fix(codeql): Fix CodeQL issues

[piotrzajac]

Summary

Fix CodeQL issues:

• Spelling
• Handle private getters in IgnoreVirtualMembersSpecimenBuilder

Checklist

• Commit messages follow Conventional Commits (type(scope): description)
• dotnet build src/Objectivity.AutoFixture.XUnit2.AutoMock.sln passes with no warnings
• dotnet test src/Objectivity.AutoFixture.XUnit2.AutoMock.sln passes on all framework slices
• Code coverage remains at least at the level prior the change (verified by Codecov)
• Mutation score remains at least at the level prior the change (verified by Stryker)
• New tests follow the GIVEN/WHEN/THEN naming convention and AAA structure (see AGENTS.md)
• No new [SuppressMessage] without a justification comment
• No // TODO: comments added — open a GitHub issue instead
• No new dependencies introduced that are incompatible with the MIT license (verified by FOSSA)

Summary by CodeRabbit

• Tests

  • Added test coverage for virtual properties with private getters.
  • Corrected spelling in test naming for consistency.

• Bug Fixes

  • Improved virtual member detection logic to handle null cases more robustly.

[coderabbitai]

Warning

Rate limit exceeded

@piotrzajac has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 43 minutes and 50 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 43 minutes and 50 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 2a005bac-d64e-412c-8cf9-c96b798c8739

📥 Commits

Reviewing files that changed from the base of the PR and between 6b68267 and d0a7a04.

📒 Files selected for processing (1)

• src/Objectivity.AutoFixture.XUnit2.Core.Tests/SpecimenBuilders/IgnoreVirtualMembersSpecimenBuilderTests.cs

📝 Walkthrough

Walkthrough

Three files updated: test display name and method name corrected for spelling accuracy, new test case added for virtual properties with private getters, and virtual-member detection logic refactored to use pattern matching instead of direct member access.

Changes

Cohort / File(s)	Summary
Test Fixes src/Objectivity.AutoFixture.XUnit2.Core.Tests/Requests/ValuesRequestTests.cs	Corrected spelling of test display name and method name from "conteins" to "contains" without changing test logic or assertions.
Test Extensions src/Objectivity.AutoFixture.XUnit2.Core.Tests/SpecimenBuilders/IgnoreVirtualMembersSpecimenBuilderTests.cs	Added new test case GivenVirtualPropertyInfoWithPrivateGetter_WhenCreateInvoked_ThenNoSpecimenInstance to verify behavior when virtual property has private getter; extended FakeObject helper class with new property.
Implementation Refactoring src/Objectivity.AutoFixture.XUnit2.Core/SpecimenBuilders/IgnoreVirtualMembersSpecimenBuilder.cs	Updated virtual-member detection to use pattern matching (pi.GetGetMethod() is { IsVirtual: true }) for null-safe property getter evaluation.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• fix: resolve CodeQL warnings across Core and test projects #329: Updates to IgnoreVirtualMembersSpecimenBuilder.Create and related test modifications across both PRs.
• Initial commit with first changes #248: Modifies the same test files with assertion conversions while this PR adds test cases and fixes naming.

Suggested labels

enhancement

🚥 Pre-merge checks | ✅ 1 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is incomplete. It is missing the issue link (Closes #) and lacks detailed explanation of the CodeQL issues being fixed.	Add 'Closes #' with the relevant issue number and provide a detailed description of each CodeQL issue being addressed in the PR.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix(codeql): Fix CodeQL issues' accurately summarizes the main purpose of the PR and uses conventional commit format.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/codeql-issues

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

src/Objectivity.AutoFixture.XUnit2.Core.Tests/SpecimenBuilders/IgnoreVirtualMembersSpecimenBuilderTests.cs (1)

153-154: Consider asserting the getter is actually non-public to keep the test meaningful.

VirtualPropertyWithPrivateGetter relies on the compiler honoring private get; so that GetGetMethod() (public-only) returns null. If someone later changes the accessor, this test would silently start exercising the public-getter path instead. An explicit guard (e.g., Assert.Null(typeof(FakeObject).GetProperty(...)!.GetGetMethod()) inside the Arrange block) would lock the intent.

Also minor: the CA1044 suppression justification says "null getter scenario," but the property is not write-only (it has a private getter), so the justification text is slightly misleading.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@src/Objectivity.AutoFixture.XUnit2.Core.Tests/SpecimenBuilders/IgnoreVirtualMembersSpecimenBuilderTests.cs`
around lines 153 - 154, Add an explicit guard assertion in the test Arrange
block to ensure the getter is non-public by asserting that
typeof(FakeObject).GetProperty("VirtualPropertyWithPrivateGetter")!.GetGetMethod()
returns null, so the test fails fast if the accessor is changed; also update the
CA1044 suppression Justification from "Required to test null getter scenario."
to accurately reflect a private-getter scenario (e.g., "Required to test
private-getter scenario.").

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In
`@src/Objectivity.AutoFixture.XUnit2.Core.Tests/SpecimenBuilders/IgnoreVirtualMembersSpecimenBuilderTests.cs`:
- Around line 153-154: Add an explicit guard assertion in the test Arrange block
to ensure the getter is non-public by asserting that
typeof(FakeObject).GetProperty("VirtualPropertyWithPrivateGetter")!.GetGetMethod()
returns null, so the test fails fast if the accessor is changed; also update the
CA1044 suppression Justification from "Required to test null getter scenario."
to accurately reflect a private-getter scenario (e.g., "Required to test
private-getter scenario.").

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 1ce720d1-7349-42a8-bbee-2446acbd1f33

📥 Commits

Reviewing files that changed from the base of the PR and between 815b154 and 6b68267.

📒 Files selected for processing (3)

• src/Objectivity.AutoFixture.XUnit2.Core.Tests/Requests/ValuesRequestTests.cs
• src/Objectivity.AutoFixture.XUnit2.Core.Tests/SpecimenBuilders/IgnoreVirtualMembersSpecimenBuilderTests.cs
• src/Objectivity.AutoFixture.XUnit2.Core/SpecimenBuilders/IgnoreVirtualMembersSpecimenBuilder.cs

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (815b154) to head (d0a7a04).
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff            @@
##            master      #330   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           39        39           
  Lines          419       419           
  Branches        53        53           
=========================================
  Hits           419       419           

Flag	Coverage Δ
unittests	99.76% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

Qodana Community for .NET

Analyzed project: src/

It seems all right 👌

No new problems were found according to the checks applied

View the detailed Qodana report

To be able to view the detailed Qodana report, you can either:

• Register at Qodana Cloud and configure the action
• Use GitHub Code Scanning with Qodana
• Host Qodana report at GitHub Pages
• Inspect and use qodana.sarif.json (see the Qodana SARIF format for details)

To get *.log files or any other Qodana artifacts, run the action with upload-result option set to true,
so that the action will upload the files as the job artifacts:

      - name: 'Qodana Scan'
        uses: JetBrains/qodana-action@v2025.3.2
        with:
          upload-result: true

Contact Qodana team

Contact us at qodana-support@jetbrains.com

• Or via our issue tracker: https://jb.gg/qodana-issue
• Or share your feedback: https://jb.gg/qodana-discussions