The MSBuildWorkspace class in the Compiler API (Roslyn) v2.9 throws the following exception message to occur when calling the GetCompilationAsync method in some cases.
ArgumentException: Reference of type 'Microsoft.CodeAnalysis.UnresolvedMetadataReference' is not valid for this compilation. Parameter name: references
While the exception message does not clearly identify the root cause of this issue, this exception has been reported several times in the Roslyn repository (see references below). The root cause of this issue is loading a project file with a default platform value (AnyCPU, x64, x86) different than the solution file.
For example, the following PumaPrey.sln file has the platform set to AnyCPU:
GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU Release|Any CPU = Release|Any CPU EndGlobalSection
If a given project has the a different default platform, the GetCompilationAsync call will fail to compile the project and raise the unresolved metadata reference exception. This scenario exists in the Skunk.csproj file.
<PropertyGroup> <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration> <Platform Condition=" '$(Platform)' == '' ">x86</Platform>
To help Puma Scan Professional users address this issue, the Server Edition now ships a PowerShell script called ChangeDefaultPlatform.ps1, which helps set a common platform across all project files.
To run the script, pass the script 2 arguments:
1: Path to the directory containing the projects to modify
2: Platform to use [AnyCPU|x86|x64].
This bug does not appear to affect the Puma Scan Professional End User Edition because Visual Studio correctly resolves the metadata references on its own.
DevOps is redefining the way organizations handle software development. But it’s also challenging security professionals...