.Net - False Quality Risks Analysis

Problem

We can see Unexpected QR in Sealights dashboard for a DotNet application on methods from files that were not changed for a long time.

Solution

Please follow the below instructions:

  1. Get a binary artifact (EXE, DLL) that was created before the QR was reported (ideally, the reference build)

  2. Get a recent artifact that has a QR on an unmodified code (ideally, the latest build)

  3. Download a Decompiler tool called ILSpy (open source, MIT license, free) from https://github.com/icsharpcode/ILSpy/releases

  4. Open the tool and drag the earlier artifact (1) to it, then locate a method that was reported as QR.

    1. Its contents will be visible on the right column.

    2. In the toolbar change the language from C# (default) to IL, and make note of the result (better - save it to a file)

  5. Do the same for the later artifact (2), and compare the results.

 

We expect (4) and (5) to differ, please share with us the detailed information from this tool to help you understand why that change occurred.