protected void AnalyzeObjectCreation(ISymbol variableSymbol,
SyntaxNode objectCreationNode,
SemanticModel model,
Action <Diagnostic> reportDiagnostic)
{
if (!(SyntaxNodeHelper.GetSymbol(objectCreationNode, model) is IMethodSymbol symbol))
{
return;
}
if (OjectCreationOperationsAnalyzed.Contains(objectCreationNode))
{
return;
}
OjectCreationOperationsAnalyzed.Add(objectCreationNode);
if (SecurityDiagnosticHelpers.IsXmlDocumentCtorDerived(symbol, XmlTypes))
{
var env = AnalyzeObjectCreationForXmlDocument(symbol, objectCreationNode, model);
if (variableSymbol != null)
{
XmlDocumentEnvironments[variableSymbol] = env;
}
else
{
TempXmlDocumentEnvironments[objectCreationNode] = env;
}
}
else if (SecurityDiagnosticHelpers.IsXmlTextReaderCtorDerived(symbol, XmlTypes))
{
var env = AnalyzeObjectCreationForXmlTextReader(symbol, objectCreationNode, model);
if (variableSymbol != null)
{
XmlTextReaderEnvironments[variableSymbol] = env;
}
else
{
TempXmlTextReaderEnvironments[objectCreationNode] = env;
}
}
else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsCtor(symbol, XmlTypes))
{
var env = AnalyzeObjectCreationForXmlReaderSettings(objectCreationNode, model);
if (variableSymbol != null)
{
XmlReaderSettingsEnvironments[variableSymbol] = env;
}
else
{
TempXmlReaderSettingsEnvironments[objectCreationNode] = env;
}
}
else if (symbol.MatchMethodByName(XmlTypes.XPathDocument, WellKnownMemberNames.InstanceConstructorName))
{
if (AreDefaultsSecure)
{
return;
}
if (SecurityDiagnosticHelpers.GetSpecifiedParameterIndex(symbol,
XmlTypes,
SecurityDiagnosticHelpers.IsXmlReaderType) == 0)
{
return;
}
var diag = Diagnostic.Create(XxeDiagnosticAnalyzer.Rule, objectCreationNode.GetLocation());
reportDiagnostic(diag);
}
}