/// <summary> Находит возможные вызовы REST сервисов </summary>
private void CheckHttpRequests(ArgumentSyntax node)
{
if (node.GetText().ToString().Contains("http"))
{
Error(node.GetLocation(), "Возможен запрос в интернет", ListViewErrors.Criticality.Средний, $"Проверить доверенность внешнего сервиса: {node.GetText()}");
}
}
private static void Analyze(SyntaxNodeAnalysisContext context, SeparatedSyntaxList <ArgumentSyntax> arguments)
{
ArgumentSyntax previousParameter = arguments[1];
int firstParameterLine = arguments[0].GetLine();
int previousLine = previousParameter.GetLine();
Func <int, int, bool> lineCondition;
if (firstParameterLine == previousLine)
{
// arguments must be on same line
lineCondition = (param1Line, param2Line) => param1Line == param2Line;
}
else
{
// each argument must be on its own line
lineCondition = (param1Line, param2Line) => param1Line != param2Line;
}
for (int i = 2; i < arguments.Count; ++i)
{
ArgumentSyntax currentParameter = arguments[i];
int currentLine = currentParameter.GetLine();
if (lineCondition(previousLine, currentLine))
{
previousLine = currentLine;
continue;
}
context.ReportDiagnostic(Diagnostic.Create(Descriptor, currentParameter.GetLocation()));
return;
}
}
private void Analyze(SyntaxNodeAnalysisContext context)
{
InvocationExpressionSyntax invocationExpression = (InvocationExpressionSyntax)context.Node;
MemberAccessExpressionSyntax memberAccessExpression = invocationExpression.Expression as MemberAccessExpressionSyntax;
if (memberAccessExpression == null)
{
return;
}
string memberName = memberAccessExpression.Name.ToString();
if (memberName != "IsTrue" && memberName != "IsFalse")
{
return;
}
if (invocationExpression.ArgumentList.Arguments.Count == 0)
{
return;
}
ArgumentSyntax arg0 = invocationExpression.ArgumentList.Arguments[0];
if (arg0.Expression.Kind() == SyntaxKind.ParenthesizedExpression)
{
context.ReportDiagnostic(Diagnostic.Create(Rule, arg0.GetLocation()));
}
}
private static void HandleArgument(SyntaxNodeAnalysisContext context, ArgumentSyntax argument)
{
if (argument.TryGetTypeofValue(context.SemanticModel, context.CancellationToken, out var ownerType) &&
!ownerType.IsAssignableTo(KnownSymbol.DependencyObject, context.Compilation))
{
context.ReportDiagnostic(Diagnostic.Create(Descriptor, argument.GetLocation(), KnownSymbol.DependencyProperty.RegisterAttached.Name));
}
}
private static void HandleArgument(SyntaxNodeAnalysisContext context, ArgumentSyntax argument)
{
if (argument.TryGetTypeofValue(context.SemanticModel, context.CancellationToken, out var ownerType) &&
!ownerType.Equals(context.ContainingSymbol.ContainingType))
{
context.ReportDiagnostic(Diagnostic.Create(Descriptor, argument.GetLocation(), context.ContainingSymbol.ContainingType));
}
}
private static Location InspectArgument(ArgumentSyntax argument, IMethodSymbol method, SemanticModel semanticModel)
{
if (IsStringParameter(argument, semanticModel) && ParameterIsReferenced(argument, method))
{
return(Location.None);
}
// no string, so no paramName; hence we have to report it anyway
return(argument.GetLocation());
}
private void AnalyzeSuffix(ArgumentSyntax argument, SemanticModel semanticModel, ICollection <Diagnostic> list)
{
var argumentName = argument.ToString();
if (argumentName.EndsWith(Suffix, StringComparison.Ordinal))
{
var location = argument.GetLocation();
var symbol = semanticModel.LookupSymbols(location.SourceSpan.Start, name: argumentName).FirstOrDefault();
if (symbol != null)
{
list.Add(Issue(symbol, argumentName.WithoutSuffix(Suffix)));
}
}
}
private static void HandleCallback(SyntaxNodeAnalysisContext context, ArgumentSyntax eventArgument, ArgumentSyntax callbackArg, DiagnosticDescriptor descriptor)
{
var invokedHandler = (IdentifierNameSyntax)callbackArg.Expression;
if (eventArgument.Expression is IdentifierNameSyntax identifierName &&
EventManager.IsMatch(invokedHandler.Identifier.ValueText, identifierName.Identifier.ValueText) == false)
{
if (EventManager.TryGetExpectedCallbackName(identifierName.Identifier.ValueText, out var expectedName))
{
var properties = ImmutableDictionary.CreateRange(new[] { new KeyValuePair <string, string>("ExpectedName", expectedName) });
context.ReportDiagnostic(Diagnostic.Create(descriptor, callbackArg.GetLocation(), properties, expectedName));
}
else
{
context.ReportDiagnostic(Diagnostic.Create(descriptor, callbackArg.GetLocation(), "On" + identifierName.Identifier.ValueText));
}
}
if (eventArgument.Expression is MemberAccessExpressionSyntax memberAccess &&
memberAccess.Name is IdentifierNameSyntax nameSyntax &&
EventManager.IsMatch(invokedHandler.Identifier.ValueText, nameSyntax.Identifier.ValueText) == false)
{
if (EventManager.TryGetExpectedCallbackName(nameSyntax.Identifier.ValueText, out var expectedName))
{
var properties = ImmutableDictionary.CreateRange(
new[] { new KeyValuePair <string, string>("ExpectedName", expectedName), });
context.ReportDiagnostic(
Diagnostic.Create(descriptor, callbackArg.GetLocation(), properties, expectedName));
}
else
{
context.ReportDiagnostic(
Diagnostic.Create(descriptor, callbackArg.GetLocation(), "On" + nameSyntax.Identifier.ValueText));
}
}
}
public override void GetSinks(SyntaxNodeAnalysisContext context, DiagnosticId ruleId)
{
var syntax = context.Node as InvocationExpressionSyntax;
ArgumentSyntax argumentSyntaxStatement = null;
if (!_expressionSyntaxAnalyzer.IsVulnerable(context.SemanticModel, syntax, out argumentSyntaxStatement))
{
return;
}
if (VulnerableSyntaxNodes.All(p => p.Sink.GetLocation() != argumentSyntaxStatement.GetLocation()))
{
VulnerableSyntaxNodes.Push(_vulnerableSyntaxNodeFactory.Create(argumentSyntaxStatement));
}
}
private static void AnalyzeArgument(
SyntaxNodeAnalysisContext context,
ArgumentSyntax argument,
ISymbol constantAttribute
)
{
// Get the associated parameter
var parameter = argument.DetermineParameter(
context.SemanticModel,
allowParams: false
);
// Parameter is somehow null, so do nothing
if (parameter == null)
{
return;
}
// Parameter is not [Constant], so do nothing
if (!HasAttribute(parameter, constantAttribute))
{
return;
}
// Argument is a constant value, so do nothing
if (context.SemanticModel.GetConstantValue(argument.Expression).HasValue)
{
return;
}
// Argument was defined as [Constant] already, so trust it
var argumentSymbol = context.SemanticModel.GetSymbolInfo(argument.Expression).Symbol;
if (argumentSymbol != null && HasAttribute(argumentSymbol, constantAttribute))
{
return;
}
// Argument is not constant, so report it
context.ReportDiagnostic(
Diagnostic.Create(
descriptor: Diagnostics.NonConstantPassedToConstantParameter,
location: argument.GetLocation(),
messageArgs: parameter.Name
)
);
}
protected override void Analyze(SyntaxNodeAnalysisContext context, InvocationExpressionSyntax invocation, IMethodSymbol method)
{
SeparatedSyntaxList <ArgumentSyntax> arguments = invocation.ArgumentList.Arguments;
if (arguments.Count > 1)
{
ArgumentSyntax arg = arguments[1];
Optional <object> value = context.SemanticModel.GetConstantValue(arg.Expression);
if (value.HasValue && !IsValidContentType(value.Value))
{
context.ReportDiagnostic(Diagnostic.Create(
_descriptor,
arg.GetLocation(),
value.Value ?? "null"));
}
}
}
public override void VisitArgument(ArgumentSyntax node)
{
InsertLLOCMap(node.GetLocation());
base.VisitArgument(node);
}
private void AnalyzeInvocation(SyntaxNodeAnalysisContext context, InvocationExpressionSyntax invocationExpressionSyntax)
{
if (invocationExpressionSyntax.ArgumentList == null)
{
return;
}
if (invocationExpressionSyntax.ArgumentList.Arguments.Count == 0)
{
return;
}
if (!(invocationExpressionSyntax.ArgumentList.Arguments[0].Expression is SimpleLambdaExpressionSyntax lambdaExpressionSyntax))
{
return;
}
if (lambdaExpressionSyntax.Body == null)
{
return;
}
if (!(lambdaExpressionSyntax.Body is AssignmentExpressionSyntax assignmentExpressionSyntax))
{
return;
}
if (!(assignmentExpressionSyntax.Left is MemberAccessExpressionSyntax accessExpressionSyntax))
{
return;
}
var symbolInfo = context.SemanticModel.GetSymbolInfo(accessExpressionSyntax);
if (symbolInfo.Symbol == null)
{
return;
}
if (!(symbolInfo.Symbol is IEventSymbol eventSymbol))
{
return;
}
if (!(eventSymbol.Type is INamedTypeSymbol namedTypeSymbol))
{
return;
}
SymbolInfo raiseSymbol = context.SemanticModel.GetSymbolInfo(invocationExpressionSyntax.Expression);
if (raiseSymbol.Symbol == null || !(raiseSymbol.Symbol is IMethodSymbol raiseMethodSymbol))
{
return;
}
int firstArgument = 0;
int argumentsToCheck;
if (raiseMethodSymbol.Parameters.Last().IsParams)
{
argumentsToCheck = invocationExpressionSyntax.ArgumentList.Arguments.Count - 1;
if (namedTypeSymbol.DelegateInvokeMethod.Parameters.Length != argumentsToCheck)
{
context.ReportDiagnostic(Diagnostic.Create(ArgumentCountRule, invocationExpressionSyntax.GetLocation()));
return;
}
}
else
{
bool isError = false;
//it has a single eventargs argument. Compiler has made sure that the types are the same, make sure the delegate takes object sender, event args
if (namedTypeSymbol.DelegateInvokeMethod.Parameters.Length != 2)
{
isError = true;
}
if (!isError && namedTypeSymbol.DelegateInvokeMethod.Parameters[0].Type.Name != "Object")
{
isError = true;
}
if (isError)
{
context.ReportDiagnostic(Diagnostic.Create(ArgumentCountRule, invocationExpressionSyntax.GetLocation()));
return;
}
argumentsToCheck = 2;
if (raiseMethodSymbol.Parameters.Length == 2)
{
firstArgument = 1;
}
}
for (int i = firstArgument; i < argumentsToCheck; i++)
{
ArgumentSyntax argument = invocationExpressionSyntax.ArgumentList.Arguments[(i + 1) - firstArgument];
ITypeSymbol expectedType = namedTypeSymbol.DelegateInvokeMethod.Parameters[i].Type;
SymbolInfo typeSymbol = context.SemanticModel.GetSymbolInfo(argument.Expression);
Conversion conversion = context.SemanticModel.ClassifyConversion(argument.Expression, expectedType);
if (!conversion.IsImplicit)
{
context.ReportDiagnostic(Diagnostic.Create(TypeMismatchRule, argument.GetLocation(), argument.Expression, typeSymbol.Symbol?.Name, expectedType.Name));
}
}
}
private void AnalyzeCodeBlock(SyntaxNodeAnalysisContext context)
{
InvocationExpressionSyntax call = context.Node as InvocationExpressionSyntax;
if (call == null)
{
return;
}
// If we are not calling the DefineSwitchDefault methods on LocalAppContext then we can safely ignore this.
if (!IsCallToDefineSwitchDefault(call, context.SemanticModel))
{
return;
}
// Validate that the second argument is true.
ArgumentSyntax args = call.ArgumentList.Arguments[1];
if (args.Expression.Kind() != SyntaxKind.TrueLiteralExpression)
{
context.ReportDiagnostic(Diagnostic.Create(s_appContextDefaultNotInitializedToTrueDiagnostic, args.GetLocation(), call));
}
// check that we are doing this inside an if statement
var containingIfStatement = call.Ancestors().FirstOrDefault(n => n.Kind() == SyntaxKind.IfStatement) as IfStatementSyntax;
if (containingIfStatement == null)
{
context.ReportDiagnostic(Diagnostic.Create(s_appContextDefaultValueDefinedOutsideIfConditionDiagnostic, args.GetLocation(), call));
}
else
{
// are we inside the switch? either as a block or as a switchcase?
if (!(containingIfStatement.Parent.Kind() == SyntaxKind.SwitchSection ||
containingIfStatement.Parent.Parent.Kind() == SyntaxKind.SwitchSection))
{
context.ReportDiagnostic(Diagnostic.Create(s_appContextDefaultValueDefinedOutsideIfConditionDiagnostic, args.GetLocation(), call));
}
}
// Validate that the if statement is using the appropriate expression
if (containingIfStatement.Condition.Kind() != SyntaxKind.LessThanOrEqualExpression)
{
context.ReportDiagnostic(Diagnostic.Create(s_appContextDefaultUsedUnexpectedIfStatementDiagnostic, containingIfStatement.GetLocation()));
}
}
