protected override SymbolAndNodeAnalyzer GetAnalyzer(CompilationStartAnalysisContext context, CompilationSecurityTypes types, Version targetFrameworkVersion) { SymbolAndNodeAnalyzer analyzer = new SymbolAndNodeAnalyzer(types, CSharpSyntaxNodeHelper.Default, targetFrameworkVersion); context.RegisterSyntaxNodeAction(analyzer.AnalyzeNode, SyntaxKind.MethodDeclaration, SyntaxKind.ConstructorDeclaration); return analyzer; }
public override void Initialize(AnalysisContext analysisContext) { // TODO: Make analyzer thread-safe. //analysisContext.EnableConcurrentExecution(); // Security analyzer - analyze and report diagnostics in generated code. analysisContext.ConfigureGeneratedCodeAnalysis(GeneratedCodeAnalysisFlags.Analyze | GeneratedCodeAnalysisFlags.ReportDiagnostics); analysisContext.RegisterCompilationStartAction( (context) => { Compilation compilation = context.Compilation; var xmlTypes = new CompilationSecurityTypes(compilation); if (ReferencesAnyTargetType(xmlTypes)) { Version version = SecurityDiagnosticHelpers.GetDotNetFrameworkVersion(compilation); // bail if we are not analyzing project targeting .NET Framework // TODO: should we throw an exception to notify user? if (version != null) { SymbolAndNodeAnalyzer analyzer = GetAnalyzer(context, xmlTypes, version); context.RegisterSymbolAction(analyzer.AnalyzeSymbol, SymbolKind.NamedType); } } }); }
public override void Initialize(AnalysisContext analysisContext) { // TODO: Make analyzer thread-safe //analysisContext.EnableConcurrentExecution(); // Security analyzer - analyze and report diagnostics in generated code. analysisContext.ConfigureGeneratedCodeAnalysis(GeneratedCodeAnalysisFlags.Analyze | GeneratedCodeAnalysisFlags.ReportDiagnostics); analysisContext.RegisterCompilationStartAction( (context) => { Compilation compilation = context.Compilation; var xmlTypes = new CompilationSecurityTypes(compilation); if (ReferencesAnyTargetType(xmlTypes)) { Version version = SecurityDiagnosticHelpers.GetDotNetFrameworkVersion(compilation); if (version != null) { context.RegisterOperationBlockStartAction( (c) => { RegisterAnalyzer(c, xmlTypes, version); }); } } }); }
protected override SyntaxNodeAnalyzer GetAnalyzer(CompilationStartAnalysisContext context, CompilationSecurityTypes cryptTypes) { SyntaxNodeAnalyzer analyzer = new SyntaxNodeAnalyzer(cryptTypes); context.RegisterSyntaxNodeAction(analyzer.AnalyzeNode, SyntaxKind.InvocationExpression, SyntaxKind.ObjectCreationExpression); return analyzer; }
private static bool ReferencesAnyTargetType(CompilationSecurityTypes types) { return types.DES != null || types.DSA != null || types.DSASignatureFormatter != null || types.HMACMD5 != null || types.RC2 != null || types.TripleDES != null || types.RIPEMD160 != null || types.HMACRIPEMD160 != null; }
public override void Initialize(AnalysisContext analysisContext) { analysisContext.RegisterCompilationStartAction( (context) => { var cryptTypes = new CompilationSecurityTypes(context.Compilation); if (ReferencesAnyTargetType(cryptTypes)) { GetAnalyzer(context, cryptTypes); } }); }
private void RegisterAnalyzer(OperationBlockStartAnalysisContext context, CompilationSecurityTypes types, Version frameworkVersion) { var analyzer = new OperationAnalyzer(types, frameworkVersion); context.RegisterOperationAction( analyzer.AnalyzeOperation, OperationKind.InvocationExpression, OperationKind.AssignmentExpression, OperationKind.VariableDeclaration, OperationKind.ObjectCreationExpression, OperationKind.FieldInitializerAtDeclaration ); context.RegisterOperationBlockEndAction( analyzer.AnalyzeOperationBlock ); }
public override void Initialize(AnalysisContext analysisContext) { analysisContext.EnableConcurrentExecution(); // Security analyzer - analyze and report diagnostics in generated code. analysisContext.ConfigureGeneratedCodeAnalysis(GeneratedCodeAnalysisFlags.Analyze | GeneratedCodeAnalysisFlags.ReportDiagnostics); analysisContext.RegisterCompilationStartAction( (context) => { var cryptTypes = new CompilationSecurityTypes(context.Compilation); if (ReferencesAnyTargetType(cryptTypes)) { GetAnalyzer(context, cryptTypes); } }); }
public override void Initialize(AnalysisContext analysisContext) { analysisContext.EnableConcurrentExecution(); analysisContext.ConfigureGeneratedCodeAnalysis(GeneratedCodeAnalysisFlags.Analyze); analysisContext.RegisterCompilationStartAction(compilationStartAnalysisContext => { var compilationTypes = new CompilationSecurityTypes(compilationStartAnalysisContext.Compilation); if (compilationTypes.HandleProcessCorruptedStateExceptionsAttribute == null) { return; } compilationStartAnalysisContext.RegisterOperationBlockAction(operationBlockAnalysisContext => { if (operationBlockAnalysisContext.OwningSymbol.Kind != SymbolKind.Method) { return; } var method = (IMethodSymbol) operationBlockAnalysisContext.OwningSymbol; if (!ContainsHandleProcessCorruptedStateExceptionsAttribute(method, compilationTypes)) { return; } foreach (var operation in operationBlockAnalysisContext.OperationBlocks) { var walker = new EmptyThrowInsideCatchAllWalker(compilationTypes); walker.Visit(operation); foreach (var catchClause in walker.CatchAllCatchClausesWithoutEmptyThrow) { operationBlockAnalysisContext.ReportDiagnostic(catchClause.Syntax.CreateDiagnostic(Rule, method.ToDisplayString())); } } }); }); }
public override void Initialize(AnalysisContext analysisContext) { analysisContext.RegisterCompilationStartAction( (context) => { Compilation compilation = context.Compilation; var xmlTypes = new CompilationSecurityTypes(compilation); if (ReferencesAnyTargetType(xmlTypes)) { Version version = SecurityDiagnosticHelpers.GetDotNetFrameworkVersion(compilation); // bail if we are not analyzing project targeting .NET Framework // TODO: should we throw an exception to notify user? if (version != null) { Analyzer analyzer = GetAnalyzer(context, xmlTypes, version); context.RegisterSymbolAction(analyzer.AnalyzeSymbol, SymbolKind.NamedType); } } }); }
private static bool ReferencesAnyTargetType(CompilationSecurityTypes types) { return types.MD5 != null || types.SHA1 != null || types.HMACSHA1 != null; }
private static bool ReferencesAnyTargetType(CompilationSecurityTypes types) { return types.XmlDocument != null || types.XmlTextReader != null; }
public SymbolAndNodeAnalyzer(CompilationSecurityTypes xmlTypes, SyntaxNodeHelper helper, Version targetFrameworkVersion) { _xmlTypes = xmlTypes; _syntaxNodeHelper = helper; _isFrameworkSecure = targetFrameworkVersion == null ? false : targetFrameworkVersion >= SymbolAndNodeAnalyzer.s_minSecureFxVersion; }
private static bool ReferencesAnyTargetType(CompilationSecurityTypes types) { return(types.XmlDocument != null || types.XmlTextReader != null); }
protected override SyntaxNodeAnalyzer GetAnalyzer(CodeBlockStartAnalysisContext <SyntaxKind> context, CompilationSecurityTypes types) { SyntaxNodeAnalyzer analyzer = new SyntaxNodeAnalyzer(types, CSharpSyntaxNodeHelper.Default); context.RegisterSyntaxNodeAction( analyzer.AnalyzeNode, SyntaxKind.InvocationExpression, SyntaxKind.ObjectCreationExpression, SyntaxKind.SimpleAssignmentExpression, SyntaxKind.VariableDeclarator); return(analyzer); }
protected override SymbolAndNodeAnalyzer GetAnalyzer(CompilationStartAnalysisContext context, CompilationSecurityTypes types, Version targetFrameworkVersion) { SymbolAndNodeAnalyzer analyzer = new SymbolAndNodeAnalyzer(types, CSharpSyntaxNodeHelper.Default, targetFrameworkVersion); context.RegisterSyntaxNodeAction(analyzer.AnalyzeNode, SyntaxKind.MethodDeclaration, SyntaxKind.ConstructorDeclaration); return(analyzer); }
public override void Initialize(AnalysisContext analysisContext) { analysisContext.EnableConcurrentExecution(); // Security analyzer - analyze and report diagnostics on generated code. analysisContext.ConfigureGeneratedCodeAnalysis(GeneratedCodeAnalysisFlags.Analyze | GeneratedCodeAnalysisFlags.ReportDiagnostics); analysisContext.RegisterCompilationStartAction( (CompilationStartAnalysisContext context) => { var cryptTypes = new CompilationSecurityTypes(context.Compilation); if (!ReferencesAnyTargetType(cryptTypes)) { return; } context.RegisterOperationAction( (OperationAnalysisContext operationAnalysisContext) => { IMethodSymbol method; switch (operationAnalysisContext.Operation) { case IInvocationOperation invocationOperation: method = invocationOperation.TargetMethod; break; case IObjectCreationOperation objectCreationOperation: method = objectCreationOperation.Constructor; break; default: Debug.Fail($"Unhandled IOperation {operationAnalysisContext.Operation.Kind}"); return; } INamedTypeSymbol type = method.ContainingType; DiagnosticDescriptor rule; string algorithmName; if (type.DerivesFrom(cryptTypes.MD5)) { rule = DoNotUseBrokenCryptographyRule; algorithmName = cryptTypes.MD5.Name; } else if (type.DerivesFrom(cryptTypes.SHA1)) { rule = DoNotUseWeakCryptographyRule; algorithmName = cryptTypes.SHA1.Name; } else if (type.DerivesFrom(cryptTypes.HMACSHA1)) { rule = DoNotUseWeakCryptographyRule; algorithmName = cryptTypes.HMACSHA1.Name; } else if (type.DerivesFrom(cryptTypes.DES)) { rule = DoNotUseBrokenCryptographyRule; algorithmName = cryptTypes.DES.Name; } else if ((method.ContainingType.DerivesFrom(cryptTypes.DSA) && method.MetadataName == SecurityMemberNames.CreateSignature) || (type.Equals(cryptTypes.DSASignatureFormatter) && method.ContainingType.DerivesFrom(cryptTypes.DSASignatureFormatter) && method.MetadataName == WellKnownMemberNames.InstanceConstructorName)) { rule = DoNotUseBrokenCryptographyRule; algorithmName = "DSA"; } else if (type.DerivesFrom(cryptTypes.HMACMD5)) { rule = DoNotUseBrokenCryptographyRule; algorithmName = cryptTypes.HMACMD5.Name; } else if (type.DerivesFrom(cryptTypes.RC2)) { rule = DoNotUseBrokenCryptographyRule; algorithmName = cryptTypes.RC2.Name; } else if (type.DerivesFrom(cryptTypes.TripleDES)) { rule = DoNotUseWeakCryptographyRule; algorithmName = cryptTypes.TripleDES.Name; } else if (type.DerivesFrom(cryptTypes.RIPEMD160)) { rule = DoNotUseWeakCryptographyRule; algorithmName = cryptTypes.RIPEMD160.Name; } else if (type.DerivesFrom(cryptTypes.HMACRIPEMD160)) { rule = DoNotUseWeakCryptographyRule; algorithmName = cryptTypes.HMACRIPEMD160.Name; } else { return; } operationAnalysisContext.ReportDiagnostic( Diagnostic.Create( rule, operationAnalysisContext.Operation.Syntax.GetLocation(), operationAnalysisContext.ContainingSymbol.Name, algorithmName)); }, OperationKind.Invocation, OperationKind.ObjectCreation); }); }
private static bool ReferencesAnyTargetType(CompilationSecurityTypes types) { return types.XmlDocument != null || types.XmlNode != null || types.XmlReader != null || types.XmlTextReader != null || types.XPathDocument != null || types.XmlSchema != null || types.DataSet != null || types.DataTable != null || types.DataViewManager != null || types.XmlSerializer != null; }
private static bool ReferencesAnyTargetType(CompilationSecurityTypes types) { return(types.MD5 != null || types.SHA1 != null || types.HMACSHA1 != null); }
public OperationBlockAnalyzer(CompilationSecurityTypes xmlTypes, ISymbol enclosingSymbol) { _xmlTypes = xmlTypes; _enclosingSymbol = enclosingSymbol; }
public OperationAnalyzer(CompilationSecurityTypes xmlTypes, Version targetFrameworkVersion) { _xmlTypes = xmlTypes; _isFrameworkSecure = targetFrameworkVersion == null ? false : targetFrameworkVersion >= s_minSecureFxVersion; }
protected override SyntaxNodeAnalyzer GetAnalyzer(CompilationStartAnalysisContext context, CompilationSecurityTypes cryptTypes) { SyntaxNodeAnalyzer analyzer = new SyntaxNodeAnalyzer(cryptTypes); context.RegisterSyntaxNodeAction(analyzer.AnalyzeNode, SyntaxKind.InvocationExpression, SyntaxKind.ObjectCreationExpression); return(analyzer); }
public Analyzer(CompilationSecurityTypes cryptTypes) { _cryptTypes = cryptTypes; }
private bool ContainsHandleProcessCorruptedStateExceptionsAttribute(IMethodSymbol method, CompilationSecurityTypes compilationTypes) { ImmutableArray<AttributeData> attributes = method.GetAttributes(); return attributes.Any( attribute => attribute.AttributeClass.Equals(compilationTypes.HandleProcessCorruptedStateExceptionsAttribute)); }
public EmptyThrowInsideCatchAllWalker(CompilationSecurityTypes compilationTypes) { _compilationTypes = compilationTypes; }
private static bool ContainsHandleProcessCorruptedStateExceptionsAttribute(IMethodSymbol method, CompilationSecurityTypes compilationTypes) { ImmutableArray <AttributeData> attributes = method.GetAttributes(); return(attributes.Any( attribute => attribute.AttributeClass.Equals(compilationTypes.HandleProcessCorruptedStateExceptionsAttribute))); }
private static void RegisterAnalyzer(OperationBlockStartAnalysisContext context, CompilationSecurityTypes types, Version frameworkVersion) { var analyzer = new OperationAnalyzer(types, frameworkVersion); context.RegisterOperationAction( analyzer.AnalyzeOperation, OperationKind.Invocation, OperationKind.SimpleAssignment, OperationKind.VariableDeclarator, OperationKind.ObjectCreation, OperationKind.FieldInitializer ); context.RegisterOperationBlockEndAction( analyzer.AnalyzeOperationBlock ); }
public Analyzer(CompilationSecurityTypes xmlTypes, SyntaxNodeHelper helper, Version targetFrameworkVersion) { _xmlTypes = xmlTypes; _syntaxNodeHelper = helper; _isFrameworkSecure = targetFrameworkVersion == null ? false : targetFrameworkVersion >= Analyzer.s_minSecureFxVersion; }
protected abstract SymbolAndNodeAnalyzer GetAnalyzer(CompilationStartAnalysisContext context, CompilationSecurityTypes types, Version targetFrameworkVersion);
public SyntaxNodeAnalyzer(CompilationSecurityTypes cryptTypes) { _cryptTypes = cryptTypes; }
protected abstract SyntaxNodeAnalyzer GetAnalyzer(CompilationStartAnalysisContext context, CompilationSecurityTypes cryptTypes);
protected abstract Analyzer GetAnalyzer(CompilationStartAnalysisContext context, CompilationSecurityTypes types, Version targetFrameworkVersion);
protected abstract Analyzer GetAnalyzer(CompilationStartAnalysisContext context, CompilationSecurityTypes cryptTypes);
protected abstract SyntaxNodeAnalyzer GetAnalyzer(CodeBlockStartAnalysisContext <TLanguageKindEnum> context, CompilationSecurityTypes types);
public SyntaxNodeAnalyzer(CompilationSecurityTypes xmlTypes, SyntaxNodeHelper helper) { _xmlTypes = xmlTypes; _syntaxNodeHelper = helper; }