private void AnalyzeAssignment(OperationAnalysisContext context)
{
IAssignmentExpression expression = context.Operation as IAssignmentExpression;
if (expression.Target == null)
{
return;
}
SemanticModel model = context.Compilation.GetSemanticModel(expression.Syntax.SyntaxTree);
var propRef = expression.Target as IPropertyReferenceExpression;
if (propRef == null) // A variable/field assignment
{
ISymbol symbolAssignedTo = expression.Target.Syntax.GetDeclaredOrReferencedSymbol(model);
if (symbolAssignedTo != null)
{
AnalyzeObjectCreationInternal(context, symbolAssignedTo, expression.Value);
}
}
else // A property assignment
{
ISymbol assignedSymbol = propRef.Instance.Syntax.GetDeclaredOrReferencedSymbol(model);
if (propRef.Property.MatchPropertyByName(_xmlTypes.XmlDocument, "XmlResolver"))
{
AnalyzeXmlResolverPropertyAssignmentForXmlDocument(context, assignedSymbol, expression);
}
else
{
bool isXmlTextReaderXmlResolverProperty = SecurityDiagnosticHelpers.IsXmlTextReaderXmlResolverPropertyDerived(propRef.Property, _xmlTypes);
bool isXmlTextReaderDtdProcessingProperty = !isXmlTextReaderXmlResolverProperty &&
SecurityDiagnosticHelpers.IsXmlTextReaderDtdProcessingPropertyDerived(propRef.Property, _xmlTypes);
if (isXmlTextReaderXmlResolverProperty || isXmlTextReaderDtdProcessingProperty)
{
AnalyzeXmlTextReaderProperties(context, assignedSymbol, expression, isXmlTextReaderXmlResolverProperty, isXmlTextReaderDtdProcessingProperty);
}
else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsType(propRef.Instance.Type, _xmlTypes))
{
XmlReaderSettingsEnvironment env;
if (!_xmlReaderSettingsEnvironments.TryGetValue(assignedSymbol, out env))
{
env = new XmlReaderSettingsEnvironment(_isFrameworkSecure);
_xmlReaderSettingsEnvironments[assignedSymbol] = env;
}
IConversionExpression conv = expression.Value as IConversionExpression;
if (conv != null && SecurityDiagnosticHelpers.IsXmlReaderSettingsXmlResolverProperty(
propRef.Property,
_xmlTypes)
)
{
if (SecurityDiagnosticHelpers.IsXmlSecureResolverType(conv.Operand.Type, _xmlTypes))
{
env.IsSecureResolver = true;
}
else if (SecurityDiagnosticHelpers.IsExpressionEqualsNull(conv.Operand))
{
env.IsSecureResolver = true;
}
}
else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsDtdProcessingProperty(propRef.Property, _xmlTypes))
{
env.IsDtdProcessingDisabled = !SecurityDiagnosticHelpers.IsExpressionEqualsDtdProcessingParse(expression.Value);
}
else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsMaxCharactersFromEntitiesProperty(propRef.Property, _xmlTypes))
{
env.IsMaxCharactersFromEntitiesLimited = !SecurityDiagnosticHelpers.IsExpressionEqualsIntZero(expression.Value);
}
}
else
{
AnalyzeNeverSetProperties(context, propRef.Property, expression.Syntax.GetLocation());
}
}
}
}
private void AnalyzeObjectCreationForXmlReaderSettings(ISymbol variable, IObjectCreationExpression objCreation)
{
XmlReaderSettingsEnvironment xmlReaderSettingsEnv = new XmlReaderSettingsEnvironment(_isFrameworkSecure);
if (variable != null)
{
_xmlReaderSettingsEnvironments[variable] = xmlReaderSettingsEnv;
}
xmlReaderSettingsEnv.XmlReaderSettingsDefinition = objCreation.Syntax;
foreach (ISymbolInitializer init in objCreation.MemberInitializers)
{
var prop = init as IPropertyInitializer;
if (prop != null)
{
if (SecurityDiagnosticHelpers.IsXmlReaderSettingsXmlResolverProperty(
prop.InitializedProperty,
_xmlTypes)
)
{
IConversionExpression operation = prop.Value as IConversionExpression;
if (operation == null)
{
return;
}
if (SecurityDiagnosticHelpers.IsXmlSecureResolverType(operation.Operand.Type, _xmlTypes))
{
xmlReaderSettingsEnv.IsSecureResolver = true;
}
else if (SecurityDiagnosticHelpers.IsExpressionEqualsNull(operation.Operand))
{
xmlReaderSettingsEnv.IsSecureResolver = true;
}
}
else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsDtdProcessingProperty(prop.InitializedProperty, _xmlTypes))
{
xmlReaderSettingsEnv.IsDtdProcessingDisabled = !SecurityDiagnosticHelpers.IsExpressionEqualsDtdProcessingParse(prop.Value);
}
else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsMaxCharactersFromEntitiesProperty(prop.InitializedProperty, _xmlTypes))
{
xmlReaderSettingsEnv.IsMaxCharactersFromEntitiesLimited = !SecurityDiagnosticHelpers.IsExpressionEqualsIntZero(prop.Value);
}
}
}
}
