private XmlReaderSettingsEnvironment AnalyzeObjectCreationForXmlReaderSettings(SyntaxNode node, SemanticModel model)
{
var env = new XmlReaderSettingsEnvironment(AreDefaultsSecure, XmlTypes.XmlReaderSettings, node);
foreach (SyntaxNode arg in SyntaxNodeHelper.GetObjectInitializerExpressionNodes(node))
{
SyntaxNode argLhs = SyntaxNodeHelper.GetAssignmentLeftNode(arg);
SyntaxNode argRhs = SyntaxNodeHelper.GetAssignmentRightNode(arg);
ISymbol argLhsSymbol = SyntaxNodeHelper.GetSymbol(argLhs, model);
if (SecurityDiagnosticHelpers.IsXmlReaderSettingsXmlResolverProperty(SyntaxNodeHelper.GetSymbol(argLhs, model), XmlTypes))
{
env.IsSecureResolver = SyntaxNodeHelper.NodeHasConstantValueNull(argRhs, model) ||
SecurityDiagnosticHelpers.IsXmlSecureResolverType(model.GetTypeInfo(argRhs).Type, XmlTypes);
}
else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsDtdProcessingProperty(argLhsSymbol, XmlTypes))
{
env.IsDtdProcessingDisabled = !SyntaxNodeHelper.NodeHasConstantValue(argRhs, model, 2 /*DtdProcessing.Parse*/);
}
else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsProhibitDtdProperty(argLhsSymbol, XmlTypes))
{
env.IsDtdProcessingDisabled = !SyntaxNodeHelper.NodeHasConstantValue(argRhs, model, false);
}
else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsMaxCharactersFromEntitiesProperty(argLhsSymbol, XmlTypes))
{
env.IsMaxCharactersFromEntitiesLimited = !SyntaxNodeHelper.NodeHasConstantValue(argRhs, model, 0);
}
}
return(env);
}
private void AnalyzePropertyAssignment(IPropertySymbol symbol, SyntaxNode lhs, SyntaxNode rhs, SemanticModel model)
{
if (SecurityDiagnosticHelpers.IsXmlDocumentXmlResolverPropertyDerived(symbol, XmlTypes))
{
ISymbol lhsExpressionSymbol = SyntaxNodeHelper.GetSymbol(lhs, model);
if (lhsExpressionSymbol == null)
{
return;
}
var env = GetEnvironment(lhsExpressionSymbol, lhs, XmlDocumentEnvironments, TempXmlDocumentEnvironments);
bool oldIsSecureResolver = env.IsSecureResolver;
env.IsSecureResolver = SyntaxNodeHelper.NodeHasConstantValueNull(rhs, model) ||
SecurityDiagnosticHelpers.IsXmlSecureResolverType(model.GetTypeInfo(rhs).Type, XmlTypes);
if (oldIsSecureResolver && !env.IsSecureResolver)
{
env.Definition = rhs;
}
}
else if (SecurityDiagnosticHelpers.IsXmlTextReaderXmlResolverPropertyDerived(symbol, XmlTypes))
{
ISymbol lhsExpressionSymbol = SyntaxNodeHelper.GetSymbol(lhs, model);
if (lhsExpressionSymbol == null)
{
return;
}
var env = GetEnvironment(lhsExpressionSymbol, lhs, XmlTextReaderEnvironments, TempXmlTextReaderEnvironments);
bool oldIsSecureResolver = env.IsSecureResolver;
env.IsSecureResolver = SyntaxNodeHelper.NodeHasConstantValueNull(rhs, model) ||
SecurityDiagnosticHelpers.IsXmlSecureResolverType(model.GetTypeInfo(rhs).Type, XmlTypes);
if (oldIsSecureResolver && !env.IsSecureResolver)
{
env.Definition = rhs;
}
}
else if (SecurityDiagnosticHelpers.IsXmlTextReaderDtdProcessingPropertyDerived(symbol, XmlTypes))
{
ISymbol lhsExpressionSymbol = SyntaxNodeHelper.GetSymbol(lhs, model);
if (lhsExpressionSymbol == null)
{
return;
}
var env = GetEnvironment(lhsExpressionSymbol, lhs, XmlTextReaderEnvironments, TempXmlTextReaderEnvironments);
bool oldIsDtdProcessingDisabled = env.IsDtdProcessingDisabled;
env.IsDtdProcessingDisabled = !SyntaxNodeHelper.NodeHasConstantValue(rhs, model, 2 /*DtdProcessing.Parse*/);
if (oldIsDtdProcessingDisabled && !env.IsDtdProcessingDisabled)
{
env.Definition = rhs;
}
}
else if (SecurityDiagnosticHelpers.IsXmlTextReaderProhibitDtdPropertyDerived(symbol, XmlTypes))
{
ISymbol lhsExpressionSymbol = SyntaxNodeHelper.GetSymbol(lhs, model);
if (lhsExpressionSymbol == null)
{
return;
}
var env = GetEnvironment(lhsExpressionSymbol, lhs, XmlTextReaderEnvironments, TempXmlTextReaderEnvironments);
bool oldIsDtdProcessingDisabled = env.IsDtdProcessingDisabled;
env.IsDtdProcessingDisabled = !SyntaxNodeHelper.NodeHasConstantValue(rhs, model, false);
if (oldIsDtdProcessingDisabled && !env.IsDtdProcessingDisabled)
{
env.Definition = rhs;
}
}
else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsDtdProcessingProperty(symbol, XmlTypes))
{
ISymbol lhsExpressionSymbol = SyntaxNodeHelper.GetSymbol(lhs, model);
if (lhsExpressionSymbol == null)
{
return;
}
var env = GetEnvironment(lhsExpressionSymbol, lhs, XmlReaderSettingsEnvironments, TempXmlReaderSettingsEnvironments);
bool oldIsDtdProcessingDisabled = env.IsDtdProcessingDisabled;
env.IsDtdProcessingDisabled = !SyntaxNodeHelper.NodeHasConstantValue(rhs, model, 2 /*DtdProcessing.Parse*/);
if (oldIsDtdProcessingDisabled && !env.IsDtdProcessingDisabled)
{
env.Definition = rhs;
}
}
else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsProhibitDtdProperty(symbol, XmlTypes))
{
var lhsExpressionSymbol = SyntaxNodeHelper.GetSymbol(lhs, model);
if (lhsExpressionSymbol == null)
{
return;
}
var env = GetEnvironment(lhsExpressionSymbol, lhs, XmlReaderSettingsEnvironments, TempXmlReaderSettingsEnvironments);
bool oldIsDtdProcessingDisabled = env.IsDtdProcessingDisabled;
env.IsDtdProcessingDisabled = !SyntaxNodeHelper.NodeHasConstantValue(rhs, model, false);
if (oldIsDtdProcessingDisabled && !env.IsDtdProcessingDisabled)
{
env.Definition = rhs;
}
}
else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsMaxCharactersFromEntitiesProperty(symbol, XmlTypes))
{
ISymbol lhsExpressionSymbol = SyntaxNodeHelper.GetSymbol(lhs, model);
if (lhsExpressionSymbol == null)
{
return;
}
var env = GetEnvironment(lhsExpressionSymbol, lhs, XmlReaderSettingsEnvironments, TempXmlReaderSettingsEnvironments);
//bool oldIsMaxCharactersFromEntitiesLimited = env.IsMaxCharactersFromEntitiesLimited;
env.IsMaxCharactersFromEntitiesLimited = !SyntaxNodeHelper.NodeHasConstantValue(rhs, model, 0);
//if (!env.IsMaxCharactersFromEntitiesLimited)
// env.Definition = rhs;
}
}