Example #1
0
 public static bool IsXsltSettingsCtor(IMethodSymbol method, CompilationSecurityTypes xmlTypes)
 {
     return(method != null &&
            method.MatchMethodByName(xmlTypes.XsltSettings, WellKnownMemberNames.InstanceConstructorName));
 }
 public static bool IsXsltSettingsCtor(IMethodSymbol method, CompilationSecurityTypes xmlTypes)
 {
     return method != null
         && method.MatchMethodByName(xmlTypes.XsltSettings, WellKnownMemberNames.InstanceConstructorName);
 }
Example #3
0
 public static bool IsXslCompiledTransformLoad(IMethodSymbol method, CompilationSecurityTypes xmlTypes)
 {
     return(method != null &&
            method.MatchMethodByName(xmlTypes.XslCompiledTransform, SecurityMemberNames.Load));
 }
 public static bool IsXmlReaderCreate(IMethodSymbol method, CompilationSecurityTypes xmlTypes)
 {
     return method != null
         && method.MatchMethodByName(xmlTypes.XmlReader, SecurityMemberNames.Create);
 }
 public static bool IsXslCompiledTransformLoad(IMethodSymbol method, CompilationSecurityTypes xmlTypes)
 {
     return method != null
         && method.MatchMethodByName(xmlTypes.XslCompiledTransform, SecurityMemberNames.Load);
 }
Example #6
0
        protected void AnalyzeInvocation(SyntaxNode node, SemanticModel model, Action <Diagnostic> reportDiagnostic)
        {
            IMethodSymbol method = SyntaxNodeHelper.GetCalleeMethodSymbol(node, model);

            if (method == null)
            {
                return;
            }

            if (method.MatchMethodByName(XmlTypes.XmlSchema, "Read"))
            {
                if (!AreDefaultsSecure &&
                    SecurityDiagnosticHelpers.GetSpecifiedParameterIndex(method,
                                                                         XmlTypes,
                                                                         SecurityDiagnosticHelpers.IsXmlReaderType) < 0)
                {
                    var diag = Diagnostic.Create(XxeDiagnosticAnalyzer.Rule, node.GetLocation());
                    reportDiagnostic(diag);
                }
            }
            else if (method.MatchMethodDerivedByName(XmlTypes.XmlReader, "Create"))
            {
                int xmlReaderSettingsIndex = SecurityDiagnosticHelpers.GetXmlReaderSettingsParameterIndex(method, XmlTypes);

                if (xmlReaderSettingsIndex < 0)
                {
                    return;
                }

                SyntaxNode settingsNode = SyntaxNodeHelper.GetInvocationArgumentExpressionNodes(node).ElementAt(xmlReaderSettingsIndex);
                XmlReaderSettingsEnvironment env;
                if (SyntaxNodeHelper.IsObjectConstructionForTemporaryObject(settingsNode))
                {
                    OjectCreationOperationsAnalyzed.Add(settingsNode);
                    env = AnalyzeObjectCreationForXmlReaderSettings(settingsNode, model);
                    TempXmlReaderSettingsEnvironments[settingsNode] = env;
                }
                else
                {
                    ISymbol settingsSymbol = SyntaxNodeHelper.GetSymbol(settingsNode, model);
                    XmlReaderSettingsEnvironments.TryGetValue(settingsSymbol, out env);
                }

                if (env == null)
                {
                    // symbol for settings is not found => passed in without any change => assume insecure
                    reportDiagnostic(Diagnostic.Create(XxeDiagnosticAnalyzer.Rule, node.GetLocation()));
                }
            }
            else if (ReferenceEquals(method.ContainingType, XmlTypes.ConfigXmlDocument))
            {
                var variableNode = SyntaxNodeHelper.GetMemberAccessExpressionNode(SyntaxNodeHelper.GetInvocationExpressionNode(node));
                if (variableNode == null)
                {
                    throw new ArgumentException(nameof(variableNode));
                }

                var variableSymbol = SyntaxNodeHelper.GetSymbol(variableNode, model);
                if (variableSymbol == null)
                {
                    return;
                }

                XmlDocumentEnvironment env;
                if (SyntaxNodeHelper.IsObjectConstructionForTemporaryObject(variableNode))
                {
                    OjectCreationOperationsAnalyzed.Add(variableNode);
                    env = AnalyzeObjectCreationForXmlDocument(variableSymbol, variableNode, model);
                    TempXmlDocumentEnvironments[variableNode] = env;
                }
                else
                {
                    XmlDocumentEnvironments.TryGetValue(variableSymbol, out env);
                }

                if (method.MatchMethodDerivedByName(XmlTypes.ConfigXmlDocument, "Load"))
                {
                    if (env != null)
                    {
                        env.WasSafeFunctionCalled = true;
                    }
                }
                else
                {
                    if (env == null)
                    {
                        // symbol not found => passed in without any change => assume insecure
                        reportDiagnostic(Diagnostic.Create(XxeDiagnosticAnalyzer.Rule, node.GetLocation()));
                    }
                    else
                    {
                        env.WasSomethingElseCalled = true;
                    }
                }
            }
            else if (ReferenceEquals(method.ContainingType, XmlTypes.XmlDocument))
            {
                var variableNode = SyntaxNodeHelper.GetMemberAccessExpressionNode(SyntaxNodeHelper.GetInvocationExpressionNode(node));
                if (variableNode == null)
                {
                    throw new ArgumentException(nameof(variableNode));
                }

                var variableSymbol = SyntaxNodeHelper.GetSymbol(variableNode, model);
                if (variableSymbol == null)
                {
                    return;
                }

                XmlDocumentEnvironment env;
                if (SyntaxNodeHelper.IsObjectConstructionForTemporaryObject(variableNode))
                {
                    OjectCreationOperationsAnalyzed.Add(variableNode);
                    env = AnalyzeObjectCreationForXmlDocument(variableSymbol, variableNode, model);
                    TempXmlDocumentEnvironments[variableNode] = env;
                }
                else
                {
                    XmlDocumentEnvironments.TryGetValue(variableSymbol, out env);
                }

                // Special case XmlDataDocument.LoadXml throws NotSupportedException
                if (env == null || !ReferenceEquals(env.Type, XmlTypes.XmlDataDocument))
                {
                    return;
                }

                // LoadXml is not overridden in XmlDataDocument, thus XmlTypes.XmlDocument
                if (method.MatchMethodDerivedByName(XmlTypes.XmlDocument, "LoadXml"))
                {
                    env.WasSafeFunctionCalled = true;
                }
                else
                {
                    env.WasSomethingElseCalled = true;
                }
            }
        }
Example #7
0
 public static bool IsXmlReaderCreate(IMethodSymbol method, CompilationSecurityTypes xmlTypes)
 {
     return(method != null &&
            method.MatchMethodByName(xmlTypes.XmlReader, SecurityMemberNames.Create));
 }
            private void AnalyzeNodeForDtdProcessingOverloads(SyntaxNodeAnalysisContext context)
            {
                SyntaxNode    node  = context.Node;
                SemanticModel model = context.SemanticModel;

                IMethodSymbol method = _syntaxNodeHelper.GetCalleeMethodSymbol(node, model);

                if (method == null)
                {
                    return;
                }

                CompilationSecurityTypes xmlTypes = _xmlTypes;

                if (method.MatchMethodDerivedByName(xmlTypes.XmlDocument, SecurityMemberNames.Load) ||                               //FxCop CA3056
                    method.MatchMethodDerivedByName(xmlTypes.XmlDocument, SecurityMemberNames.LoadXml) ||                            //FxCop CA3057
                    method.MatchMethodDerivedByName(xmlTypes.XPathDocument, WellKnownMemberNames.InstanceConstructorName) ||         //FxCop CA3059
                    method.MatchMethodDerivedByName(xmlTypes.XmlSchema, SecurityMemberNames.Read) ||                                 //FxCop CA3060
                    method.MatchMethodDerivedByName(xmlTypes.DataSet, SecurityMemberNames.ReadXml) ||                                //FxCop CA3063
                    method.MatchMethodDerivedByName(xmlTypes.DataSet, SecurityMemberNames.ReadXmlSchema) ||                          //FxCop CA3064
                    method.MatchMethodDerivedByName(xmlTypes.XmlSerializer, SecurityMemberNames.Deserialize) ||                      //FxCop CA3070
                    method.MatchMethodDerivedByName(xmlTypes.DataTable, SecurityMemberNames.ReadXml) ||                              //FxCop CA3071
                    method.MatchMethodDerivedByName(xmlTypes.DataTable, SecurityMemberNames.ReadXmlSchema))                          //FxCop CA3072
                {
                    if (SecurityDiagnosticHelpers.HasXmlReaderParameter(method, xmlTypes) < 0)
                    {
                        DiagnosticDescriptor rule = RuleDoNotUseInsecureDTDProcessing;
                        context.ReportDiagnostic(
                            Diagnostic.Create(
                                rule,
                                node.GetLocation(),
                                SecurityDiagnosticHelpers.GetLocalizableResourceString(
                                    nameof(DesktopAnalyzersResources.DoNotUseDtdProcessingOverloadsMessage),
                                    SecurityDiagnosticHelpers.GetNonEmptyParentName(node, model),
                                    method.Name)
                                )
                            );
                    }
                }
                // We assume the design of derived type are secure, per Rule CA9003
                else if (method.MatchMethodByName(xmlTypes.XmlDocument, WellKnownMemberNames.InstanceConstructorName))
                {
                    if (IsObjectConstructionForTemporaryObject(node))   // REVIEW: may be hard to check
                    {
                        bool isXmlDocumentSecureResolver = false;

                        foreach (SyntaxNode arg in _syntaxNodeHelper.GetObjectInitializerExpressionNodes(node))
                        {
                            SyntaxNode argLhs = _syntaxNodeHelper.GetAssignmentLeftNode(arg);
                            SyntaxNode argRhs = _syntaxNodeHelper.GetAssignmentRightNode(arg);

                            if (SecurityDiagnosticHelpers.IsXmlDocumentXmlResolverProperty(SyntaxNodeHelper.GetSymbol(argLhs, model), xmlTypes))
                            {
                                if (!(SyntaxNodeHelper.NodeHasConstantValueNull(argRhs, model) ||
                                      SecurityDiagnosticHelpers.IsXmlSecureResolverType(model.GetTypeInfo(argRhs).Type, xmlTypes)))
                                {
                                    // if XmlResolver property is explicitly set to an insecure value in initializer list,
                                    // a warning would be generated when handling assignment of XmlDocument.XmlResolver
                                    // AnalyzeNodeForXmlDocument method, so we ignore it here.
                                    return;
                                }
                                else
                                {
                                    isXmlDocumentSecureResolver = true;
                                }
                            }
                        }
                        if (!isXmlDocumentSecureResolver)
                        {
                            Diagnostic diag = Diagnostic.Create(
                                RuleDoNotUseInsecureDTDProcessing,
                                node.GetLocation(),
                                SecurityDiagnosticHelpers.GetLocalizableResourceString(
                                    nameof(DesktopAnalyzersResources.XmlDocumentWithNoSecureResolverMessage),
                                    _syntaxNodeHelper.GetEnclosingConstructSymbol(node, model).Name)
                                );
                            context.ReportDiagnostic(diag);
                        }
                    }
                }
                // We assume the design of derived type are secure, per Rule CA9003
                else if (method.MatchMethodByName(xmlTypes.XmlTextReader, WellKnownMemberNames.InstanceConstructorName))
                {
                    if (IsObjectConstructionForTemporaryObject(node))   // REVIEW: may be hard to check
                    {
                        bool isXmlTextReaderSecureResolver, isXmlTextReaderDtdProcessingDisabled;
                        isXmlTextReaderSecureResolver = isXmlTextReaderDtdProcessingDisabled = false;

                        foreach (SyntaxNode arg in _syntaxNodeHelper.GetObjectInitializerExpressionNodes(node))
                        {
                            SyntaxNode argLhs    = _syntaxNodeHelper.GetAssignmentLeftNode(arg);
                            SyntaxNode argRhs    = _syntaxNodeHelper.GetAssignmentRightNode(arg);
                            ISymbol    symArgLhs = SyntaxNodeHelper.GetSymbol(argLhs, model);
                            if (SecurityDiagnosticHelpers.IsXmlTextReaderXmlResolverProperty(symArgLhs, xmlTypes))
                            {
                                if (!(SyntaxNodeHelper.NodeHasConstantValueNull(argRhs, model) ||
                                      SecurityDiagnosticHelpers.IsXmlSecureResolverType(model.GetTypeInfo(argRhs).Type, xmlTypes)))
                                {
                                    // Generate a warning whenever the XmlTextReader.XmlResolver property is set to an insecure value
                                    Diagnostic diag = Diagnostic.Create(
                                        RuleDoNotUseInsecureDTDProcessing,
                                        node.GetLocation(),
                                        SecurityDiagnosticHelpers.GetLocalizableResourceString(
                                            nameof(DesktopAnalyzersResources.XmlTextReaderSetInsecureResolutionMessage),
                                            _syntaxNodeHelper.GetEnclosingConstructSymbol(node, model).Name
                                            )
                                        );
                                    context.ReportDiagnostic(diag);
                                    return;
                                }
                                else
                                {
                                    isXmlTextReaderSecureResolver = true;
                                }
                            }
                            else if (SecurityDiagnosticHelpers.IsXmlTextReaderDtdProcessingProperty(symArgLhs, xmlTypes))
                            {
                                if (SyntaxNodeHelper.GetSymbol(argRhs, model).MatchFieldByName(xmlTypes.DtdProcessing, SecurityMemberNames.Parse))
                                {
                                    // Generate a warning whenever the XmlTextReader.DtdProcessing property is set to DtdProcessing.Parse
                                    Diagnostic diag = Diagnostic.Create(
                                        RuleDoNotUseInsecureDTDProcessing,
                                        node.GetLocation(),
                                        SecurityDiagnosticHelpers.GetLocalizableResourceString(
                                            nameof(DesktopAnalyzersResources.XmlTextReaderSetInsecureResolutionMessage),
                                            _syntaxNodeHelper.GetEnclosingConstructSymbol(node, model).Name
                                            )
                                        );
                                    context.ReportDiagnostic(diag);
                                    return;
                                }
                                else
                                {
                                    isXmlTextReaderDtdProcessingDisabled = true;
                                }
                            }
                        }
                        if (!isXmlTextReaderSecureResolver || !isXmlTextReaderDtdProcessingDisabled)
                        {
                            Diagnostic diag = Diagnostic.Create(
                                RuleDoNotUseInsecureDTDProcessing,
                                node.GetLocation(),
                                SecurityDiagnosticHelpers.GetLocalizableResourceString(
                                    nameof(DesktopAnalyzersResources.XmlTextReaderConstructedWithNoSecureResolutionMessage),
                                    SecurityDiagnosticHelpers.GetNonEmptyParentName(node, model)
                                    )
                                );
                            context.ReportDiagnostic(diag);
                        }
                    }
                }
                else if (method.MatchMethodDerivedByName(xmlTypes.XmlReader, SecurityMemberNames.Create))
                {
                    int xmlReaderSettingsIndex = SecurityDiagnosticHelpers.HasXmlReaderSettingsParameter(method, xmlTypes);
                    if (xmlReaderSettingsIndex < 0)     //FxCop CA3053:XmlReaderCreateWrongOverload
                    {
                        DiagnosticDescriptor rule = RuleDoNotUseInsecureDTDProcessing;
                        context.ReportDiagnostic(
                            Diagnostic.Create(
                                rule,
                                node.GetLocation(),
                                SecurityDiagnosticHelpers.GetLocalizableResourceString(
                                    nameof(DesktopAnalyzersResources.XmlReaderCreateWrongOverloadMessage),
                                    SecurityDiagnosticHelpers.GetNonEmptyParentName(node, model)
                                    )
                                )
                            );
                    }
                    else
                    {
                        SyntaxNode settingsNode          = _syntaxNodeHelper.GetInvocationArgumentExpressionNodes(node).ElementAt(xmlReaderSettingsIndex);
                        ISymbol    settingsSymbol        = SyntaxNodeHelper.GetSymbol(settingsNode, model);
                        XmlReaderSettingsEnvironment env = null;
                        if (!_xmlReaderSettingsEnvironments.TryGetValue(settingsSymbol, out env))
                        {
                            // symbol for settings is not found => passed in without any change => assume insecure
                            Diagnostic diag = Diagnostic.Create(
                                RuleDoNotUseInsecureDTDProcessing,
                                node.GetLocation(),
                                SecurityDiagnosticHelpers.GetLocalizableResourceString(
                                    nameof(DesktopAnalyzersResources.XmlReaderCreateInsecureInputMessage),
                                    SecurityDiagnosticHelpers.GetNonEmptyParentName(node, model)
                                    )
                                );
                            context.ReportDiagnostic(diag);
                        }
                        else if (!env.IsDtdProcessingDisabled && !(env.IsSecureResolver & env.IsMaxCharactersFromEntitiesLimited))
                        {
                            Diagnostic diag;
                            if (env.IsConstructedInCodeBlock)
                            {
                                diag = Diagnostic.Create(
                                    RuleDoNotUseInsecureDTDProcessing,
                                    node.GetLocation(),
                                    SecurityDiagnosticHelpers.GetLocalizableResourceString(
                                        nameof(DesktopAnalyzersResources.XmlReaderCreateInsecureConstructedMessage)
                                        )
                                    );
                            }
                            else
                            {
                                diag = Diagnostic.Create(
                                    RuleDoNotUseInsecureDTDProcessing,
                                    node.GetLocation(),
                                    SecurityDiagnosticHelpers.GetLocalizableResourceString(
                                        nameof(DesktopAnalyzersResources.XmlReaderCreateInsecureInputMessage)
                                        )
                                    );
                            }
                            context.ReportDiagnostic(diag);
                        }
                    }
                }
            }