public override void VisitMethodCall(MethodCall call)
{
if (call.Method() != null)
{
if ((call.Method().Name.Name == "SendMail" || call.Method().Name.Name == "SendBulkMail") && call.Method().DeclaringType.FullName == "CDS.Core.Utils.EMail")
{
Problems.Add(new Problem(this.GetResolution()));
}
}
base.VisitMethodCall(call);
}
public override void VisitMethodCall(MethodCall call)
{
if (call.Method() != null)
{
if (call.Method().Parameters.Any(a => a.Type.FullName == "System.Web.Mvc.JsonRequestBehavior"))
{
this.Problems.Add(new Problem(this.GetResolution(), (Node)call));
}
}
base.VisitMethodCall(call);
}
public override void VisitMethodCall(MethodCall call)
{
if (call.Method() != null)
{
if (call.Method().Parameters.Any(a => a.Type.FullName == "System.Web.Mvc.JsonRequestBehavior"))
{
this.Problems.Add(new Problem(this.GetResolution(), (Node)call));
}
}
base.VisitMethodCall(call);
}
public override void VisitMethodCall(MethodCall call)
{
if (call.Method() != null)
{
if ((call.Method().Name.Name == "SendMail" || call.Method().Name.Name == "SendBulkMail") && call.Method().DeclaringType.FullName == "CDS.Core.Utils.EMail")
{
Problems.Add(new Problem(this.GetResolution()));
}
}
base.VisitMethodCall(call);
}
public override void VisitMethodCall(MethodCall call)
{
bool safe = true;
var mb = call.Callee as MemberBinding;
if (mb != null)
{
if (IsStringFunction(call))
{
if (!IsSafeStringFunction(call, null))
{
safe = false;
_dirty.MarkDirty(mb.TargetObject, mb.BoundMember, call.SourceContext, false);
}
}
else if (mb.TargetObject != null && !_dirty.IsSafe(mb.TargetObject) && IsStringIsh(call.Type) && !call.Method().DeclaringType.IsDerivedFrom("CDS.Core.Utils.Inspection.SafeSqlBuilder"))
{
safe = false;
_dirty.MarkDirty(call, mb.TargetObject, call.SourceContext, false);
}
}
if (safe)
{
_dirty.MarkSafe(call);
}
if (!IsSqlExecutingFunction(call.Method()) && !IsSqlGeneratingFunction(call.Method()) && !IsSafeStringFunction(call, null) && !IsStringIsh(call.Method().DeclaringType))
{
// mark the reference-type operands as dirty unless it's
// ... executing SQL or building dynamic SQL (those get scanned on the inside)
// ... a string or StringBuilder function. We know that those don't alter their inputs.
foreach (var op in call.Operands.Where(w => w.Type != null && !w.Type.IsValueType && !IsTypeSafe(w.Type)))
{
_dirty.MarkDirty(op, call.Method(), call.SourceContext, false);
}
}
//if the function runs SQL
// an operand's been marked dangerous, PROBLEM!
if (_problemRound && IsSqlExecutingFunction(call.Method()) && _dirty.AnyDirty)
{
var dirty = call.Operands.FirstOrDefault(f => IsStringIsh(f.Type) && !IsConst(f) && !_dirty.IsSafe(f));
if (dirty != null)
{
Problems.Add(new Problem(this.GetResolution(dirty.GetName(), _dirty.GetDirtyDetails(dirty, call, true)), call.SourceContext));
}
}
base.VisitMethodCall(call);
}
public override void VisitMethodCall(MethodCall call)
{
if (call.Method() != null)
{
if (call.Method().IsStatic && call.Method().Name.Name.StartsWith("get_Current")
&& call.Method().DeclaringType.FullName != "System.Globalization.CultureInfo")
{
this.Problems.Add(new Problem(this.GetResolution(call.Method().FullName), (Node)call));
}
}
base.VisitMethodCall(call);
}
public override void VisitMethodCall(MethodCall call)
{
if (call.Method() != null)
{
if (call.Method().IsStatic&& call.Method().Name.Name.StartsWith("get_Current") &&
call.Method().DeclaringType.FullName != "System.Globalization.CultureInfo")
{
this.Problems.Add(new Problem(this.GetResolution(call.Method().FullName), (Node)call));
}
}
base.VisitMethodCall(call);
}
public override void VisitMethodCall(MethodCall call)
{
if (IsSqlExecutingFunction(call.Method()))
{
Problems.Add(new Problem(this.GetResolution(), call.SourceContext));
}
if (!call.Method().DeclaringType.FullName.StartsWith("System.") && !call.Method().DeclaringType.FullName.StartsWith("Microsoft.") && call.Method().DeclaringType != _currentType && call.Method().FullName != "CDS.Core.Utils.Inspection.SafeSqlBuilder.#ctor")
{
Problems.Add(new Problem(this.GetResolution(), call.SourceContext));
}
base.VisitMethodCall(call);
}
public override void VisitMethodCall(MethodCall call)
{
if (IsSqlExecutingFunction(call.Method()))
{
Problems.Add(new Problem(this.GetResolution(), call.SourceContext));
}
if (!call.Method().DeclaringType.FullName.StartsWith("System.") && !call.Method().DeclaringType.FullName.StartsWith("Microsoft.") && call.Method().DeclaringType != _currentType && call.Method().FullName != "CDS.Core.Utils.Inspection.SafeSqlBuilder.#ctor")
{
Problems.Add(new Problem(this.GetResolution(), call.SourceContext));
}
base.VisitMethodCall(call);
}
public override void VisitMethodCall(MethodCall call)
{
if (call.Method() != null)
{
if (
(call.Method().Name.Name == "Start" && call.Method().DeclaringType.FullName == "System.Threading.Thread") ||
(call.Method().Name.Name == "StartNew" && call.Method().DeclaringType.FullName == "System.Threading.Tasks.Task.Factory") ||
(call.Method().Name.Name == "Start" && call.Method().DeclaringType.FullName == "System.Threading.Tasks.Task") ||
(call.Method().Name.Name == "StartNew" && call.Method().DeclaringType.FullName == "System.Threading.Tasks.TaskFactory")
)
{
Problems.Add(new Problem(this.GetResolution()));
}
}
base.VisitMethodCall(call);
}
public override void VisitMethodCall(MethodCall call)
{
if (call.Method() != null)
{
if (
(call.Method().Name.Name == "Start" && call.Method().DeclaringType.FullName == "System.Threading.Thread")
|| (call.Method().Name.Name == "StartNew" && call.Method().DeclaringType.FullName == "System.Threading.Tasks.Task.Factory")
|| (call.Method().Name.Name == "Start" && call.Method().DeclaringType.FullName == "System.Threading.Tasks.Task")
|| (call.Method().Name.Name == "StartNew" && call.Method().DeclaringType.FullName == "System.Threading.Tasks.TaskFactory")
)
{
Problems.Add(new Problem(this.GetResolution()));
}
}
base.VisitMethodCall(call);
}
private bool IsSafeStringFunction(MethodCall call, Node target)
{
if (call.Method().DeclaringType.IsDerivedFrom("CDS.Core.Utils.Inspection.SafeSqlBuilder"))
{
return(true);
}
if (!IsSqlGeneratingFunction(call.Method()))
{
if (!IsStringFunction(call))
{
return(false);
}
if (call.Method().Name.Name == "ToString")
{
return(_dirty.IsSafe(call.Callee));
}
}
foreach (var op in call.Operands.Where(w => w != target && !IsTypeSafe(w)))
{
var nestedCall = op as MethodCall;
if (nestedCall != null)
{
if (!IsSafeStringFunction(nestedCall, target))
{
return(false);
}
}
else if (!_dirty.IsSafe(op) && !IsConst(op))
{
return(false);
}
}
return(true);
}
public override void VisitMethodCall(MethodCall call)
{
if (call.Method() != null)
{
if (!call.Method().DeclaringType.DeclaringModule.ContainingAssembly.IsSystemAssembly() && //only need to check our own stuff, we can't do data access through a MSFT function from our web projects
call.Method().DeclaringType.DeclaringModule.ContainingAssembly.Name != "CDS.Core.Utils" && //MOD: we've whitelisted some stuff, here
call.Method().DeclaringType.DeclaringModule.ContainingAssembly.Name != "CDS.ProxyFactory" &&
!call.Method().IsPropertyAccessor()) //call me overconfident, but I think we can assume property accessors aren't writing to the database
{
KeywordViolations(call.Method());
}
}
base.VisitMethodCall(call);
}
public override void VisitMethodCall(MethodCall call)
{
if (call.Method() != null)
{
if (!call.Method().DeclaringType.DeclaringModule.ContainingAssembly.IsSystemAssembly() //only need to check our own stuff, we can't do data access through a MSFT function from our web projects
&& call.Method().DeclaringType.DeclaringModule.ContainingAssembly.Name != "CDS.Core.Utils" //MOD: we've whitelisted some stuff, here
&& call.Method().DeclaringType.DeclaringModule.ContainingAssembly.Name != "CDS.ProxyFactory"
&& !call.Method().IsPropertyAccessor()) //call me overconfident, but I think we can assume property accessors aren't writing to the database
{
KeywordViolations(call.Method());
}
}
base.VisitMethodCall(call);
}
private bool IsStringFunction(MethodCall call)
{
return(IsStringIsh(call.Method().DeclaringType));
}
private bool IsStringFunction(MethodCall call)
{
return IsStringIsh(call.Method().DeclaringType);
}
private bool IsSafeStringFunction(MethodCall call, Node target)
{
if (call.Method().DeclaringType.IsDerivedFrom("CDS.Core.Utils.Inspection.SafeSqlBuilder"))
{
return true;
}
if (!IsSqlGeneratingFunction(call.Method()))
{
if (!IsStringFunction(call))
return false;
if (call.Method().Name.Name == "ToString")
return _dirty.IsSafe(call.Callee);
}
foreach (var op in call.Operands.Where(w => w != target && !IsTypeSafe(w)))
{
var nestedCall = op as MethodCall;
if (nestedCall != null)
{
if (!IsSafeStringFunction(nestedCall, target))
return false;
}
else if (!_dirty.IsSafe(op) && !IsConst(op))
{
return false;
}
}
return true;
}
public override void VisitMethodCall(MethodCall call)
{
bool safe = true;
var mb = call.Callee as MemberBinding;
if (mb != null)
{
if (IsStringFunction(call))
{
if (!IsSafeStringFunction(call, null))
{
safe = false;
_dirty.MarkDirty(mb.TargetObject, mb.BoundMember, call.SourceContext, false);
}
}
else if (mb.TargetObject != null && !_dirty.IsSafe(mb.TargetObject) && IsStringIsh(call.Type) && !call.Method().DeclaringType.IsDerivedFrom("CDS.Core.Utils.Inspection.SafeSqlBuilder"))
{
safe = false;
_dirty.MarkDirty(call, mb.TargetObject, call.SourceContext, false);
}
}
if (safe)
{
_dirty.MarkSafe(call);
}
if (!IsSqlExecutingFunction(call.Method()) && !IsSqlGeneratingFunction(call.Method()) && !IsSafeStringFunction(call, null) && !IsStringIsh(call.Method().DeclaringType))
{
// mark the reference-type operands as dirty unless it's
// ... executing SQL or building dynamic SQL (those get scanned on the inside)
// ... a string or StringBuilder function. We know that those don't alter their inputs.
foreach (var op in call.Operands.Where(w => w.Type != null && !w.Type.IsValueType && !IsTypeSafe(w.Type)))
{
_dirty.MarkDirty(op, call.Method(), call.SourceContext, false);
}
}
//if the function runs SQL
// an operand's been marked dangerous, PROBLEM!
if (_problemRound && IsSqlExecutingFunction(call.Method()) && _dirty.AnyDirty)
{
var dirty = call.Operands.FirstOrDefault(f => IsStringIsh(f.Type) && !IsConst(f) && !_dirty.IsSafe(f));
if (dirty != null)
{
Problems.Add(new Problem(this.GetResolution(dirty.GetName(), _dirty.GetDirtyDetails(dirty, call, true)), call.SourceContext));
}
}
base.VisitMethodCall(call);
}
