public void VisitAssignment(AssignmentExpressionSyntax node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState) { //Looking for Assigment to Secure or HttpOnly property var assigment = node; if (assigment.Left is MemberAccessExpressionSyntax) { var memberAccess = (MemberAccessExpressionSyntax)assigment.Left; if (memberAccess.Expression is IdentifierNameSyntax) { var identifier = (IdentifierNameSyntax)memberAccess.Expression; string variableAccess = identifier.Identifier.ValueText; if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure")) { state.AddTag(variableAccess, VariableTag.HttpCookieSecure); } else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly")) { state.AddTag(variableAccess, VariableTag.HttpCookieHttpOnly); } } } }
private void VisitNodeRecursively(SyntaxNode node, ExecutionState state) { //Looking for the creation of a cookie (HttpCookie) if (node is VariableDeclaratorSyntax) { var variableDecorator = (VariableDeclaratorSyntax)node; var expressionValue = variableDecorator.Initializer?.Value; if (expressionValue is ObjectCreationExpressionSyntax) { var objCreation = (ObjectCreationExpressionSyntax)expressionValue; var symbol = state.GetSymbol(objCreation); if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", ".ctor")) { state.AddNewValue(variableDecorator.Identifier.Text, // new VariableState(VariableTaint.SAFE) // .AddTag(VariableTag.HttpCookie) // .AddSyntaxNode(node)); } } } //Looking for Assigment to Secure or HttpOnly property else if (node is AssignmentExpressionSyntax) { var assigment = (AssignmentExpressionSyntax)node; if (assigment.Left is MemberAccessExpressionSyntax) { var memberAccess = (MemberAccessExpressionSyntax)assigment.Left; if (memberAccess.Expression is IdentifierNameSyntax) { var identifier = (IdentifierNameSyntax)memberAccess.Expression; string variableAccess = identifier.Identifier.ValueText; var symbol = state.GetSymbol(memberAccess); if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure")) { state.AddTag(variableAccess, VariableTag.HttpCookieSecure); } else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly")) { state.AddTag(variableAccess, VariableTag.HttpCookieHttpOnly); } } } } foreach (var n in node.ChildNodes()) { VisitNodeRecursively(n, state); } }