From 982692db5b9b8b42d87f17edd225562c163cf603 Mon Sep 17 00:00:00 2001 From: Widthdom Date: Sun, 28 Jun 2026 03:32:42 +0900 Subject: [PATCH] Replace AddWithValue in symbol lookups (#4057) --- changelog.d/unreleased/4057.fixed.md | 16 +++++++++++++ src/CodeIndex/Database/DbSymbolReader.cs | 10 ++++---- tests/CodeIndex.Tests/DbReaderTests.cs | 30 ++++++++++++++++++++++++ 3 files changed, 51 insertions(+), 5 deletions(-) create mode 100644 changelog.d/unreleased/4057.fixed.md diff --git a/changelog.d/unreleased/4057.fixed.md b/changelog.d/unreleased/4057.fixed.md new file mode 100644 index 000000000..58b8686c9 --- /dev/null +++ b/changelog.d/unreleased/4057.fixed.md @@ -0,0 +1,16 @@ +--- +category: fixed +issues: + - 4057 +affected: + - src/CodeIndex/Database/DbSymbolReader.cs + - tests/CodeIndex.Tests/DbReaderTests.cs +--- + +## English + +- **Symbol line lookups now use explicit SQLite parameter binding (#4057)** — `AnalyzeFileLine` no longer relies on `AddWithValue` inside symbol lookup queries, so the dotnet risk audit stays aligned with the repository SQLite command policy. + +## 日本語 + +- **シンボル行 lookup が明示的な SQLite parameter binding を使うようになりました (#4057)** — `AnalyzeFileLine` のシンボル lookup query 内で `AddWithValue` に依存しなくなり、dotnet risk audit がリポジトリの SQLite command policy と揃うようになりました。 diff --git a/src/CodeIndex/Database/DbSymbolReader.cs b/src/CodeIndex/Database/DbSymbolReader.cs index 29db9960f..8034d598e 100644 --- a/src/CodeIndex/Database/DbSymbolReader.cs +++ b/src/CodeIndex/Database/DbSymbolReader.cs @@ -1821,13 +1821,13 @@ AND @line BETWEEN {bodyStartLineSql} AND {bodyEndLineSql} LIMIT @limit"; cmd.CommandText = sql; - cmd.Parameters.AddWithValue("@path", path); - cmd.Parameters.AddWithValue("@line", line); - cmd.Parameters.AddWithValue("@limit", limit); + SqliteCommandPolicy.Add(cmd, "@path", path); + SqliteCommandPolicy.Add(cmd, "@line", line); + SqliteCommandPolicy.Add(cmd, "@limit", limit); if (kind != null) - cmd.Parameters.AddWithValue("@kind", kind); + SqliteCommandPolicy.Add(cmd, "@kind", kind); if (lang != null) - cmd.Parameters.AddWithValue("@lang", lang); + SqliteCommandPolicy.Add(cmd, "@lang", lang); var results = new List(); using var reader = cmd.ExecuteTrackedReader(); diff --git a/tests/CodeIndex.Tests/DbReaderTests.cs b/tests/CodeIndex.Tests/DbReaderTests.cs index a73ed44e7..f6c14ebb6 100644 --- a/tests/CodeIndex.Tests/DbReaderTests.cs +++ b/tests/CodeIndex.Tests/DbReaderTests.cs @@ -2570,6 +2570,36 @@ public void SearchSymbols_BreaksSameLineTiesByStartColumn() Assert.Equal(["early SameLine()", "late SameLine()"], results.Select(result => result.Signature).ToArray()); } + [Fact] + public void AnalyzeFileLine_WithKindAndLanguageFilters_ReturnsSymbolAtLine_Issue4057() + { + InsertIndexedFile( + "src/issue4057/LineLookup.cs", + "csharp", + """ + public class LineLookup + { + public void Outside() { } + public void Target() + { + } + } + """); + + var analysis = _reader.AnalyzeFileLine( + "src/issue4057/LineLookup.cs", + line: 5, + limit: 5, + lang: "csharp", + kind: "function"); + + var definition = Assert.Single(analysis.Definitions); + Assert.Equal("Target", definition.Name); + Assert.Equal("function", definition.Kind); + Assert.Equal("csharp", definition.Lang); + Assert.Equal("src/issue4057/LineLookup.cs", definition.Path); + } + [Fact] public void SearchSymbols_CSharpOperatorsConversionsAndIndexersUseNavigableNames() {