protected override ImmutableArray <ISymbol> GetSpecialIncompatibleMembers(Compilation compilation) { var dangerousPatternsBuilder = ImmutableArray.CreateBuilder <ISymbol> (); var assemblyType = compilation.GetTypeByMetadataName("System.Reflection.Assembly"); if (assemblyType != null) { // properties ImmutableArrayOperations.AddIfNotNull(dangerousPatternsBuilder, ImmutableArrayOperations.TryGetSingleSymbol <IPropertySymbol> (assemblyType.GetMembers("Location"))); // methods dangerousPatternsBuilder.AddRange(assemblyType.GetMembers("GetFile").OfType <IMethodSymbol> ()); dangerousPatternsBuilder.AddRange(assemblyType.GetMembers("GetFiles").OfType <IMethodSymbol> ()); } var assemblyNameType = compilation.GetTypeByMetadataName("System.Reflection.AssemblyName"); if (assemblyNameType != null) { ImmutableArrayOperations.AddIfNotNull(dangerousPatternsBuilder, ImmutableArrayOperations.TryGetSingleSymbol <IPropertySymbol> (assemblyNameType.GetMembers("CodeBase"))); ImmutableArrayOperations.AddIfNotNull(dangerousPatternsBuilder, ImmutableArrayOperations.TryGetSingleSymbol <IPropertySymbol> (assemblyNameType.GetMembers("EscapedCodeBase"))); } return(dangerousPatternsBuilder.ToImmutable()); }
public override void Initialize(AnalysisContext context) { context.EnableConcurrentExecution(); context.ConfigureGeneratedCodeAnalysis(GeneratedCodeAnalysisFlags.ReportDiagnostics); context.RegisterCompilationStartAction(context => { var compilation = context.Compilation; var isSingleFileAnalyzerEnabled = context.Options.GetMSBuildPropertyValue(MSBuildPropertyOptionNames.EnableSingleFileAnalyzer, compilation); if (!string.Equals(isSingleFileAnalyzerEnabled?.Trim(), "true", StringComparison.OrdinalIgnoreCase)) { return; } var includesAllContent = context.Options.GetMSBuildPropertyValue(MSBuildPropertyOptionNames.IncludeAllContentForSelfExtract, compilation); if (string.Equals(includesAllContent?.Trim(), "true", StringComparison.OrdinalIgnoreCase)) { return; } var dangerousPatternsBuilder = ImmutableArray.CreateBuilder <ISymbol> (); var assemblyType = compilation.GetTypeByMetadataName("System.Reflection.Assembly"); if (assemblyType != null) { // properties ImmutableArrayOperations.AddIfNotNull(dangerousPatternsBuilder, ImmutableArrayOperations.TryGetSingleSymbol <IPropertySymbol> (assemblyType.GetMembers("Location"))); // methods dangerousPatternsBuilder.AddRange(assemblyType.GetMembers("GetFile").OfType <IMethodSymbol> ()); dangerousPatternsBuilder.AddRange(assemblyType.GetMembers("GetFiles").OfType <IMethodSymbol> ()); } var assemblyNameType = compilation.GetTypeByMetadataName("System.Reflection.AssemblyName"); if (assemblyNameType != null) { ImmutableArrayOperations.AddIfNotNull(dangerousPatternsBuilder, ImmutableArrayOperations.TryGetSingleSymbol <IPropertySymbol> (assemblyNameType.GetMembers("CodeBase"))); ImmutableArrayOperations.AddIfNotNull(dangerousPatternsBuilder, ImmutableArrayOperations.TryGetSingleSymbol <IPropertySymbol> (assemblyNameType.GetMembers("EscapedCodeBase"))); } var dangerousPatterns = dangerousPatternsBuilder.ToImmutable(); context.RegisterOperationAction(operationContext => { var methodInvocation = (IInvocationOperation)operationContext.Operation; CheckCalledMember(operationContext, methodInvocation.TargetMethod, dangerousPatterns); }, OperationKind.Invocation); context.RegisterOperationAction(operationContext => { var objectCreation = (IObjectCreationOperation)operationContext.Operation; var ctor = objectCreation.Constructor; if (ctor is not null) { CheckCalledMember(operationContext, ctor, dangerousPatterns); } }, OperationKind.ObjectCreation); context.RegisterOperationAction(operationContext => { var propAccess = (IPropertyReferenceOperation)operationContext.Operation; var prop = propAccess.Property; var usageInfo = propAccess.GetValueUsageInfo(prop); if (usageInfo.HasFlag(ValueUsageInfo.Read) && prop.GetMethod != null) { CheckCalledMember(operationContext, prop.GetMethod, dangerousPatterns); } if (usageInfo.HasFlag(ValueUsageInfo.Write) && prop.SetMethod != null) { CheckCalledMember(operationContext, prop.SetMethod, dangerousPatterns); } CheckCalledMember(operationContext, prop, dangerousPatterns); }, OperationKind.PropertyReference); context.RegisterOperationAction(operationContext => { var eventRef = (IEventReferenceOperation)operationContext.Operation; CheckCalledMember(operationContext, eventRef.Member, dangerousPatterns); }, OperationKind.EventReference);