Esempi in C# (CSharp) per AnalyzerUtil.SymbolMatch

Esempio n. 1

File: WeakPasswordValidatorPropertyAnalyzer.cs Progetto: dobbythefreeelf/roslyn-security-guard

        public void VisitAssignment(AssignmentExpressionSyntax node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState)
        {
            var assignment = node;

            if (assignment is AssignmentExpressionSyntax)
            {
                // Only PasswordValidator properties will cause a new tag to be added

                if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequiredLength"))
                {
                    variableRightState.AddTag(VariableTag.RequiredLengthIsSet);
                }
                else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireDigit"))
                {
                    variableRightState.AddTag(VariableTag.RequireDigitIsSet);
                }
                else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireLowercase"))
                {
                    variableRightState.AddTag(VariableTag.RequireLowercaseIsSet);
                }
                else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireNonLetterOrDigit"))
                {
                    variableRightState.AddTag(VariableTag.RequireNonLetterOrDigitIsSet);
                }
                else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireUppercase"))
                {
                    variableRightState.AddTag(VariableTag.RequireUppercaseIsSet);
                }
            }
        }

Esempio n. 2

File: WeakCertificateValidationAnalyzer.cs Progetto: amlweems/roslyn-security-guard-portable

        private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx)
        {
            SyntaxNode assignment;
            SyntaxNode memberAccess;

            if (ctx.Node.Language == LanguageNames.CSharp)
            {
                assignment   = ctx.Node as CSharpSyntax.AssignmentExpressionSyntax;
                memberAccess = ((CSharpSyntax.AssignmentExpressionSyntax)assignment)?.Left as CSharpSyntax.MemberAccessExpressionSyntax;
            }
            else
            {
                assignment   = ctx.Node as VBSyntax.AssignmentStatementSyntax;
                memberAccess = ((VBSyntax.AssignmentStatementSyntax)assignment)?.Left as VBSyntax.MemberAccessExpressionSyntax;
            }

            if (memberAccess == null)
            {
                return;
            }

            var symbolMemberAccess = ctx.SemanticModel.GetSymbolInfo(memberAccess).Symbol;

            if (AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "ServicePointManager", name: "ServerCertificateValidationCallback") ||
                AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "ServicePointManager", name: "CertificatePolicy"))
            {
                var diagnostic = Diagnostic.Create(Rule, assignment.GetLocation());
                ctx.ReportDiagnostic(diagnostic);
            }
        }

Esempio n. 3

        private static void VisitSyntaxNodeEx(SyntaxNodeAnalysisContext ctx)
        {
            Microsoft.CodeAnalysis.VisualBasic.Syntax.InvocationExpressionSyntax     node  = ctx.Node as Microsoft.CodeAnalysis.VisualBasic.Syntax.InvocationExpressionSyntax;
            Microsoft.CodeAnalysis.VisualBasic.Syntax.ObjectCreationExpressionSyntax node2 = ctx.Node as Microsoft.CodeAnalysis.VisualBasic.Syntax.ObjectCreationExpressionSyntax;
            if (node != null)
            {
                var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol;

                foreach (string cipher in BadCiphers)
                {
                    if (AnalyzerUtil.SymbolMatch(symbol, type: cipher, name: "Create"))
                    {
                        var diagnostic = Diagnostic.Create(Rule, node.Expression.GetLocation(), cipher);
                        ctx.ReportDiagnostic(diagnostic);
                    }
                }
            }
            if (node2 != null)
            {
                var symbol = ctx.SemanticModel.GetSymbolInfo(node2).Symbol;

                foreach (string cipher in BadCiphers)
                {
                    if (AnalyzerUtil.SymbolMatch(symbol, type: cipher + "CryptoServiceProvider"))
                    {
                        var diagnostic = Diagnostic.Create(Rule, node2.GetLocation(), cipher);
                        ctx.ReportDiagnostic(diagnostic);
                    }
                }
            }
        }

Esempio n. 4

        private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx)
        {
            MemberAccessExpressionSyntax node = ctx.Node as MemberAccessExpressionSyntax;

            if (node != null)
            {
                var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol;
                //DES.Create()
                if (AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "ECB"))
                {
                    var diagnostic = Diagnostic.Create(RuleECB, node.Expression.GetLocation(), "ECB");
                    ctx.ReportDiagnostic(diagnostic);
                }
                else if (AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "CBC"))
                {
                    var diagnostic = Diagnostic.Create(RuleCBC, node.Expression.GetLocation(), "CBC");
                    ctx.ReportDiagnostic(diagnostic);
                }
                else if (AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "OFB") || AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "CFB") || AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "CTS"))
                {
                    var diagnostic = Diagnostic.Create(RuleGeneric, node.Expression.GetLocation(), "OFB");
                    ctx.ReportDiagnostic(diagnostic);
                }
            }
        }

Esempio n. 5

File: WeakPasswordValidatorPropertyAnalyzer.cs Progetto: trungx/security-code-scan

        public void CheckState(ExecutionState state)
        {
            // For every variables registered in state
            foreach (var variableState in state.VariableStates)
            {
                var st = variableState.Value;

                // Only if it is the constructor of the PasswordValidator instance
                if (!AnalyzerUtil.SymbolMatch(state.GetSymbol(st.Node), "PasswordValidator", ".ctor"))
                {
                    continue;
                }

                // If the PasswordValidator instance doesn't have the RequiredLength property
                if (!st.Tags.Contains(VariableTag.RequiredLengthIsSet))
                {
                    state.AnalysisContext.ReportDiagnostic(Diagnostic.Create(RulePasswordValidatorRequiredLength,
                                                                             variableState.Value.Node.GetLocation()));
                }

                // If the PasswordValidator instance doesn't have enough properties set
                if (!(st.Tags.Count >= Constants.MinimumPasswordValidatorProperties))
                {
                    state.AnalysisContext.ReportDiagnostic(Diagnostic.Create(RulePasswordValidators,
                                                                             variableState.Value.Node.GetLocation()));
                }
            }
        }

Esempio n. 6

File: InsecureCookieAnalyzer.cs Progetto: websecresearch/roslyn-security-guard

        public void VisitAssignment(AssignmentExpressionSyntax node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState)
        {
            //Looking for Assigment to Secure or HttpOnly property
            var assigment = node;

            if (assigment.Left is MemberAccessExpressionSyntax)
            {
                var memberAccess = (MemberAccessExpressionSyntax)assigment.Left;

                if (memberAccess.Expression is IdentifierNameSyntax)
                {
                    var    identifier     = (IdentifierNameSyntax)memberAccess.Expression;
                    string variableAccess = identifier.Identifier.ValueText;

                    if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure"))
                    {
                        state.AddTag(variableAccess, VariableTag.HttpCookieSecure);
                    }
                    else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly"))
                    {
                        state.AddTag(variableAccess, VariableTag.HttpCookieHttpOnly);
                    }
                }
            }
        }

Esempio n. 7

File: WeakRandomAnalyzer.cs Progetto: amlweems/roslyn-security-guard-portable

        private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx)
        {
            SyntaxNode node;
            SyntaxNode expression;

            if (ctx.Node.Language == LanguageNames.CSharp)
            {
                node       = ctx.Node as CSharpSyntax.InvocationExpressionSyntax;
                expression = ((CSharpSyntax.InvocationExpressionSyntax)node)?.Expression;
            }
            else
            {
                node       = ctx.Node as VBSyntax.InvocationExpressionSyntax;
                expression = ((VBSyntax.InvocationExpressionSyntax)node)?.Expression;
            }

            if (node != null)
            {
                var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol;

                //System.Random.Next()
                if (AnalyzerUtil.SymbolMatch(symbol, type: "Random", name: "Next") ||
                    AnalyzerUtil.SymbolMatch(symbol, type: "Random", name: "NextBytes") ||
                    AnalyzerUtil.SymbolMatch(symbol, type: "Random", name: "NextDouble"))
                {
                    var diagnostic = Diagnostic.Create(Rule, expression.GetLocation());
                    ctx.ReportDiagnostic(diagnostic);
                }
            }
        }

Esempio n. 8

File: WeakPasswordValidatorPropertyAnalyzer.cs Progetto: trungx/security-code-scan

        public void VisitAssignmentExpression(SyntaxNodeAnalysisContext ctx, SyntaxNodeHelper nodeHelper)
        {
            SyntaxNode right = nodeHelper.GetAssignmentRightNode(ctx.Node);
            SyntaxNode left  = nodeHelper.GetAssignmentLeftNode(ctx.Node);

            var symbol = ctx.SemanticModel.GetSymbolInfo(left).Symbol;

            var content = right.GetText().ToString();

            // Only if it is the RequiredLength property of a PasswordValidator
            if (!AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequiredLength") ||
                content == string.Empty)
            {
                return;
            }

            // Validates that the value is an int and that it is over the minimum value required
            if (!int.TryParse(right.GetText().ToString(), out var numericValue) ||
                numericValue >= Constants.PasswordValidatorRequiredLength)
            {
                return;
            }

            var diagnostic = Diagnostic.Create(RulePasswordLength, ctx.Node.GetLocation());

            ctx.ReportDiagnostic(diagnostic);
        }

Esempio n. 9

        private static void VisitSyntaxNodeEx(SyntaxNodeAnalysisContext ctx)
        {
            var assignment   = ctx.Node as Microsoft.CodeAnalysis.VisualBasic.Syntax.AssignmentStatementSyntax;
            var memberAccess = assignment?.Left as Microsoft.CodeAnalysis.VisualBasic.Syntax.MemberAccessExpressionSyntax;

            if (memberAccess == null)
            {
                return;
            }

            var symbolMemberAccess = ctx.SemanticModel.GetSymbolInfo(memberAccess).Symbol;

            if (AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "XmlReaderSettings", name: "ProhibitDtd"))
            {
                var constant = ctx.SemanticModel.GetConstantValue(assignment.Right);
                if (constant.HasValue && constant.Value.ToString() == "False")
                {
                    var diagnostic = Diagnostic.Create(Rule, assignment.GetLocation());
                    ctx.ReportDiagnostic(diagnostic);
                }
            }
            else if (AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "XmlReaderSettings", name: "DtdProcessing"))
            {
                var constant = ctx.SemanticModel.GetConstantValue(assignment.Right);
                if (constant.HasValue && constant.Value.ToString() == "2")
                {
                    var diagnostic = Diagnostic.Create(Rule, assignment.GetLocation());
                    ctx.ReportDiagnostic(diagnostic);
                }
            }
        }

Esempio n. 10

        private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx)
        {
            SyntaxNode node, expression;

            if (ctx.Node.Language == LanguageNames.CSharp)
            {
                node       = ctx.Node as CSharpSyntax.InvocationExpressionSyntax;
                expression = ((CSharpSyntax.InvocationExpressionSyntax)node)?.Expression;
            }
            else
            {
                node       = ctx.Node as VBSyntax.InvocationExpressionSyntax;
                expression = ((VBSyntax.InvocationExpressionSyntax)node)?.Expression;
            }

            if (node == null)
            {
                return;
            }

            var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol;

            foreach (KeyValuePair <string, DiagnosticDescriptor> entry in HashFunctions)
            {
                //XXX.Create()
                if (!AnalyzerUtil.SymbolMatch(symbol, type: entry.Key, name: "Create"))
                {
                    continue;
                }

                var diagnostic = Diagnostic.Create(entry.Value, expression.GetLocation(), "MD5");
                ctx.ReportDiagnostic(diagnostic);
            }
        }

Esempio n. 11

File: InsecureCookieAnalyzer.cs Progetto: xperiandri/roslyn-security-guard

 public override void VisitAssignment(VisualBasicSyntaxNode node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState)
 {
     if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure"))
     {
         variableRightState.AddTag(VariableTag.HttpCookieSecure);
     }
     else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly"))
     {
         variableRightState.AddTag(VariableTag.HttpCookieHttpOnly);
     }
 }

Esempio n. 12

 private static bool IsMatch(ISymbol symbolMemberAccess)
 {
     return(AnalyzerUtil.SymbolMatch(symbolMemberAccess,
                                     type: "ServicePointManager",
                                     name: "ServerCertificateValidationCallback") ||
            AnalyzerUtil.SymbolMatch(symbolMemberAccess,
                                     type: "HttpWebRequest",
                                     name: "ServerCertificateValidationCallback") ||
            AnalyzerUtil.SymbolMatch(symbolMemberAccess,
                                     type: "ServicePointManager",
                                     name: "CertificatePolicy"));
 }

Esempio n. 13

        private void VisitNodeRecursively(SyntaxNode node, ExecutionState state)
        {
            //Looking for the creation of a cookie (HttpCookie)
            if (node is VariableDeclaratorSyntax)
            {
                var variableDecorator = (VariableDeclaratorSyntax)node;
                var expressionValue   = variableDecorator.Initializer?.Value;
                if (expressionValue is ObjectCreationExpressionSyntax)
                {
                    var objCreation = (ObjectCreationExpressionSyntax)expressionValue;

                    var symbol = state.GetSymbol(objCreation);
                    if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", ".ctor"))
                    {
                        state.AddNewValue(variableDecorator.Identifier.Text,    //
                                          new VariableState(VariableTaint.SAFE) //
                                          .AddTag(VariableTag.HttpCookie)       //
                                          .AddSyntaxNode(node));
                    }
                }
            }
            //Looking for Assigment to Secure or HttpOnly property
            else if (node is AssignmentExpressionSyntax)
            {
                var assigment = (AssignmentExpressionSyntax)node;

                if (assigment.Left is MemberAccessExpressionSyntax)
                {
                    var memberAccess = (MemberAccessExpressionSyntax)assigment.Left;

                    if (memberAccess.Expression is IdentifierNameSyntax)
                    {
                        var    identifier     = (IdentifierNameSyntax)memberAccess.Expression;
                        string variableAccess = identifier.Identifier.ValueText;

                        var symbol = state.GetSymbol(memberAccess);
                        if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure"))
                        {
                            state.AddTag(variableAccess, VariableTag.HttpCookieSecure);
                        }
                        else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly"))
                        {
                            state.AddTag(variableAccess, VariableTag.HttpCookieHttpOnly);
                        }
                    }
                }
            }

            foreach (var n in node.ChildNodes())
            {
                VisitNodeRecursively(n, state);
            }
        }

Esempio n. 14

File: InsecureCookieAnalyzer.cs Progetto: xperiandri/roslyn-security-guard

        public override void VisitAssignment(CSharpSyntax.AssignmentExpressionSyntax node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState)
        {
            //Looking for Assigment to Secure or HttpOnly property

            if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure"))
            {
                variableRightState.AddTag(VariableTag.HttpCookieSecure);
            }
            else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly"))
            {
                variableRightState.AddTag(VariableTag.HttpCookieHttpOnly);
            }
        }

Esempio n. 15

File: WeakPasswordValidatorPropertyAnalyzer.cs Progetto: felickz/security-code-scan

        private static void VisitAssignmentExpression(SyntaxNodeAnalysisContext ctx)
        {
            SyntaxNode n, right, left;

            if (ctx.Node.Language == LanguageNames.CSharp)
            {
                var node = (CSharpSyntax.AssignmentExpressionSyntax)ctx.Node;
                n     = node;
                right = node.Right;
                left  = node.Left;
            }
            else
            {
                if (ctx.Node is VBSyntax.AssignmentStatementSyntax vbNode)
                {
                    n     = vbNode;
                    right = vbNode.Right;
                    left  = vbNode.Left;
                }
                else
                {
                    var node = (VBSyntax.NamedFieldInitializerSyntax)ctx.Node;
                    n     = node;
                    right = node.Expression;
                    left  = node.Name;
                }
            }

            var symbol = ctx.SemanticModel.GetSymbolInfo(left).Symbol;

            var content = right.GetText().ToString();

            // Only if it is the RequiredLength property of a PasswordValidator
            if (!AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequiredLength") ||
                content == string.Empty)
            {
                return;
            }

            // Validates that the value is an int and that it is over the minimum value required
            if (!int.TryParse(right.GetText().ToString(), out var numericValue) ||
                numericValue >= Constants.PasswordValidatorRequiredLength)
            {
                return;
            }

            var diagnostic = Diagnostic.Create(RulePasswordLength, n.GetLocation());

            ctx.ReportDiagnostic(diagnostic);
        }

Esempio n. 16

File: InsecureCookieAnalyzer.cs Progetto: trungx/security-code-scan

        public void VisitAssignment(ISymbol symbol,
                                    VariableState variableRightState)
        {
            //Looking for Assignment to Secure or HttpOnly property

            if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure"))
            {
                variableRightState.AddTag(VariableTag.HttpCookieSecure);
            }
            else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly"))
            {
                variableRightState.AddTag(VariableTag.HttpCookieHttpOnly);
            }
        }

Esempio n. 17

File: XxeAnalyzer.cs Progetto: tiandiyixian/security-code-scan

        private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx)
        {
            SyntaxNode assignment;
            SyntaxNode memberAccess;
            SyntaxNode memberSet;

            if (ctx.Node.Language == LanguageNames.CSharp)
            {
                assignment   = ctx.Node as CSharpSyntax.AssignmentExpressionSyntax;
                memberAccess = ((CSharpSyntax.AssignmentExpressionSyntax)assignment)?.Left as CSharpSyntax.MemberAccessExpressionSyntax;
                memberSet    = ((CSharpSyntax.AssignmentExpressionSyntax)assignment)?.Right;
            }
            else
            {
                assignment   = ctx.Node as VBSyntax.AssignmentStatementSyntax;
                memberAccess = ((VBSyntax.AssignmentStatementSyntax)assignment)?.Left as VBSyntax.MemberAccessExpressionSyntax;
                memberSet    = ((VBSyntax.AssignmentStatementSyntax)assignment)?.Right;
            }

            if (memberAccess == null || memberSet == null)
            {
                return;
            }

            var symbolMemberAccess = ctx.SemanticModel.GetSymbolInfo(memberAccess).Symbol;

            if (AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "XmlReaderSettings", name: "ProhibitDtd"))
            {
                var constant = ctx.SemanticModel.GetConstantValue(memberSet);
                if (!constant.HasValue || constant.Value.ToString() != "False")
                {
                    return;
                }

                var diagnostic = Diagnostic.Create(Rule, assignment.GetLocation());
                ctx.ReportDiagnostic(diagnostic);
            }
            else if (AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "XmlReaderSettings", name: "DtdProcessing"))
            {
                var constant = ctx.SemanticModel.GetConstantValue(memberSet);
                if (!constant.HasValue || constant.Value.ToString() != "2")
                {
                    return;
                }

                var diagnostic = Diagnostic.Create(Rule, assignment.GetLocation());
                ctx.ReportDiagnostic(diagnostic);
            }
        }

Esempio n. 18

        private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx)
        {
            SyntaxNode node, node2, expression;

            if (ctx.Node.Language == LanguageNames.CSharp)
            {
                node       = ctx.Node as CSharpSyntax.InvocationExpressionSyntax;
                expression = ((CSharpSyntax.InvocationExpressionSyntax)node)?.Expression;
                node2      = ctx.Node as CSharpSyntax.ObjectCreationExpressionSyntax;
            }
            else
            {
                node       = ctx.Node as VBSyntax.InvocationExpressionSyntax;
                expression = ((VBSyntax.InvocationExpressionSyntax)node)?.Expression;
                node2      = ctx.Node as VBSyntax.ObjectCreationExpressionSyntax;
            }

            if (node != null)
            {
                var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol;

                foreach (string cipher in BadCiphers)
                {
                    if (!AnalyzerUtil.SymbolMatch(symbol, type: cipher, name: "Create"))
                    {
                        continue;
                    }

                    var diagnostic = Diagnostic.Create(Rule, expression.GetLocation(), cipher);
                    ctx.ReportDiagnostic(diagnostic);
                }
            }

            if (node2 != null)
            {
                var symbol = ctx.SemanticModel.GetSymbolInfo(node2).Symbol;

                foreach (string cipher in BadCiphers)
                {
                    if (!AnalyzerUtil.SymbolMatch(symbol, type: cipher + "CryptoServiceProvider"))
                    {
                        continue;
                    }

                    var diagnostic = Diagnostic.Create(Rule, node2.GetLocation(), cipher);
                    ctx.ReportDiagnostic(diagnostic);
                }
            }
        }

Esempio n. 19

File: WeakRandomAnalyzer.cs Progetto: DineshManiM/roslyn-security-guard

        private static void VisitSyntaxNodeEx(SyntaxNodeAnalysisContext ctx)
        {
            Microsoft.CodeAnalysis.VisualBasic.Syntax.InvocationExpressionSyntax node = ctx.Node as Microsoft.CodeAnalysis.VisualBasic.Syntax.InvocationExpressionSyntax;
            if (node != null)
            {
                var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol;

                //System.Random.Next()
                if (AnalyzerUtil.SymbolMatch(symbol, type: "Random", name: "Next") ||
                    AnalyzerUtil.SymbolMatch(symbol, type: "Random", name: "NextBytes") ||
                    AnalyzerUtil.SymbolMatch(symbol, type: "Random", name: "NextDouble"))
                {
                    var diagnostic = Diagnostic.Create(Rule, node.Expression.GetLocation());
                    ctx.ReportDiagnostic(diagnostic);
                }
            }
        }

Esempio n. 20

File: TaintAnalyzer.cs Progetto: alisadri1993/roslyn-security-guard

        /// <summary>
        /// Logic for each method invocation (including constructor)
        /// The argument list is required because <code>InvocationExpressionSyntax</code> and
        /// <code>ObjectCreationExpressionSyntax</code> do not share a common interface.
        /// </summary>
        /// <param name="node"></param>
        /// <param name="argList"></param>
        /// <param name="state"></param>
        /// <returns></returns>
        private VariableState VisitInvocationAndCreation(ExpressionSyntax node, ArgumentListSyntax argList, ExecutionState state)
        {
            var            symbol   = state.GetSymbol(node);
            MethodBehavior behavior = behaviorRepo.GetInjectableMethodBehavior(symbol);

            int i = 0;

            if (argList == null)
            {
                return(new VariableState(VariableTaint.UNKNOWN));
            }
            foreach (var argument in argList.Arguments)
            {
                var argumentState = VisitExpression(argument.Expression, state);

                if (symbol != null)
                {
                    SGLogging.Log(symbol.ContainingType + "." + symbol.Name + " -> " + argumentState);
                }

                if (behavior != null &&                                                  //If the API is at risk
                    (argumentState.taint == VariableTaint.TAINTED ||                     //Tainted values
                     argumentState.taint == VariableTaint.UNKNOWN) &&
                    Array.Exists(behavior.injectablesArguments, element => element == i) //If the current parameter can be injected.
                    )
                {
                    var newRule    = LocaleUtil.GetDescriptor(behavior.vulnerabilityLocale);
                    var diagnostic = Diagnostic.Create(newRule, node.GetLocation());
                    state.AnalysisContext.ReportDiagnostic(diagnostic);
                }
                else if ((behavior != null || AnalyzerUtil.SymbolMatch(symbol, name:"Password")) &&
                         argumentState.taint == VariableTaint.CONSTANT &&                  //Hard coded value
                         Array.Exists(behavior.passwordArguments, element => element == i) //If the current parameter is a password
                         )
                {
                    var newRule    = LocaleUtil.GetDescriptor(behavior.vulnerabilityLocale);
                    var diagnostic = Diagnostic.Create(newRule, node.GetLocation());
                    state.AnalysisContext.ReportDiagnostic(diagnostic);
                }

                //TODO: tainted all object passed in argument

                i++;
            }
            return(new VariableState(VariableTaint.UNKNOWN));
        }

Esempio n. 21

File: WeakPasswordValidatorAnalyzer.cs Progetto: websecresearch/roslyn-security-guard

        private static void VisitAssignment(SyntaxNodeAnalysisContext ctx)
        {
            AssignmentExpressionSyntax node = ctx.Node as AssignmentExpressionSyntax;

            var symbol = ctx.SemanticModel.GetSymbolInfo(node.Left).Symbol;

            var content = node.Right.GetText().ToString();

            if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequiredLength") && content != String.Empty)
            {
                int numericValue;
                if (int.TryParse(node.Right.GetText().ToString(), out numericValue) && numericValue < Constants.PasswordValidatorRequiredLength)
                {
                    var diagnostic = Diagnostic.Create(RulePasswordLength, node.GetLocation());
                    ctx.ReportDiagnostic(diagnostic);
                }
            }
        }

Esempio n. 22

        private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx)
        {
            var assignment   = ctx.Node as AssignmentExpressionSyntax;
            var memberAccess = assignment?.Left as MemberAccessExpressionSyntax;

            if (memberAccess == null)
            {
                return;
            }

            var symbolMemberAccess = ctx.SemanticModel.GetSymbolInfo(memberAccess).Symbol;

            if (AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "ServicePointManager", name: "ServerCertificateValidationCallback") ||
                AnalyzerUtil.SymbolMatch(symbolMemberAccess, type: "ServicePointManager", name: "CertificatePolicy"))
            {
                var diagnostic = Diagnostic.Create(Rule, assignment.GetLocation());
                ctx.ReportDiagnostic(diagnostic);
            }
        }

Esempio n. 23

        protected static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx, SyntaxNodeHelper nodeHelper)
        {
            SyntaxNode expression = nodeHelper.GetInvocationExpressionNode(ctx.Node);

            if (expression == null)
            {
                return;
            }

            var symbol = ctx.SemanticModel.GetSymbolInfo(ctx.Node).Symbol;

            //System.Random.Next()
            if (AnalyzerUtil.SymbolMatch(symbol, type: "Random", name: "Next") ||
                AnalyzerUtil.SymbolMatch(symbol, type: "Random", name: "NextBytes") ||
                AnalyzerUtil.SymbolMatch(symbol, type: "Random", name: "NextDouble"))
            {
                var diagnostic = Diagnostic.Create(Rule, expression.GetLocation());
                ctx.ReportDiagnostic(diagnostic);
            }
        }

Esempio n. 24

File: WeakCipherModeAnalyzer.cs Progetto: mohdhaji87/security-code-scan

        private static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx)
        {
            SyntaxNode node, expression;

            if (ctx.Node.Language == LanguageNames.CSharp)
            {
                node       = ctx.Node as CSharpSyntax.MemberAccessExpressionSyntax;
                expression = ((CSharpSyntax.MemberAccessExpressionSyntax)node)?.Expression;
            }
            else
            {
                node       = ctx.Node as VBSyntax.MemberAccessExpressionSyntax;
                expression = ((VBSyntax.MemberAccessExpressionSyntax)node)?.Expression;
            }

            if (node == null)
            {
                return;
            }

            var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol;

            //DES.Create()
            if (AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "ECB"))
            {
                var diagnostic = Diagnostic.Create(RuleECB, expression.GetLocation(), "ECB");
                ctx.ReportDiagnostic(diagnostic);
            }
            else if (AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "CBC"))
            {
                var diagnostic = Diagnostic.Create(RuleCBC, expression.GetLocation(), "CBC");
                ctx.ReportDiagnostic(diagnostic);
            }
            else if (AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "OFB") ||
                     AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "CFB") ||
                     AnalyzerUtil.SymbolMatch(symbol, "CipherMode", "CTS"))
            {
                var diagnostic = Diagnostic.Create(RuleGeneric, expression.GetLocation(), "OFB");
                ctx.ReportDiagnostic(diagnostic);
            }
        }

Esempio n. 25

File: InsecureCookieAnalyzer.cs Progetto: xperiandri/roslyn-security-guard

        private void CheckState(ExecutionState state)
        {
            // For every variables registered in state
            foreach (var variableState in state.Variables)
            {
                var st = variableState.Value;

                // Only if it is the constructor of the PasswordValidator instance
                if (AnalyzerUtil.SymbolMatch(state.GetSymbol(st.node), "HttpCookie", ".ctor"))
                {
                    if (!st.tags.Contains(VariableTag.HttpCookieSecure))
                    {
                        state.AnalysisContext.ReportDiagnostic(Diagnostic.Create(RuleSecure, st.node.GetLocation()));
                    }
                    if (!st.tags.Contains(VariableTag.HttpCookieHttpOnly))
                    {
                        state.AnalysisContext.ReportDiagnostic(Diagnostic.Create(RuleHttpOnly, st.node.GetLocation()));
                    }
                }
            }
        }

Esempio n. 26

File: WeakHashingAnalyzer.cs Progetto: DineshManiM/roslyn-security-guard

        private static void VisitSyntaxNodeEx(SyntaxNodeAnalysisContext ctx)
        {
            var node = ctx.Node as Microsoft.CodeAnalysis.VisualBasic.Syntax.InvocationExpressionSyntax;

            if (node == null)
            {
                return;
            }

            var symbol = ctx.SemanticModel.GetSymbolInfo(node).Symbol;

            foreach (KeyValuePair <string, DiagnosticDescriptor> entry in HashFunctions)
            {
                //XXX.Create()
                if (AnalyzerUtil.SymbolMatch(symbol, type: entry.Key, name: "Create"))
                {
                    var diagnostic = Diagnostic.Create(entry.Value, node.Expression.GetLocation(), "MD5");
                    ctx.ReportDiagnostic(diagnostic);
                }
            }
        }

Esempio n. 27

File: InsecureCookieAnalyzer.cs Progetto: websecresearch/roslyn-security-guard

        public void VisitStatement(StatementSyntax statement, ExecutionState state)
        {
            var localDeclaration = statement as LocalDeclarationStatementSyntax;

            if (localDeclaration == null)
            {
                return;
            }
            var varDeclaration = localDeclaration.Declaration as VariableDeclarationSyntax;

            if (varDeclaration == null)
            {
                return;
            }

            foreach (var variable in varDeclaration.Variables)
            {
                //Looking for the creation of a cookie (HttpCookie)

                var variableDecorator = variable as VariableDeclaratorSyntax;
                if (variableDecorator != null)
                {
                    var expressionValue = variableDecorator.Initializer?.Value;
                    if (expressionValue is ObjectCreationExpressionSyntax)
                    {
                        var objCreation = (ObjectCreationExpressionSyntax)expressionValue;

                        var symbol = state.GetSymbol(objCreation);
                        if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", ".ctor"))
                        {
                            //It will override the initial state
                            state.AddNewValue(variableDecorator.Identifier.Text,    //
                                              new VariableState(VariableTaint.SAFE) //
                                              .AddTag(VariableTag.HttpCookie)       //
                                              .AddSyntaxNode(variable));
                        }
                    }
                }
            }
        }

Esempio n. 28

File: InsecureCookieAnalyzer.cs Progetto: DineshManiM/roslyn-security-guard

        public void VisitStatement(Microsoft.CodeAnalysis.VisualBasic.Syntax.StatementSyntax statement, ExecutionState state)
        {
            var localDeclaration = statement as Microsoft.CodeAnalysis.VisualBasic.Syntax.LocalDeclarationStatementSyntax;

            if (localDeclaration == null)
            {
                return;
            }
            var varDeclaration = localDeclaration.Declarators.First() as Microsoft.CodeAnalysis.VisualBasic.Syntax.VariableDeclaratorSyntax;

            if (varDeclaration == null)
            {
                return;
            }

            foreach (var variable in localDeclaration.Declarators)
            {
                //Looking for the creation of a cookie (HttpCookie)

                var variableDecorator = variable;
                if (variableDecorator != null)
                {
                    var expressionValue = variableDecorator.Initializer?.Value;
                    if (expressionValue is Microsoft.CodeAnalysis.VisualBasic.Syntax.ObjectCreationExpressionSyntax)
                    {
                        var objCreation = (Microsoft.CodeAnalysis.VisualBasic.Syntax.ObjectCreationExpressionSyntax)expressionValue;

                        var symbol = state.GetSymbol(objCreation);
                        if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", ".ctor"))
                        {
                            //It will override the initial state
                            state.AddNewValue(variableDecorator.GetFirstToken().Text,         //
                                              new VariableState(variable, VariableTaint.SAFE) //
                                              .AddTag(VariableTag.HttpCookie)                 //
                                              .AddSyntaxNode(variable));
                        }
                    }
                }
            }
        }

Esempio n. 29

File: WeakCertificateValidationAnalyzer.cs Progetto: trungx/security-code-scan

        protected static void VisitSyntaxNode(SyntaxNodeAnalysisContext ctx, SyntaxNodeHelper nodeHelper)
        {
            var leftNode = nodeHelper.GetAssignmentLeftNode(ctx.Node);

            if (!nodeHelper.IsSimpleMemberAccessExpressionNode(leftNode))
            {
                return;
            }

            var symbolMemberAccess = ctx.SemanticModel.GetSymbolInfo(leftNode).Symbol;

            if (AnalyzerUtil.SymbolMatch(symbolMemberAccess,
                                         type: "ServicePointManager",
                                         name: "ServerCertificateValidationCallback") ||
                AnalyzerUtil.SymbolMatch(symbolMemberAccess,
                                         type: "ServicePointManager",
                                         name: "CertificatePolicy"))
            {
                var diagnostic = Diagnostic.Create(Rule, ctx.Node.GetLocation());
                ctx.ReportDiagnostic(diagnostic);
            }
        }

Esempio n. 30

File: WeakPasswordValidatorPropertyAnalyzer.cs Progetto: trungx/security-code-scan

 public void TagVariables(ISymbol symbol, VariableState variableRightState)
 {
     // Only PasswordValidator properties will cause a new tag to be added
     if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequiredLength"))
     {
         variableRightState.AddTag(VariableTag.RequiredLengthIsSet);
     }
     else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireDigit"))
     {
         variableRightState.AddTag(VariableTag.RequireDigitIsSet);
     }
     else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireLowercase"))
     {
         variableRightState.AddTag(VariableTag.RequireLowercaseIsSet);
     }
     else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireNonLetterOrDigit"))
     {
         variableRightState.AddTag(VariableTag.RequireNonLetterOrDigitIsSet);
     }
     else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireUppercase"))
     {
         variableRightState.AddTag(VariableTag.RequireUppercaseIsSet);
     }
 }