fix: resolve CodeQL warnings across Core and test projects

[piotrzajac]

Summary

• Combine nested if statements in IgnoreVirtualMembersSpecimenBuilder
• Add ToString() override to AbstractTestClass to fix default Object.ToString() warning
• Use object instead of var in ValuesRequestTests to resolve incomparable-types Equals warning
• Remove redundant GetHashCode() call on int in ValuesRequestTests
• Refactor CustomizeFixture foreach to use .Select() projection in AutoDataAdapterAttribute
• Replace as + Assert.NotNull with Assert.IsType<T> in Assert section in CustomizeWithAttributeTests and AutoDataAttributeProviderTests

Summary by CodeRabbit

• Bug Fixes

  • Fixed multiple CodeQL static analysis warnings across test suites and core components to enhance code safety, reliability, and overall quality standards.

• Chores

  • Added detailed backlog task documentation for comprehensive CodeQL warning remediation tracking.
  • Enhanced test assertion patterns and refactored conditional logic for improved code maintainability, clarity, and consistency throughout the codebase.

Test plan

• Build passes with 0 warnings and 0 errors
• All tests pass across all framework slices (net10.0, net472, net48)

🤖 Generated with Claude Code

[coderabbitai]

Warning

Rate limit exceeded

@piotrzajac has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 33 minutes and 53 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 33 minutes and 53 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 0726e47b-660d-4b13-b468-68662f0d8b91

📥 Commits

Reviewing files that changed from the base of the PR and between 55f16ba and cd3f7d4.

📒 Files selected for processing (4)

• .coderabbit.yaml
• src/Objectivity.AutoFixture.XUnit2.Core.Tests/Attributes/CustomizeWithAttributeTests.cs
• src/Objectivity.AutoFixture.XUnit2.Core.Tests/Providers/AutoDataAttributeProviderTests.cs
• src/Objectivity.AutoFixture.XUnit2.Core.Tests/Requests/ValuesRequestTests.cs

📝 Walkthrough

Walkthrough

This PR addresses CodeQL warnings by applying seven specific code-quality fixes: refactoring collapsible conditional statements into single expressions, adding a ToString() override, adjusting variable types for improved type safety, replacing Assert.NotNull with Assert.IsType<T> assertions, refactoring imperative loops to LINQ projections, and correcting hash-code logic. A backlog task document was added documenting these changes.

Changes

Cohort / File(s)	Summary
Test Assertion Updates src/Objectivity.AutoFixture.XUnit2.Core.Tests/Attributes/CustomizeWithAttributeTests.cs, src/Objectivity.AutoFixture.XUnit2.Core.Tests/Providers/AutoDataAttributeProviderTests.cs	Replaced Assert.NotNull and manual type checks with Assert.IsType<T>() assertions for stronger type safety and cleaner test logic.
Type Safety and Helper Updates src/Objectivity.AutoFixture.XUnit2.Core.Tests/Attributes/AutoDataAdapterAttributeTests.cs, src/Objectivity.AutoFixture.XUnit2.Core.Tests/Requests/ValuesRequestTests.cs	Added ToString() override to abstract test helper class; adjusted variable type from var to object, corrected hash-code calculation, and fixed typos in suppression message attributes.
Production Code Refactoring src/Objectivity.AutoFixture.XUnit2.Core/Attributes/AutoDataAdapterAttribute.cs, src/Objectivity.AutoFixture.XUnit2.Core/SpecimenBuilders/IgnoreVirtualMembersSpecimenBuilder.cs	Refactored imperative foreach loop to LINQ Select projection; collapsed nested conditional statements into single boolean expression.
Documentation .backlog/tasks/task-16 - Fix-CodeQL-warnings.md	Added backlog task document enumerating seven completed CodeQL warning fixes with acceptance criteria.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• Initial commit with first changes #248: Makes similar test assertion pattern changes across the same test files (CustomizeWithAttributeTests, AutoDataAdapterAttributeTests, AutoDataAttributeProviderTests, ValuesRequestTests).
• Remove AutoFixture.Xunit2 dependency from CustomizeAttributeComparer #257: Modifies the same AutoDataAdapterAttribute.CustomizeFixture method sorting logic with the generic CustomizeAttributeComparer<FrozenAttribute>.

Suggested labels

enhancement

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title clearly and concisely describes the main objective: resolving CodeQL warnings across the Core and test projects, which aligns with all the changes made.
Description check	✅ Passed	The pull request description is mostly complete with a clear summary of changes and a test plan, but it lacks an issue link closure statement and does not fully address the checklist items from the template.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/codeql-warnings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Qodana Community for .NET

Analyzed project: src/

It seems all right 👌

No new problems were found according to the checks applied

View the detailed Qodana report

To be able to view the detailed Qodana report, you can either:

• Register at Qodana Cloud and configure the action
• Use GitHub Code Scanning with Qodana
• Host Qodana report at GitHub Pages
• Inspect and use qodana.sarif.json (see the Qodana SARIF format for details)

To get *.log files or any other Qodana artifacts, run the action with upload-result option set to true,
so that the action will upload the files as the job artifacts:

      - name: 'Qodana Scan'
        uses: JetBrains/qodana-action@v2025.3.2
        with:
          upload-result: true

Contact Qodana team

Contact us at qodana-support@jetbrains.com

• Or via our issue tracker: https://jb.gg/qodana-issue
• Or share your feedback: https://jb.gg/qodana-discussions

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (6aa4465) to head (cd3f7d4).
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff            @@
##            master      #329   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           39        39           
  Lines          421       419    -2     
  Branches        55        53    -2     
=========================================
- Hits           421       419    -2     

Flag	Coverage Δ
unittests	99.76% <100.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

🧹 Nitpick comments (2)

src/Objectivity.AutoFixture.XUnit2.Core.Tests/Providers/AutoDataAttributeProviderTests.cs (1)

22-26: Redundant as cast — pass GetAttribute(...) directly to Assert.IsType<T>.

With the new Assert.IsType<AutoDataAdapterAttribute> assertion, the preceding as cast no longer serves a purpose. Removing it also improves the failure message: on a type mismatch, Assert.IsType<T> would report the actual runtime type instead of null (which is what the as cast would produce on mismatch today).

♻️ Proposed cleanup

             // Act
-            var dataAttribute = provider.GetAttribute(fixture) as AutoDataAdapterAttribute;
+            var dataAttribute = provider.GetAttribute(fixture);

             // Assert
             var typed = Assert.IsType<AutoDataAdapterAttribute>(dataAttribute);
             Assert.Equal(fixture, typed.AdaptedFixture);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@src/Objectivity.AutoFixture.XUnit2.Core.Tests/Providers/AutoDataAttributeProviderTests.cs`
around lines 22 - 26, Remove the redundant "as" cast when calling GetAttribute
in AutoDataAttributeProviderTests: call
Assert.IsType<AutoDataAdapterAttribute>(provider.GetAttribute(fixture)) directly
so Assert.IsType can report the actual runtime type on failure; update the test
around GetAttribute, AutoDataAdapterAttribute and the typed variable accordingly
(no prior "as" cast).

src/Objectivity.AutoFixture.XUnit2.Core.Tests/Attributes/CustomizeWithAttributeTests.cs (1)

132-138: Redundant as cast in both refactored assertions.

Same observation as in AutoDataAttributeProviderTests: Assert.IsType<ArgumentsDiscoveryCustomization>(...) already enforces the type, so the as ArgumentsDiscoveryCustomization in the Act sections is now dead narrowing. Removing it yields a more informative failure message (actual runtime type vs. null).

♻️ Proposed cleanup (apply to both tests)

             // Act
-            var customization = customizeAttribute.GetCustomization(parameter) as ArgumentsDiscoveryCustomization;
+            var customization = customizeAttribute.GetCustomization(parameter);

             // Assert
             var typed = Assert.IsType<ArgumentsDiscoveryCustomization>(customization);

Also applies to: 153-158

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@src/Objectivity.AutoFixture.XUnit2.Core.Tests/Attributes/CustomizeWithAttributeTests.cs`
around lines 132 - 138, Remove the redundant "as
ArgumentsDiscoveryCustomization" cast when calling
customizeAttribute.GetCustomization(parameter) in CustomizeWithAttributeTests;
instead capture the raw result (var customization =
customizeAttribute.GetCustomization(parameter)) and let
Assert.IsType<ArgumentsDiscoveryCustomization>(customization) return and assign
the typed value (var typed =
Assert.IsType<ArgumentsDiscoveryCustomization>(customization)); apply the same
removal/fix for the second occurrence referenced around the later assertions
(the block at 153-158).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In
`@src/Objectivity.AutoFixture.XUnit2.Core.Tests/Attributes/CustomizeWithAttributeTests.cs`:
- Around line 132-138: Remove the redundant "as ArgumentsDiscoveryCustomization"
cast when calling customizeAttribute.GetCustomization(parameter) in
CustomizeWithAttributeTests; instead capture the raw result (var customization =
customizeAttribute.GetCustomization(parameter)) and let
Assert.IsType<ArgumentsDiscoveryCustomization>(customization) return and assign
the typed value (var typed =
Assert.IsType<ArgumentsDiscoveryCustomization>(customization)); apply the same
removal/fix for the second occurrence referenced around the later assertions
(the block at 153-158).

In
`@src/Objectivity.AutoFixture.XUnit2.Core.Tests/Providers/AutoDataAttributeProviderTests.cs`:
- Around line 22-26: Remove the redundant "as" cast when calling GetAttribute in
AutoDataAttributeProviderTests: call
Assert.IsType<AutoDataAdapterAttribute>(provider.GetAttribute(fixture)) directly
so Assert.IsType can report the actual runtime type on failure; update the test
around GetAttribute, AutoDataAdapterAttribute and the typed variable accordingly
(no prior "as" cast).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 96152a61-f0ea-4aa8-9524-a8db6584fb7d

📥 Commits

Reviewing files that changed from the base of the PR and between 6aa4465 and 55f16ba.

📒 Files selected for processing (7)

• .backlog/tasks/task-16 - Fix-CodeQL-warnings.md
• src/Objectivity.AutoFixture.XUnit2.Core.Tests/Attributes/AutoDataAdapterAttributeTests.cs
• src/Objectivity.AutoFixture.XUnit2.Core.Tests/Attributes/CustomizeWithAttributeTests.cs
• src/Objectivity.AutoFixture.XUnit2.Core.Tests/Providers/AutoDataAttributeProviderTests.cs
• src/Objectivity.AutoFixture.XUnit2.Core.Tests/Requests/ValuesRequestTests.cs
• src/Objectivity.AutoFixture.XUnit2.Core/Attributes/AutoDataAdapterAttribute.cs
• src/Objectivity.AutoFixture.XUnit2.Core/SpecimenBuilders/IgnoreVirtualMembersSpecimenBuilder.cs