public Diagnostic(TextSpan textSpan, DiagnosticId diagnosticId, string message)
{
Span = textSpan;
Message = message;
DiagnosticId = diagnosticId;
Severity = DiagnosticFacts.GetSeverity(diagnosticId);
}
public static Diagnostic Format(TextSpan textSpan, DiagnosticId diagnosticId, params object[] args)
{
var message = diagnosticId.GetMessage();
var formattedMessage = (message != null)
? string.Format(CultureInfo.CurrentCulture, message, args)
: $"Missing diagnostic message for {diagnosticId}";
return new Diagnostic(textSpan, diagnosticId, formattedMessage);
}
public static void EmitError(this IDiagnosticConsumer consumer,
DiagnosticId id, string msg, params object[] args)
{
var diagInfo = new DiagnosticInfo
{
Kind = DiagnosticKind.Error,
Message = string.Format(msg, args)
};
consumer.Emit(diagInfo);
}
public static DiagnosticSeverity GetSeverity(DiagnosticId id)
{
switch (id)
{
case DiagnosticId.LoopControlVariableConflict:
case DiagnosticId.ImplicitTruncation:
return DiagnosticSeverity.Warning;
default:
return DiagnosticSeverity.Error;
}
}
public static string GetErrorString(DiagnosticId diagnosticId)
{
switch (diagnosticId)
{
case DiagnosticId.CannotApplyUnaryOperator:
case DiagnosticId.CannotApplyBinaryOperator:
return "#inapplicable";
case DiagnosticId.AmbiguousInvocation:
case DiagnosticId.AmbiguousUnaryOperator:
case DiagnosticId.AmbiguousBinaryOperator:
return "#ambiguous";
case DiagnosticId.UndeclaredFunction:
return "#undeclared";
case DiagnosticId.CannotConvert:
return "#cannotconvert";
default:
throw new ArgumentOutOfRangeException(nameof(diagnosticId));
}
}
public static string GetDiagnosticSubcategory(this DiagnosticId diagnosticId) => (int)diagnosticId switch
public bool IsVulnerable(SemanticModel model, InvocationExpressionSyntax syntax, DiagnosticId ruleId)
{
if (!ContainsFileDeleteCommands(syntax))
{
return(false);
}
var symbol = model.GetSymbolInfo(syntax).Symbol as IMethodSymbol;
if (!IsFileDeleteCommand(symbol))
{
return(false);
}
if (syntax.ArgumentList.Arguments.Count > 0)
{
var argSyntax = syntax.ArgumentList.Arguments[0].Expression;
var expressionAnalyzer = SyntaxNodeAnalyzerFactory.Create(argSyntax);
if (expressionAnalyzer.CanIgnore(model, argSyntax))
{
return(false);
}
if (expressionAnalyzer.CanSuppress(model, argSyntax, ruleId))
{
return(false);
}
}
return(true);
}
public virtual void GetSinks(SyntaxNodeAnalysisContext context, DiagnosticId ruleId)
{
}
public async Task AnyAndAllWithLinqCreatesDiagnostic(string code, int column, DiagnosticId diagnosticId)
{
var source = code.WrapInCSharpMethod(usings: "\nusing System.Linq;");
var expected = new DiagnosticResult
{
Id = diagnosticId.ToDiagnosticId(),
Message = diagnosticId == DiagnosticId.ChangeAnyToAll ? ChangeAnyToAllAnalyzer.MessageAny : ChangeAnyToAllAnalyzer.MessageAll,
Severity = DiagnosticSeverity.Hidden,
Locations = new[] { new DiagnosticResultLocation("Test0.cs", 13, column) }
};
await VerifyCSharpDiagnosticAsync(source, expected);
}
public bool IsVulnerable(SemanticModel model, InvocationExpressionSyntax syntax, DiagnosticId ruleId)
{
if (!syntax.ToString().Contains("Redirect"))
{
return(false);
}
var symbol = model.GetSymbolInfo(syntax).Symbol as IMethodSymbol;
if ((symbol?.Name == "Redirect" || symbol?.Name == "RedirectPermanent") &&
symbol?.ReceiverType.ToString() == "System.Web.HttpResponse")
{
if (syntax.ArgumentList.Arguments.Count > 0)
{
var argSyntax = syntax.ArgumentList.Arguments[0].Expression;
var expressionAnalyzer = SyntaxNodeAnalyzerFactory.Create(argSyntax);
if (expressionAnalyzer.CanIgnore(model, argSyntax))
{
return(false);
}
if (expressionAnalyzer.CanSuppress(model, argSyntax, ruleId))
{
return(false);
}
}
return(true);
}
return(false);
}
public bool IsVulnerable(SemanticModel model, ObjectCreationExpressionSyntax syntax, DiagnosticId ruleId)
{
if (!syntax.ToString().Contains("DirectoryEntry"))
{
return(false);
}
var symbol = model.GetSymbolInfo(syntax).Symbol as IMethodSymbol;
if (symbol.IsCtorFor("System.DirectoryServices.DirectoryEntry"))
{
if (syntax.ArgumentList?.Arguments.Count > 0)
{
var argSyntax = syntax.ArgumentList.Arguments[0].Expression;
var expressionAnalyzer = SyntaxNodeAnalyzerFactory.Create(argSyntax);
if (expressionAnalyzer.CanIgnore(model, argSyntax))
{
return(false);
}
if (expressionAnalyzer.CanSuppress(model, argSyntax, ruleId))
{
return(false);
}
}
var filter = syntax.Initializer?.Expressions.OfType <AssignmentExpressionSyntax>()
.FirstOrDefault(p => (p.Left as IdentifierNameSyntax)?.Identifier.ValueText == "Path");
if (filter != null)
{
var expressionAnalyzer = SyntaxNodeAnalyzerFactory.Create(filter.Right);
if (expressionAnalyzer.CanIgnore(model, filter.Right))
{
return(false);
}
if (expressionAnalyzer.CanSuppress(model, filter.Right, ruleId))
{
return(false);
}
}
if (filter == null && syntax.ArgumentList?.Arguments.Count == 0)
{
return(false);
}
return(true);
}
return(false);
}
public static string ToDiagnosticId(this DiagnosticId diagnosticId) => $"CC{(int)diagnosticId :D4}";
public override bool CanSuppress(SemanticModel model, SyntaxNode syntax, DiagnosticId ruleId)
{
return(true);
}
public bool IsVulnerable(SemanticModel model, ObjectCreationExpressionSyntax syntax, DiagnosticId ruleId)
{
if (!containsCommands(syntax))
{
return(false);
}
var symbol = model.GetSymbolInfo(syntax).Symbol as IMethodSymbol;
if (!isConstructor(symbol))
{
return(false);
}
if (syntax.ArgumentList.Arguments.Count == 0)
{
return(false);
}
var arg = syntax.ArgumentList.Arguments[0].Expression;
//var argSyntax = arg.Expression;
var expressionAnalyzer = SyntaxNodeAnalyzerFactory.Create(arg);
if (expressionAnalyzer.CanIgnore(model, arg))
{
return(false);
}
if (expressionAnalyzer.CanSuppress(model, arg, ruleId))
{
return(false);
}
Source = arg;
return(true);
}
internal static string CreateIdString(DiagnosticId id)
{
int num = (int)id;
return("REVIEW" + num.ToString("D5"));
}
public bool IsVulnerable(SemanticModel model, ObjectCreationExpressionSyntax syntax, DiagnosticId ruleId)
{
if (!syntax.ToString().Contains("FileStream"))
{
return(false);
}
var symbol = model.GetSymbolInfo(syntax).Symbol as IMethodSymbol;
if (symbol.IsCtorFor("System.IO.FileStream"))
{
if (syntax.ArgumentList.Arguments.Count > 0)
{
var argSyntax = syntax.ArgumentList.Arguments[0].Expression;
var expressionAnalyzer = SyntaxNodeAnalyzerFactory.Create(argSyntax);
if (expressionAnalyzer.CanIgnore(model, argSyntax))
{
return(false);
}
if (expressionAnalyzer.CanSuppress(model, argSyntax, ruleId))
{
return(false);
}
}
return(true);
}
return(false);
}
public bool IsVulnerable(SemanticModel model, AssignmentExpressionSyntax syntax, DiagnosticId ruleId)
{
//2 cases here: x.TypeNameHandling or { TypeNameHandling = }
if (syntax?.Left is MemberAccessExpressionSyntax)
{
var leftSyntax = syntax?.Left as MemberAccessExpressionSyntax;
if (leftSyntax == null || string.Compare(leftSyntax.Name.Identifier.ValueText, "TypeNameHandling", true) != 0)
{
return(false);
}
var leftSymbol = model.GetSymbolInfo(leftSyntax.Name).Symbol as IPropertySymbol;
if (leftSymbol == null || string.Compare(leftSymbol.Type.ToString(), "Newtonsoft.Json.TypeNameHandling", true) != 0)
{
return(false);
}
var rightSyntax = syntax?.Right as MemberAccessExpressionSyntax;
if (rightSyntax == null || string.Compare(rightSyntax.Name.Identifier.ValueText, "None", true) == 0)
{
return(false);
}
return(true);
}
if (syntax?.Left is IdentifierNameSyntax)
{
var leftSyntax = syntax?.Left as IdentifierNameSyntax;
if (leftSyntax == null || string.Compare(leftSyntax.Identifier.ValueText, "TypeNameHandling", true) != 0)
{
return(false);
}
var leftSymbol = model.GetSymbolInfo(leftSyntax).Symbol as IPropertySymbol;
if (leftSymbol == null || string.Compare(leftSymbol.Type.ToString(), "Newtonsoft.Json.TypeNameHandling", true) != 0)
{
return(false);
}
var rightSyntax = syntax?.Right as MemberAccessExpressionSyntax;
if (rightSyntax == null || string.Compare(rightSyntax.Name.Identifier.ValueText, "None", true) == 0)
{
return(false);
}
return(true);
}
return(false);
}
public static IDiagnostic Identified(this IDiagnostic self, DiagnosticId id) => new IdentifiedDiagnostic(self, id);
public static void Report(this ICollection <PretokenizedDiagnostic> diagnostics, int offset, int width, DiagnosticId diagnosticId, params object[] args)
{
var diagnostic = PretokenizedDiagnostic.Create(ShaderLabMessageProvider.Instance, offset, width, (int)diagnosticId, args);
diagnostics.Add(diagnostic);
}
public static Diagnostic Format(TextSpan textSpan, DiagnosticId diagnosticId, params object[] args)
{
var message = diagnosticId.GetMessage();
var formattedMessage = string.Format(CultureInfo.CurrentCulture, message, args);
return new Diagnostic(textSpan, diagnosticId, formattedMessage);
}
public static DiagnosticSeverity GetSeverity(DiagnosticId id)
{
return DiagnosticSeverity.Error;
}
public bool IsVulnerable(SemanticModel model, ObjectCreationExpressionSyntax syntax, DiagnosticId ruleId)
{
if (!ContainsSqlCommand(syntax))
{
return(false);
}
var symbol = model.GetSymbolInfo(syntax).Symbol as IMethodSymbol;
if (!IsSymbolSqlCommand(symbol))
{
return(false);
}
if (syntax.ArgumentList != null && syntax.ArgumentList.Arguments.Any())
{
var commandTextArg = syntax.ArgumentList.Arguments[0].Expression;
var expressionAnalyzer = SyntaxNodeAnalyzerFactory.Create(commandTextArg);
if (expressionAnalyzer.CanIgnore(model, commandTextArg))
{
return(false);
}
if (expressionAnalyzer.CanSuppress(model, commandTextArg, ruleId))
{
return(false);
}
}
var commandTextInitializer =
syntax.Initializer?.Expressions.OfType <AssignmentExpressionSyntax>()
.FirstOrDefault(p =>
{
var nameSyntax = p.Left as IdentifierNameSyntax;
return(nameSyntax?.Identifier.ValueText == "CommandText");
});
if (commandTextInitializer != null)
{
var expressionAnalyzer = SyntaxNodeAnalyzerFactory.Create(commandTextInitializer);
if (expressionAnalyzer.CanIgnore(model, commandTextInitializer))
{
return(false);
}
if (expressionAnalyzer.CanSuppress(model, commandTextInitializer, ruleId))
{
return(false);
}
}
return(commandTextInitializer != null || (syntax.ArgumentList != null && syntax.ArgumentList.Arguments.Any()));
}
private static MessageContainer CreateWarningMessageContainer(LinkContext context, MessageOrigin origin, DiagnosticId id, WarnVersion version, string subcategory, params string[] args)
{
if (!(version >= WarnVersion.ILLink0 && version <= WarnVersion.Latest))
{
throw new ArgumentException($"The provided warning version '{version}' is invalid.");
}
if (context.IsWarningSuppressed((int)id, origin))
{
return(Empty);
}
if (version > context.WarnVersion)
{
return(Empty);
}
if (TryLogSingleWarning(context, (int)id, origin, subcategory))
{
return(Empty);
}
if (context.IsWarningAsError((int)id))
{
return(new MessageContainer(MessageCategory.WarningAsError, id, subcategory, origin, args));
}
return(new MessageContainer(MessageCategory.Warning, id, subcategory, origin, args));
}
public bool IsVulnerable(SemanticModel model, MemberAccessExpressionSyntax syntax, DiagnosticId ruleId)
{
//Quick check for the object name
if (!IsTypeName(syntax))
{
return(false);
}
//Verify full namesapce
var symbol = model.GetSymbolInfo(syntax).Symbol as IMethodSymbol;
if (!symbol.IsMethod("Microsoft.AspNetCore.Cors.Infrastructure.CorsPolicyBuilder", "AllowAnyOrigin"))
{
return(false);
}
return(true);
}
private static DiagnosticResult CreateNameofDiagnosticResult(string nameofArgument, int diagnosticLine, int diagnosticColumn, DiagnosticId id = DiagnosticId.NameOf)
{
return(new DiagnosticResult
{
Id = id.ToDiagnosticId(),
Message = $"Use 'nameof({nameofArgument})' instead of specifying the program element name.",
Severity = DiagnosticSeverity.Warning,
Locations = new[] { new DiagnosticResultLocation("Test0.cs", diagnosticLine, diagnosticColumn) }
});
}
public async Task NegationWithCoalesceExpressionCreatesDiagnostic(string methodName, DiagnosticId diagnosticId)
{
var source = $@"
var ints = new [] {{ 1 }};
var query = !ints?.{methodName}(i => i == 1) ?? true;";
var expected = new DiagnosticResult
{
Id = diagnosticId.ToDiagnosticId(),
Message = diagnosticId == DiagnosticId.ChangeAnyToAll ? ChangeAnyToAllAnalyzer.MessageAny : ChangeAnyToAllAnalyzer.MessageAll,
Severity = DiagnosticSeverity.Hidden,
Locations = new[] { new DiagnosticResultLocation("Test0.cs", 13, 20) }
};
await VerifyCSharpDiagnosticAsync(source.WrapInCSharpMethod(usings: "\nusing System.Linq;"), expected);
}
public void LogWarning(MethodIL origin, int ilOffset, DiagnosticId id, params string[] args)
{
MessageOrigin messageOrigin = new MessageOrigin(origin, ilOffset);
LogWarning(messageOrigin, id, args);
}
public static void Report(this ICollection <Diagnostic> diagnostics, SourceRange sourceRange, DiagnosticId diagnosticId, params object[] args)
{
var diagnostic = Diagnostic.Create(HlslMessageProvider.Instance, sourceRange, (int)diagnosticId, args);
diagnostics.Add(diagnostic);
}
public void LogWarning(string origin, DiagnosticId id, params string[] args)
{
MessageOrigin _origin = new MessageOrigin(origin);
LogWarning(_origin, id, args);
}
public static string AsString(this DiagnosticId diagnosticId) => $"IL{(int) diagnosticId}";
public void LogError(TypeSystemEntity origin, DiagnosticId id, params string[] args) => LogError(new MessageOrigin(origin), id, args);
/// <summary>
/// Create a warning message.
/// </summary>
/// <param name="context">Context with the relevant warning suppression info.</param>
/// <param name="origin">Filename or member where the warning is coming from</param>
/// <param name="id">Unique warning ID. Please see https://github.com/dotnet/linker/blob/main/docs/error-codes.md
/// for the list of warnings and possibly add a new one</param>
/// <param name="args">Additional arguments to form a humanly readable message describing the warning</param>
/// <returns>New MessageContainer of 'Warning' category</returns>
internal static MessageContainer?CreateWarningMessage(Logger context, MessageOrigin origin, DiagnosticId id, params string[] args)
{
if (!((int)id > 2000 && (int)id <= 6000))
{
throw new ArgumentOutOfRangeException(nameof(id), $"The provided code '{(int)id}' does not fall into the warning category, which is in the range of 2001 to 6000 (inclusive).");
}
return(CreateWarningMessageContainer(context, origin, id, id.GetDiagnosticSubcategory(), args));
}
public static string ForDiagnostic(DiagnosticId diagnosticId) =>
$"https://code-cracker.github.io/diagnostics/{diagnosticId.ToDiagnosticId()}.html";
public Diagnostic(TextSpan textSpan, DiagnosticId diagnosticId, string message)
: base(textSpan, message, DiagnosticFacts.GetSeverity(diagnosticId))
{
DiagnosticId = diagnosticId;
}
public override bool CanSuppress(SemanticModel model, SyntaxNode syntax, DiagnosticId ruleId)
{
var expressionSyntaxAnalyzer = SyntaxNodeAnalyzerFactory.Create(syntax);
return(expressionSyntaxAnalyzer.CanSuppress(model, syntax, ruleId));
}
public Diagnostic(TextSpan textSpan, DiagnosticId diagnosticId, string message)
{
Span = textSpan;
Message = message;
DiagnosticId = diagnosticId;
}
public bool IsVulnerable(SemanticModel model, AssignmentExpressionSyntax syntax, DiagnosticId ruleId)
{
if (!ContainsCertificateValidationCallback(syntax))
{
return(false);
}
var symbol = ModelExtensions.GetSymbolInfo(model, syntax.Left).Symbol as IPropertySymbol;
if (symbol == null)
{
return(false);
}
//TODO: only flagging those hard-coding a return value of true. Therefore could miss scenarios where the value is hardcoded in a const, config value.
if (symbol.Name == "ServerCertificateValidationCallback" &&
symbol.ContainingType.Name == "ServicePointManager")
{
if (IsTrueLamdaExpression(syntax))
{
return(true);
}
if (IsTrueDelegateMethod(syntax))
{
return(true);
}
if (IsTrueMethod(model, syntax))
{
return(true);
}
}
return(false);
}
public bool IsVulnerable(SemanticModel model, InvocationExpressionSyntax syntax, DiagnosticId ruleId)
{
if (!ContainsEfRawSqlCommands(syntax))
{
return(false);
}
var symbol = model.GetSymbolInfo(syntax).Symbol as IMethodSymbol;
if (!IsSymbolEfRawSqlCommand(symbol))
{
return(false);
}
if (syntax.ArgumentList != null && syntax.ArgumentList.Arguments.Any())
{
var commandTextArg = syntax.ArgumentList.Arguments[0].Expression;
var expressionAnalyzer = SyntaxNodeAnalyzerFactory.Create(commandTextArg);
if (expressionAnalyzer.CanSuppress(model, commandTextArg, ruleId))
{
return(false);
}
//Set source to analyze and return for further analysis
Source = commandTextArg;
return(true);
}
//Default return false
return(false);
}
public bool IsVulnerable(SemanticModel model, ObjectCreationExpressionSyntax syntax, DiagnosticId ruleId)
{
//Check for the type
if (!ContainsTypeName(syntax))
{
return(false);
}
//If we found it, verify the namespace
var symbol = model.GetSymbolInfo(syntax).Symbol;
if (!IsType(symbol))
{
return(false);
}
return(true);
}
public static void Report(this ICollection<Diagnostic> diagnostics, TextSpan textSpan, DiagnosticId diagnosticId, params object[] args)
{
var diagnostic = Diagnostic.Format(textSpan, diagnosticId, args);
diagnostics.Add(diagnostic);
}
public bool IsVulnerable(SemanticModel model, AssignmentExpressionSyntax syntax, DiagnosticId ruleId)
{
var leftSyntax = syntax?.Left as MemberAccessExpressionSyntax;
if (leftSyntax == null || leftSyntax.Name.Identifier.ValueText.ToLower() != "text")
{
return(false);
}
var leftSymbol = model.GetSymbolInfo(leftSyntax).Symbol;
if (!(leftSymbol != null && leftSymbol.ToString().StartsWith("System.Web.UI.WebControls.Literal.Text")))
{
return(false);
}
var expressionAnalyzer = SyntaxNodeAnalyzerFactory.Create(syntax.Right);
if (expressionAnalyzer.CanIgnore(model, syntax.Right))
{
return(false);
}
if (expressionAnalyzer.CanSuppress(model, syntax.Right, ruleId))
{
return(false);
}
return(true);
}
