Enable nullable reference types for the repo

[mavasani]

1. I have broken down the changes to each analyzer package in different commits.
2. I haven't enable nullable for test projects in this PR
3. I have added few suppressions or nullable disable at source file level for bunch of security analyzers. @dotpaul will address these in a follow-up PR. You can search for #pramga warning disable CS or comments with TODO(dotpaul): Enable nullable analysis.

NOTE: PR targets 2.9.x branch. Once it flows into master, I will add remaining annotations in new code in master.

[sharwell]

💭 Could this one have been a bug? Maybe try to add a test to hit this case?

[mavasani]

Avoiding adding unit tests in this PR. I will leave this comment unresolved and file a followup bug to track any such cases.

[dotpaul]

                                    && !sslProtocolsSymbol.Equals(variableInitializerOperation.Value.Type))

Change this to:

if (variableInitializerOperation.Value == null
    || !sslProtocolsSymbol.Equals(variableInitializerOperation.Value.Type))

and then can get rid of the ? for valueOperation.

(I think that makes more sense anyway. Thanks nullable reference!)

---

Refers to: src/Microsoft.NetCore.Analyzers/Core/Security/SslProtocolsAnalyzer.cs:127 in 64aa452. [](commit_id = 64aa452, deletion_comment = False)

[dotpaul]

🚢 security analyzers look fine to me

[sharwell]

📝 Now at 212/322 files viewed

[sharwell]

💭 This is a fascinating case. We have several situations where the code fix relies on the analyzer behavior to ensure null will not be encountered. No request for a change here but eventually interested in seeing if the situation could be improved.

[mavasani]

Yes, totally agree. We need a follow-up PR to clean this up across the repo.

[sharwell]

Now up to 248/322.

[sharwell]

💭 Was the lack of a null check here a bug in the analyzer? Any idea how we might have hit that case?

Not a big fan of the suppression here, but WhereNotNull would be an additional allocation. Perhaps we're on a code path where it doesn't matter anyway so I'll leave the suggestion here:

Suggested change

	IEnumerable<string> filteredStrings = stringLiteralValues.Where(literal => literal != null && !LooksLikeXmlTag(literal))!;
	IEnumerable<string> filteredStrings = stringLiteralValues.WhereNotNull().Where(literal => !LooksLikeXmlTag(literal));

[mavasani]

Yep, it was a bug. I will keep this comment unresolved so we can track adding a regression test for this.

[sharwell]

😕 Was this a bug? Should we have a test covering this condition?

[mavasani]

Yes, will add this comment to set of items that needs a regression test.

[mavasani]

Ah, I accidentally fetched in sources from master :(. I will clean this up and update the PR over the weekend.

[mavasani]

The branch is now back to sane state. @sharwell Please let me know if you have any more feedback before I merge the PR. I will file a separate work item for adding tests for unresolved comments.

[mavasani]

@sharwell Any concerns in me merging the PR?

@dotpaul I presume you want me to wait for #3050 to go in before this PR is merged, so that 2.9.8 release is unaffected by this change?

[dotpaul]

@dotpaul I presume you want me to wait for #3050 to go in before this PR is merged, so that 2.9.8 release is unaffected by this change?

Yes please.

[sharwell]

📝 This suppression is not supposed to be needed. If it's not compiling for you with this removed, a compiler bug should be filed.

[mavasani]

@dotnet-bot retest this please