private void VisitNodeRecursively(SyntaxNode node, ExecutionState state)
{
//Looking for the creation of a cookie (HttpCookie)
if (node is VariableDeclaratorSyntax)
{
var variableDecorator = (VariableDeclaratorSyntax)node;
var expressionValue = variableDecorator.Initializer?.Value;
if (expressionValue is ObjectCreationExpressionSyntax)
{
var objCreation = (ObjectCreationExpressionSyntax)expressionValue;
var symbol = state.GetSymbol(objCreation);
if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", ".ctor"))
{
state.AddNewValue(variableDecorator.Identifier.Text, //
new VariableState(VariableTaint.SAFE) //
.AddTag(VariableTag.HttpCookie) //
.AddSyntaxNode(node));
}
}
}
//Looking for Assigment to Secure or HttpOnly property
else if (node is AssignmentExpressionSyntax)
{
var assigment = (AssignmentExpressionSyntax)node;
if (assigment.Left is MemberAccessExpressionSyntax)
{
var memberAccess = (MemberAccessExpressionSyntax)assigment.Left;
if (memberAccess.Expression is IdentifierNameSyntax)
{
var identifier = (IdentifierNameSyntax)memberAccess.Expression;
string variableAccess = identifier.Identifier.ValueText;
var symbol = state.GetSymbol(memberAccess);
if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure"))
{
state.AddTag(variableAccess, VariableTag.HttpCookieSecure);
}
else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly"))
{
state.AddTag(variableAccess, VariableTag.HttpCookieHttpOnly);
}
}
}
}
foreach (var n in node.ChildNodes())
{
VisitNodeRecursively(n, state);
}
}
public void VisitStatement(StatementSyntax statement, ExecutionState state)
{
var localDeclaration = statement as LocalDeclarationStatementSyntax;
if (localDeclaration == null)
{
return;
}
var varDeclaration = localDeclaration.Declaration as VariableDeclarationSyntax;
if (varDeclaration == null)
{
return;
}
foreach (var variable in varDeclaration.Variables)
{
//Looking for the creation of a cookie (HttpCookie)
var variableDecorator = variable as VariableDeclaratorSyntax;
if (variableDecorator != null)
{
var expressionValue = variableDecorator.Initializer?.Value;
if (expressionValue is ObjectCreationExpressionSyntax)
{
var objCreation = (ObjectCreationExpressionSyntax)expressionValue;
var symbol = state.GetSymbol(objCreation);
if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", ".ctor"))
{
//It will override the initial state
state.AddNewValue(variableDecorator.Identifier.Text, //
new VariableState(VariableTaint.SAFE) //
.AddTag(VariableTag.HttpCookie) //
.AddSyntaxNode(variable));
}
}
}
}
}
public void VisitStatement(Microsoft.CodeAnalysis.VisualBasic.Syntax.StatementSyntax statement, ExecutionState state)
{
var localDeclaration = statement as Microsoft.CodeAnalysis.VisualBasic.Syntax.LocalDeclarationStatementSyntax;
if (localDeclaration == null)
{
return;
}
var varDeclaration = localDeclaration.Declarators.First() as Microsoft.CodeAnalysis.VisualBasic.Syntax.VariableDeclaratorSyntax;
if (varDeclaration == null)
{
return;
}
foreach (var variable in localDeclaration.Declarators)
{
//Looking for the creation of a cookie (HttpCookie)
var variableDecorator = variable;
if (variableDecorator != null)
{
var expressionValue = variableDecorator.Initializer?.Value;
if (expressionValue is Microsoft.CodeAnalysis.VisualBasic.Syntax.ObjectCreationExpressionSyntax)
{
var objCreation = (Microsoft.CodeAnalysis.VisualBasic.Syntax.ObjectCreationExpressionSyntax)expressionValue;
var symbol = state.GetSymbol(objCreation);
if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", ".ctor"))
{
//It will override the initial state
state.AddNewValue(variableDecorator.GetFirstToken().Text, //
new VariableState(variable, VariableTaint.SAFE) //
.AddTag(VariableTag.HttpCookie) //
.AddSyntaxNode(variable));
}
}
}
}
}