private IDisposable EnterFunction(string name)
{
var fn = scope = function = new AnalysisScope.Function(scope, name);
return new Disposable(() =>
{
Assert.IsTrue(() => scope == function && function == fn);
scope = function.ParentScope;
if (scope is AnalysisScope.Function)
{
function = (AnalysisScope.Function)scope;
}
else
{
var s = scope.ParentScope;
var set = false;
while (s != null)
{
if (s is AnalysisScope.Function)
{
function = (AnalysisScope.Function)s;
set = true;
break;
}
s = s.ParentScope;
}
if (!set)
throw new InvalidOperationException("Invalid scope-chain");
}
});
}
private void StartAnalyzeCompilation([NotNull] CompilationStartAnalysisContext context)
{
Guard.NotNull(context, nameof(context));
AnalyzerSettings settings = SettingsProvider.LoadSettings(context.Options, context.CancellationToken);
NullabilityAttributeSymbols nullSymbols = NullabilityAttributeProvider.GetCached()
.GetSymbols(context.Compilation, context.CancellationToken);
if (nullSymbols == null)
{
// Nullability attributes not found; keep silent.
return;
}
IExternalAnnotationsResolver resolver = ExternalAnnotationsResolver.GetCached();
resolver.EnsureScanned();
var generatedCodeCache = new GeneratedCodeDocumentCache();
var typeCache = new FrameworkTypeCache(context.Compilation);
var nullabilityContext = new AnalysisScope(resolver, generatedCodeCache, typeCache, settings,
disableReportOnNullableValueTypesRule, appliesToItem);
var factory = new SymbolAnalyzerFactory(nullabilityContext);
ImmutableDictionary <string, string> properties = nullSymbols.GetMetadataNamesAsProperties();
context.RegisterSymbolAction(c => AnalyzeField(c, factory, properties), SymbolKind.Field);
context.RegisterSymbolAction(c => AnalyzeProperty(c, factory, properties), SymbolKind.Property);
context.RegisterSymbolAction(c => AnalyzeMethod(c, factory, properties), SymbolKind.Method);
context.RegisterSyntaxNodeAction(c => AnalyzeParameter(SyntaxToSymbolContext(c), factory, properties),
SyntaxKind.Parameter);
}
public ConditionTaintAnalyser(AnalysisScope scope, IIncludeResolver inclusionResolver, Stack <File> includeStack, FunctionsHandler fh)
{
this._analysisScope = scope;
this.includeResolver = inclusionResolver;
this._includeStack = includeStack;
this._funcHandler = fh;
}
public VariableResolver(IVariableStorage varStorage, AnalysisScope scope = AnalysisScope.File)
{
Preconditions.NotNull(varStorage, "varStorage");
this._variableStorage = varStorage;
this._scope = scope;
variableScope = scope == AnalysisScope.File ? VariableScope.File : VariableScope.Function;
}
private IDictionary <string, Variable> GetLocalScope(AnalysisScope scope)
{
if (scope == AnalysisScope.File)
{
return(_variableStorage.GlobalVariables);
}
return(_variableStorage.LocalVariables);
}
private IDisposable EnterBlock()
{
scope = new AnalysisScope.Block(scope);
return new Disposable(() =>
{
scope = scope.ParentScope;
});
}
public VariableResolver(IVariableStorage varStorage, AnalysisScope scope = AnalysisScope.File)
{
Preconditions.NotNull(varStorage, "varStorage");
this._variableStorage = varStorage;
this._scope = scope;
variableScope = scope == AnalysisScope.File ? VariableScope.File : VariableScope.Function;
}
public MethodCall ExtractMethodCall(XmlNode node, IVariableStorage varStorage, AnalysisScope scope = AnalysisScope.File)
{
int startLine = AstNode.GetStartLine(node);
int endLine = AstNode.GetEndLine(node);
string methodName = "";
//Get the varNode which includes either (new ClassName())->MethodName or $var->MethodName
var varNode = node.GetSubNode(AstConstants.Subnode + ":" + AstConstants.Subnodes.Var);
var classNames = new List<string>();
if (varNode.FirstChild.LocalName == AstConstants.Nodes.Expr_New)
{
//PHP: (new ClassName(args))->MethodName(args);
//Extract the ClassName directly, in this case there can be only one ClassName!
var className = varNode.FirstChild
.GetSubNode(AstConstants.Subnode + ":" + AstConstants.Subnodes.Class)
.GetSubNode(AstConstants.Node + ":" + AstConstants.Nodes.Name)
.GetSubNode(AstConstants.Subnode + ":" + AstConstants.Subnodes.Parts).FirstChild.FirstChild.InnerText;
classNames.Add(className);
methodName = node.GetSubNode(AstConstants.Subnode + ":" + AstConstants.Subnodes.Name).InnerText;
return new MethodCall(methodName, classNames, node, startLine, endLine) { Arguments = ExtractArgumentNodes(node) };
}
else
{
//PHP: $var->MethodName(args);
//Resolve the variable, and get all the possible class names!
VariableResolver vr = new VariableResolver(varStorage, scope);
VariableResolveResult variableResult = null;
if (vr.IsResolvableNode(varNode.FirstChild))
{
variableResult = vr.ResolveVariable(varNode.FirstChild);
classNames.AddRange(variableResult.Variable.Info.ClassNames.Where(className => !classNames.Contains(className)));
}
var nameSubnode = node.GetSubNode(AstConstants.Subnode + ":" + AstConstants.Subnodes.Name);
XmlNode nameNode = null;
bool success = nameSubnode.TryGetSubNode(AstConstants.Node + ":" + AstConstants.Nodes.Name, out nameNode);
if (success)
{
methodName = nameNode.InnerText;
}
else
{
if (nameSubnode.FirstChild.LocalName == AstConstants.Scalars.String)
{
methodName = nameSubnode.FirstChild.InnerText;
}
}
return variableResult == null ?
new MethodCall(methodName, classNames, node, startLine, endLine) { Arguments = ExtractArgumentNodes(node) } :
new MethodCall(methodName, classNames, node, startLine, endLine, variableResult.Variable) { Arguments = ExtractArgumentNodes(node) };
}
}
public TaintBlockAnalyzer(IVulnerabilityStorage vulnerabilityStorage, IIncludeResolver inclusionResolver, AnalysisScope scope,
Func<ImmutableVariableStorage, IIncludeResolver, AnalysisScope, AnalysisStacks, ImmutableVariableStorage> analyzeTaint,
AnalysisStacks stacks, FunctionAndMethodAnalyzerFactory subroutineAnalyzerFactory)
: this()
{
Preconditions.NotNull(vulnerabilityStorage, "vulnerabilityStorage");
Preconditions.NotNull(inclusionResolver, "inclusionResolver");
Preconditions.NotNull(analyzeTaint, "analyzeTaint");
Preconditions.NotNull(stacks, "stacks");
Preconditions.NotNull(subroutineAnalyzerFactory, "subroutineAnalyzerFactory");
this._vulnerabilityStorage = vulnerabilityStorage;
this._inclusionResolver = inclusionResolver;
this._analyzer = analyzeTaint;
this._analysisScope = scope;
this.ReturnInfos = new List<ExpressionInfo>();
this._analysisStacks = stacks;
this._subroutineAnalyzerFactory = subroutineAnalyzerFactory;
}
ParseExprToLambda(TextReader reader)
{
var scanner = new VB.Scanner(reader);
var errorTable = new List <VB.SyntaxError>();
var ast = new VB.Parser().ParseScriptFile(scanner, errorTable);
VBScriptSourceCodeReader sourceReader = reader as VBScriptSourceCodeReader;
ISourceMapper mapper = null;
if (sourceReader != null)
{
mapper = sourceReader.SourceMapper;
}
var scope = new AnalysisScope(
null,
"__snippet__",
this,
Expression.Parameter(typeof(VBScript), "vbscriptRuntime"),
Expression.Parameter(typeof(IDynamicMetaObjectProvider), "fileModule"),
mapper
);
List <Expression> body = new List <Expression>();
body.Add(Expression.Convert(VBScriptGenerator.GenerateExpr(ast, scope), typeof(object)));
if (scope.Errors.Count > 0)
{
throw new VBScriptCompilerException(scope.Errors);
}
var moduleFun = Expression.Lambda <Action <VBScript, IDynamicMetaObjectProvider> >(
Expression.Block(body),
scope.RuntimeExpr,
scope.ModuleExpr
);
return(moduleFun.Compile());
}
private IDictionary<string, Variable> GetLocalScope(AnalysisScope scope)
{
if (scope == AnalysisScope.File)
{
return _variableStorage.GlobalVariables;
}
return _variableStorage.LocalVariables;
}
public static Expression Generate(SourceUnitTree tree, AnalysisScope.TopLevel global)
{
return new AstGenerator(global).Generate(tree);
}
public MethodCall ExtractMethodCall(XmlNode node, IVariableStorage varStorage, AnalysisScope scope = AnalysisScope.File)
{
int startLine = AstNode.GetStartLine(node);
int endLine = AstNode.GetEndLine(node);
string methodName = "";
//Get the varNode which includes either (new ClassName())->MethodName or $var->MethodName
var varNode = node.GetSubNode(AstConstants.Subnode + ":" + AstConstants.Subnodes.Var);
var classNames = new List <string>();
if (varNode.FirstChild.LocalName == AstConstants.Nodes.Expr_New)
{
//PHP: (new ClassName(args))->MethodName(args);
//Extract the ClassName directly, in this case there can be only one ClassName!
var className = varNode.FirstChild
.GetSubNode(AstConstants.Subnode + ":" + AstConstants.Subnodes.Class)
.GetSubNode(AstConstants.Node + ":" + AstConstants.Nodes.Name)
.GetSubNode(AstConstants.Subnode + ":" + AstConstants.Subnodes.Parts).FirstChild.FirstChild.InnerText;
classNames.Add(className);
methodName = node.GetSubNode(AstConstants.Subnode + ":" + AstConstants.Subnodes.Name).InnerText;
return(new MethodCall(methodName, classNames, node, startLine, endLine)
{
Arguments = ExtractArgumentNodes(node)
});
}
else
{
//PHP: $var->MethodName(args);
//Resolve the variable, and get all the possible class names!
VariableResolver vr = new VariableResolver(varStorage, scope);
VariableResolveResult variableResult = null;
if (vr.IsResolvableNode(varNode.FirstChild))
{
variableResult = vr.ResolveVariable(varNode.FirstChild);
classNames.AddRange(variableResult.Variable.Info.ClassNames.Where(className => !classNames.Contains(className)));
}
var nameSubnode = node.GetSubNode(AstConstants.Subnode + ":" + AstConstants.Subnodes.Name);
XmlNode nameNode = null;
bool success = nameSubnode.TryGetSubNode(AstConstants.Node + ":" + AstConstants.Nodes.Name, out nameNode);
if (success)
{
methodName = nameNode.InnerText;
}
else
{
if (nameSubnode.FirstChild.LocalName == AstConstants.Scalars.String)
{
methodName = nameSubnode.FirstChild.InnerText;
}
}
return(variableResult == null ?
new MethodCall(methodName, classNames, node, startLine, endLine)
{
Arguments = ExtractArgumentNodes(node)
} :
new MethodCall(methodName, classNames, node, startLine, endLine, variableResult.Variable)
{
Arguments = ExtractArgumentNodes(node)
});
}
}
private IEnumerable<Expression> FunctionBlock(AnalysisScope.Function functionScope, IEnumerable<Expression> body)
{
List<Expression> _body = new List<Expression>();
_body.AddRange(Write(functionScope.ReturnValue, engine.UndefinedExpr));
_body.AddRange(body);
_body.Add(Expression.Label(functionScope.ReturnTarget));
if (functionScope.Globalize)
{
_body.AddRange(functionScope.Variables.Select(
var => Utils.LightDynamic(
engine.GetSetMemberBinder(var.Name),
global.GlobalExpr,
var
)
));
}
_body.Add(functionScope.ReturnValue);
yield return Expression.Block(
typeof(TotemObject),
new ParameterExpression[] { functionScope.ReturnValue }
.Concat(functionScope.Variables),
_body
);
}
public ConditionTaintAnalyser(AnalysisScope scope, IIncludeResolver inclusionResolver, Stack<File> includeStack)
{
this._analysisScope = scope;
this.includeResolver = inclusionResolver;
this._includeStack = includeStack;
}
ParseFileToLambda(string filename, TextReader reader)
{
var scanner = new VB.Scanner(reader);
var errorTable = new List <VB.SyntaxError>();
var block = new VB.Parser().ParseScriptFile(scanner, errorTable);
if (errorTable.Count > 0)
{
List <VBScriptSyntaxError> errors = new List <VBScriptSyntaxError>();
foreach (VB.SyntaxError error in errorTable)
{
errors.Add(new VBScriptSyntaxError(
filename,
SourceUtil.ConvertSpan(error.Span),
(int)error.Type,
error.Type.ToString())
);
}
throw new VBScriptCompilerException(errors);
}
VBScriptSourceCodeReader sourceReader = reader as VBScriptSourceCodeReader;
ISourceMapper mapper = null;
if (sourceReader != null)
{
mapper = sourceReader.SourceMapper;
}
var scope = new AnalysisScope(
null,
filename,
this,
Expression.Parameter(typeof(VBScript), "vbscriptRuntime"),
Expression.Parameter(typeof(IDynamicMetaObjectProvider), "fileModule"),
mapper);
//Generate function table
List <Expression> body = new List <Expression>();
//Add the built in globals
ParameterExpression err = Expression.Parameter(typeof(ErrObject), ERR_PARAMETER);
scope.Names.Add(ERR_PARAMETER, err);
body.Add(
Expression.Assign(
err,
Expression.New(typeof(ErrObject))
)
);
if (Trace)
{
ParameterExpression trace = Expression.Parameter(typeof(ITrace), TRACE_PARAMETER);
scope.Names.Add(TRACE_PARAMETER, trace);
body.Add(
Expression.Assign(
trace,
Expression.Convert(
Expression.Dynamic(
scope.GetRuntime().GetGetMemberBinder(TRACE_PARAMETER),
typeof(object),
scope.GetModuleExpr()
),
typeof(ITrace)
)
)
);
}
//Put module variables and functions into the scope
VBScriptAnalyzer.AnalyzeFile(block, scope);
//Generate the module level code other than the methods:
if (block.Statements != null)
{
foreach (var s in block.Statements)
{
if (s is VB.MethodDeclaration)
{
//Make sure methods are created first before being executed
body.Insert(0, VBScriptGenerator.GenerateExpr(s, scope));
}
else
{
Expression stmt = VBScriptGenerator.GenerateExpr(s, scope);
if (scope.VariableScope.IsOnErrorResumeNextOn)
{
stmt = VBScriptGenerator.WrapTryCatchExpression(stmt, scope);
}
Expression debugInfo = null;
Expression clearDebugInfo = null;
if (Trace && s is VB.Statement && !(s is VB.BlockStatement))
{
debugInfo = VBScriptGenerator.GenerateDebugInfo(s, scope, out clearDebugInfo);
body.Add(debugInfo);
}
body.Add(stmt);
if (clearDebugInfo != null)
{
body.Add(clearDebugInfo);
}
}
}
}
body.Add(Expression.Constant(null)); //Stop anything from returning
if (scope.Errors.Count > 0)
{
throw new VBScriptCompilerException(scope.Errors);
}
//if (Debug)
//{
// Expression registerRuntimeVariables = VBScriptGenerator.GenerateRuntimeVariablesExpression(scope);
// body.Insert(0, registerRuntimeVariables);
//}
var moduleFun = Expression.Lambda <Action <VBScript, IDynamicMetaObjectProvider> >(
Expression.Block(
scope.Names.Values,
body),
scope.RuntimeExpr,
scope.ModuleExpr);
//if (!Debug)
//{
return(moduleFun.Compile());
//}
//else
//{
// Expression<Action<VBScript, IDynamicMetaObjectProvider>> lambda = (Expression<Action<VBScript, IDynamicMetaObjectProvider>>)DebugContext.TransformLambda(moduleFun);
// return lambda.Compile();
//}
}
private AstGenerator(AnalysisScope.TopLevel global)
{
this.global = global;
this.engine = global.Engine;
this.scope = this.function = new AnalysisScope.Function(global, "module", true);
}
public static VariableScope ToVariableScope(this AnalysisScope analysisScope)
{
return(analysisScope == AnalysisScope.File ? VariableScope.File : VariableScope.Function);
}
public SymbolAnalyzerFactory([NotNull] AnalysisScope scope)
{
Guard.NotNull(scope, nameof(scope));
this.scope = scope;
}
