fix(S1075): replace hardcoded ToolInformationUri with ThisAssembly.Info.RepositoryUrl

[Copilot]

SonarCloud S1075 flagged the hardcoded "https://github.com/304NotModified/SLNX-validator" URI in SarifReporter.cs. The URL already lives in src/Directory.Build.props as <RepositoryUrl>.

Changes

• SLNX-validator.Core.csproj: adds ThisAssembly.AssemblyInfo (PrivateAssets="all") and a Constant item that bridges $(RepositoryUrl) into the ThisAssembly.Info namespace (necessary because the SDK emits RepositoryUrl as AssemblyMetadata, which ThisAssembly.AssemblyInfo explicitly excludes from its auto-generation)
• SarifReporter.cs: replaces the hardcoded const with the source-generated property

// before
private const string ToolInformationUri = "https://github.com/304NotModified/SLNX-validator";

// after
private static readonly string ToolInformationUri = ThisAssembly.Info.RepositoryUrl;

No reflection; value resolved at compile time via Roslyn source generation.

Original prompt

Doel

Los SonarCloud issue S1075 op in SarifReporter.cs door de hardcoded URI te vervangen met de ThisAssembly source generator, die de waarde compile-time uit RepositoryUrl in src/Directory.Build.props haalt.

Context

• SarifReporter.cs (regel 13) heeft een hardcoded const string ToolInformationUri = "https://github.com/304NotModified/SLNX-validator" — dit triggert SonarCloud regel S1075 (geen hardcoded absolute URIs).
• De URL staat al in src/Directory.Build.props als <RepositoryUrl>https://github.com/304NotModified/SLNX-validator</RepositoryUrl>.
• De oplossing is de ThisAssembly.AssemblyInfo NuGet package gebruiken, die via source generation een compile-time ThisAssembly.Info.RepositoryUrl property genereert — geen reflection, geen file-generatie in de pipeline.

Wijzigingen

1. Voeg ThisAssembly.AssemblyInfo toe aan src/SLNX-validator.Core/SLNX-validator.Core.csproj

<PackageReference Include="ThisAssembly.AssemblyInfo" Version="2.*" PrivateAssets="all" />

2. Pas src/SLNX-validator.Core/SarifReporting/SarifReporter.cs aan

Vervang:

private const string ToolInformationUri = "https://github.com/304NotModified/SLNX-validator";

Door:

private static readonly string ToolInformationUri = ThisAssembly.Info.RepositoryUrl;

Opmerkingen

• PrivateAssets="all" zorgt dat de source generator niet als transitieve dependency meekomt.
• De RepositoryUrl in src/Directory.Build.props hoeft niet gewijzigd te worden.
• Dit is een puur onderhoudstechnische wijziging; gedrag verandert niet.
• Zorg dat de build nog steeds slaagt en alle tests groen zijn.

The following is the prior conversation context from the user's chat exploration (may be truncated):

User: Kan je deze issues lezen? https://sonarcloud.io/project/issues?issueStatuses=OPEN%2CCONFIRMED&sinceLeakPeriod=true&id=slnx-validator

Assistant: Helaas kan ik de SonarCloud-link niet direct openen of uitlezen — ik heb geen toegang tot externe webservices zoals SonarCloud.

Wat ik wel kan doen:

1. Kopieer de issues uit SonarCloud en plak ze hier, dan kan ik helpen ze op te lossen.
2. Maak een PR in 304NotModified/SLNX-validator als je weet welke code-issues aangepakt moeten worden.
3. Onderzoek de codebase als je me vertelt wat voor soort problemen SonarCloud heeft gevonden (bijv. code smells, bugs, security vulnerabilities).

Wat is het makkelijkst voor jou?

User: Heb je een export url?

Assistant: Ja! SonarCloud heeft een publieke REST API. Je kunt de issues ophalen via:

https://sonarcloud.io/api/issues/search?componentKeys=slnx-validator&issueStatuses=OPEN,CONFIRMED

Plak die URL in je browser (of stuur me de JSON-output), dan kan ik de issues analyseren en helpen oplossen.

Als het project privé is, heb je een token nodig. Die kun je aanmaken op: sonarcloud.io/account/security

Probeer het eens en plak de output hier!

User: {"total":7,"p":1,"ps":100,"paging":{"pageIndex":1,"pageSize":100,"total":7},"effortTotal":58,"debtTotal":58,"issues":[{"key":"AZ1puUd_P77SLJn5J6UV","rule":"csharpsquid:S927","severity":"CRITICAL","component":"slnx-validator:src/SLNX-validator.Core/SarifReporting/SarifReporter.cs","project":"slnx-validator","line":15,"hash":"247cfac9bd39dfac92b3b3a004be4845","textRange":{"startLine":15,"endLine":15,"startOffset":62,"endOffset":75},"flows":[],"status":"OPEN","message":"Rename parameter \u0027reportResults\u0027 to \u0027results\u0027 to match the base class declaration.","effort":"10min","debt":"10min","tags":["suspicious"],"creationDate":"2026-04-06T18:13:31+0000","updateDate":"2026-04-06T22:46:01+0000","type":"CODE_SMELL","organization":"304notmodified","cleanCodeAttribute":"IDENTIFIABLE","cleanCodeAttributeCategory":"CONSISTENT","impacts":[{"softwareQuality":"MAINTAINABILITY","severity":"HIGH"}],"issueStatus":"OPEN","projectName":"SLNX-validator","internalTags":[],"lastChangeAnalysisUuid":"29213cdc-cfdd-4f9e-9cb6-d3f3ef148fde","lastChangeSource":"ANALYSIS"},{"key":"AZ1puUe-P77SLJn5J6UW","rule":"csharpsquid:S927","severity":"CRITICAL","component":"slnx-validator:src/SLNX-validator.Core/SonarQubeReporting/SonarReporter.cs","project":"slnx-validator","line":10,"hash":"247cfac9bd39dfac92b3b3a004be4845","textRange":{"startLine":10,"endLine":10,"startOffset":62,"endOffset":75},"flows":[],"status":"OPEN","message":"Rename parameter \u0027reportResults\u0027 to \u0027results\u0027 to match the base class declaration.","effort":"10min","debt":"10min","tags":["suspicious"],"creationDate":"2026-04-06T18:13:31+0000","updateDate":"2026-04-06T22:46:01+0000","type":"CODE_SMELL","organization":"304notmodified","cleanCodeAttribute":"IDENTIFIABLE","cleanCodeAttributeCategory":"CONSISTENT","impacts":[{"softwareQuality":"MAINTAINABILITY","severity":"HIGH"}],"issueStatus":"OPEN","projectName":"SLNX-validator","internalTags":[],"lastChangeAnalysisUuid":"29213cdc-cfdd-4f9e-9cb6-d3f3ef148fde","l...

This pull request was created from Copilot chat.