public void NonExistingFile()
{
CsFile csFile = GetCsFile("NonExistingFile.cs");
CompilationUnitSyntax unit = csFile.GetUnit();
Assert.AreEqual("", unit.ToFullString());
Assert.AreEqual(0, unit.DescendantNodes().Count());
}
public override void Analyze(CsFile csFile)
{
var accessExpressions = csFile.GetUnit().DescendantNodes().OfType <MemberAccessExpressionSyntax>();
var vulnerabilities = accessExpressions
.Where(IsLogMethod)
.Select(expression => new Vulnerability
{
Code = "Logging",
Title = "Logging was found",
Description = $"Logging was found in the app: Log.{GetMethodName(expression)}(...). Other apps may read the logs.",
FilePath = csFile.FilePath,
FullyQualifiedName = QualifiedNameResolver.Resolve(expression),
LineNumber = expression.GetLocation().GetLineSpan().StartLinePosition.Line + 1
}).ToList();
vulnerabilities.ForEach(OnVulnerabilityDiscovered);
}
public override void Analyze(CsFile csFile)
{
var assignments = csFile.GetUnit().DescendantNodes().OfType <AssignmentExpressionSyntax>();
var vulnerabilities = assignments
.Where(IsEcbCipherMode)
.Select(assignment => new Vulnerability
{
Code = "EcbCipherMode",
Title = "Unsafe cipher mode used",
Description = $"You may leak information by using the ECB cipher mode. Encrypting the same block of bits using this mode returns the same output.",
FilePath = csFile.FilePath,
FullyQualifiedName = QualifiedNameResolver.Resolve(assignment),
LineNumber = assignment.Right.GetLocation().GetLineSpan().StartLinePosition.Line + 1
}).ToList();
vulnerabilities.ForEach(OnVulnerabilityDiscovered);
}
public override void Analyze(CsFile csFile)
{
var accessExpressions = csFile.GetUnit().DescendantNodes().OfType <MemberAccessExpressionSyntax>();
var vulnerabilities = accessExpressions
.Where(expression => expression.ToString() == WorldReadableMode)
.Select(expression => new Vulnerability
{
Code = "WorldReadable",
Title = "WorldReadable file found",
Description = $"A WorldReadable file may expose sensitive data to other apps.",
FilePath = csFile.FilePath,
FullyQualifiedName = QualifiedNameResolver.Resolve(expression),
LineNumber = expression.GetLocation().GetLineSpan().StartLinePosition.Line + 1
}).ToList();
vulnerabilities.ForEach(OnVulnerabilityDiscovered);
}
public override void Analyze(CsFile csFile)
{
var accessExpressions = csFile.GetUnit().DescendantNodes().OfType <MemberAccessExpressionSyntax>();
var vulnerabilities = accessExpressions
.Where(expression => expression.ToString().Contains(Callback))
.Select(expression => new Vulnerability
{
Code = "CertificateValidation",
Title = "Certificate validation overwritten",
Description = $"Certificate validation callback is overwritten. This may open the door to man-in-the-middle attacks.",
FilePath = csFile.FilePath,
FullyQualifiedName = QualifiedNameResolver.Resolve(expression),
LineNumber = expression.GetLocation().GetLineSpan().StartLinePosition.Line + 1
}).ToList();
vulnerabilities.ForEach(OnVulnerabilityDiscovered);
}
public override void Analyze(CsFile csFile)
{
var accessExpressions = csFile.GetUnit().DescendantNodes().OfType <MemberAccessExpressionSyntax>();
var vulnerabilities = accessExpressions
.Where(expression => expression.Name.ToString() == PhoneNumberProperty)
.Select(expression => new Vulnerability
{
Code = "PhoneNumberAccess",
Title = "Access to phone number",
Description = $"Be careful accessing the phone number of your user. This is personally identifying information (PII).",
FilePath = csFile.FilePath,
FullyQualifiedName = QualifiedNameResolver.Resolve(expression),
LineNumber = expression.GetLocation().GetLineSpan().StartLinePosition.Line + 1
}).ToList();
vulnerabilities.ForEach(OnVulnerabilityDiscovered);
}
public override void Analyze(CsFile csFile)
{
var invocations = csFile.GetUnit().DescendantNodes().OfType <InvocationExpressionSyntax>();
var vulnerabilities = invocations
.Where(IsPermissionCheck)
.Select(invocation =>
new Vulnerability
{
Code = "CheckPermission",
Title = "Permissions may not be enforced",
Description = $"Permissions may not be enforced when using this method in an exported component: {GetMethodName(invocation)}(...).",
FilePath = csFile.FilePath,
FullyQualifiedName = QualifiedNameResolver.Resolve(invocation),
LineNumber = invocation.GetLocation().GetLineSpan().StartLinePosition.Line + 1
}).ToList();
vulnerabilities.ForEach(OnVulnerabilityDiscovered);
}
public override void Analyze(CsFile csFile)
{
var accessExpressions = csFile.GetUnit().DescendantNodes().OfType <MemberAccessExpressionSyntax>();
var vulnerabilities = accessExpressions
.Where(expression => expression.ToString().Contains(Callback))
.Select(expression => new Vulnerability
{
Code = "CertificateValidation",
Title = "Certificate validation overwritten",
SeverityLevel = SeverityLevel.High,
Description = $"Certificate validation is overwritten. Incorrectly implementing this validation may open the door to man-in-the-middle attacks. Please check your implementation to see if your vulnerable (e.g. always returning true).",
FilePath = csFile.FilePath,
FullyQualifiedName = QualifiedNameResolver.Resolve(expression),
LineNumber = expression.GetLocation().GetLineSpan().StartLinePosition.Line + 1
}).ToList();
vulnerabilities.ForEach(OnVulnerabilityDiscovered);
}
public override void Analyze(CsFile csFile)
{
var invocations = csFile.GetUnit().DescendantNodes().OfType <InvocationExpressionSyntax>();
var expressions = invocations.Select(expression => expression.Expression);
var vulnerabilities = expressions
.Where(IsExternalStorageMethod)
.Select(expression => new Vulnerability
{
Code = "ExternalStorage",
Title = "External storage is used",
Description = $"Files on external storage can be accessed by any app. Check this method: {GetMethodName(expression)}(...).",
FilePath = csFile.FilePath,
FullyQualifiedName = QualifiedNameResolver.Resolve(expression),
LineNumber = expression.GetLocation().GetLineSpan().StartLinePosition.Line + 1
}).ToList();
vulnerabilities.ForEach(OnVulnerabilityDiscovered);
}
public override void Analyze(CsFile csFile)
{
var stringLiteralTokens = csFile.GetUnit().DescendantTokens()
.Where(n => n.Kind() == SyntaxKind.StringLiteralToken);
var vulnerabilities = stringLiteralTokens
.Where(IsHttpUrl)
.Where(IsNotIgnored)
.Select(literal => new Vulnerability
{
Code = "HardcodedHttpUrl",
Title = "Hardcoded HTTP URL found",
Description = $"HTTP traffic may not be encrypted, which opens the door to man-in-the-middle attacks. HTTP URL: {literal.ValueText}.",
FilePath = csFile.FilePath,
FullyQualifiedName = QualifiedNameResolver.Resolve(literal),
LineNumber = literal.GetLocation().GetLineSpan().StartLinePosition.Line + 1
}).ToList();
vulnerabilities.ForEach(OnVulnerabilityDiscovered);
}
public override void Analyze(CsFile csFile)
{
var assignments = csFile.GetUnit().DescendantNodes().OfType <AssignmentExpressionSyntax>();
var accessExpressions = assignments
.Where(expression => expression.Left is MemberAccessExpressionSyntax)
.Select(expression => (MemberAccessExpressionSyntax)expression.Left);
var vulnerabilities = accessExpressions
.Where(expression => expression.Name.ToString() == _javaScriptEnabledProperty)
.Select(expression => new Vulnerability
{
Code = "JavaScriptEnabled",
Title = "JavaScript enabled in WebView",
Description = $"Enabling JavaScript in a WebView opens the door to XSS attacks.",
FilePath = csFile.FilePath,
FullyQualifiedName = QualifiedNameResolver.Resolve(expression),
LineNumber = expression.GetLocation().GetLineSpan().StartLinePosition.Line + 1
}).ToList();
vulnerabilities.ForEach(OnVulnerabilityDiscovered);
}
public override void Analyze(CsFile csFile)
{
var invocationExpressions = csFile.GetUnit().DescendantNodes().OfType <InvocationExpressionSyntax>();
var accessExpressions = invocationExpressions
.Where(expression => expression.Expression is MemberAccessExpressionSyntax)
.Select(expression => (MemberAccessExpressionSyntax)expression.Expression);
var vulnerabilities = accessExpressions
.Where(expression => expression.Name.ToString() == _addJavascriptInterfaceMethod)
.Select(expression => new Vulnerability
{
Code = "JavascriptInterface",
Title = "JavascriptInterface is added to a WebView",
Description = $"Adding a JavascriptInterface to a WebView might allow remote code execution attacks.",
FilePath = csFile.FilePath,
FullyQualifiedName = QualifiedNameResolver.Resolve(expression),
LineNumber = expression.GetLocation().GetLineSpan().StartLinePosition.Line + 1
}).ToList();
vulnerabilities.ForEach(OnVulnerabilityDiscovered);
}