Esempi di codice in C# (CSharp) per PropertyAccessTracker

Esempio n. 1

0

Mostra file

        protected override void Initialize(SonarAnalysisContext context)
        {
            InvocationTracker.Track(context,
                                    InvocationTracker.MatchMethod(
                                        new MemberDescriptor(KnownType.Microsoft_EntityFrameworkCore_RelationalQueryableExtensions, "FromSql")),
                                    Conditions.And(
                                        MethodHasRawSqlQueryParameter(),
                                        Conditions.Or(
                                            Conditions.Or(ArgumentAtIndexIsConcat(0), ArgumentAtIndexIsFormat(0), ArgumentAtIndexIsInterpolated(0)),
                                            Conditions.Or(ArgumentAtIndexIsConcat(1), ArgumentAtIndexIsFormat(1), ArgumentAtIndexIsInterpolated(1))
                                            )
                                        ),
                                    Conditions.ExceptWhen(
                                        InvocationTracker.ArgumentAtIndexIsConstant(0)));

            InvocationTracker.Track(context,
                                    InvocationTracker.MatchMethod(
                                        new MemberDescriptor(KnownType.Microsoft_EntityFrameworkCore_RelationalDatabaseFacadeExtensions, "ExecuteSqlCommandAsync"),
                                        new MemberDescriptor(KnownType.Microsoft_EntityFrameworkCore_RelationalDatabaseFacadeExtensions, "ExecuteSqlCommand")),
                                    Conditions.And(
                                        MethodHasRawSqlQueryParameter(),
                                        Conditions.Or(
                                            Conditions.Or(ArgumentAtIndexIsConcat(0), ArgumentAtIndexIsFormat(0), ArgumentAtIndexIsInterpolated(0)),
                                            Conditions.Or(ArgumentAtIndexIsConcat(1), ArgumentAtIndexIsFormat(1), ArgumentAtIndexIsInterpolated(1))
                                            )
                                        ),
                                    Conditions.ExceptWhen(
                                        InvocationTracker.ArgumentAtIndexIsConstant(0)));

            PropertyAccessTracker.Track(context,
                                        PropertyAccessTracker.MatchProperty(
                                            new MemberDescriptor(KnownType.System_Data_Odbc_OdbcCommand, "CommandText"),
                                            new MemberDescriptor(KnownType.System_Data_OracleClient_OracleCommand, "CommandText"),
                                            new MemberDescriptor(KnownType.System_Data_SqlClient_SqlCommand, "CommandText"),
                                            new MemberDescriptor(KnownType.System_Data_SqlServerCe_SqlCeCommand, "CommandText")),
                                        PropertyAccessTracker.MatchSetter(),
                                        Conditions.Or(SetterIsConcat(), SetterIsFormat(), SetterIsInterpolation()),
                                        Conditions.ExceptWhen(
                                            PropertyAccessTracker.AssignedValueIsConstant()));

            ObjectCreationTracker.Track(context,
                                        ObjectCreationTracker.MatchConstructor(
                                            KnownType.Microsoft_EntityFrameworkCore_RawSqlString,
                                            KnownType.System_Data_SqlClient_SqlCommand,
                                            KnownType.System_Data_SqlClient_SqlDataAdapter,
                                            KnownType.System_Data_Odbc_OdbcCommand,
                                            KnownType.System_Data_Odbc_OdbcDataAdapter,
                                            KnownType.System_Data_SqlServerCe_SqlCeCommand,
                                            KnownType.System_Data_SqlServerCe_SqlCeDataAdapter,
                                            KnownType.System_Data_OracleClient_OracleCommand,
                                            KnownType.System_Data_OracleClient_OracleDataAdapter),
                                        ObjectCreationTracker.ArgumentAtIndexIs(0, KnownType.System_String),
                                        Conditions.Or(FirstArgumentIsConcat(), FirstArgumentIsFormat(), FirstArgumentIsInterpolation()),
                                        Conditions.ExceptWhen(
                                            ObjectCreationTracker.ArgumentAtIndexIsConst(0)));
        }

Esempio n. 2

0

Mostra file

File: UsingCookiesBase.cs Progetto: yunfan501/sonardotnet714

        protected override void Initialize(SonarAnalysisContext context)
        {
            PropertyAccessTracker.Track(context,
                                        PropertyAccessTracker.MatchProperty(
                                            new MemberDescriptor(KnownType.System_Web_HttpCookie, "Value")),
                                        PropertyAccessTracker.MatchSetter());

            ObjectCreationTracker.Track(context,
                                        ObjectCreationTracker.MatchConstructor(KnownType.System_Web_HttpCookie),
                                        ObjectCreationTracker.ArgumentAtIndexIs(1, KnownType.System_String));

            ElementAccessTracker.Track(context,
                                       ElementAccessTracker.MatchIndexerIn(KnownType.System_Web_HttpCookie),
                                       ElementAccessTracker.ArgumentAtIndexIs(0, KnownType.System_String),
                                       ElementAccessTracker.MatchSetter());

            ElementAccessTracker.Track(context,
                                       ElementAccessTracker.MatchIndexerIn(KnownType.Microsoft_AspNetCore_Http_IHeaderDictionary),
                                       ElementAccessTracker.ArgumentAtIndexEquals(0, "Set-Cookie"),
                                       ElementAccessTracker.MatchSetter());

            ElementAccessTracker.Track(context,
                                       ElementAccessTracker.MatchIndexerIn(
                                           KnownType.Microsoft_AspNetCore_Http_IRequestCookieCollection,
                                           KnownType.Microsoft_AspNetCore_Http_IResponseCookies),
                                       ElementAccessTracker.MatchSetter());

            ElementAccessTracker.Track(context,
                                       ElementAccessTracker.MatchIndexerIn(
                                           KnownType.System_Collections_Specialized_NameValueCollection),
                                       ElementAccessTracker.MatchSetter(),
                                       ElementAccessTracker.MatchProperty(
                                           new MemberDescriptor(KnownType.System_Web_HttpCookie, "Values")));

            InvocationTracker.Track(context,
                                    InvocationTracker.MatchMethod(
                                        new MemberDescriptor(KnownType.Microsoft_AspNetCore_Http_IResponseCookies, "Append")));

            InvocationTracker.Track(context,
                                    InvocationTracker.MatchMethod(
                                        new MemberDescriptor(KnownType.System_Collections_Generic_IDictionary_TKey_TValue, "Add"),
                                        new MemberDescriptor(KnownType.System_Collections_Generic_IDictionary_TKey_TValue_VB, "Add")),
                                    InvocationTracker.ArgumentAtIndexEquals(0, "Set-Cookie"),
                                    InvocationTracker.MethodHasParameters(2),
                                    IsIHeadersDictionary());

            InvocationTracker.Track(context,
                                    InvocationTracker.MatchMethod(
                                        new MemberDescriptor(KnownType.System_Collections_Specialized_NameObjectCollectionBase, "Add")),
                                    InvocationTracker.MatchProperty(
                                        new MemberDescriptor(KnownType.System_Web_HttpCookie, "Values")));
        }

Esempio n. 3

0

Mostra file

File: CommandPathBase.cs Progetto: asears/sonar-dotnet

        protected override void Initialize(SonarAnalysisContext context)
        {
            InvocationTracker.Track(context,
                                    InvocationTracker.MatchMethod(new MemberDescriptor(KnownType.System_Diagnostics_Process, "Start")),
                                    c => IsInvalid(FirstArgument(c)));

            PropertyAccessTracker.Track(context,
                                        PropertyAccessTracker.MatchProperty(new MemberDescriptor(KnownType.System_Diagnostics_ProcessStartInfo, "FileName")),
                                        PropertyAccessTracker.MatchSetter(),
                                        c => IsInvalid((string)PropertyAccessTracker.AssignedValue(c)));

            ObjectCreationTracker.Track(context,
                                        ObjectCreationTracker.MatchConstructor(KnownType.System_Diagnostics_ProcessStartInfo),
                                        c => ObjectCreationTracker.ConstArgumentForParameter(c, "fileName") is string value && IsInvalid(value));
        }

Esempio n. 4

0

Mostra file

File: ExecutingOsCommandsBase.cs Progetto: mkandadi/sonar-dotnet

        protected override void Initialize(SonarAnalysisContext context)
        {
            InvocationTracker.Track(context,
                                    InvocationTracker.MatchMethod(new MemberDescriptor(KnownType.System_Diagnostics_Process, "Start")),
                                    Conditions.ExceptWhen(
                                        InvocationTracker.ArgumentAtIndexIs(0, KnownType.System_Diagnostics_ProcessStartInfo)),
                                    InvocationTracker.MethodHasParameters());

            PropertyAccessTracker.Track(context,
                                        PropertyAccessTracker.MatchProperty(
                                            new MemberDescriptor(KnownType.System_Diagnostics_ProcessStartInfo, "FileName")),
                                        PropertyAccessTracker.MatchSetter());

            ObjectCreationTracker.Track(context,
                                        ObjectCreationTracker.MatchConstructor(KnownType.System_Diagnostics_ProcessStartInfo),
                                        ObjectCreationTracker.ArgumentAtIndexIs(0, KnownType.System_String));
        }

Esempio n. 5

0

Mostra file

File: EncryptionAlgorithmsShouldBeSecureBase.cs Progetto: pizycki/sonar-dotnet

        protected override void Initialize(SonarAnalysisContext context)
        {
            InvocationTracker.Track(context,
                                    InvocationTracker.MatchMethod(
                                        new MemberDescriptor(KnownType.System_Security_Cryptography_RSA, "Encrypt"),
                                        new MemberDescriptor(KnownType.System_Security_Cryptography_RSA, "TryEncrypt")),
                                    Conditions.Or(
                                        InvocationTracker.ArgumentIsBoolConstant("fOAEP", false),
                                        HasPkcs1PaddingArgument()));

            // There exist no GCM mode with AesManaged, so any mode we set will be insecure. We do not raise
            // when inside an ObjectInitializerExpression, as the issue is already raised on the constructor
            PropertyAccessTracker.Track(context,
                                        PropertyAccessTracker.MatchProperty(
                                            new MemberDescriptor(KnownType.System_Security_Cryptography_AesManaged, "Mode")),
                                        PropertyAccessTracker.MatchSetter(),
                                        Conditions.ExceptWhen(IsInsideObjectInitializer()));

            ObjectCreationTracker.Track(context,
                                        ObjectCreationTracker.MatchConstructor(KnownType.System_Security_Cryptography_AesManaged));
        }

Esempio n. 6

0

Mostra file

File: ExecutingSqlQueriesBase.cs Progetto: asears/sonar-dotnet

        protected override void Initialize(SonarAnalysisContext context)
        {
            InvocationTracker.Track(context,
                                    InvocationTracker.MatchMethod(invocationsForFirstTwoArguments),
                                    Conditions.And(
                                        MethodHasRawSqlQueryParameter(),
                                        Conditions.Or(ArgumentAtIndexIsTracked(0), ArgumentAtIndexIsTracked(1))
                                        ),
                                    Conditions.ExceptWhen(InvocationTracker.ArgumentAtIndexIsConstant(0)));

            TrackInvocations(context, invocationsForFirstArgument, FirstArgumentIndex);
            TrackInvocations(context, invocationsForSecondArgument, SecondArgumentIndex);

            PropertyAccessTracker.Track(context,
                                        PropertyAccessTracker.MatchProperty(properties),
                                        PropertyAccessTracker.MatchSetter(),
                                        c => IsTracked(GetSetValue(c), c),
                                        Conditions.ExceptWhen(PropertyAccessTracker.AssignedValueIsConstant()));

            TrackObjectCreation(context, constructorsForFirstArgument, FirstArgumentIndex);
            TrackObjectCreation(context, constructorsForSecondArgument, SecondArgumentIndex);
        }

Esempio n. 7

0

Mostra file

        protected override void Initialize(SonarAnalysisContext context)
        {
            ObjectCreationTracker.Track(context,
                                        ObjectCreationTracker.MatchConstructor(
                                            KnownType.System_Security_Permissions_PrincipalPermission));

            ObjectCreationTracker.Track(context,
                                        ObjectCreationTracker.WhenDerivesOrImplementsAny(
                                            KnownType.System_Security_Principal_IIdentity,
                                            KnownType.System_Security_Principal_IPrincipal));

            InvocationTracker.Track(context,
                                    InvocationTracker.MatchMethod(
                                        new MemberDescriptor(KnownType.System_Security_Principal_WindowsIdentity, "GetCurrent"),
                                        new MemberDescriptor(KnownType.System_IdentityModel_Tokens_SecurityTokenHandler, "ValidateToken"),
                                        new MemberDescriptor(KnownType.System_AppDomain, "SetPrincipalPolicy"),
                                        new MemberDescriptor(KnownType.System_AppDomain, "SetThreadPrincipal")));

            PropertyAccessTracker.Track(context,
                                        PropertyAccessTracker.MatchProperty(
                                            new MemberDescriptor(KnownType.System_Web_HttpContext, "User"),
                                            new MemberDescriptor(KnownType.System_Threading_Thread, "CurrentPrincipal")));

            MethodDeclarationTracker.Track(context,
                                           MethodDeclarationTracker.AnyParameterIsOfType(
                                               KnownType.System_Security_Principal_IIdentity,
                                               KnownType.System_Security_Principal_IPrincipal),
                                           MethodDeclarationTracker.IsOrdinaryMethod());

            MethodDeclarationTracker.Track(context,
                                           MethodDeclarationTracker.DecoratedWithAnyAttribute(
                                               KnownType.System_Security_Permissions_PrincipalPermissionAttribute));

            BaseTypeTracker.Track(context,
                                  BaseTypeTracker.MatchSubclassesOf(
                                      KnownType.System_Security_Principal_IIdentity,
                                      KnownType.System_Security_Principal_IPrincipal));
        }

Esempi in C# (CSharp) per PropertyAccessTracker