private string CommentFor(MethodDefinition m, ReportWriter format, List <Regex> reviewedMethods) { if (!MethodPrivilegeDetector.IsMethodSignatureSafe(m)) { return("#methodsignature_notsafe"); } string unavailablereason = null; bool criticaltype = false; if (_criticalTypes.Contains(m.DeclaringType)) { criticaltype = true; unavailablereason = format.PropagationGraphStringFor(new[] { new PropagationReasonIsInCriticalType(m) }); } else if (_canBeSscManual.Contains(m)) { return("#available_manualSSC"); } else if (_resultingSecurityCriticalMethods.Contains(m)) { if (_methodRequiringPrivilegesThemselves.Contains(m)) { unavailablereason = "method itself requires privileges"; } else { unavailablereason = format.PropagationGraphStringFor(PropagationStackFor(m)); } } if (unavailablereason != null) { string prefix = "#unavailable_notreviewed "; if (criticaltype || reviewedMethods.Any(r => r.Match(m.ToString()).Success)) { prefix = "#unavailable_butreviewed "; } return(prefix + " (ML: " + Moonlight.GetSecurityStatusFor(m) + ") " + unavailablereason); } return("#available"); }
public virtual string PropagationGraphStringFor(IEnumerable <PropagationReason> stack) { string result = stack.Aggregate("", (s, m) => m.MethodThatTaintedMe == null ? s + m.Explanation : s + string.Format("{1} {0} (ML:{2}) which ", MethodSignatureProvider.SignatureFor(m.MethodThatTaintedMe), m.Explanation, Moonlight.GetSecurityStatusFor(m.MethodThatTaintedMe))); return(result); }