Beispiel #1
0
        public IEnumerable <DiagnosticInfo> GetDiagnosticInfo(SyntaxNodeAnalysisContext context)
        {
            var result = new List <DiagnosticInfo>();
            var syntax = context.Node as InvocationExpressionSyntax;

            if (_fileReadExpressionAnalyzer.IsVulnerable(context.SemanticModel, syntax))
            {
                result.Add(new DiagnosticInfo(syntax.GetLocation(), "File"));
            }

            if (_fileWriteExpressionAnalyzer.IsVulnerable(context.SemanticModel, syntax))
            {
                result.Add(new DiagnosticInfo(syntax.GetLocation(), "File"));
            }

            if (_fileOpenExpressionAnalyzer.IsVulnerable(context.SemanticModel, syntax))
            {
                result.Add(new DiagnosticInfo(syntax.GetLocation(), "File"));
            }

            if (_fileDeleteExpressionAnalyzer.IsVulnerable(context.SemanticModel, syntax))
            {
                result.Add(new DiagnosticInfo(syntax.GetLocation(), "File"));
            }

            return(result);
        }
        public override void GetSinks(SyntaxNodeAnalysisContext context, DiagnosticId ruleId)
        {
            var syntax = context.Node as InvocationExpressionSyntax;

            if (_fileReadExpressionAnalyzer.IsVulnerable(context.SemanticModel, syntax, ruleId))
            {
                if (VulnerableSyntaxNodes.All(p => p.Sink.GetLocation() != syntax?.GetLocation()))
                {
                    VulnerableSyntaxNodes.Push(_vulnerableSyntaxNodeFactory.Create(syntax, "file read"));
                }
            }

            if (_fileWriteExpressionAnalyzer.IsVulnerable(context.SemanticModel, syntax, ruleId))
            {
                if (VulnerableSyntaxNodes.All(p => p.Sink.GetLocation() != syntax?.GetLocation()))
                {
                    VulnerableSyntaxNodes.Push(_vulnerableSyntaxNodeFactory.Create(syntax, "file write"));
                }
            }

            if (_fileOpenExpressionAnalyzer.IsVulnerable(context.SemanticModel, syntax, ruleId))
            {
                if (VulnerableSyntaxNodes.All(p => p.Sink.GetLocation() != syntax?.GetLocation()))
                {
                    VulnerableSyntaxNodes.Push(_vulnerableSyntaxNodeFactory.Create(syntax, "file open"));
                }
            }

            if (_fileDeleteExpressionAnalyzer.IsVulnerable(context.SemanticModel, syntax, ruleId))
            {
                if (VulnerableSyntaxNodes.All(p => p.Sink.GetLocation() != syntax?.GetLocation()))
                {
                    VulnerableSyntaxNodes.Push(_vulnerableSyntaxNodeFactory.Create(syntax, "file delete"));
                }
            }
        }