private void AnalyzeObjectCreationForXmlReaderSettings(ISymbol variable, IObjectCreationExpression objCreation)
{
XmlReaderSettingsEnvironment xmlReaderSettingsEnv = new XmlReaderSettingsEnvironment(_isFrameworkSecure);
if (variable != null)
{
_xmlReaderSettingsEnvironments[variable] = xmlReaderSettingsEnv;
}
xmlReaderSettingsEnv.XmlReaderSettingsDefinition = objCreation.Syntax;
foreach (ISymbolInitializer init in objCreation.MemberInitializers)
{
var prop = init as IPropertyInitializer;
if (prop != null)
{
if (SecurityDiagnosticHelpers.IsXmlReaderSettingsXmlResolverProperty(
prop.InitializedProperty,
_xmlTypes)
)
{
IConversionExpression operation = prop.Value as IConversionExpression;
if (operation == null)
{
return;
}
if (SecurityDiagnosticHelpers.IsXmlSecureResolverType(operation.Operand.Type, _xmlTypes))
{
xmlReaderSettingsEnv.IsSecureResolver = true;
}
else if (SecurityDiagnosticHelpers.IsExpressionEqualsNull(operation.Operand))
{
xmlReaderSettingsEnv.IsSecureResolver = true;
}
}
else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsDtdProcessingProperty(prop.InitializedProperty, _xmlTypes))
{
xmlReaderSettingsEnv.IsDtdProcessingDisabled = !SecurityDiagnosticHelpers.IsExpressionEqualsDtdProcessingParse(prop.Value);
}
else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsMaxCharactersFromEntitiesProperty(prop.InitializedProperty, _xmlTypes))
{
xmlReaderSettingsEnv.IsMaxCharactersFromEntitiesLimited = !SecurityDiagnosticHelpers.IsExpressionEqualsIntZero(prop.Value);
}
}
}
}
private void AnalyzeXmlTextReaderProperties(OperationAnalysisContext context, ISymbol assignedSymbol, IAssignmentExpression expression, bool isXmlTextReaderXmlResolverProperty, bool isXmlTextReaderDtdProcessingProperty)
{
XmlTextReaderEnvironment env;
if (!_xmlTextReaderEnvironments.TryGetValue(assignedSymbol, out env))
{
env = new XmlTextReaderEnvironment(_isFrameworkSecure);
}
if (isXmlTextReaderXmlResolverProperty)
{
env.IsXmlResolverSet = true;
}
else
{
env.IsDtdProcessingSet = true;
}
IConversionExpression conv = expression.Value as IConversionExpression;
if (isXmlTextReaderXmlResolverProperty && conv != null && SecurityDiagnosticHelpers.IsXmlSecureResolverType(conv.Operand.Type, _xmlTypes))
{
env.IsSecureResolver = true;
}
else if (isXmlTextReaderXmlResolverProperty && conv != null && SecurityDiagnosticHelpers.IsExpressionEqualsNull(conv.Operand))
{
env.IsSecureResolver = true;
}
else if (isXmlTextReaderDtdProcessingProperty && conv == null && !SecurityDiagnosticHelpers.IsExpressionEqualsDtdProcessingParse(expression.Value))
{
env.IsDtdProcessingDisabled = !SecurityDiagnosticHelpers.IsExpressionEqualsDtdProcessingParse(expression.Value);
}
else
{
// Generate a warning whenever the XmlResolver or DtdProcessing property is set to an insecure value
Diagnostic diag = Diagnostic.Create(
RuleDoNotUseInsecureDtdProcessing,
expression.Syntax.GetLocation(),
SecurityDiagnosticHelpers.GetLocalizableResourceString(
nameof(DesktopAnalyzersResources.XmlTextReaderSetInsecureResolutionMessage)
)
);
context.ReportDiagnostic(diag);
}
}
private void AnalyzeObjectCreationForXmlTextReader(OperationAnalysisContext context, ISymbol variable, IObjectCreationExpression objCreation)
{
if (variable == null || !_xmlTextReaderEnvironments.TryGetValue(variable, out XmlTextReaderEnvironment env))
{
env = new XmlTextReaderEnvironment(_isFrameworkSecure)
{
XmlTextReaderDefinition = objCreation.Syntax
};
}
if (objCreation.Constructor.ContainingType != _xmlTypes.XmlTextReader)
{
env.IsDtdProcessingDisabled = true;
env.IsSecureResolver = true;
}
foreach (ISymbolInitializer init in objCreation.MemberInitializers)
{
if (init is IPropertyInitializer prop)
{
if (prop.Value is IConversionExpression operation && SecurityDiagnosticHelpers.IsXmlTextReaderXmlResolverPropertyDerived(prop.InitializedProperty, _xmlTypes))
{
env.IsXmlResolverSet = true;
if (SecurityDiagnosticHelpers.IsXmlSecureResolverType(operation.Operand.Type, _xmlTypes))
{
env.IsSecureResolver = true;
}
else if (SecurityDiagnosticHelpers.IsExpressionEqualsNull(operation.Operand))
{
env.IsSecureResolver = true;
}
else
{
env.IsSecureResolver = false;
}
}
else if (SecurityDiagnosticHelpers.IsXmlTextReaderDtdProcessingPropertyDerived(prop.InitializedProperty, _xmlTypes))
{
env.IsDtdProcessingSet = true;
env.IsDtdProcessingDisabled = !SecurityDiagnosticHelpers.IsExpressionEqualsDtdProcessingParse(prop.Value);
}
}
}
private void AnalyzeAssignment(OperationAnalysisContext context)
{
IAssignmentExpression expression = context.Operation as IAssignmentExpression;
if (expression.Target == null)
{
return;
}
SemanticModel model = context.Compilation.GetSemanticModel(expression.Syntax.SyntaxTree);
var propRef = expression.Target as IPropertyReferenceExpression;
if (propRef == null) // A variable/field assignment
{
ISymbol symbolAssignedTo = expression.Target.Syntax.GetDeclaredOrReferencedSymbol(model);
if (symbolAssignedTo != null)
{
AnalyzeObjectCreationInternal(context, symbolAssignedTo, expression.Value);
}
}
else // A property assignment
{
ISymbol assignedSymbol = propRef.Instance.Syntax.GetDeclaredOrReferencedSymbol(model);
if (propRef.Property.MatchPropertyByName(_xmlTypes.XmlDocument, "XmlResolver"))
{
AnalyzeXmlResolverPropertyAssignmentForXmlDocument(context, assignedSymbol, expression);
}
else
{
bool isXmlTextReaderXmlResolverProperty = SecurityDiagnosticHelpers.IsXmlTextReaderXmlResolverPropertyDerived(propRef.Property, _xmlTypes);
bool isXmlTextReaderDtdProcessingProperty = !isXmlTextReaderXmlResolverProperty &&
SecurityDiagnosticHelpers.IsXmlTextReaderDtdProcessingPropertyDerived(propRef.Property, _xmlTypes);
if (isXmlTextReaderXmlResolverProperty || isXmlTextReaderDtdProcessingProperty)
{
AnalyzeXmlTextReaderProperties(context, assignedSymbol, expression, isXmlTextReaderXmlResolverProperty, isXmlTextReaderDtdProcessingProperty);
}
else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsType(propRef.Instance.Type, _xmlTypes))
{
XmlReaderSettingsEnvironment env;
if (!_xmlReaderSettingsEnvironments.TryGetValue(assignedSymbol, out env))
{
env = new XmlReaderSettingsEnvironment(_isFrameworkSecure);
_xmlReaderSettingsEnvironments[assignedSymbol] = env;
}
IConversionExpression conv = expression.Value as IConversionExpression;
if (conv != null && SecurityDiagnosticHelpers.IsXmlReaderSettingsXmlResolverProperty(
propRef.Property,
_xmlTypes)
)
{
if (SecurityDiagnosticHelpers.IsXmlSecureResolverType(conv.Operand.Type, _xmlTypes))
{
env.IsSecureResolver = true;
}
else if (SecurityDiagnosticHelpers.IsExpressionEqualsNull(conv.Operand))
{
env.IsSecureResolver = true;
}
}
else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsDtdProcessingProperty(propRef.Property, _xmlTypes))
{
env.IsDtdProcessingDisabled = !SecurityDiagnosticHelpers.IsExpressionEqualsDtdProcessingParse(expression.Value);
}
else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsMaxCharactersFromEntitiesProperty(propRef.Property, _xmlTypes))
{
env.IsMaxCharactersFromEntitiesLimited = !SecurityDiagnosticHelpers.IsExpressionEqualsIntZero(expression.Value);
}
}
else
{
AnalyzeNeverSetProperties(context, propRef.Property, expression.Syntax.GetLocation());
}
}
}
}
private void AnalyzeObjectCreationForXmlTextReader(OperationAnalysisContext context, ISymbol variable, IObjectCreationExpression objCreation)
{
XmlTextReaderEnvironment env;
if (variable == null || !_xmlTextReaderEnvironments.TryGetValue(variable, out env))
{
env = new XmlTextReaderEnvironment(_isFrameworkSecure)
{
XmlTextReaderDefinition = objCreation.Syntax
};
}
if (objCreation.Constructor.ContainingType != _xmlTypes.XmlTextReader)
{
env.IsDtdProcessingDisabled = true;
env.IsSecureResolver = true;
}
foreach (ISymbolInitializer init in objCreation.MemberInitializers)
{
var prop = init as IPropertyInitializer;
if (prop != null)
{
IConversionExpression operation = prop.Value as IConversionExpression;
if (operation != null && SecurityDiagnosticHelpers.IsXmlTextReaderXmlResolverPropertyDerived(prop.InitializedProperty, _xmlTypes))
{
env.IsXmlResolverSet = true;
if (SecurityDiagnosticHelpers.IsXmlSecureResolverType(operation.Operand.Type, _xmlTypes))
{
env.IsSecureResolver = true;
}
else if (SecurityDiagnosticHelpers.IsExpressionEqualsNull(operation.Operand))
{
env.IsSecureResolver = true;
}
else
{
env.IsSecureResolver = false;
}
}
else if (SecurityDiagnosticHelpers.IsXmlTextReaderDtdProcessingPropertyDerived(prop.InitializedProperty, _xmlTypes))
{
env.IsDtdProcessingSet = true;
env.IsDtdProcessingDisabled = !SecurityDiagnosticHelpers.IsExpressionEqualsDtdProcessingParse(prop.Value);
}
}
}
// if the XmlResolver or Dtdprocessing property is explicitly set when created, and is to an insecure value, generate a warning
if ((env.IsXmlResolverSet && !env.IsSecureResolver) ||
(env.IsDtdProcessingSet && !env.IsDtdProcessingDisabled))
{
Diagnostic diag = Diagnostic.Create(
RuleDoNotUseInsecureDtdProcessing,
env.XmlTextReaderDefinition.GetLocation(),
SecurityDiagnosticHelpers.GetLocalizableResourceString(
nameof(DesktopAnalyzersResources.XmlTextReaderSetInsecureResolutionMessage)
)
);
context.ReportDiagnostic(diag);
}
// if the XmlResolver or Dtdprocessing property is not explicitly set when constructed for a non-temp XmlTextReader object, add env to the dictionary.
else if (variable != null && !(env.IsDtdProcessingSet && env.IsXmlResolverSet))
{
_xmlTextReaderEnvironments[variable] = env;
}
// if the is not set or set to Parse for a temporary object, report right now.
else if (variable == null && !(env.IsDtdProcessingSet && env.IsXmlResolverSet && env.IsDtdProcessingDisabled && env.IsSecureResolver))
{
Diagnostic diag = Diagnostic.Create(
RuleDoNotUseInsecureDtdProcessing,
env.XmlTextReaderDefinition.GetLocation(),
SecurityDiagnosticHelpers.GetLocalizableResourceString(
nameof(DesktopAnalyzersResources.XmlTextReaderConstructedWithNoSecureResolutionMessage)
)
);
context.ReportDiagnostic(diag);
}
}