static XmlElementAnalyzer() { NoXmlTextRule = AnalyzerUtil.CreateDiagnosticDescriptor(NoXmlTextRuleId, nameof(Resources.NoXmlTextRulerTitle), nameof(Resources.NoXmlTextRuleMessageFormat), nameof(Resources.NoXmlTextRuleDescription), Category); NoEndTagRule = AnalyzerUtil.CreateDiagnosticDescriptor(NoEndTagRuleId, nameof(Resources.NoEndTagRuleTitle), nameof(Resources.NoEndTagRuleMessageFormat), nameof(Resources.NoEndTagRuleDescription), Category); }
private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx) { SyntaxNode assignment; SyntaxNode memberAccess; if (ctx.Node.Language == LanguageNames.CSharp) { assignment = ctx.Node as CSharpSyntax.AssignmentExpressionSyntax; memberAccess = ((CSharpSyntax.AssignmentExpressionSyntax)assignment)?.Left as CSharpSyntax.MemberAccessExpressionSyntax; } else { assignment = ctx.Node as VBSyntax.AssignmentStatementSyntax; memberAccess = ((VBSyntax.AssignmentStatementSyntax)assignment)?.Left as VBSyntax.MemberAccessExpressionSyntax; } if (memberAccess == null) { return; } var symbolMemberAccess = ctx.SemanticModel.GetSymbolInfo(memberAccess).Symbol; if (AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "ServicePointManager", name: "ServerCertificateValidationCallback") || AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "ServicePointManager", name: "CertificatePolicy")) { var diagnostic = Diagnostic.Create(Rule, assignment.GetLocation()); ctx.ReportDiagnostic(diagnostic); } }
private static void VisitSyntaxNodeEx(SyntaxNodeAnalysisContext ctx) { Microsoft.CodeAnalysis.VisualBasic.Syntax.InvocationExpressionSyntax node = ctx.Node as Microsoft.CodeAnalysis.VisualBasic.Syntax.InvocationExpressionSyntax; Microsoft.CodeAnalysis.VisualBasic.Syntax.ObjectCreationExpressionSyntax node2 = ctx.Node as Microsoft.CodeAnalysis.VisualBasic.Syntax.ObjectCreationExpressionSyntax; if (node != null) { var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol; foreach (string cipher in BadCiphers) { if (AnalyzerUtil.SymbolMatch(symbol, type: cipher, name: "Create")) { var diagnostic = Diagnostic.Create(Rule, node.Expression.GetLocation(), cipher); ctx.ReportDiagnostic(diagnostic); } } } if (node2 != null) { var symbol = ctx.SemanticModel.GetSymbolInfo(node2).Symbol; foreach (string cipher in BadCiphers) { if (AnalyzerUtil.SymbolMatch(symbol, type: cipher + "CryptoServiceProvider")) { var diagnostic = Diagnostic.Create(Rule, node2.GetLocation(), cipher); ctx.ReportDiagnostic(diagnostic); } } } }
private void AnalyzeMethodSyntaxNode(SyntaxNodeAnalysisContext context) { var node = (MethodDeclarationSyntax)context.Node; if (!IsPublicType(node.Modifiers)) { return; } if (!IsAllParentsValid(node)) { return; } var xmlTrivia = GetXmlTrivia(node); if (xmlTrivia == null) { context.ReportDiagnostic(Diagnostic.Create(NoCommentMethodRule, node.Identifier.GetLocation(), node.Identifier.Text)); return; } if (!(AnalyzerUtil.IsVoidReturnType(node) || HasXmlNameTag(xmlTrivia, returnTag))) { context.ReportDiagnostic(Diagnostic.Create(NoReturnsRule, node.Identifier.GetLocation(), node.Identifier.Text)); } ReportNoParamDiagnostics(context, node, xmlTrivia); ReportNoExceptionDiagnostics(context, node, xmlTrivia); }
static NoCommentAnalyzer() { NoCommentRule = AnalyzerUtil.CreateDiagnosticDescriptor(NoCommentRuleId, nameof(Resources.NoCommentRuleTitle), nameof(Resources.NoCommentRuleMessageFormat), nameof(Resources.NoCommentRuleDescription), Category); NoCommentMethodRule = AnalyzerUtil.CreateDiagnosticDescriptor(NoCommentMethodRuleId, nameof(Resources.NoCommentRuleTitle), nameof(Resources.NoCommentRuleMessageFormat), nameof(Resources.NoCommentRuleDescription), Category); NoCommentPropertyRule = AnalyzerUtil.CreateDiagnosticDescriptor(NoCommentPropertyRuleId, nameof(Resources.NoCommentRuleTitle), nameof(Resources.NoCommentRuleMessageFormat), nameof(Resources.NoCommentRuleDescription), Category); NoSummaryRule = AnalyzerUtil.CreateDiagnosticDescriptor(NoSummaryRuleId, nameof(Resources.NoSummaryRuleTitle), nameof(Resources.NoSummaryRuleMessageFormat), nameof(Resources.NoSummaryRuleDescription), Category); NoCodeRule = AnalyzerUtil.CreateDiagnosticDescriptor(NoCodeRuleId, nameof(Resources.NoCodeRuleTitle), nameof(Resources.NoCodeRuleMessageFormat), nameof(Resources.NoCodeRuleDescription), Category); NoReturnsRule = AnalyzerUtil.CreateDiagnosticDescriptor(NoReturnsRuleId, nameof(Resources.NoReturnsRuleTitle), nameof(Resources.NoReturnsRuleMessageFormat), nameof(Resources.NoReturnsRuleDescription), Category); NoParamRule = AnalyzerUtil.CreateDiagnosticDescriptor(NoParamRuleId, nameof(Resources.NoParamRuleTitle), nameof(Resources.NoParamRuleMessageFormat), nameof(Resources.NoParamRuleDescription), Category); NoExceptionRule = AnalyzerUtil.CreateDiagnosticDescriptor(NoExceptionRuleId, nameof(Resources.NoExceptionRuleTitle), nameof(Resources.NoExceptionRuleMessageFormat), nameof(Resources.NoExceptionRuleDescription), Category); }
private void AnalyzeClassSyntaxNode(SyntaxNodeAnalysisContext context) { var node = (ClassDeclarationSyntax)context.Node; if (AnalyzerUtil.IsTestAttribute(node.AttributeLists)) { return; } if (!IsPublicType(node.Modifiers)) { return; } var xmlTrivia = GetXmlTrivia(node); if (xmlTrivia == null) { context.ReportDiagnostic(Diagnostic.Create(NoCommentRule, node.Identifier.GetLocation(), node.Identifier.Text)); return; } if (!HasXmlNameTag(xmlTrivia, summaryTag)) { context.ReportDiagnostic(Diagnostic.Create(NoSummaryRule, node.Identifier.GetLocation(), node.Identifier.Text)); return; } if (!HasXmlNameTag(xmlTrivia, codeTag)) { context.ReportDiagnostic(Diagnostic.Create(NoCodeRule, node.Identifier.GetLocation(), node.Identifier.Text)); return; } }
private IEnumerable <string> GetExceptionComments(IEnumerable <ThrowStatementSyntax> throwStatmentSyntaxs) { return(from throwStatment in throwStatmentSyntaxs let exceptionString = AnalyzerUtil.GetExceptionString(throwStatment) where !exceptionString.Equals("default") && !exceptionString.Equals("unknown") select $"/// <exception cref=\"{exceptionString}\"> </exception>"); }
private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx) { SyntaxNode node, expression; if (ctx.Node.Language == LanguageNames.CSharp) { node = ctx.Node as CSharpSyntax.InvocationExpressionSyntax; expression = ((CSharpSyntax.InvocationExpressionSyntax)node)?.Expression; } else { node = ctx.Node as VBSyntax.InvocationExpressionSyntax; expression = ((VBSyntax.InvocationExpressionSyntax)node)?.Expression; } if (node == null) { return; } var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol; foreach (KeyValuePair <string, DiagnosticDescriptor> entry in HashFunctions) { //XXX.Create() if (!AnalyzerUtil.SymbolMatch(symbol, type: entry.Key, name: "Create")) { continue; } var diagnostic = Diagnostic.Create(entry.Value, expression.GetLocation(), "MD5"); ctx.ReportDiagnostic(diagnostic); } }
private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx) { SyntaxNode node; SyntaxNode expression; if (ctx.Node.Language == LanguageNames.CSharp) { node = ctx.Node as CSharpSyntax.InvocationExpressionSyntax; expression = ((CSharpSyntax.InvocationExpressionSyntax)node)?.Expression; } else { node = ctx.Node as VBSyntax.InvocationExpressionSyntax; expression = ((VBSyntax.InvocationExpressionSyntax)node)?.Expression; } if (node != null) { var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol; //System.Random.Next() if (AnalyzerUtil.SymbolMatch(symbol, type: "Random", name: "Next") || AnalyzerUtil.SymbolMatch(symbol, type: "Random", name: "NextBytes") || AnalyzerUtil.SymbolMatch(symbol, type: "Random", name: "NextDouble")) { var diagnostic = Diagnostic.Create(Rule, expression.GetLocation()); ctx.ReportDiagnostic(diagnostic); } } }
public void VisitAssignmentExpression(SyntaxNodeAnalysisContext ctx, SyntaxNodeHelper nodeHelper) { SyntaxNode right = nodeHelper.GetAssignmentRightNode(ctx.Node); SyntaxNode left = nodeHelper.GetAssignmentLeftNode(ctx.Node); var symbol = ctx.SemanticModel.GetSymbolInfo(left).Symbol; var content = right.GetText().ToString(); // Only if it is the RequiredLength property of a PasswordValidator if (!AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequiredLength") || content == string.Empty) { return; } // Validates that the value is an int and that it is over the minimum value required if (!int.TryParse(right.GetText().ToString(), out var numericValue) || numericValue >= Constants.PasswordValidatorRequiredLength) { return; } var diagnostic = Diagnostic.Create(RulePasswordLength, ctx.Node.GetLocation()); ctx.ReportDiagnostic(diagnostic); }
public void CheckState(ExecutionState state) { // For every variables registered in state foreach (var variableState in state.VariableStates) { var st = variableState.Value; // Only if it is the constructor of the PasswordValidator instance if (!AnalyzerUtil.SymbolMatch(state.GetSymbol(st.Node), "PasswordValidator", ".ctor")) { continue; } // If the PasswordValidator instance doesn't have the RequiredLength property if (!st.Tags.Contains(VariableTag.RequiredLengthIsSet)) { state.AnalysisContext.ReportDiagnostic(Diagnostic.Create(RulePasswordValidatorRequiredLength, variableState.Value.Node.GetLocation())); } // If the PasswordValidator instance doesn't have enough properties set if (!(st.Tags.Count >= Constants.MinimumPasswordValidatorProperties)) { state.AnalysisContext.ReportDiagnostic(Diagnostic.Create(RulePasswordValidators, variableState.Value.Node.GetLocation())); } } }
public void VisitAssignment(AssignmentExpressionSyntax node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState) { //Looking for Assigment to Secure or HttpOnly property var assigment = node; if (assigment.Left is MemberAccessExpressionSyntax) { var memberAccess = (MemberAccessExpressionSyntax)assigment.Left; if (memberAccess.Expression is IdentifierNameSyntax) { var identifier = (IdentifierNameSyntax)memberAccess.Expression; string variableAccess = identifier.Identifier.ValueText; if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure")) { state.AddTag(variableAccess, VariableTag.HttpCookieSecure); } else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly")) { state.AddTag(variableAccess, VariableTag.HttpCookieHttpOnly); } } } }
public void VisitAssignment(AssignmentExpressionSyntax node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState) { var assignment = node; if (assignment is AssignmentExpressionSyntax) { // Only PasswordValidator properties will cause a new tag to be added if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequiredLength")) { variableRightState.AddTag(VariableTag.RequiredLengthIsSet); } else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireDigit")) { variableRightState.AddTag(VariableTag.RequireDigitIsSet); } else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireLowercase")) { variableRightState.AddTag(VariableTag.RequireLowercaseIsSet); } else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireNonLetterOrDigit")) { variableRightState.AddTag(VariableTag.RequireNonLetterOrDigitIsSet); } else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireUppercase")) { variableRightState.AddTag(VariableTag.RequireUppercaseIsSet); } } }
private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx) { MemberAccessExpressionSyntax node = ctx.Node as MemberAccessExpressionSyntax; if (node != null) { var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol; //DES.Create() if (AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "ECB")) { var diagnostic = Diagnostic.Create(RuleECB, node.Expression.GetLocation(), "ECB"); ctx.ReportDiagnostic(diagnostic); } else if (AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "CBC")) { var diagnostic = Diagnostic.Create(RuleCBC, node.Expression.GetLocation(), "CBC"); ctx.ReportDiagnostic(diagnostic); } else if (AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "OFB") || AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "CFB") || AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "CTS")) { var diagnostic = Diagnostic.Create(RuleGeneric, node.Expression.GetLocation(), "OFB"); ctx.ReportDiagnostic(diagnostic); } } }
private static void VisitSyntaxNodeEx(SyntaxNodeAnalysisContext ctx) { var assignment = ctx.Node as Microsoft.CodeAnalysis.VisualBasic.Syntax.AssignmentStatementSyntax; var memberAccess = assignment?.Left as Microsoft.CodeAnalysis.VisualBasic.Syntax.MemberAccessExpressionSyntax; if (memberAccess == null) { return; } var symbolMemberAccess = ctx.SemanticModel.GetSymbolInfo(memberAccess).Symbol; if (AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "XmlReaderSettings", name: "ProhibitDtd")) { var constant = ctx.SemanticModel.GetConstantValue(assignment.Right); if (constant.HasValue && constant.Value.ToString() == "False") { var diagnostic = Diagnostic.Create(Rule, assignment.GetLocation()); ctx.ReportDiagnostic(diagnostic); } } else if (AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "XmlReaderSettings", name: "DtdProcessing")) { var constant = ctx.SemanticModel.GetConstantValue(assignment.Right); if (constant.HasValue && constant.Value.ToString() == "2") { var diagnostic = Diagnostic.Create(Rule, assignment.GetLocation()); ctx.ReportDiagnostic(diagnostic); } } }
private void VisitClassEx(SyntaxNodeAnalysisContext ctx) { var node = ctx.Node as Microsoft.CodeAnalysis.VisualBasic.Syntax.ClassBlockSyntax; if (node == null) { //Not the expected node type return; } var classHasAuthAnnotation = false; var classHasCacheAnnotation = false; AnalyzerUtil.ForEachAnnotationEx(node.ClassStatement.AttributeLists, delegate(string Name, Microsoft.CodeAnalysis.VisualBasic.Syntax.AttributeSyntax att) { if (Name == "Authorize") { classHasAuthAnnotation = true; } else if (Name == "OutputCache") { classHasCacheAnnotation = true; } } ); foreach (Microsoft.CodeAnalysis.VisualBasic.Syntax.StatementSyntax member in node.Members) { var method = member as Microsoft.CodeAnalysis.VisualBasic.Syntax.MethodBlockSyntax; if (method == null) { continue; } var methodHasAuthAnnotation = false; var methodHasCacheAnnotation = false; AnalyzerUtil.ForEachAnnotationEx(method.BlockStatement.AttributeLists, delegate(string Name, Microsoft.CodeAnalysis.VisualBasic.Syntax.AttributeSyntax att) { if (Name == "Authorize") { methodHasAuthAnnotation = true; } else if (Name == "OutputCache") { methodHasCacheAnnotation = true; } } ); bool hasAuth = classHasAuthAnnotation || methodHasAuthAnnotation; bool hasCache = classHasCacheAnnotation || methodHasCacheAnnotation; if (hasAuth && hasCache) { ctx.ReportDiagnostic(Diagnostic.Create(Rule, method.GetLocation())); } } }
private void VisitClass(SyntaxNodeAnalysisContext ctx) { var node = ctx.Node as ClassDeclarationSyntax; if (node == null) { //Not the expected node type return; } var classHasAuthAnnotation = false; var classHasCacheAnnotation = false; AnalyzerUtil.ForEachAnnotation(node.AttributeLists, delegate(string Name, AttributeSyntax att) { if (Name == "Authorize") { classHasAuthAnnotation = true; } else if (Name == "OutputCache") { classHasCacheAnnotation = true; } } ); foreach (MemberDeclarationSyntax member in node.Members) { var method = member as MethodDeclarationSyntax; if (method == null) { continue; } var methodHasAuthAnnotation = false; var methodHasCacheAnnotation = false; AnalyzerUtil.ForEachAnnotation(method.AttributeLists, delegate(string Name, AttributeSyntax att) { if (Name == "Authorize") { methodHasAuthAnnotation = true; } else if (Name == "OutputCache") { methodHasCacheAnnotation = true; } } ); bool hasAuth = classHasAuthAnnotation || methodHasAuthAnnotation; bool hasCache = classHasCacheAnnotation || methodHasCacheAnnotation; if (hasAuth && hasCache) { ctx.ReportDiagnostic(Diagnostic.Create(Rule, method.GetLocation())); } } }
private Task <Document> AddSummaryCommentAsync(Document document, BaseTypeDeclarationSyntax declaration, CancellationToken c) { var leadingTrivias = declaration.GetLeadingTrivia(); var whitespaceCount = leadingTrivias[leadingTrivias.Count - 1].Span.Length; var newDeclaration = declaration.WithLeadingTrivia( AnalyzerUtil.GetNewLeadingTriviaWithSummary(leadingTrivias, summaryComments, whitespaceCount)); return(AnalyzerUtil.ReplaceNode(declaration, newDeclaration, document)); }
private bool HasTestAttribute(IEnumerable <BaseTypeDeclarationSyntax> baseTypes) { if (baseTypes.Any(baseType => AnalyzerUtil.IsTestAttribute(baseType.AttributeLists))) { return(true); } return(false); }
private Task <Document> AddFileDoxygenCommentAsync(Document document, SyntaxNode node, CancellationToken c) { string doxygenComment = GetDoxygenComment(document.Name); var newNode = node.WithLeadingTrivia( SyntaxFactory.ParseLeadingTrivia(doxygenComment)); return(AnalyzerUtil.ReplaceNode(node, newNode, document)); }
public override void VisitAssignment(VisualBasicSyntaxNode node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState) { if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure")) { variableRightState.AddTag(VariableTag.HttpCookieSecure); } else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly")) { variableRightState.AddTag(VariableTag.HttpCookieHttpOnly); } }
private Task <Document> AddMethodReturnsCommentAsync(Document document, BaseMethodDeclarationSyntax declaration, CancellationToken c) { var returnsComments = GetReturnComments(declaration); var leadingTrivias = declaration.GetLeadingTrivia(); var whitespaceCount = leadingTrivias[leadingTrivias.Count - 1].Span.Length; var newDeclaration = declaration.WithLeadingTrivia( AnalyzerUtil.GetNewLeadingTrivia(leadingTrivias, returnsComments, whitespaceCount)); return(AnalyzerUtil.ReplaceNode(declaration, newDeclaration, document)); }
private static bool IsMatch(ISymbol symbolMemberAccess) { return(AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "ServicePointManager", name: "ServerCertificateValidationCallback") || AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "HttpWebRequest", name: "ServerCertificateValidationCallback") || AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "ServicePointManager", name: "CertificatePolicy")); }
private void VisitNodeRecursively(SyntaxNode node, ExecutionState state) { //Looking for the creation of a cookie (HttpCookie) if (node is VariableDeclaratorSyntax) { var variableDecorator = (VariableDeclaratorSyntax)node; var expressionValue = variableDecorator.Initializer?.Value; if (expressionValue is ObjectCreationExpressionSyntax) { var objCreation = (ObjectCreationExpressionSyntax)expressionValue; var symbol = state.GetSymbol(objCreation); if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", ".ctor")) { state.AddNewValue(variableDecorator.Identifier.Text, // new VariableState(VariableTaint.SAFE) // .AddTag(VariableTag.HttpCookie) // .AddSyntaxNode(node)); } } } //Looking for Assigment to Secure or HttpOnly property else if (node is AssignmentExpressionSyntax) { var assigment = (AssignmentExpressionSyntax)node; if (assigment.Left is MemberAccessExpressionSyntax) { var memberAccess = (MemberAccessExpressionSyntax)assigment.Left; if (memberAccess.Expression is IdentifierNameSyntax) { var identifier = (IdentifierNameSyntax)memberAccess.Expression; string variableAccess = identifier.Identifier.ValueText; var symbol = state.GetSymbol(memberAccess); if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure")) { state.AddTag(variableAccess, VariableTag.HttpCookieSecure); } else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly")) { state.AddTag(variableAccess, VariableTag.HttpCookieHttpOnly); } } } } foreach (var n in node.ChildNodes()) { VisitNodeRecursively(n, state); } }
private void OnEnable() { this.fileWriterFlags.Clear(); var types = AnalyzerUtil.GetInterfaceType <IAnalyzeFileWriter>(); foreach (var t in types) { this.fileWriterFlags.Add(new FileWriterFlag() { name = t.Name, type = t, flag = true }); } }
public override void VisitAssignment(CSharpSyntax.AssignmentExpressionSyntax node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState) { //Looking for Assigment to Secure or HttpOnly property if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure")) { variableRightState.AddTag(VariableTag.HttpCookieSecure); } else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly")) { variableRightState.AddTag(VariableTag.HttpCookieHttpOnly); } }
private IEnumerable <string> GetReturnComments(BaseMethodDeclarationSyntax declaration) { var methodDeclaration = declaration as MethodDeclarationSyntax; if (methodDeclaration == null) { yield break; } if (!AnalyzerUtil.IsVoidReturnType(methodDeclaration)) { yield return("/// <returns> </returns>"); } }
public void VisitAssignment(ISymbol symbol, VariableState variableRightState) { //Looking for Assignment to Secure or HttpOnly property if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure")) { variableRightState.AddTag(VariableTag.HttpCookieSecure); } else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly")) { variableRightState.AddTag(VariableTag.HttpCookieHttpOnly); } }
private static void VisitAssignmentExpression(SyntaxNodeAnalysisContext ctx) { SyntaxNode n, right, left; if (ctx.Node.Language == LanguageNames.CSharp) { var node = (CSharpSyntax.AssignmentExpressionSyntax)ctx.Node; n = node; right = node.Right; left = node.Left; } else { if (ctx.Node is VBSyntax.AssignmentStatementSyntax vbNode) { n = vbNode; right = vbNode.Right; left = vbNode.Left; } else { var node = (VBSyntax.NamedFieldInitializerSyntax)ctx.Node; n = node; right = node.Expression; left = node.Name; } } var symbol = ctx.SemanticModel.GetSymbolInfo(left).Symbol; var content = right.GetText().ToString(); // Only if it is the RequiredLength property of a PasswordValidator if (!AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequiredLength") || content == string.Empty) { return; } // Validates that the value is an int and that it is over the minimum value required if (!int.TryParse(right.GetText().ToString(), out var numericValue) || numericValue >= Constants.PasswordValidatorRequiredLength) { return; } var diagnostic = Diagnostic.Create(RulePasswordLength, n.GetLocation()); ctx.ReportDiagnostic(diagnostic); }
private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx) { SyntaxNode node, node2, expression; if (ctx.Node.Language == LanguageNames.CSharp) { node = ctx.Node as CSharpSyntax.InvocationExpressionSyntax; expression = ((CSharpSyntax.InvocationExpressionSyntax)node)?.Expression; node2 = ctx.Node as CSharpSyntax.ObjectCreationExpressionSyntax; } else { node = ctx.Node as VBSyntax.InvocationExpressionSyntax; expression = ((VBSyntax.InvocationExpressionSyntax)node)?.Expression; node2 = ctx.Node as VBSyntax.ObjectCreationExpressionSyntax; } if (node != null) { var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol; foreach (string cipher in BadCiphers) { if (!AnalyzerUtil.SymbolMatch(symbol, type: cipher, name: "Create")) { continue; } var diagnostic = Diagnostic.Create(Rule, expression.GetLocation(), cipher); ctx.ReportDiagnostic(diagnostic); } } if (node2 != null) { var symbol = ctx.SemanticModel.GetSymbolInfo(node2).Symbol; foreach (string cipher in BadCiphers) { if (!AnalyzerUtil.SymbolMatch(symbol, type: cipher + "CryptoServiceProvider")) { continue; } var diagnostic = Diagnostic.Create(Rule, node2.GetLocation(), cipher); ctx.ReportDiagnostic(diagnostic); } } }