static XmlElementAnalyzer()
{
NoXmlTextRule = AnalyzerUtil.CreateDiagnosticDescriptor(NoXmlTextRuleId, nameof(Resources.NoXmlTextRulerTitle),
nameof(Resources.NoXmlTextRuleMessageFormat), nameof(Resources.NoXmlTextRuleDescription), Category);
NoEndTagRule = AnalyzerUtil.CreateDiagnosticDescriptor(NoEndTagRuleId, nameof(Resources.NoEndTagRuleTitle),
nameof(Resources.NoEndTagRuleMessageFormat), nameof(Resources.NoEndTagRuleDescription), Category);
}
private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx)
{
SyntaxNode assignment;
SyntaxNode memberAccess;
if (ctx.Node.Language == LanguageNames.CSharp)
{
assignment = ctx.Node as CSharpSyntax.AssignmentExpressionSyntax;
memberAccess = ((CSharpSyntax.AssignmentExpressionSyntax)assignment)?.Left as CSharpSyntax.MemberAccessExpressionSyntax;
}
else
{
assignment = ctx.Node as VBSyntax.AssignmentStatementSyntax;
memberAccess = ((VBSyntax.AssignmentStatementSyntax)assignment)?.Left as VBSyntax.MemberAccessExpressionSyntax;
}
if (memberAccess == null)
{
return;
}
var symbolMemberAccess = ctx.SemanticModel.GetSymbolInfo(memberAccess).Symbol;
if (AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "ServicePointManager", name: "ServerCertificateValidationCallback") ||
AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "ServicePointManager", name: "CertificatePolicy"))
{
var diagnostic = Diagnostic.Create(Rule, assignment.GetLocation());
ctx.ReportDiagnostic(diagnostic);
}
}
private static void VisitSyntaxNodeEx(SyntaxNodeAnalysisContext ctx)
{
Microsoft.CodeAnalysis.VisualBasic.Syntax.InvocationExpressionSyntax node = ctx.Node as Microsoft.CodeAnalysis.VisualBasic.Syntax.InvocationExpressionSyntax;
Microsoft.CodeAnalysis.VisualBasic.Syntax.ObjectCreationExpressionSyntax node2 = ctx.Node as Microsoft.CodeAnalysis.VisualBasic.Syntax.ObjectCreationExpressionSyntax;
if (node != null)
{
var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol;
foreach (string cipher in BadCiphers)
{
if (AnalyzerUtil.SymbolMatch(symbol, type: cipher, name: "Create"))
{
var diagnostic = Diagnostic.Create(Rule, node.Expression.GetLocation(), cipher);
ctx.ReportDiagnostic(diagnostic);
}
}
}
if (node2 != null)
{
var symbol = ctx.SemanticModel.GetSymbolInfo(node2).Symbol;
foreach (string cipher in BadCiphers)
{
if (AnalyzerUtil.SymbolMatch(symbol, type: cipher + "CryptoServiceProvider"))
{
var diagnostic = Diagnostic.Create(Rule, node2.GetLocation(), cipher);
ctx.ReportDiagnostic(diagnostic);
}
}
}
}
private void AnalyzeMethodSyntaxNode(SyntaxNodeAnalysisContext context)
{
var node = (MethodDeclarationSyntax)context.Node;
if (!IsPublicType(node.Modifiers))
{
return;
}
if (!IsAllParentsValid(node))
{
return;
}
var xmlTrivia = GetXmlTrivia(node);
if (xmlTrivia == null)
{
context.ReportDiagnostic(Diagnostic.Create(NoCommentMethodRule, node.Identifier.GetLocation(), node.Identifier.Text));
return;
}
if (!(AnalyzerUtil.IsVoidReturnType(node) || HasXmlNameTag(xmlTrivia, returnTag)))
{
context.ReportDiagnostic(Diagnostic.Create(NoReturnsRule, node.Identifier.GetLocation(), node.Identifier.Text));
}
ReportNoParamDiagnostics(context, node, xmlTrivia);
ReportNoExceptionDiagnostics(context, node, xmlTrivia);
}
static NoCommentAnalyzer()
{
NoCommentRule = AnalyzerUtil.CreateDiagnosticDescriptor(NoCommentRuleId,
nameof(Resources.NoCommentRuleTitle), nameof(Resources.NoCommentRuleMessageFormat),
nameof(Resources.NoCommentRuleDescription), Category);
NoCommentMethodRule = AnalyzerUtil.CreateDiagnosticDescriptor(NoCommentMethodRuleId,
nameof(Resources.NoCommentRuleTitle), nameof(Resources.NoCommentRuleMessageFormat),
nameof(Resources.NoCommentRuleDescription), Category);
NoCommentPropertyRule = AnalyzerUtil.CreateDiagnosticDescriptor(NoCommentPropertyRuleId,
nameof(Resources.NoCommentRuleTitle), nameof(Resources.NoCommentRuleMessageFormat),
nameof(Resources.NoCommentRuleDescription), Category);
NoSummaryRule = AnalyzerUtil.CreateDiagnosticDescriptor(NoSummaryRuleId,
nameof(Resources.NoSummaryRuleTitle), nameof(Resources.NoSummaryRuleMessageFormat),
nameof(Resources.NoSummaryRuleDescription), Category);
NoCodeRule = AnalyzerUtil.CreateDiagnosticDescriptor(NoCodeRuleId,
nameof(Resources.NoCodeRuleTitle), nameof(Resources.NoCodeRuleMessageFormat),
nameof(Resources.NoCodeRuleDescription), Category);
NoReturnsRule = AnalyzerUtil.CreateDiagnosticDescriptor(NoReturnsRuleId,
nameof(Resources.NoReturnsRuleTitle), nameof(Resources.NoReturnsRuleMessageFormat),
nameof(Resources.NoReturnsRuleDescription), Category);
NoParamRule = AnalyzerUtil.CreateDiagnosticDescriptor(NoParamRuleId,
nameof(Resources.NoParamRuleTitle), nameof(Resources.NoParamRuleMessageFormat),
nameof(Resources.NoParamRuleDescription), Category);
NoExceptionRule = AnalyzerUtil.CreateDiagnosticDescriptor(NoExceptionRuleId,
nameof(Resources.NoExceptionRuleTitle), nameof(Resources.NoExceptionRuleMessageFormat),
nameof(Resources.NoExceptionRuleDescription), Category);
}
private void AnalyzeClassSyntaxNode(SyntaxNodeAnalysisContext context)
{
var node = (ClassDeclarationSyntax)context.Node;
if (AnalyzerUtil.IsTestAttribute(node.AttributeLists))
{
return;
}
if (!IsPublicType(node.Modifiers))
{
return;
}
var xmlTrivia = GetXmlTrivia(node);
if (xmlTrivia == null)
{
context.ReportDiagnostic(Diagnostic.Create(NoCommentRule, node.Identifier.GetLocation(), node.Identifier.Text));
return;
}
if (!HasXmlNameTag(xmlTrivia, summaryTag))
{
context.ReportDiagnostic(Diagnostic.Create(NoSummaryRule, node.Identifier.GetLocation(), node.Identifier.Text));
return;
}
if (!HasXmlNameTag(xmlTrivia, codeTag))
{
context.ReportDiagnostic(Diagnostic.Create(NoCodeRule, node.Identifier.GetLocation(), node.Identifier.Text));
return;
}
}
private IEnumerable <string> GetExceptionComments(IEnumerable <ThrowStatementSyntax> throwStatmentSyntaxs)
{
return(from throwStatment in throwStatmentSyntaxs
let exceptionString = AnalyzerUtil.GetExceptionString(throwStatment)
where !exceptionString.Equals("default") && !exceptionString.Equals("unknown")
select $"/// <exception cref=\"{exceptionString}\"> </exception>");
}
private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx)
{
SyntaxNode node, expression;
if (ctx.Node.Language == LanguageNames.CSharp)
{
node = ctx.Node as CSharpSyntax.InvocationExpressionSyntax;
expression = ((CSharpSyntax.InvocationExpressionSyntax)node)?.Expression;
}
else
{
node = ctx.Node as VBSyntax.InvocationExpressionSyntax;
expression = ((VBSyntax.InvocationExpressionSyntax)node)?.Expression;
}
if (node == null)
{
return;
}
var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol;
foreach (KeyValuePair <string, DiagnosticDescriptor> entry in HashFunctions)
{
//XXX.Create()
if (!AnalyzerUtil.SymbolMatch(symbol, type: entry.Key, name: "Create"))
{
continue;
}
var diagnostic = Diagnostic.Create(entry.Value, expression.GetLocation(), "MD5");
ctx.ReportDiagnostic(diagnostic);
}
}
private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx)
{
SyntaxNode node;
SyntaxNode expression;
if (ctx.Node.Language == LanguageNames.CSharp)
{
node = ctx.Node as CSharpSyntax.InvocationExpressionSyntax;
expression = ((CSharpSyntax.InvocationExpressionSyntax)node)?.Expression;
}
else
{
node = ctx.Node as VBSyntax.InvocationExpressionSyntax;
expression = ((VBSyntax.InvocationExpressionSyntax)node)?.Expression;
}
if (node != null)
{
var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol;
//System.Random.Next()
if (AnalyzerUtil.SymbolMatch(symbol, type: "Random", name: "Next") ||
AnalyzerUtil.SymbolMatch(symbol, type: "Random", name: "NextBytes") ||
AnalyzerUtil.SymbolMatch(symbol, type: "Random", name: "NextDouble"))
{
var diagnostic = Diagnostic.Create(Rule, expression.GetLocation());
ctx.ReportDiagnostic(diagnostic);
}
}
}
public void VisitAssignmentExpression(SyntaxNodeAnalysisContext ctx, SyntaxNodeHelper nodeHelper)
{
SyntaxNode right = nodeHelper.GetAssignmentRightNode(ctx.Node);
SyntaxNode left = nodeHelper.GetAssignmentLeftNode(ctx.Node);
var symbol = ctx.SemanticModel.GetSymbolInfo(left).Symbol;
var content = right.GetText().ToString();
// Only if it is the RequiredLength property of a PasswordValidator
if (!AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequiredLength") ||
content == string.Empty)
{
return;
}
// Validates that the value is an int and that it is over the minimum value required
if (!int.TryParse(right.GetText().ToString(), out var numericValue) ||
numericValue >= Constants.PasswordValidatorRequiredLength)
{
return;
}
var diagnostic = Diagnostic.Create(RulePasswordLength, ctx.Node.GetLocation());
ctx.ReportDiagnostic(diagnostic);
}
public void CheckState(ExecutionState state)
{
// For every variables registered in state
foreach (var variableState in state.VariableStates)
{
var st = variableState.Value;
// Only if it is the constructor of the PasswordValidator instance
if (!AnalyzerUtil.SymbolMatch(state.GetSymbol(st.Node), "PasswordValidator", ".ctor"))
{
continue;
}
// If the PasswordValidator instance doesn't have the RequiredLength property
if (!st.Tags.Contains(VariableTag.RequiredLengthIsSet))
{
state.AnalysisContext.ReportDiagnostic(Diagnostic.Create(RulePasswordValidatorRequiredLength,
variableState.Value.Node.GetLocation()));
}
// If the PasswordValidator instance doesn't have enough properties set
if (!(st.Tags.Count >= Constants.MinimumPasswordValidatorProperties))
{
state.AnalysisContext.ReportDiagnostic(Diagnostic.Create(RulePasswordValidators,
variableState.Value.Node.GetLocation()));
}
}
}
public void VisitAssignment(AssignmentExpressionSyntax node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState)
{
//Looking for Assigment to Secure or HttpOnly property
var assigment = node;
if (assigment.Left is MemberAccessExpressionSyntax)
{
var memberAccess = (MemberAccessExpressionSyntax)assigment.Left;
if (memberAccess.Expression is IdentifierNameSyntax)
{
var identifier = (IdentifierNameSyntax)memberAccess.Expression;
string variableAccess = identifier.Identifier.ValueText;
if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure"))
{
state.AddTag(variableAccess, VariableTag.HttpCookieSecure);
}
else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly"))
{
state.AddTag(variableAccess, VariableTag.HttpCookieHttpOnly);
}
}
}
}
public void VisitAssignment(AssignmentExpressionSyntax node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState)
{
var assignment = node;
if (assignment is AssignmentExpressionSyntax)
{
// Only PasswordValidator properties will cause a new tag to be added
if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequiredLength"))
{
variableRightState.AddTag(VariableTag.RequiredLengthIsSet);
}
else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireDigit"))
{
variableRightState.AddTag(VariableTag.RequireDigitIsSet);
}
else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireLowercase"))
{
variableRightState.AddTag(VariableTag.RequireLowercaseIsSet);
}
else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireNonLetterOrDigit"))
{
variableRightState.AddTag(VariableTag.RequireNonLetterOrDigitIsSet);
}
else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireUppercase"))
{
variableRightState.AddTag(VariableTag.RequireUppercaseIsSet);
}
}
}
private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx)
{
MemberAccessExpressionSyntax node = ctx.Node as MemberAccessExpressionSyntax;
if (node != null)
{
var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol;
//DES.Create()
if (AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "ECB"))
{
var diagnostic = Diagnostic.Create(RuleECB, node.Expression.GetLocation(), "ECB");
ctx.ReportDiagnostic(diagnostic);
}
else if (AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "CBC"))
{
var diagnostic = Diagnostic.Create(RuleCBC, node.Expression.GetLocation(), "CBC");
ctx.ReportDiagnostic(diagnostic);
}
else if (AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "OFB") || AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "CFB") || AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "CTS"))
{
var diagnostic = Diagnostic.Create(RuleGeneric, node.Expression.GetLocation(), "OFB");
ctx.ReportDiagnostic(diagnostic);
}
}
}
private static void VisitSyntaxNodeEx(SyntaxNodeAnalysisContext ctx)
{
var assignment = ctx.Node as Microsoft.CodeAnalysis.VisualBasic.Syntax.AssignmentStatementSyntax;
var memberAccess = assignment?.Left as Microsoft.CodeAnalysis.VisualBasic.Syntax.MemberAccessExpressionSyntax;
if (memberAccess == null)
{
return;
}
var symbolMemberAccess = ctx.SemanticModel.GetSymbolInfo(memberAccess).Symbol;
if (AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "XmlReaderSettings", name: "ProhibitDtd"))
{
var constant = ctx.SemanticModel.GetConstantValue(assignment.Right);
if (constant.HasValue && constant.Value.ToString() == "False")
{
var diagnostic = Diagnostic.Create(Rule, assignment.GetLocation());
ctx.ReportDiagnostic(diagnostic);
}
}
else if (AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "XmlReaderSettings", name: "DtdProcessing"))
{
var constant = ctx.SemanticModel.GetConstantValue(assignment.Right);
if (constant.HasValue && constant.Value.ToString() == "2")
{
var diagnostic = Diagnostic.Create(Rule, assignment.GetLocation());
ctx.ReportDiagnostic(diagnostic);
}
}
}
private void VisitClassEx(SyntaxNodeAnalysisContext ctx)
{
var node = ctx.Node as Microsoft.CodeAnalysis.VisualBasic.Syntax.ClassBlockSyntax;
if (node == null)
{ //Not the expected node type
return;
}
var classHasAuthAnnotation = false;
var classHasCacheAnnotation = false;
AnalyzerUtil.ForEachAnnotationEx(node.ClassStatement.AttributeLists,
delegate(string Name, Microsoft.CodeAnalysis.VisualBasic.Syntax.AttributeSyntax att) {
if (Name == "Authorize")
{
classHasAuthAnnotation = true;
}
else if (Name == "OutputCache")
{
classHasCacheAnnotation = true;
}
}
);
foreach (Microsoft.CodeAnalysis.VisualBasic.Syntax.StatementSyntax member in node.Members)
{
var method = member as Microsoft.CodeAnalysis.VisualBasic.Syntax.MethodBlockSyntax;
if (method == null)
{
continue;
}
var methodHasAuthAnnotation = false;
var methodHasCacheAnnotation = false;
AnalyzerUtil.ForEachAnnotationEx(method.BlockStatement.AttributeLists,
delegate(string Name, Microsoft.CodeAnalysis.VisualBasic.Syntax.AttributeSyntax att)
{
if (Name == "Authorize")
{
methodHasAuthAnnotation = true;
}
else if (Name == "OutputCache")
{
methodHasCacheAnnotation = true;
}
}
);
bool hasAuth = classHasAuthAnnotation || methodHasAuthAnnotation;
bool hasCache = classHasCacheAnnotation || methodHasCacheAnnotation;
if (hasAuth && hasCache)
{
ctx.ReportDiagnostic(Diagnostic.Create(Rule, method.GetLocation()));
}
}
}
private void VisitClass(SyntaxNodeAnalysisContext ctx)
{
var node = ctx.Node as ClassDeclarationSyntax;
if (node == null)
{ //Not the expected node type
return;
}
var classHasAuthAnnotation = false;
var classHasCacheAnnotation = false;
AnalyzerUtil.ForEachAnnotation(node.AttributeLists,
delegate(string Name, AttributeSyntax att) {
if (Name == "Authorize")
{
classHasAuthAnnotation = true;
}
else if (Name == "OutputCache")
{
classHasCacheAnnotation = true;
}
}
);
foreach (MemberDeclarationSyntax member in node.Members)
{
var method = member as MethodDeclarationSyntax;
if (method == null)
{
continue;
}
var methodHasAuthAnnotation = false;
var methodHasCacheAnnotation = false;
AnalyzerUtil.ForEachAnnotation(method.AttributeLists,
delegate(string Name, AttributeSyntax att) {
if (Name == "Authorize")
{
methodHasAuthAnnotation = true;
}
else if (Name == "OutputCache")
{
methodHasCacheAnnotation = true;
}
}
);
bool hasAuth = classHasAuthAnnotation || methodHasAuthAnnotation;
bool hasCache = classHasCacheAnnotation || methodHasCacheAnnotation;
if (hasAuth && hasCache)
{
ctx.ReportDiagnostic(Diagnostic.Create(Rule, method.GetLocation()));
}
}
}
private Task <Document> AddSummaryCommentAsync(Document document, BaseTypeDeclarationSyntax declaration, CancellationToken c)
{
var leadingTrivias = declaration.GetLeadingTrivia();
var whitespaceCount = leadingTrivias[leadingTrivias.Count - 1].Span.Length;
var newDeclaration = declaration.WithLeadingTrivia(
AnalyzerUtil.GetNewLeadingTriviaWithSummary(leadingTrivias, summaryComments, whitespaceCount));
return(AnalyzerUtil.ReplaceNode(declaration, newDeclaration, document));
}
private bool HasTestAttribute(IEnumerable <BaseTypeDeclarationSyntax> baseTypes)
{
if (baseTypes.Any(baseType => AnalyzerUtil.IsTestAttribute(baseType.AttributeLists)))
{
return(true);
}
return(false);
}
private Task <Document> AddFileDoxygenCommentAsync(Document document, SyntaxNode node, CancellationToken c)
{
string doxygenComment = GetDoxygenComment(document.Name);
var newNode = node.WithLeadingTrivia(
SyntaxFactory.ParseLeadingTrivia(doxygenComment));
return(AnalyzerUtil.ReplaceNode(node, newNode, document));
}
public override void VisitAssignment(VisualBasicSyntaxNode node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState)
{
if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure"))
{
variableRightState.AddTag(VariableTag.HttpCookieSecure);
}
else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly"))
{
variableRightState.AddTag(VariableTag.HttpCookieHttpOnly);
}
}
private Task <Document> AddMethodReturnsCommentAsync(Document document, BaseMethodDeclarationSyntax declaration, CancellationToken c)
{
var returnsComments = GetReturnComments(declaration);
var leadingTrivias = declaration.GetLeadingTrivia();
var whitespaceCount = leadingTrivias[leadingTrivias.Count - 1].Span.Length;
var newDeclaration = declaration.WithLeadingTrivia(
AnalyzerUtil.GetNewLeadingTrivia(leadingTrivias, returnsComments, whitespaceCount));
return(AnalyzerUtil.ReplaceNode(declaration, newDeclaration, document));
}
private static bool IsMatch(ISymbol symbolMemberAccess)
{
return(AnalyzerUtil.SymbolMatch(symbolMemberAccess,
type: "ServicePointManager",
name: "ServerCertificateValidationCallback") ||
AnalyzerUtil.SymbolMatch(symbolMemberAccess,
type: "HttpWebRequest",
name: "ServerCertificateValidationCallback") ||
AnalyzerUtil.SymbolMatch(symbolMemberAccess,
type: "ServicePointManager",
name: "CertificatePolicy"));
}
private void VisitNodeRecursively(SyntaxNode node, ExecutionState state)
{
//Looking for the creation of a cookie (HttpCookie)
if (node is VariableDeclaratorSyntax)
{
var variableDecorator = (VariableDeclaratorSyntax)node;
var expressionValue = variableDecorator.Initializer?.Value;
if (expressionValue is ObjectCreationExpressionSyntax)
{
var objCreation = (ObjectCreationExpressionSyntax)expressionValue;
var symbol = state.GetSymbol(objCreation);
if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", ".ctor"))
{
state.AddNewValue(variableDecorator.Identifier.Text, //
new VariableState(VariableTaint.SAFE) //
.AddTag(VariableTag.HttpCookie) //
.AddSyntaxNode(node));
}
}
}
//Looking for Assigment to Secure or HttpOnly property
else if (node is AssignmentExpressionSyntax)
{
var assigment = (AssignmentExpressionSyntax)node;
if (assigment.Left is MemberAccessExpressionSyntax)
{
var memberAccess = (MemberAccessExpressionSyntax)assigment.Left;
if (memberAccess.Expression is IdentifierNameSyntax)
{
var identifier = (IdentifierNameSyntax)memberAccess.Expression;
string variableAccess = identifier.Identifier.ValueText;
var symbol = state.GetSymbol(memberAccess);
if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure"))
{
state.AddTag(variableAccess, VariableTag.HttpCookieSecure);
}
else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly"))
{
state.AddTag(variableAccess, VariableTag.HttpCookieHttpOnly);
}
}
}
}
foreach (var n in node.ChildNodes())
{
VisitNodeRecursively(n, state);
}
}
private void OnEnable()
{
this.fileWriterFlags.Clear();
var types = AnalyzerUtil.GetInterfaceType <IAnalyzeFileWriter>();
foreach (var t in types)
{
this.fileWriterFlags.Add(new FileWriterFlag()
{
name = t.Name, type = t, flag = true
});
}
}
public override void VisitAssignment(CSharpSyntax.AssignmentExpressionSyntax node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState)
{
//Looking for Assigment to Secure or HttpOnly property
if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure"))
{
variableRightState.AddTag(VariableTag.HttpCookieSecure);
}
else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly"))
{
variableRightState.AddTag(VariableTag.HttpCookieHttpOnly);
}
}
private IEnumerable <string> GetReturnComments(BaseMethodDeclarationSyntax declaration)
{
var methodDeclaration = declaration as MethodDeclarationSyntax;
if (methodDeclaration == null)
{
yield break;
}
if (!AnalyzerUtil.IsVoidReturnType(methodDeclaration))
{
yield return("/// <returns> </returns>");
}
}
public void VisitAssignment(ISymbol symbol,
VariableState variableRightState)
{
//Looking for Assignment to Secure or HttpOnly property
if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure"))
{
variableRightState.AddTag(VariableTag.HttpCookieSecure);
}
else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly"))
{
variableRightState.AddTag(VariableTag.HttpCookieHttpOnly);
}
}
private static void VisitAssignmentExpression(SyntaxNodeAnalysisContext ctx)
{
SyntaxNode n, right, left;
if (ctx.Node.Language == LanguageNames.CSharp)
{
var node = (CSharpSyntax.AssignmentExpressionSyntax)ctx.Node;
n = node;
right = node.Right;
left = node.Left;
}
else
{
if (ctx.Node is VBSyntax.AssignmentStatementSyntax vbNode)
{
n = vbNode;
right = vbNode.Right;
left = vbNode.Left;
}
else
{
var node = (VBSyntax.NamedFieldInitializerSyntax)ctx.Node;
n = node;
right = node.Expression;
left = node.Name;
}
}
var symbol = ctx.SemanticModel.GetSymbolInfo(left).Symbol;
var content = right.GetText().ToString();
// Only if it is the RequiredLength property of a PasswordValidator
if (!AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequiredLength") ||
content == string.Empty)
{
return;
}
// Validates that the value is an int and that it is over the minimum value required
if (!int.TryParse(right.GetText().ToString(), out var numericValue) ||
numericValue >= Constants.PasswordValidatorRequiredLength)
{
return;
}
var diagnostic = Diagnostic.Create(RulePasswordLength, n.GetLocation());
ctx.ReportDiagnostic(diagnostic);
}
private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx)
{
SyntaxNode node, node2, expression;
if (ctx.Node.Language == LanguageNames.CSharp)
{
node = ctx.Node as CSharpSyntax.InvocationExpressionSyntax;
expression = ((CSharpSyntax.InvocationExpressionSyntax)node)?.Expression;
node2 = ctx.Node as CSharpSyntax.ObjectCreationExpressionSyntax;
}
else
{
node = ctx.Node as VBSyntax.InvocationExpressionSyntax;
expression = ((VBSyntax.InvocationExpressionSyntax)node)?.Expression;
node2 = ctx.Node as VBSyntax.ObjectCreationExpressionSyntax;
}
if (node != null)
{
var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol;
foreach (string cipher in BadCiphers)
{
if (!AnalyzerUtil.SymbolMatch(symbol, type: cipher, name: "Create"))
{
continue;
}
var diagnostic = Diagnostic.Create(Rule, expression.GetLocation(), cipher);
ctx.ReportDiagnostic(diagnostic);
}
}
if (node2 != null)
{
var symbol = ctx.SemanticModel.GetSymbolInfo(node2).Symbol;
foreach (string cipher in BadCiphers)
{
if (!AnalyzerUtil.SymbolMatch(symbol, type: cipher + "CryptoServiceProvider"))
{
continue;
}
var diagnostic = Diagnostic.Create(Rule, node2.GetLocation(), cipher);
ctx.ReportDiagnostic(diagnostic);
}
}
}
