public void VisitAssignment(AssignmentExpressionSyntax node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState)
{
var assignment = node;
if (assignment is AssignmentExpressionSyntax)
{
// Only PasswordValidator properties will cause a new tag to be added
if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequiredLength"))
{
variableRightState.AddTag(VariableTag.RequiredLengthIsSet);
}
else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireDigit"))
{
variableRightState.AddTag(VariableTag.RequireDigitIsSet);
}
else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireLowercase"))
{
variableRightState.AddTag(VariableTag.RequireLowercaseIsSet);
}
else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireNonLetterOrDigit"))
{
variableRightState.AddTag(VariableTag.RequireNonLetterOrDigitIsSet);
}
else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireUppercase"))
{
variableRightState.AddTag(VariableTag.RequireUppercaseIsSet);
}
}
}
private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx)
{
SyntaxNode assignment;
SyntaxNode memberAccess;
if (ctx.Node.Language == LanguageNames.CSharp)
{
assignment = ctx.Node as CSharpSyntax.AssignmentExpressionSyntax;
memberAccess = ((CSharpSyntax.AssignmentExpressionSyntax)assignment)?.Left as CSharpSyntax.MemberAccessExpressionSyntax;
}
else
{
assignment = ctx.Node as VBSyntax.AssignmentStatementSyntax;
memberAccess = ((VBSyntax.AssignmentStatementSyntax)assignment)?.Left as VBSyntax.MemberAccessExpressionSyntax;
}
if (memberAccess == null)
{
return;
}
var symbolMemberAccess = ctx.SemanticModel.GetSymbolInfo(memberAccess).Symbol;
if (AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "ServicePointManager", name: "ServerCertificateValidationCallback") ||
AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "ServicePointManager", name: "CertificatePolicy"))
{
var diagnostic = Diagnostic.Create(Rule, assignment.GetLocation());
ctx.ReportDiagnostic(diagnostic);
}
}
private static void VisitSyntaxNodeEx(SyntaxNodeAnalysisContext ctx)
{
Microsoft.CodeAnalysis.VisualBasic.Syntax.InvocationExpressionSyntax node = ctx.Node as Microsoft.CodeAnalysis.VisualBasic.Syntax.InvocationExpressionSyntax;
Microsoft.CodeAnalysis.VisualBasic.Syntax.ObjectCreationExpressionSyntax node2 = ctx.Node as Microsoft.CodeAnalysis.VisualBasic.Syntax.ObjectCreationExpressionSyntax;
if (node != null)
{
var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol;
foreach (string cipher in BadCiphers)
{
if (AnalyzerUtil.SymbolMatch(symbol, type: cipher, name: "Create"))
{
var diagnostic = Diagnostic.Create(Rule, node.Expression.GetLocation(), cipher);
ctx.ReportDiagnostic(diagnostic);
}
}
}
if (node2 != null)
{
var symbol = ctx.SemanticModel.GetSymbolInfo(node2).Symbol;
foreach (string cipher in BadCiphers)
{
if (AnalyzerUtil.SymbolMatch(symbol, type: cipher + "CryptoServiceProvider"))
{
var diagnostic = Diagnostic.Create(Rule, node2.GetLocation(), cipher);
ctx.ReportDiagnostic(diagnostic);
}
}
}
}
private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx)
{
MemberAccessExpressionSyntax node = ctx.Node as MemberAccessExpressionSyntax;
if (node != null)
{
var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol;
//DES.Create()
if (AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "ECB"))
{
var diagnostic = Diagnostic.Create(RuleECB, node.Expression.GetLocation(), "ECB");
ctx.ReportDiagnostic(diagnostic);
}
else if (AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "CBC"))
{
var diagnostic = Diagnostic.Create(RuleCBC, node.Expression.GetLocation(), "CBC");
ctx.ReportDiagnostic(diagnostic);
}
else if (AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "OFB") || AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "CFB") || AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "CTS"))
{
var diagnostic = Diagnostic.Create(RuleGeneric, node.Expression.GetLocation(), "OFB");
ctx.ReportDiagnostic(diagnostic);
}
}
}
public void CheckState(ExecutionState state)
{
// For every variables registered in state
foreach (var variableState in state.VariableStates)
{
var st = variableState.Value;
// Only if it is the constructor of the PasswordValidator instance
if (!AnalyzerUtil.SymbolMatch(state.GetSymbol(st.Node), "PasswordValidator", ".ctor"))
{
continue;
}
// If the PasswordValidator instance doesn't have the RequiredLength property
if (!st.Tags.Contains(VariableTag.RequiredLengthIsSet))
{
state.AnalysisContext.ReportDiagnostic(Diagnostic.Create(RulePasswordValidatorRequiredLength,
variableState.Value.Node.GetLocation()));
}
// If the PasswordValidator instance doesn't have enough properties set
if (!(st.Tags.Count >= Constants.MinimumPasswordValidatorProperties))
{
state.AnalysisContext.ReportDiagnostic(Diagnostic.Create(RulePasswordValidators,
variableState.Value.Node.GetLocation()));
}
}
}
public void VisitAssignment(AssignmentExpressionSyntax node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState)
{
//Looking for Assigment to Secure or HttpOnly property
var assigment = node;
if (assigment.Left is MemberAccessExpressionSyntax)
{
var memberAccess = (MemberAccessExpressionSyntax)assigment.Left;
if (memberAccess.Expression is IdentifierNameSyntax)
{
var identifier = (IdentifierNameSyntax)memberAccess.Expression;
string variableAccess = identifier.Identifier.ValueText;
if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure"))
{
state.AddTag(variableAccess, VariableTag.HttpCookieSecure);
}
else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly"))
{
state.AddTag(variableAccess, VariableTag.HttpCookieHttpOnly);
}
}
}
}
private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx)
{
SyntaxNode node;
SyntaxNode expression;
if (ctx.Node.Language == LanguageNames.CSharp)
{
node = ctx.Node as CSharpSyntax.InvocationExpressionSyntax;
expression = ((CSharpSyntax.InvocationExpressionSyntax)node)?.Expression;
}
else
{
node = ctx.Node as VBSyntax.InvocationExpressionSyntax;
expression = ((VBSyntax.InvocationExpressionSyntax)node)?.Expression;
}
if (node != null)
{
var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol;
//System.Random.Next()
if (AnalyzerUtil.SymbolMatch(symbol, type: "Random", name: "Next") ||
AnalyzerUtil.SymbolMatch(symbol, type: "Random", name: "NextBytes") ||
AnalyzerUtil.SymbolMatch(symbol, type: "Random", name: "NextDouble"))
{
var diagnostic = Diagnostic.Create(Rule, expression.GetLocation());
ctx.ReportDiagnostic(diagnostic);
}
}
}
public void VisitAssignmentExpression(SyntaxNodeAnalysisContext ctx, SyntaxNodeHelper nodeHelper)
{
SyntaxNode right = nodeHelper.GetAssignmentRightNode(ctx.Node);
SyntaxNode left = nodeHelper.GetAssignmentLeftNode(ctx.Node);
var symbol = ctx.SemanticModel.GetSymbolInfo(left).Symbol;
var content = right.GetText().ToString();
// Only if it is the RequiredLength property of a PasswordValidator
if (!AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequiredLength") ||
content == string.Empty)
{
return;
}
// Validates that the value is an int and that it is over the minimum value required
if (!int.TryParse(right.GetText().ToString(), out var numericValue) ||
numericValue >= Constants.PasswordValidatorRequiredLength)
{
return;
}
var diagnostic = Diagnostic.Create(RulePasswordLength, ctx.Node.GetLocation());
ctx.ReportDiagnostic(diagnostic);
}
private static void VisitSyntaxNodeEx(SyntaxNodeAnalysisContext ctx)
{
var assignment = ctx.Node as Microsoft.CodeAnalysis.VisualBasic.Syntax.AssignmentStatementSyntax;
var memberAccess = assignment?.Left as Microsoft.CodeAnalysis.VisualBasic.Syntax.MemberAccessExpressionSyntax;
if (memberAccess == null)
{
return;
}
var symbolMemberAccess = ctx.SemanticModel.GetSymbolInfo(memberAccess).Symbol;
if (AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "XmlReaderSettings", name: "ProhibitDtd"))
{
var constant = ctx.SemanticModel.GetConstantValue(assignment.Right);
if (constant.HasValue && constant.Value.ToString() == "False")
{
var diagnostic = Diagnostic.Create(Rule, assignment.GetLocation());
ctx.ReportDiagnostic(diagnostic);
}
}
else if (AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "XmlReaderSettings", name: "DtdProcessing"))
{
var constant = ctx.SemanticModel.GetConstantValue(assignment.Right);
if (constant.HasValue && constant.Value.ToString() == "2")
{
var diagnostic = Diagnostic.Create(Rule, assignment.GetLocation());
ctx.ReportDiagnostic(diagnostic);
}
}
}
private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx)
{
SyntaxNode node, expression;
if (ctx.Node.Language == LanguageNames.CSharp)
{
node = ctx.Node as CSharpSyntax.InvocationExpressionSyntax;
expression = ((CSharpSyntax.InvocationExpressionSyntax)node)?.Expression;
}
else
{
node = ctx.Node as VBSyntax.InvocationExpressionSyntax;
expression = ((VBSyntax.InvocationExpressionSyntax)node)?.Expression;
}
if (node == null)
{
return;
}
var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol;
foreach (KeyValuePair <string, DiagnosticDescriptor> entry in HashFunctions)
{
//XXX.Create()
if (!AnalyzerUtil.SymbolMatch(symbol, type: entry.Key, name: "Create"))
{
continue;
}
var diagnostic = Diagnostic.Create(entry.Value, expression.GetLocation(), "MD5");
ctx.ReportDiagnostic(diagnostic);
}
}
public override void VisitAssignment(VisualBasicSyntaxNode node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState)
{
if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure"))
{
variableRightState.AddTag(VariableTag.HttpCookieSecure);
}
else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly"))
{
variableRightState.AddTag(VariableTag.HttpCookieHttpOnly);
}
}
private static bool IsMatch(ISymbol symbolMemberAccess)
{
return(AnalyzerUtil.SymbolMatch(symbolMemberAccess,
type: "ServicePointManager",
name: "ServerCertificateValidationCallback") ||
AnalyzerUtil.SymbolMatch(symbolMemberAccess,
type: "HttpWebRequest",
name: "ServerCertificateValidationCallback") ||
AnalyzerUtil.SymbolMatch(symbolMemberAccess,
type: "ServicePointManager",
name: "CertificatePolicy"));
}
private void VisitNodeRecursively(SyntaxNode node, ExecutionState state)
{
//Looking for the creation of a cookie (HttpCookie)
if (node is VariableDeclaratorSyntax)
{
var variableDecorator = (VariableDeclaratorSyntax)node;
var expressionValue = variableDecorator.Initializer?.Value;
if (expressionValue is ObjectCreationExpressionSyntax)
{
var objCreation = (ObjectCreationExpressionSyntax)expressionValue;
var symbol = state.GetSymbol(objCreation);
if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", ".ctor"))
{
state.AddNewValue(variableDecorator.Identifier.Text, //
new VariableState(VariableTaint.SAFE) //
.AddTag(VariableTag.HttpCookie) //
.AddSyntaxNode(node));
}
}
}
//Looking for Assigment to Secure or HttpOnly property
else if (node is AssignmentExpressionSyntax)
{
var assigment = (AssignmentExpressionSyntax)node;
if (assigment.Left is MemberAccessExpressionSyntax)
{
var memberAccess = (MemberAccessExpressionSyntax)assigment.Left;
if (memberAccess.Expression is IdentifierNameSyntax)
{
var identifier = (IdentifierNameSyntax)memberAccess.Expression;
string variableAccess = identifier.Identifier.ValueText;
var symbol = state.GetSymbol(memberAccess);
if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure"))
{
state.AddTag(variableAccess, VariableTag.HttpCookieSecure);
}
else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly"))
{
state.AddTag(variableAccess, VariableTag.HttpCookieHttpOnly);
}
}
}
}
foreach (var n in node.ChildNodes())
{
VisitNodeRecursively(n, state);
}
}
public override void VisitAssignment(CSharpSyntax.AssignmentExpressionSyntax node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState)
{
//Looking for Assigment to Secure or HttpOnly property
if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure"))
{
variableRightState.AddTag(VariableTag.HttpCookieSecure);
}
else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly"))
{
variableRightState.AddTag(VariableTag.HttpCookieHttpOnly);
}
}
private static void VisitAssignmentExpression(SyntaxNodeAnalysisContext ctx)
{
SyntaxNode n, right, left;
if (ctx.Node.Language == LanguageNames.CSharp)
{
var node = (CSharpSyntax.AssignmentExpressionSyntax)ctx.Node;
n = node;
right = node.Right;
left = node.Left;
}
else
{
if (ctx.Node is VBSyntax.AssignmentStatementSyntax vbNode)
{
n = vbNode;
right = vbNode.Right;
left = vbNode.Left;
}
else
{
var node = (VBSyntax.NamedFieldInitializerSyntax)ctx.Node;
n = node;
right = node.Expression;
left = node.Name;
}
}
var symbol = ctx.SemanticModel.GetSymbolInfo(left).Symbol;
var content = right.GetText().ToString();
// Only if it is the RequiredLength property of a PasswordValidator
if (!AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequiredLength") ||
content == string.Empty)
{
return;
}
// Validates that the value is an int and that it is over the minimum value required
if (!int.TryParse(right.GetText().ToString(), out var numericValue) ||
numericValue >= Constants.PasswordValidatorRequiredLength)
{
return;
}
var diagnostic = Diagnostic.Create(RulePasswordLength, n.GetLocation());
ctx.ReportDiagnostic(diagnostic);
}
public void VisitAssignment(ISymbol symbol,
VariableState variableRightState)
{
//Looking for Assignment to Secure or HttpOnly property
if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure"))
{
variableRightState.AddTag(VariableTag.HttpCookieSecure);
}
else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly"))
{
variableRightState.AddTag(VariableTag.HttpCookieHttpOnly);
}
}
private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx)
{
SyntaxNode assignment;
SyntaxNode memberAccess;
SyntaxNode memberSet;
if (ctx.Node.Language == LanguageNames.CSharp)
{
assignment = ctx.Node as CSharpSyntax.AssignmentExpressionSyntax;
memberAccess = ((CSharpSyntax.AssignmentExpressionSyntax)assignment)?.Left as CSharpSyntax.MemberAccessExpressionSyntax;
memberSet = ((CSharpSyntax.AssignmentExpressionSyntax)assignment)?.Right;
}
else
{
assignment = ctx.Node as VBSyntax.AssignmentStatementSyntax;
memberAccess = ((VBSyntax.AssignmentStatementSyntax)assignment)?.Left as VBSyntax.MemberAccessExpressionSyntax;
memberSet = ((VBSyntax.AssignmentStatementSyntax)assignment)?.Right;
}
if (memberAccess == null || memberSet == null)
{
return;
}
var symbolMemberAccess = ctx.SemanticModel.GetSymbolInfo(memberAccess).Symbol;
if (AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "XmlReaderSettings", name: "ProhibitDtd"))
{
var constant = ctx.SemanticModel.GetConstantValue(memberSet);
if (!constant.HasValue || constant.Value.ToString() != "False")
{
return;
}
var diagnostic = Diagnostic.Create(Rule, assignment.GetLocation());
ctx.ReportDiagnostic(diagnostic);
}
else if (AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "XmlReaderSettings", name: "DtdProcessing"))
{
var constant = ctx.SemanticModel.GetConstantValue(memberSet);
if (!constant.HasValue || constant.Value.ToString() != "2")
{
return;
}
var diagnostic = Diagnostic.Create(Rule, assignment.GetLocation());
ctx.ReportDiagnostic(diagnostic);
}
}
private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx)
{
SyntaxNode node, node2, expression;
if (ctx.Node.Language == LanguageNames.CSharp)
{
node = ctx.Node as CSharpSyntax.InvocationExpressionSyntax;
expression = ((CSharpSyntax.InvocationExpressionSyntax)node)?.Expression;
node2 = ctx.Node as CSharpSyntax.ObjectCreationExpressionSyntax;
}
else
{
node = ctx.Node as VBSyntax.InvocationExpressionSyntax;
expression = ((VBSyntax.InvocationExpressionSyntax)node)?.Expression;
node2 = ctx.Node as VBSyntax.ObjectCreationExpressionSyntax;
}
if (node != null)
{
var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol;
foreach (string cipher in BadCiphers)
{
if (!AnalyzerUtil.SymbolMatch(symbol, type: cipher, name: "Create"))
{
continue;
}
var diagnostic = Diagnostic.Create(Rule, expression.GetLocation(), cipher);
ctx.ReportDiagnostic(diagnostic);
}
}
if (node2 != null)
{
var symbol = ctx.SemanticModel.GetSymbolInfo(node2).Symbol;
foreach (string cipher in BadCiphers)
{
if (!AnalyzerUtil.SymbolMatch(symbol, type: cipher + "CryptoServiceProvider"))
{
continue;
}
var diagnostic = Diagnostic.Create(Rule, node2.GetLocation(), cipher);
ctx.ReportDiagnostic(diagnostic);
}
}
}
private static void VisitSyntaxNodeEx(SyntaxNodeAnalysisContext ctx)
{
Microsoft.CodeAnalysis.VisualBasic.Syntax.InvocationExpressionSyntax node = ctx.Node as Microsoft.CodeAnalysis.VisualBasic.Syntax.InvocationExpressionSyntax;
if (node != null)
{
var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol;
//System.Random.Next()
if (AnalyzerUtil.SymbolMatch(symbol, type: "Random", name: "Next") ||
AnalyzerUtil.SymbolMatch(symbol, type: "Random", name: "NextBytes") ||
AnalyzerUtil.SymbolMatch(symbol, type: "Random", name: "NextDouble"))
{
var diagnostic = Diagnostic.Create(Rule, node.Expression.GetLocation());
ctx.ReportDiagnostic(diagnostic);
}
}
}
/// <summary>
/// Logic for each method invocation (including constructor)
/// The argument list is required because <code>InvocationExpressionSyntax</code> and
/// <code>ObjectCreationExpressionSyntax</code> do not share a common interface.
/// </summary>
/// <param name="node"></param>
/// <param name="argList"></param>
/// <param name="state"></param>
/// <returns></returns>
private VariableState VisitInvocationAndCreation(ExpressionSyntax node, ArgumentListSyntax argList, ExecutionState state)
{
var symbol = state.GetSymbol(node);
MethodBehavior behavior = behaviorRepo.GetInjectableMethodBehavior(symbol);
int i = 0;
if (argList == null)
{
return(new VariableState(VariableTaint.UNKNOWN));
}
foreach (var argument in argList.Arguments)
{
var argumentState = VisitExpression(argument.Expression, state);
if (symbol != null)
{
SGLogging.Log(symbol.ContainingType + "." + symbol.Name + " -> " + argumentState);
}
if (behavior != null && //If the API is at risk
(argumentState.taint == VariableTaint.TAINTED || //Tainted values
argumentState.taint == VariableTaint.UNKNOWN) &&
Array.Exists(behavior.injectablesArguments, element => element == i) //If the current parameter can be injected.
)
{
var newRule = LocaleUtil.GetDescriptor(behavior.vulnerabilityLocale);
var diagnostic = Diagnostic.Create(newRule, node.GetLocation());
state.AnalysisContext.ReportDiagnostic(diagnostic);
}
else if ((behavior != null || AnalyzerUtil.SymbolMatch(symbol, name:"Password")) &&
argumentState.taint == VariableTaint.CONSTANT && //Hard coded value
Array.Exists(behavior.passwordArguments, element => element == i) //If the current parameter is a password
)
{
var newRule = LocaleUtil.GetDescriptor(behavior.vulnerabilityLocale);
var diagnostic = Diagnostic.Create(newRule, node.GetLocation());
state.AnalysisContext.ReportDiagnostic(diagnostic);
}
//TODO: tainted all object passed in argument
i++;
}
return(new VariableState(VariableTaint.UNKNOWN));
}
private static void VisitAssignment(SyntaxNodeAnalysisContext ctx)
{
AssignmentExpressionSyntax node = ctx.Node as AssignmentExpressionSyntax;
var symbol = ctx.SemanticModel.GetSymbolInfo(node.Left).Symbol;
var content = node.Right.GetText().ToString();
if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequiredLength") && content != String.Empty)
{
int numericValue;
if (int.TryParse(node.Right.GetText().ToString(), out numericValue) && numericValue < Constants.PasswordValidatorRequiredLength)
{
var diagnostic = Diagnostic.Create(RulePasswordLength, node.GetLocation());
ctx.ReportDiagnostic(diagnostic);
}
}
}
private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx)
{
var assignment = ctx.Node as AssignmentExpressionSyntax;
var memberAccess = assignment?.Left as MemberAccessExpressionSyntax;
if (memberAccess == null)
{
return;
}
var symbolMemberAccess = ctx.SemanticModel.GetSymbolInfo(memberAccess).Symbol;
if (AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "ServicePointManager", name: "ServerCertificateValidationCallback") ||
AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "ServicePointManager", name: "CertificatePolicy"))
{
var diagnostic = Diagnostic.Create(Rule, assignment.GetLocation());
ctx.ReportDiagnostic(diagnostic);
}
}
protected static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx, SyntaxNodeHelper nodeHelper)
{
SyntaxNode expression = nodeHelper.GetInvocationExpressionNode(ctx.Node);
if (expression == null)
{
return;
}
var symbol = ctx.SemanticModel.GetSymbolInfo(ctx.Node).Symbol;
//System.Random.Next()
if (AnalyzerUtil.SymbolMatch(symbol, type: "Random", name: "Next") ||
AnalyzerUtil.SymbolMatch(symbol, type: "Random", name: "NextBytes") ||
AnalyzerUtil.SymbolMatch(symbol, type: "Random", name: "NextDouble"))
{
var diagnostic = Diagnostic.Create(Rule, expression.GetLocation());
ctx.ReportDiagnostic(diagnostic);
}
}
private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx)
{
SyntaxNode node, expression;
if (ctx.Node.Language == LanguageNames.CSharp)
{
node = ctx.Node as CSharpSyntax.MemberAccessExpressionSyntax;
expression = ((CSharpSyntax.MemberAccessExpressionSyntax)node)?.Expression;
}
else
{
node = ctx.Node as VBSyntax.MemberAccessExpressionSyntax;
expression = ((VBSyntax.MemberAccessExpressionSyntax)node)?.Expression;
}
if (node == null)
{
return;
}
var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol;
//DES.Create()
if (AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "ECB"))
{
var diagnostic = Diagnostic.Create(RuleECB, expression.GetLocation(), "ECB");
ctx.ReportDiagnostic(diagnostic);
}
else if (AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "CBC"))
{
var diagnostic = Diagnostic.Create(RuleCBC, expression.GetLocation(), "CBC");
ctx.ReportDiagnostic(diagnostic);
}
else if (AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "OFB") ||
AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "CFB") ||
AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "CTS"))
{
var diagnostic = Diagnostic.Create(RuleGeneric, expression.GetLocation(), "OFB");
ctx.ReportDiagnostic(diagnostic);
}
}
private void CheckState(ExecutionState state)
{
// For every variables registered in state
foreach (var variableState in state.Variables)
{
var st = variableState.Value;
// Only if it is the constructor of the PasswordValidator instance
if (AnalyzerUtil.SymbolMatch(state.GetSymbol(st.node), "HttpCookie", ".ctor"))
{
if (!st.tags.Contains(VariableTag.HttpCookieSecure))
{
state.AnalysisContext.ReportDiagnostic(Diagnostic.Create(RuleSecure, st.node.GetLocation()));
}
if (!st.tags.Contains(VariableTag.HttpCookieHttpOnly))
{
state.AnalysisContext.ReportDiagnostic(Diagnostic.Create(RuleHttpOnly, st.node.GetLocation()));
}
}
}
}
private static void VisitSyntaxNodeEx(SyntaxNodeAnalysisContext ctx)
{
var node = ctx.Node as Microsoft.CodeAnalysis.VisualBasic.Syntax.InvocationExpressionSyntax;
if (node == null)
{
return;
}
var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol;
foreach (KeyValuePair <string, DiagnosticDescriptor> entry in HashFunctions)
{
//XXX.Create()
if (AnalyzerUtil.SymbolMatch(symbol, type: entry.Key, name: "Create"))
{
var diagnostic = Diagnostic.Create(entry.Value, node.Expression.GetLocation(), "MD5");
ctx.ReportDiagnostic(diagnostic);
}
}
}
public void VisitStatement(StatementSyntax statement, ExecutionState state)
{
var localDeclaration = statement as LocalDeclarationStatementSyntax;
if (localDeclaration == null)
{
return;
}
var varDeclaration = localDeclaration.Declaration as VariableDeclarationSyntax;
if (varDeclaration == null)
{
return;
}
foreach (var variable in varDeclaration.Variables)
{
//Looking for the creation of a cookie (HttpCookie)
var variableDecorator = variable as VariableDeclaratorSyntax;
if (variableDecorator != null)
{
var expressionValue = variableDecorator.Initializer?.Value;
if (expressionValue is ObjectCreationExpressionSyntax)
{
var objCreation = (ObjectCreationExpressionSyntax)expressionValue;
var symbol = state.GetSymbol(objCreation);
if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", ".ctor"))
{
//It will override the initial state
state.AddNewValue(variableDecorator.Identifier.Text, //
new VariableState(VariableTaint.SAFE) //
.AddTag(VariableTag.HttpCookie) //
.AddSyntaxNode(variable));
}
}
}
}
}
public void VisitStatement(Microsoft.CodeAnalysis.VisualBasic.Syntax.StatementSyntax statement, ExecutionState state)
{
var localDeclaration = statement as Microsoft.CodeAnalysis.VisualBasic.Syntax.LocalDeclarationStatementSyntax;
if (localDeclaration == null)
{
return;
}
var varDeclaration = localDeclaration.Declarators.First() as Microsoft.CodeAnalysis.VisualBasic.Syntax.VariableDeclaratorSyntax;
if (varDeclaration == null)
{
return;
}
foreach (var variable in localDeclaration.Declarators)
{
//Looking for the creation of a cookie (HttpCookie)
var variableDecorator = variable;
if (variableDecorator != null)
{
var expressionValue = variableDecorator.Initializer?.Value;
if (expressionValue is Microsoft.CodeAnalysis.VisualBasic.Syntax.ObjectCreationExpressionSyntax)
{
var objCreation = (Microsoft.CodeAnalysis.VisualBasic.Syntax.ObjectCreationExpressionSyntax)expressionValue;
var symbol = state.GetSymbol(objCreation);
if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", ".ctor"))
{
//It will override the initial state
state.AddNewValue(variableDecorator.GetFirstToken().Text, //
new VariableState(variable, VariableTaint.SAFE) //
.AddTag(VariableTag.HttpCookie) //
.AddSyntaxNode(variable));
}
}
}
}
}
protected static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx, SyntaxNodeHelper nodeHelper)
{
var leftNode = nodeHelper.GetAssignmentLeftNode(ctx.Node);
if (!nodeHelper.IsSimpleMemberAccessExpressionNode(leftNode))
{
return;
}
var symbolMemberAccess = ctx.SemanticModel.GetSymbolInfo(leftNode).Symbol;
if (AnalyzerUtil.SymbolMatch(symbolMemberAccess,
type: "ServicePointManager",
name: "ServerCertificateValidationCallback") ||
AnalyzerUtil.SymbolMatch(symbolMemberAccess,
type: "ServicePointManager",
name: "CertificatePolicy"))
{
var diagnostic = Diagnostic.Create(Rule, ctx.Node.GetLocation());
ctx.ReportDiagnostic(diagnostic);
}
}
public void TagVariables(ISymbol symbol, VariableState variableRightState)
{
// Only PasswordValidator properties will cause a new tag to be added
if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequiredLength"))
{
variableRightState.AddTag(VariableTag.RequiredLengthIsSet);
}
else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireDigit"))
{
variableRightState.AddTag(VariableTag.RequireDigitIsSet);
}
else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireLowercase"))
{
variableRightState.AddTag(VariableTag.RequireLowercaseIsSet);
}
else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireNonLetterOrDigit"))
{
variableRightState.AddTag(VariableTag.RequireNonLetterOrDigitIsSet);
}
else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireUppercase"))
{
variableRightState.AddTag(VariableTag.RequireUppercaseIsSet);
}
}
