protected override void Initialize(TrackerInput input)
{
var inv = Language.Tracker.Invocation;
inv.Track(input,
inv.MatchMethod(
new MemberDescriptor(KnownType.System_Security_Cryptography_RSA, "Encrypt"),
new MemberDescriptor(KnownType.System_Security_Cryptography_RSA, "TryEncrypt")),
inv.Or(
inv.ArgumentIsBoolConstant("fOAEP", false),
HasPkcs1PaddingArgument()));
// There exist no GCM mode with AesManaged, so any mode we set will be insecure. We do not raise
// when inside an ObjectInitializerExpression, as the issue is already raised on the constructor
var pa = Language.Tracker.PropertyAccess;
pa.Track(input,
pa.MatchProperty(new MemberDescriptor(KnownType.System_Security_Cryptography_AesManaged, "Mode")),
pa.MatchSetter(),
pa.ExceptWhen(IsInsideObjectInitializer()));
var oc = Language.Tracker.ObjectCreation;
oc.Track(input, oc.MatchConstructor(KnownType.System_Security_Cryptography_AesManaged));
}
protected override void Initialize(TrackerInput input)
{
var inv = Language.Tracker.Invocation;
inv.Track(input,
inv.MatchMethod(invocationsForFirstTwoArguments),
inv.And(
MethodHasRawSqlQueryParameter(),
inv.Or(ArgumentAtIndexIsTracked(0), ArgumentAtIndexIsTracked(1))
),
inv.ExceptWhen(inv.ArgumentAtIndexIsConstant(0)));
TrackInvocations(input, invocationsForFirstArgument, FirstArgumentIndex);
TrackInvocations(input, invocationsForSecondArgument, SecondArgumentIndex);
var pa = Language.Tracker.PropertyAccess;
pa.Track(input,
pa.MatchProperty(properties),
pa.MatchSetter(),
c => IsTracked(GetSetValue(c), c),
pa.ExceptWhen(pa.AssignedValueIsConstant()));
TrackObjectCreation(input, constructorsForFirstArgument, FirstArgumentIndex);
TrackObjectCreation(input, constructorsForSecondArgument, SecondArgumentIndex);
}
protected override void Initialize(TrackerInput input)
{
var t = Language.Tracker.Invocation;
t.Track(input,
t.MatchMethod(
new MemberDescriptor(KnownType.JWT_IJwtDecoder, "Decode"),
new MemberDescriptor(KnownType.JWT_IJwtDecoder, "DecodeToObject")),
t.Or(
t.ArgumentIsBoolConstant("verify", false),
t.MethodHasParameters(1)));
t.Track(input,
t.MatchMethod(
new MemberDescriptor(KnownType.JWT_JwtDecoderExtensions, "Decode"),
new MemberDescriptor(KnownType.JWT_JwtDecoderExtensions, "DecodeToObject")),
t.Or(
t.ArgumentIsBoolConstant("verify", false),
t.MethodHasParameters(1),
t.MethodHasParameters(ExtensionStaticCallParameters)));
t.Track(input,
t.MatchMethod(new MemberDescriptor(KnownType.JWT_Builder_JwtBuilder, "Decode")),
t.IsInvalidBuilderInitialization(CreateBuilderPatternCondition()));
}
public void Track(TrackerInput input, params Condition[] conditions)
{
input.Context.RegisterCompilationStartAction(c =>
{
if (input.IsEnabled(c.Options))
{
c.RegisterSymbolAction(TrackMethodDeclaration, SymbolKind.Method);
}
});
void TrackMethodDeclaration(SymbolAnalysisContext c)
{
if (IsTrackedMethod((IMethodSymbol)c.Symbol, c.Compilation))
{
foreach (var declaration in c.Symbol.DeclaringSyntaxReferences)
{
var methodIdentifier = GetMethodIdentifier(declaration.GetSyntax());
if (methodIdentifier.HasValue)
{
c.ReportDiagnosticWhenActive(Diagnostic.Create(input.Rule, methodIdentifier.Value.GetLocation()));
}
}
}
}
bool IsTrackedMethod(IMethodSymbol methodSymbol, Compilation compilation)
{
var conditionContext = new MethodDeclarationContext(methodSymbol, compilation);
return(conditions.All(c => c(conditionContext)));
}
}
protected override void Initialize(TrackerInput input)
{
var oc = Language.Tracker.ObjectCreation;
oc.Track(input, oc.WhenDerivesOrImplementsAny(algorithmTypes));
var t = Language.Tracker.Invocation;
t.Track(input,
t.MatchMethod(
new MemberDescriptor(KnownType.System_Security_Cryptography_DSA, CreateMethodName),
new MemberDescriptor(KnownType.System_Security_Cryptography_HMAC, CreateMethodName),
new MemberDescriptor(KnownType.System_Security_Cryptography_MD5, CreateMethodName),
new MemberDescriptor(KnownType.System_Security_Cryptography_RIPEMD160, CreateMethodName),
new MemberDescriptor(KnownType.System_Security_Cryptography_SHA1, CreateMethodName)),
t.MethodHasParameters(0));
t.Track(input,
t.MatchMethod(
new MemberDescriptor(KnownType.System_Security_Cryptography_AsymmetricAlgorithm, CreateMethodName),
new MemberDescriptor(KnownType.System_Security_Cryptography_CryptoConfig, "CreateFromName"),
new MemberDescriptor(KnownType.System_Security_Cryptography_DSA, CreateMethodName),
new MemberDescriptor(KnownType.System_Security_Cryptography_HashAlgorithm, CreateMethodName),
new MemberDescriptor(KnownType.System_Security_Cryptography_HMAC, CreateMethodName),
new MemberDescriptor(KnownType.System_Security_Cryptography_KeyedHashAlgorithm, CreateMethodName),
new MemberDescriptor(KnownType.System_Security_Cryptography_MD5, CreateMethodName),
new MemberDescriptor(KnownType.System_Security_Cryptography_RIPEMD160, CreateMethodName),
new MemberDescriptor(KnownType.System_Security_Cryptography_SHA1, CreateMethodName)),
t.ArgumentAtIndexIsAny(0, unsafeAlgorithms));
}
protected override void Initialize(TrackerInput input)
{
var t = Language.Tracker.MethodDeclaration;
t.Track(input,
t.IsMainMethod(),
t.ParameterAtIndexIsUsed(0));
}
protected virtual void Start()
{
m_TrackerInput = TrackerInput.Find(null);
if (m_FPSCounter != null)
{
m_FPSCounter.getFrameCount = GetFrameCount;
}
}
protected override void Initialize(TrackerInput input)
{
var t = Language.Tracker.FieldAccess;
t.Track(input,
t.WhenRead(),
t.MatchField(new MemberDescriptor(KnownType.System_Reflection_BindingFlags, "NonPublic")));
}
private void TrackInvocations(TrackerInput input, MemberDescriptor[] incovationsDescriptors, int argumentIndex)
{
var t = Language.Tracker.Invocation;
t.Track(input,
t.MatchMethod(incovationsDescriptors),
ArgumentAtIndexIsTracked(argumentIndex),
t.ExceptWhen(t.ArgumentAtIndexIsConstant(argumentIndex)));
}
private void TrackObjectCreation(TrackerInput input, KnownType[] objectCreationTypes, int argumentIndex)
{
var t = Language.Tracker.ObjectCreation;
t.Track(input,
t.MatchConstructor(objectCreationTypes),
t.ArgumentAtIndexIs(argumentIndex, KnownType.System_String),
c => IsTracked(GetArgumentAtIndex(c, argumentIndex), c),
t.ExceptWhen(t.ArgumentAtIndexIsConst(argumentIndex)));
}
protected override void Initialize(TrackerInput input)
{
var t = Language.Tracker.Invocation;
t.Track(input,
t.MatchMethod(
new MemberDescriptor(KnownType.Microsoft_AspNetCore_Builder_DeveloperExceptionPageExtensions, "UseDeveloperExceptionPage"),
new MemberDescriptor(KnownType.Microsoft_AspNetCore_Builder_DatabaseErrorPageExtensions, "UseDatabaseErrorPage")),
t.ExceptWhen(IsInvokedConditionally()));
}
protected override void Initialize(TrackerInput input)
{
var t = Language.Tracker.Invocation;
t.Track(input,
t.MatchMethod(
new MemberDescriptor(KnownType.System_IO_Compression_ZipFileExtensions, "ExtractToFile"),
new MemberDescriptor(KnownType.System_IO_Compression_ZipFileExtensions, "ExtractToDirectory"),
new MemberDescriptor(KnownType.System_IO_Compression_ZipFile, "ExtractToDirectory")));
}
protected override void Initialize(TrackerInput input)
{
var t = Language.Tracker.ObjectCreation;
t.Track(input,
t.MatchConstructor(
KnownType.System_Net_Sockets_Socket,
KnownType.System_Net_Sockets_TcpClient,
KnownType.System_Net_Sockets_UdpClient));
}
protected override void Initialize(TrackerInput input)
{
var pa = Language.Tracker.PropertyAccess;
pa.Track(input,
pa.MatchProperty(new MemberDescriptor(KnownType.System_Web_HttpCookie, "Value")),
pa.MatchSetter());
var oc = Language.Tracker.ObjectCreation;
oc.Track(input,
oc.MatchConstructor(KnownType.System_Web_HttpCookie),
oc.ArgumentAtIndexIs(1, KnownType.System_String));
var ea = Language.Tracker.ElementAccess;
ea.Track(input,
ea.MatchIndexerIn(KnownType.System_Web_HttpCookie),
ea.ArgumentAtIndexIs(0, KnownType.System_String),
ea.MatchSetter());
ea.Track(input,
ea.MatchIndexerIn(KnownType.Microsoft_AspNetCore_Http_IHeaderDictionary),
ea.ArgumentAtIndexEquals(0, "Set-Cookie"),
ea.MatchSetter());
ea.Track(input,
ea.MatchIndexerIn(
KnownType.Microsoft_AspNetCore_Http_IRequestCookieCollection,
KnownType.Microsoft_AspNetCore_Http_IResponseCookies),
ea.MatchSetter());
ea.Track(input,
ea.MatchIndexerIn(KnownType.System_Collections_Specialized_NameValueCollection),
ea.MatchSetter(),
ea.MatchProperty(new MemberDescriptor(KnownType.System_Web_HttpCookie, "Values")));
var inv = Language.Tracker.Invocation;
inv.Track(input,
inv.MatchMethod(new MemberDescriptor(KnownType.Microsoft_AspNetCore_Http_IResponseCookies, "Append")));
inv.Track(input,
inv.MatchMethod(
new MemberDescriptor(KnownType.System_Collections_Generic_IDictionary_TKey_TValue, "Add"),
new MemberDescriptor(KnownType.System_Collections_Generic_IDictionary_TKey_TValue_VB, "Add")),
inv.ArgumentAtIndexIsAny(0, "Set-Cookie"),
inv.MethodHasParameters(2),
IsIHeadersDictionary());
inv.Track(input,
inv.MatchMethod(new MemberDescriptor(KnownType.System_Collections_Specialized_NameObjectCollectionBase, "Add")),
inv.MatchProperty(new MemberDescriptor(KnownType.System_Web_HttpCookie, "Values")));
}
protected override void Initialize(TrackerInput input)
{
var inv = Language.Tracker.Invocation;
inv.Track(input, inv.MatchMethod(new MemberDescriptor(KnownType.System_Console, nameof(Console.OpenStandardInput))));
inv.Track(input,
WhenResultIsNotIgnored, // This is syntax-only check and we can execute it first
inv.MatchMethod(
new MemberDescriptor(KnownType.System_Console, nameof(Console.Read)),
new MemberDescriptor(KnownType.System_Console, nameof(Console.ReadKey)),
new MemberDescriptor(KnownType.System_Console, nameof(Console.ReadLine))));
var pa = Language.Tracker.PropertyAccess;
pa.Track(input, pa.MatchProperty(new MemberDescriptor(KnownType.System_Console, nameof(Console.In))));
}
protected override void Initialize(TrackerInput input)
{
var inv = Language.Tracker.Invocation;
inv.Track(input,
inv.MatchMethod(
new MemberDescriptor(KnownType.System_Text_RegularExpressions_Regex, "IsMatch"),
new MemberDescriptor(KnownType.System_Text_RegularExpressions_Regex, "Match"),
new MemberDescriptor(KnownType.System_Text_RegularExpressions_Regex, "Matches"),
new MemberDescriptor(KnownType.System_Text_RegularExpressions_Regex, "Replace"),
new MemberDescriptor(KnownType.System_Text_RegularExpressions_Regex, "Split")),
SecondArgumentIsHardcodedRegex(),
inv.MethodIsStatic());
var oc = Language.Tracker.ObjectCreation;
oc.Track(input,
oc.MatchConstructor(KnownType.System_Text_RegularExpressions_Regex),
FirstArgumentIsHardcodedRegex());
}
protected override void Initialize(TrackerInput input)
{
var inv = Language.Tracker.Invocation;
inv.Track(input,
inv.MatchMethod(new MemberDescriptor(KnownType.System_Diagnostics_Process, "Start")),
c => IsInvalid(FirstArgument(c)));
var pa = Language.Tracker.PropertyAccess;
pa.Track(input,
pa.MatchProperty(new MemberDescriptor(KnownType.System_Diagnostics_ProcessStartInfo, "FileName")),
pa.MatchSetter(),
c => IsInvalid((string)pa.AssignedValue(c)));
var oc = Language.Tracker.ObjectCreation;
oc.Track(input,
oc.MatchConstructor(KnownType.System_Diagnostics_ProcessStartInfo),
c => oc.ConstArgumentForParameter(c, "fileName") is string value && IsInvalid(value));
}
protected override void Initialize(TrackerInput input)
{
var oc = Language.Tracker.ObjectCreation;
oc.Track(input, oc.MatchConstructor(KnownType.System_Security_Permissions_PrincipalPermission));
oc.Track(input, oc.WhenDerivesOrImplementsAny(
KnownType.System_Security_Principal_IIdentity,
KnownType.System_Security_Principal_IPrincipal));
var inv = Language.Tracker.Invocation;
inv.Track(input, inv.MatchMethod(
new MemberDescriptor(KnownType.System_Security_Principal_WindowsIdentity, "GetCurrent"),
new MemberDescriptor(KnownType.System_IdentityModel_Tokens_SecurityTokenHandler, "ValidateToken"),
new MemberDescriptor(KnownType.System_AppDomain, "SetPrincipalPolicy"),
new MemberDescriptor(KnownType.System_AppDomain, "SetThreadPrincipal")));
var pa = Language.Tracker.PropertyAccess;
pa.Track(input, pa.MatchProperty(
new MemberDescriptor(KnownType.System_Web_HttpContext, "User"),
new MemberDescriptor(KnownType.System_Threading_Thread, "CurrentPrincipal")));
var md = Language.Tracker.MethodDeclaration;
md.Track(input,
md.AnyParameterIsOfType(
KnownType.System_Security_Principal_IIdentity,
KnownType.System_Security_Principal_IPrincipal),
md.IsOrdinaryMethod());
md.Track(input, md.DecoratedWithAnyAttribute(KnownType.System_Security_Permissions_PrincipalPermissionAttribute));
var bt = Language.Tracker.BaseType;
bt.Track(input, bt.MatchSubclassesOf(
KnownType.System_Security_Principal_IIdentity,
KnownType.System_Security_Principal_IPrincipal));
}
protected override void Initialize(TrackerInput input)
{
var inv = Language.Tracker.Invocation;
var pa = Language.Tracker.PropertyAccess;
var oc = Language.Tracker.ObjectCreation;
// ASP.NET Core
inv.Track(input,
inv.MatchMethod(
new MemberDescriptor(KnownType.Microsoft_AspNetCore_Hosting_WebHostBuilderExtensions, "ConfigureLogging"),
new MemberDescriptor(KnownType.Microsoft_Extensions_DependencyInjection_LoggingServiceCollectionExtensions, "AddLogging"),
new MemberDescriptor(KnownType.Microsoft_Extensions_Logging_ConsoleLoggerExtensions, "AddConsole"),
new MemberDescriptor(KnownType.Microsoft_Extensions_Logging_DebugLoggerFactoryExtensions, "AddDebug"),
new MemberDescriptor(KnownType.Microsoft_Extensions_Logging_EventLoggerFactoryExtensions, "AddEventLog"),
new MemberDescriptor(KnownType.Microsoft_Extensions_Logging_EventLoggerFactoryExtensions, "AddEventSourceLogger"),
new MemberDescriptor(KnownType.Microsoft_Extensions_Logging_EventSourceLoggerFactoryExtensions, "AddEventSourceLogger"),
new MemberDescriptor(KnownType.Microsoft_Extensions_Logging_AzureAppServicesLoggerFactoryExtensions, "AddAzureWebAppDiagnostics")),
inv.MethodIsExtension());
oc.Track(input, oc.WhenImplements(KnownType.Microsoft_Extensions_Logging_ILoggerFactory));
// log4net
inv.Track(input,
inv.MatchMethod(
new MemberDescriptor(KnownType.log4net_Config_XmlConfigurator, "Configure"),
new MemberDescriptor(KnownType.log4net_Config_XmlConfigurator, "ConfigureAndWatch"),
new MemberDescriptor(KnownType.log4net_Config_DOMConfigurator, "Configure"),
new MemberDescriptor(KnownType.log4net_Config_DOMConfigurator, "ConfigureAndWatch"),
new MemberDescriptor(KnownType.log4net_Config_BasicConfigurator, "Configure")));
// NLog
pa.Track(input,
pa.MatchSetter(),
pa.MatchProperty(new MemberDescriptor(KnownType.NLog_LogManager, "Configuration")));
// Serilog
oc.Track(input,
oc.WhenDerivesFrom(KnownType.Serilog_LoggerConfiguration));
}
protected virtual void Start()
{
// Add an UIFade forcefully for a better user experience.
if (useFade)
{
// Override user settings.
if (VRContext.main != null)
{
m_UIFade = VRContext.main.fadeFx;
m_UIFade.durationIn = m_UIFade.durationIn = fadeTime;
m_UIFade.GetComponent <Image>().color = fadeColor;
//
m_UIFade.alpha = 1.0f;
m_UIFade.FadeOut();
}
}
// <!-- TODO: VR Legacy Mode. -->
TrackerInput trackerInput = TrackerInput.Find(null);
if (trackerInput == null || trackerInput.connectionState != DeviceConnectionState.Connected)
{
OnFinished();
//
}
else
{
trackerInput.onRecenter += () => {
onRecenter.Invoke();
if (tipRecenter != null)
{
tipRecenter.FadeOut();
}
else
{
fistsToStartSettings.onStart();
}
};
}
}
protected override void Initialize(TrackerInput input)
{
var inv = Language.Tracker.Invocation;
inv.Track(input,
inv.MatchMethod(
// "RSA" is the base class for all RSA algorithm implementations
new MemberDescriptor(KnownType.System_Security_Cryptography_RSA, "Encrypt"),
new MemberDescriptor(KnownType.System_Security_Cryptography_RSA, "EncryptValue"),
new MemberDescriptor(KnownType.System_Security_Cryptography_RSA, "Decrypt"),
new MemberDescriptor(KnownType.System_Security_Cryptography_RSA, "DecryptValue"),
// RSA methods added in NET Core 2.1
new MemberDescriptor(KnownType.System_Security_Cryptography_RSA, "TryEncrypt"),
new MemberDescriptor(KnownType.System_Security_Cryptography_RSA, "TryDecrypt"),
new MemberDescriptor(KnownType.System_Security_Cryptography_SymmetricAlgorithm, "CreateEncryptor"),
new MemberDescriptor(KnownType.System_Security_Cryptography_SymmetricAlgorithm, "CreateDecryptor")));
var bt = Language.Tracker.BaseType;
bt.Track(input,
bt.MatchSubclassesOf(
KnownType.System_Security_Cryptography_AsymmetricAlgorithm,
KnownType.System_Security_Cryptography_SymmetricAlgorithm));
}
protected override void Initialize(TrackerInput input)
{
var inv = Language.Tracker.Invocation;
inv.Track(input, inv.MatchMethod(trackedInvocations), HasEmptyPasswordArgument());
}
protected override void Initialize(TrackerInput input)
{
// This should be overriden by inheriting class that uses trackers
}
private static void SetupObjectCreationTracker(ObjectCreationTracker <SyntaxKind> tracker, TrackerInput input) =>
tracker.Track(input,
tracker.MatchConstructor(KnownType.Microsoft_AspNetCore_Cors_Infrastructure_CorsPolicyBuilder),
c => ContainsStar((ObjectCreationExpressionSyntax)c.Node, c.SemanticModel));
protected override void Initialize(TrackerInput input)
{
SetupInvocationTracker(Language.Tracker.Invocation, input);
SetupObjectCreationTracker(Language.Tracker.ObjectCreation, input);
}
public virtual void Update()
{
int num = 0;
for (int i = 0, imax = m_Fists.Length; i < imax; ++i)
{
if (children[i] != null && m_Fists[i] != null)
{
if ((m_Fists[i].position - children[i].position).sqrMagnitude <= childSize * childSize)
{
++num;
// Invoke events.
if (!m_ChildIsReady[i])
{
// Trigger a vibration to notify users this controller is ready.
ControllerInput input = ControllerInputManager.instance.GetControllerInput(ControllerType.LeftController + i);
if (input != null)
{
input.StartVibration(0, 0.25f);
}
/*...*/
if (m_ChildReadyObjects[i] != null)
{
if (string.IsNullOrEmpty(childReadyMsg))
{
m_ChildReadyObjects[i].SetActive(true);
}
else
{
m_ChildReadyObjects[i].SendMessage(childReadyMsg, true, SendMessageOptions.DontRequireReceiver);
}
}
}
//
m_ChildIsReady[i] = true;
}
else
{
// Invoke events.
if (m_ChildIsReady[i])
{
/*...*/
if (m_ChildReadyObjects[i] != null)
{
if (string.IsNullOrEmpty(childReadyMsg))
{
m_ChildReadyObjects[i].SetActive(false);
}
else
{
m_ChildReadyObjects[i].SendMessage(childReadyMsg, false, SendMessageOptions.DontRequireReceiver);
}
}
}
//
m_ChildIsReady[i] = false;
}
}
}
if (num == m_Fists.Length || buttonSkip.GetAny())
{
// TODO:
TrackerInput trackerInput = TrackerInput.Find(null);
if (trackerInput != null)
{
trackerInput.Recenter();
}
//
StopListen();
if (onStart != null)
{
onStart();
}
}
}
private static void SetupInvocationTracker(InvocationTracker <SyntaxKind> tracker, TrackerInput input)
{
const int parameterCount = 2;
tracker.Track(input,
tracker.MatchMethod(new MemberDescriptor(KnownType.System_Collections_Generic_IDictionary_TKey_TValue, "Add")),
tracker.MethodHasParameters(parameterCount),
c => IsFirstArgumentAccessControlAllowOrigin((InvocationExpressionSyntax)c.Node, c.SemanticModel) &&
IsSecondArgumentStarString((InvocationExpressionSyntax)c.Node, c.SemanticModel),
tracker.IsIHeadersDictionary());
tracker.Track(input,
tracker.MatchMethod(new MemberDescriptor(KnownType.Microsoft_AspNetCore_Http_HeaderDictionaryExtensions, "Append"),
new MemberDescriptor(KnownType.System_Web_HttpResponse, "AppendHeader"),
new MemberDescriptor(KnownType.System_Web_HttpResponseBase, "AddHeader"),
new MemberDescriptor(KnownType.System_Collections_Specialized_NameValueCollection, "Add"),
new MemberDescriptor(KnownType.System_Net_Http_Headers_HttpHeaders, "Add")),
tracker.MethodHasParameters(parameterCount),
c => IsFirstArgumentAccessControlAllowOrigin((InvocationExpressionSyntax)c.Node, c.SemanticModel) &&
IsSecondArgumentStarString((InvocationExpressionSyntax)c.Node, c.SemanticModel));
tracker.Track(input,
tracker.MatchMethod(new MemberDescriptor(KnownType.Microsoft_AspNetCore_Cors_Infrastructure_CorsPolicyBuilder, "WithOrigins")),
c => ContainsStar(((InvocationExpressionSyntax)c.Node).ArgumentList.Arguments.Select(a => a.Expression), c.SemanticModel));
tracker.Track(input, tracker.MatchMethod(new MemberDescriptor(KnownType.Microsoft_AspNetCore_Cors_Infrastructure_CorsPolicyBuilder, "AllowAnyOrigin")));
}
