private void OnCompilationStartAction(CompilationStartAnalysisContext context, Configuration config)
{
Compilation compilation = context.Compilation;
var xmlTypes = new XxeSecurityTypes(compilation);
if (!xmlTypes.IsAnyTypeReferenced())
{
return;
}
Version version = compilation.GetDotNetFrameworkVersion();
if (version == null)
{
return;
}
context.RegisterCodeBlockStartAction <CSharp.SyntaxKind>(
c =>
{
var analyzer = new XxeAnalyzerCSharp(xmlTypes, version);
analyzer.RegisterSyntaxNodeAction(c);
c.RegisterCodeBlockEndAction(analyzer.AnalyzeCodeBlockEnd);
});
}
public override void Initialize(AnalysisContext analysisContext)
{
analysisContext.RegisterCompilationStartAction(
context =>
{
Compilation compilation = context.Compilation;
var xmlTypes = new XxeSecurityTypes(compilation);
if (!xmlTypes.IsAnyTypeReferenced())
{
return;
}
Version version = compilation.GetDotNetFrameworkVersion();
if (version == null)
{
return;
}
context.RegisterCodeBlockStartAction <VB.SyntaxKind>(
c =>
{
var analyzer = new XxeAnalyzerVBasic(xmlTypes, version);
analyzer.RegisterSyntaxNodeAction(c);
c.RegisterCodeBlockEndAction(analyzer.AnalyzeCodeBlockEnd);
});
});
}
public static int GetSpecifiedParameterIndex(IMethodSymbol method,
XxeSecurityTypes xmlTypes,
Func <ITypeSymbol, XxeSecurityTypes, bool> func)
{
int index = -1;
if (method == null)
{
return(index);
}
for (int i = 0; i < method.Parameters.Length; i++)
{
ITypeSymbol parameter = method.Parameters[i].Type;
if (!func(parameter, xmlTypes))
{
continue;
}
index = i;
break;
}
return(index);
}
private void OnCompilationStartAction(CompilationStartAnalysisContext context)
{
Compilation compilation = context.Compilation;
var xmlTypes = new XxeSecurityTypes(compilation);
if (!xmlTypes.IsAnyTypeReferenced())
{
return;
}
(bool dotnetCore, Version version) = compilation.GetDotNetFrameworkVersion();
if (!dotnetCore && version == null)
{
return;
}
context.RegisterCodeBlockStartAction <VB.SyntaxKind>(
c =>
{
var analyzer = new XxeAnalyzerVBasic(xmlTypes, dotnetCore || version >= new Version(4, 5, 2));
analyzer.RegisterSyntaxNodeAction(c);
c.RegisterCodeBlockEndAction(analyzer.AnalyzeCodeBlockEnd);
});
}
public static bool IsXmlReaderSettingsMaxCharactersFromEntitiesProperty(ISymbol symbol, XxeSecurityTypes xmlTypes)
{
return(IsSpecifiedProperty(symbol, xmlTypes.XmlReaderSettings, "MaxCharactersFromEntities"));
}
public static bool IsXmlReaderSettingsProhibitDtdProperty(ISymbol symbol, XxeSecurityTypes xmlTypes)
{
return(IsSpecifiedProperty(symbol, xmlTypes.XmlReaderSettings, "ProhibitDtd"));
}
public static bool IsXmlReaderSettingsXmlResolverProperty(ISymbol symbol, XxeSecurityTypes xmlTypes)
{
return(IsSpecifiedProperty(symbol, xmlTypes.XmlReaderSettings, "XmlResolver"));
}
public static bool IsXmlReaderSettingsCtor(IMethodSymbol method, XxeSecurityTypes xmlTypes)
{
return(method != null &&
method.MatchMethodByName(xmlTypes.XmlReaderSettings, WellKnownMemberNames.InstanceConstructorName));
}
public static bool IsXmlTextReaderProhibitDtdPropertyDerived(ISymbol symbol, XxeSecurityTypes xmlTypes)
{
return(IsSpecifiedPropertyDerived(symbol, xmlTypes.XmlTextReader, "ProhibitDtd"));
}
public static bool IsXmlTextReaderDtdProcessingPropertyDerived(ISymbol symbol, XxeSecurityTypes xmlTypes)
{
return(IsSpecifiedPropertyDerived(symbol, xmlTypes.XmlTextReader, "DtdProcessing"));
}
public XxeAnalyzerCSharp(XxeSecurityTypes xmlTypes, Version frameworkVersion) : base(
xmlTypes, CSharpSyntaxNodeHelper.Default, frameworkVersion)
{
}
public static int GetXmlReaderSettingsParameterIndex(IMethodSymbol method, XxeSecurityTypes xmlTypes)
{
return(GetSpecifiedParameterIndex(method, xmlTypes, IsXmlReaderSettingsType));
}
public static bool IsXmlSecureResolverType(ITypeSymbol symbol, XxeSecurityTypes xmlTypes)
{
return(symbol != null && symbol.DerivesFrom(xmlTypes.XmlSecureResolver, baseTypesOnly: true));
}
protected XxeAnalyzer(XxeSecurityTypes xmlTypes, SyntaxNodeHelper helper, Version frameworkVersion)
{
XmlTypes = xmlTypes;
SyntaxNodeHelper = helper;
AreDefaultsSecure = frameworkVersion >= new Version(4, 5, 2);
}
protected XxeAnalyzer(XxeSecurityTypes xmlTypes, SyntaxNodeHelper helper, bool areDefaultsSecure)
{
XmlTypes = xmlTypes;
SyntaxNodeHelper = helper;
AreDefaultsSecure = areDefaultsSecure;
}
public XxeAnalyzerVBasic(XxeSecurityTypes xmlTypes, Version frameworkVersion) :
base(xmlTypes, VBSyntaxNodeHelper.Default, frameworkVersion)
{
}
public XxeAnalyzerVBasic(XxeSecurityTypes xmlTypes, bool areDefaultsSecure) :
base(xmlTypes, VBSyntaxNodeHelper.Default, areDefaultsSecure)
{
}
public static bool IsXmlReaderType(ITypeSymbol symbol, XxeSecurityTypes xmlTypes)
{
return(ReferenceEquals(symbol, xmlTypes.XmlReader));
}
public static bool IsXmlDocumentXmlResolverPropertyDerived(ISymbol symbol, XxeSecurityTypes xmlTypes)
{
return(IsSpecifiedPropertyDerived(symbol, xmlTypes.XmlDocument, "XmlResolver"));
}
public static bool IsXmlTextReaderCtorDerived(IMethodSymbol method, XxeSecurityTypes xmlTypes)
{
return(method != null &&
method.MatchMethodDerivedByName(xmlTypes.XmlTextReader, WellKnownMemberNames.InstanceConstructorName));
}
public XxeAnalyzerCSharp(XxeSecurityTypes xmlTypes, bool areDefaultsSecure) : base(
xmlTypes, CSharpSyntaxNodeHelper.Default, areDefaultsSecure)
{
}
