change-notes/2025-12-04-bmn-dotnet-fixes.md new file mode 100644 index 000000000000..af1f1b919666 --- /dev/null +++ b/csharp/ql/lib/change-notes/2025-12-04-bmn-dotnet-fixes.md @@ -0,0 +1,6 @@ +--- +category: fix +--- +* Fixed two issues affecting build mode `none`: + * Corrected version sorting logic when detecting the newest .NET framework to use. + * Improved stability for .NET 10 compatibility. From 5a33f9fcd853b4b0ae9ac8a848733562f79c6978 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 4 Dec 2025 15:58:02 +0100 Subject: [PATCH 5/5] C#: Update integration test expected output. --- .../Assemblies.expected | 1 + 1 file changed, 1 insertion(+) diff --git a/csharp/ql/integration-tests/posix/standalone_dependencies_executing_runtime/Assemblies.expected b/csharp/ql/integration-tests/posix/standalone_dependencies_executing_runtime/Assemblies.expected index bbfd3417df37..72f46cf9ac41 100644 --- a/csharp/ql/integration-tests/posix/standalone_dependencies_executing_runtime/Assemblies.expected +++ b/csharp/ql/integration-tests/posix/standalone_dependencies_executing_runtime/Assemblies.expected @@ -23,6 +23,7 @@ | [...]/csharp/tools/[...]/Mono.Posix.NETStandard.dll | | [...]/csharp/tools/[...]/NaturalSort.Extension.dll | | [...]/csharp/tools/[...]/Newtonsoft.Json.dll | +| [...]/csharp/tools/[...]/NuGet.Versioning.dll | | [...]/csharp/tools/[...]/StructuredLogger.dll | | [...]/csharp/tools/[...]/System.AppContext.dll | | [...]/csharp/tools/[...]/System.Buffers.dll |