protected override void Initialize(TrackerInput input) { var inv = Language.Tracker.Invocation; inv.Track(input, inv.MatchMethod( new MemberDescriptor(KnownType.System_Security_Cryptography_RSA, "Encrypt"), new MemberDescriptor(KnownType.System_Security_Cryptography_RSA, "TryEncrypt")), inv.Or( inv.ArgumentIsBoolConstant("fOAEP", false), HasPkcs1PaddingArgument())); // There exist no GCM mode with AesManaged, so any mode we set will be insecure. We do not raise // when inside an ObjectInitializerExpression, as the issue is already raised on the constructor var pa = Language.Tracker.PropertyAccess; pa.Track(input, pa.MatchProperty(new MemberDescriptor(KnownType.System_Security_Cryptography_AesManaged, "Mode")), pa.MatchSetter(), pa.ExceptWhen(IsInsideObjectInitializer())); var oc = Language.Tracker.ObjectCreation; oc.Track(input, oc.MatchConstructor(KnownType.System_Security_Cryptography_AesManaged)); }
protected override void Initialize(TrackerInput input) { var inv = Language.Tracker.Invocation; inv.Track(input, inv.MatchMethod(invocationsForFirstTwoArguments), inv.And( MethodHasRawSqlQueryParameter(), inv.Or(ArgumentAtIndexIsTracked(0), ArgumentAtIndexIsTracked(1)) ), inv.ExceptWhen(inv.ArgumentAtIndexIsConstant(0))); TrackInvocations(input, invocationsForFirstArgument, FirstArgumentIndex); TrackInvocations(input, invocationsForSecondArgument, SecondArgumentIndex); var pa = Language.Tracker.PropertyAccess; pa.Track(input, pa.MatchProperty(properties), pa.MatchSetter(), c => IsTracked(GetSetValue(c), c), pa.ExceptWhen(pa.AssignedValueIsConstant())); TrackObjectCreation(input, constructorsForFirstArgument, FirstArgumentIndex); TrackObjectCreation(input, constructorsForSecondArgument, SecondArgumentIndex); }
protected override void Initialize(TrackerInput input) { var t = Language.Tracker.Invocation; t.Track(input, t.MatchMethod( new MemberDescriptor(KnownType.JWT_IJwtDecoder, "Decode"), new MemberDescriptor(KnownType.JWT_IJwtDecoder, "DecodeToObject")), t.Or( t.ArgumentIsBoolConstant("verify", false), t.MethodHasParameters(1))); t.Track(input, t.MatchMethod( new MemberDescriptor(KnownType.JWT_JwtDecoderExtensions, "Decode"), new MemberDescriptor(KnownType.JWT_JwtDecoderExtensions, "DecodeToObject")), t.Or( t.ArgumentIsBoolConstant("verify", false), t.MethodHasParameters(1), t.MethodHasParameters(ExtensionStaticCallParameters))); t.Track(input, t.MatchMethod(new MemberDescriptor(KnownType.JWT_Builder_JwtBuilder, "Decode")), t.IsInvalidBuilderInitialization(CreateBuilderPatternCondition())); }
public void Track(TrackerInput input, params Condition[] conditions) { input.Context.RegisterCompilationStartAction(c => { if (input.IsEnabled(c.Options)) { c.RegisterSymbolAction(TrackMethodDeclaration, SymbolKind.Method); } }); void TrackMethodDeclaration(SymbolAnalysisContext c) { if (IsTrackedMethod((IMethodSymbol)c.Symbol, c.Compilation)) { foreach (var declaration in c.Symbol.DeclaringSyntaxReferences) { var methodIdentifier = GetMethodIdentifier(declaration.GetSyntax()); if (methodIdentifier.HasValue) { c.ReportDiagnosticWhenActive(Diagnostic.Create(input.Rule, methodIdentifier.Value.GetLocation())); } } } } bool IsTrackedMethod(IMethodSymbol methodSymbol, Compilation compilation) { var conditionContext = new MethodDeclarationContext(methodSymbol, compilation); return(conditions.All(c => c(conditionContext))); } }
protected override void Initialize(TrackerInput input) { var oc = Language.Tracker.ObjectCreation; oc.Track(input, oc.WhenDerivesOrImplementsAny(algorithmTypes)); var t = Language.Tracker.Invocation; t.Track(input, t.MatchMethod( new MemberDescriptor(KnownType.System_Security_Cryptography_DSA, CreateMethodName), new MemberDescriptor(KnownType.System_Security_Cryptography_HMAC, CreateMethodName), new MemberDescriptor(KnownType.System_Security_Cryptography_MD5, CreateMethodName), new MemberDescriptor(KnownType.System_Security_Cryptography_RIPEMD160, CreateMethodName), new MemberDescriptor(KnownType.System_Security_Cryptography_SHA1, CreateMethodName)), t.MethodHasParameters(0)); t.Track(input, t.MatchMethod( new MemberDescriptor(KnownType.System_Security_Cryptography_AsymmetricAlgorithm, CreateMethodName), new MemberDescriptor(KnownType.System_Security_Cryptography_CryptoConfig, "CreateFromName"), new MemberDescriptor(KnownType.System_Security_Cryptography_DSA, CreateMethodName), new MemberDescriptor(KnownType.System_Security_Cryptography_HashAlgorithm, CreateMethodName), new MemberDescriptor(KnownType.System_Security_Cryptography_HMAC, CreateMethodName), new MemberDescriptor(KnownType.System_Security_Cryptography_KeyedHashAlgorithm, CreateMethodName), new MemberDescriptor(KnownType.System_Security_Cryptography_MD5, CreateMethodName), new MemberDescriptor(KnownType.System_Security_Cryptography_RIPEMD160, CreateMethodName), new MemberDescriptor(KnownType.System_Security_Cryptography_SHA1, CreateMethodName)), t.ArgumentAtIndexIsAny(0, unsafeAlgorithms)); }
protected override void Initialize(TrackerInput input) { var t = Language.Tracker.MethodDeclaration; t.Track(input, t.IsMainMethod(), t.ParameterAtIndexIsUsed(0)); }
protected virtual void Start() { m_TrackerInput = TrackerInput.Find(null); if (m_FPSCounter != null) { m_FPSCounter.getFrameCount = GetFrameCount; } }
protected override void Initialize(TrackerInput input) { var t = Language.Tracker.FieldAccess; t.Track(input, t.WhenRead(), t.MatchField(new MemberDescriptor(KnownType.System_Reflection_BindingFlags, "NonPublic"))); }
private void TrackInvocations(TrackerInput input, MemberDescriptor[] incovationsDescriptors, int argumentIndex) { var t = Language.Tracker.Invocation; t.Track(input, t.MatchMethod(incovationsDescriptors), ArgumentAtIndexIsTracked(argumentIndex), t.ExceptWhen(t.ArgumentAtIndexIsConstant(argumentIndex))); }
private void TrackObjectCreation(TrackerInput input, KnownType[] objectCreationTypes, int argumentIndex) { var t = Language.Tracker.ObjectCreation; t.Track(input, t.MatchConstructor(objectCreationTypes), t.ArgumentAtIndexIs(argumentIndex, KnownType.System_String), c => IsTracked(GetArgumentAtIndex(c, argumentIndex), c), t.ExceptWhen(t.ArgumentAtIndexIsConst(argumentIndex))); }
protected override void Initialize(TrackerInput input) { var t = Language.Tracker.Invocation; t.Track(input, t.MatchMethod( new MemberDescriptor(KnownType.Microsoft_AspNetCore_Builder_DeveloperExceptionPageExtensions, "UseDeveloperExceptionPage"), new MemberDescriptor(KnownType.Microsoft_AspNetCore_Builder_DatabaseErrorPageExtensions, "UseDatabaseErrorPage")), t.ExceptWhen(IsInvokedConditionally())); }
protected override void Initialize(TrackerInput input) { var t = Language.Tracker.Invocation; t.Track(input, t.MatchMethod( new MemberDescriptor(KnownType.System_IO_Compression_ZipFileExtensions, "ExtractToFile"), new MemberDescriptor(KnownType.System_IO_Compression_ZipFileExtensions, "ExtractToDirectory"), new MemberDescriptor(KnownType.System_IO_Compression_ZipFile, "ExtractToDirectory"))); }
protected override void Initialize(TrackerInput input) { var t = Language.Tracker.ObjectCreation; t.Track(input, t.MatchConstructor( KnownType.System_Net_Sockets_Socket, KnownType.System_Net_Sockets_TcpClient, KnownType.System_Net_Sockets_UdpClient)); }
protected override void Initialize(TrackerInput input) { var pa = Language.Tracker.PropertyAccess; pa.Track(input, pa.MatchProperty(new MemberDescriptor(KnownType.System_Web_HttpCookie, "Value")), pa.MatchSetter()); var oc = Language.Tracker.ObjectCreation; oc.Track(input, oc.MatchConstructor(KnownType.System_Web_HttpCookie), oc.ArgumentAtIndexIs(1, KnownType.System_String)); var ea = Language.Tracker.ElementAccess; ea.Track(input, ea.MatchIndexerIn(KnownType.System_Web_HttpCookie), ea.ArgumentAtIndexIs(0, KnownType.System_String), ea.MatchSetter()); ea.Track(input, ea.MatchIndexerIn(KnownType.Microsoft_AspNetCore_Http_IHeaderDictionary), ea.ArgumentAtIndexEquals(0, "Set-Cookie"), ea.MatchSetter()); ea.Track(input, ea.MatchIndexerIn( KnownType.Microsoft_AspNetCore_Http_IRequestCookieCollection, KnownType.Microsoft_AspNetCore_Http_IResponseCookies), ea.MatchSetter()); ea.Track(input, ea.MatchIndexerIn(KnownType.System_Collections_Specialized_NameValueCollection), ea.MatchSetter(), ea.MatchProperty(new MemberDescriptor(KnownType.System_Web_HttpCookie, "Values"))); var inv = Language.Tracker.Invocation; inv.Track(input, inv.MatchMethod(new MemberDescriptor(KnownType.Microsoft_AspNetCore_Http_IResponseCookies, "Append"))); inv.Track(input, inv.MatchMethod( new MemberDescriptor(KnownType.System_Collections_Generic_IDictionary_TKey_TValue, "Add"), new MemberDescriptor(KnownType.System_Collections_Generic_IDictionary_TKey_TValue_VB, "Add")), inv.ArgumentAtIndexIsAny(0, "Set-Cookie"), inv.MethodHasParameters(2), IsIHeadersDictionary()); inv.Track(input, inv.MatchMethod(new MemberDescriptor(KnownType.System_Collections_Specialized_NameObjectCollectionBase, "Add")), inv.MatchProperty(new MemberDescriptor(KnownType.System_Web_HttpCookie, "Values"))); }
protected override void Initialize(TrackerInput input) { var inv = Language.Tracker.Invocation; inv.Track(input, inv.MatchMethod(new MemberDescriptor(KnownType.System_Console, nameof(Console.OpenStandardInput)))); inv.Track(input, WhenResultIsNotIgnored, // This is syntax-only check and we can execute it first inv.MatchMethod( new MemberDescriptor(KnownType.System_Console, nameof(Console.Read)), new MemberDescriptor(KnownType.System_Console, nameof(Console.ReadKey)), new MemberDescriptor(KnownType.System_Console, nameof(Console.ReadLine)))); var pa = Language.Tracker.PropertyAccess; pa.Track(input, pa.MatchProperty(new MemberDescriptor(KnownType.System_Console, nameof(Console.In)))); }
protected override void Initialize(TrackerInput input) { var inv = Language.Tracker.Invocation; inv.Track(input, inv.MatchMethod( new MemberDescriptor(KnownType.System_Text_RegularExpressions_Regex, "IsMatch"), new MemberDescriptor(KnownType.System_Text_RegularExpressions_Regex, "Match"), new MemberDescriptor(KnownType.System_Text_RegularExpressions_Regex, "Matches"), new MemberDescriptor(KnownType.System_Text_RegularExpressions_Regex, "Replace"), new MemberDescriptor(KnownType.System_Text_RegularExpressions_Regex, "Split")), SecondArgumentIsHardcodedRegex(), inv.MethodIsStatic()); var oc = Language.Tracker.ObjectCreation; oc.Track(input, oc.MatchConstructor(KnownType.System_Text_RegularExpressions_Regex), FirstArgumentIsHardcodedRegex()); }
protected override void Initialize(TrackerInput input) { var inv = Language.Tracker.Invocation; inv.Track(input, inv.MatchMethod(new MemberDescriptor(KnownType.System_Diagnostics_Process, "Start")), c => IsInvalid(FirstArgument(c))); var pa = Language.Tracker.PropertyAccess; pa.Track(input, pa.MatchProperty(new MemberDescriptor(KnownType.System_Diagnostics_ProcessStartInfo, "FileName")), pa.MatchSetter(), c => IsInvalid((string)pa.AssignedValue(c))); var oc = Language.Tracker.ObjectCreation; oc.Track(input, oc.MatchConstructor(KnownType.System_Diagnostics_ProcessStartInfo), c => oc.ConstArgumentForParameter(c, "fileName") is string value && IsInvalid(value)); }
protected override void Initialize(TrackerInput input) { var oc = Language.Tracker.ObjectCreation; oc.Track(input, oc.MatchConstructor(KnownType.System_Security_Permissions_PrincipalPermission)); oc.Track(input, oc.WhenDerivesOrImplementsAny( KnownType.System_Security_Principal_IIdentity, KnownType.System_Security_Principal_IPrincipal)); var inv = Language.Tracker.Invocation; inv.Track(input, inv.MatchMethod( new MemberDescriptor(KnownType.System_Security_Principal_WindowsIdentity, "GetCurrent"), new MemberDescriptor(KnownType.System_IdentityModel_Tokens_SecurityTokenHandler, "ValidateToken"), new MemberDescriptor(KnownType.System_AppDomain, "SetPrincipalPolicy"), new MemberDescriptor(KnownType.System_AppDomain, "SetThreadPrincipal"))); var pa = Language.Tracker.PropertyAccess; pa.Track(input, pa.MatchProperty( new MemberDescriptor(KnownType.System_Web_HttpContext, "User"), new MemberDescriptor(KnownType.System_Threading_Thread, "CurrentPrincipal"))); var md = Language.Tracker.MethodDeclaration; md.Track(input, md.AnyParameterIsOfType( KnownType.System_Security_Principal_IIdentity, KnownType.System_Security_Principal_IPrincipal), md.IsOrdinaryMethod()); md.Track(input, md.DecoratedWithAnyAttribute(KnownType.System_Security_Permissions_PrincipalPermissionAttribute)); var bt = Language.Tracker.BaseType; bt.Track(input, bt.MatchSubclassesOf( KnownType.System_Security_Principal_IIdentity, KnownType.System_Security_Principal_IPrincipal)); }
protected override void Initialize(TrackerInput input) { var inv = Language.Tracker.Invocation; var pa = Language.Tracker.PropertyAccess; var oc = Language.Tracker.ObjectCreation; // ASP.NET Core inv.Track(input, inv.MatchMethod( new MemberDescriptor(KnownType.Microsoft_AspNetCore_Hosting_WebHostBuilderExtensions, "ConfigureLogging"), new MemberDescriptor(KnownType.Microsoft_Extensions_DependencyInjection_LoggingServiceCollectionExtensions, "AddLogging"), new MemberDescriptor(KnownType.Microsoft_Extensions_Logging_ConsoleLoggerExtensions, "AddConsole"), new MemberDescriptor(KnownType.Microsoft_Extensions_Logging_DebugLoggerFactoryExtensions, "AddDebug"), new MemberDescriptor(KnownType.Microsoft_Extensions_Logging_EventLoggerFactoryExtensions, "AddEventLog"), new MemberDescriptor(KnownType.Microsoft_Extensions_Logging_EventLoggerFactoryExtensions, "AddEventSourceLogger"), new MemberDescriptor(KnownType.Microsoft_Extensions_Logging_EventSourceLoggerFactoryExtensions, "AddEventSourceLogger"), new MemberDescriptor(KnownType.Microsoft_Extensions_Logging_AzureAppServicesLoggerFactoryExtensions, "AddAzureWebAppDiagnostics")), inv.MethodIsExtension()); oc.Track(input, oc.WhenImplements(KnownType.Microsoft_Extensions_Logging_ILoggerFactory)); // log4net inv.Track(input, inv.MatchMethod( new MemberDescriptor(KnownType.log4net_Config_XmlConfigurator, "Configure"), new MemberDescriptor(KnownType.log4net_Config_XmlConfigurator, "ConfigureAndWatch"), new MemberDescriptor(KnownType.log4net_Config_DOMConfigurator, "Configure"), new MemberDescriptor(KnownType.log4net_Config_DOMConfigurator, "ConfigureAndWatch"), new MemberDescriptor(KnownType.log4net_Config_BasicConfigurator, "Configure"))); // NLog pa.Track(input, pa.MatchSetter(), pa.MatchProperty(new MemberDescriptor(KnownType.NLog_LogManager, "Configuration"))); // Serilog oc.Track(input, oc.WhenDerivesFrom(KnownType.Serilog_LoggerConfiguration)); }
protected virtual void Start() { // Add an UIFade forcefully for a better user experience. if (useFade) { // Override user settings. if (VRContext.main != null) { m_UIFade = VRContext.main.fadeFx; m_UIFade.durationIn = m_UIFade.durationIn = fadeTime; m_UIFade.GetComponent <Image>().color = fadeColor; // m_UIFade.alpha = 1.0f; m_UIFade.FadeOut(); } } // <!-- TODO: VR Legacy Mode. --> TrackerInput trackerInput = TrackerInput.Find(null); if (trackerInput == null || trackerInput.connectionState != DeviceConnectionState.Connected) { OnFinished(); // } else { trackerInput.onRecenter += () => { onRecenter.Invoke(); if (tipRecenter != null) { tipRecenter.FadeOut(); } else { fistsToStartSettings.onStart(); } }; } }
protected override void Initialize(TrackerInput input) { var inv = Language.Tracker.Invocation; inv.Track(input, inv.MatchMethod( // "RSA" is the base class for all RSA algorithm implementations new MemberDescriptor(KnownType.System_Security_Cryptography_RSA, "Encrypt"), new MemberDescriptor(KnownType.System_Security_Cryptography_RSA, "EncryptValue"), new MemberDescriptor(KnownType.System_Security_Cryptography_RSA, "Decrypt"), new MemberDescriptor(KnownType.System_Security_Cryptography_RSA, "DecryptValue"), // RSA methods added in NET Core 2.1 new MemberDescriptor(KnownType.System_Security_Cryptography_RSA, "TryEncrypt"), new MemberDescriptor(KnownType.System_Security_Cryptography_RSA, "TryDecrypt"), new MemberDescriptor(KnownType.System_Security_Cryptography_SymmetricAlgorithm, "CreateEncryptor"), new MemberDescriptor(KnownType.System_Security_Cryptography_SymmetricAlgorithm, "CreateDecryptor"))); var bt = Language.Tracker.BaseType; bt.Track(input, bt.MatchSubclassesOf( KnownType.System_Security_Cryptography_AsymmetricAlgorithm, KnownType.System_Security_Cryptography_SymmetricAlgorithm)); }
protected override void Initialize(TrackerInput input) { var inv = Language.Tracker.Invocation; inv.Track(input, inv.MatchMethod(trackedInvocations), HasEmptyPasswordArgument()); }
protected override void Initialize(TrackerInput input) { // This should be overriden by inheriting class that uses trackers }
private static void SetupObjectCreationTracker(ObjectCreationTracker <SyntaxKind> tracker, TrackerInput input) => tracker.Track(input, tracker.MatchConstructor(KnownType.Microsoft_AspNetCore_Cors_Infrastructure_CorsPolicyBuilder), c => ContainsStar((ObjectCreationExpressionSyntax)c.Node, c.SemanticModel));
protected override void Initialize(TrackerInput input) { SetupInvocationTracker(Language.Tracker.Invocation, input); SetupObjectCreationTracker(Language.Tracker.ObjectCreation, input); }
public virtual void Update() { int num = 0; for (int i = 0, imax = m_Fists.Length; i < imax; ++i) { if (children[i] != null && m_Fists[i] != null) { if ((m_Fists[i].position - children[i].position).sqrMagnitude <= childSize * childSize) { ++num; // Invoke events. if (!m_ChildIsReady[i]) { // Trigger a vibration to notify users this controller is ready. ControllerInput input = ControllerInputManager.instance.GetControllerInput(ControllerType.LeftController + i); if (input != null) { input.StartVibration(0, 0.25f); } /*...*/ if (m_ChildReadyObjects[i] != null) { if (string.IsNullOrEmpty(childReadyMsg)) { m_ChildReadyObjects[i].SetActive(true); } else { m_ChildReadyObjects[i].SendMessage(childReadyMsg, true, SendMessageOptions.DontRequireReceiver); } } } // m_ChildIsReady[i] = true; } else { // Invoke events. if (m_ChildIsReady[i]) { /*...*/ if (m_ChildReadyObjects[i] != null) { if (string.IsNullOrEmpty(childReadyMsg)) { m_ChildReadyObjects[i].SetActive(false); } else { m_ChildReadyObjects[i].SendMessage(childReadyMsg, false, SendMessageOptions.DontRequireReceiver); } } } // m_ChildIsReady[i] = false; } } } if (num == m_Fists.Length || buttonSkip.GetAny()) { // TODO: TrackerInput trackerInput = TrackerInput.Find(null); if (trackerInput != null) { trackerInput.Recenter(); } // StopListen(); if (onStart != null) { onStart(); } } }
private static void SetupInvocationTracker(InvocationTracker <SyntaxKind> tracker, TrackerInput input) { const int parameterCount = 2; tracker.Track(input, tracker.MatchMethod(new MemberDescriptor(KnownType.System_Collections_Generic_IDictionary_TKey_TValue, "Add")), tracker.MethodHasParameters(parameterCount), c => IsFirstArgumentAccessControlAllowOrigin((InvocationExpressionSyntax)c.Node, c.SemanticModel) && IsSecondArgumentStarString((InvocationExpressionSyntax)c.Node, c.SemanticModel), tracker.IsIHeadersDictionary()); tracker.Track(input, tracker.MatchMethod(new MemberDescriptor(KnownType.Microsoft_AspNetCore_Http_HeaderDictionaryExtensions, "Append"), new MemberDescriptor(KnownType.System_Web_HttpResponse, "AppendHeader"), new MemberDescriptor(KnownType.System_Web_HttpResponseBase, "AddHeader"), new MemberDescriptor(KnownType.System_Collections_Specialized_NameValueCollection, "Add"), new MemberDescriptor(KnownType.System_Net_Http_Headers_HttpHeaders, "Add")), tracker.MethodHasParameters(parameterCount), c => IsFirstArgumentAccessControlAllowOrigin((InvocationExpressionSyntax)c.Node, c.SemanticModel) && IsSecondArgumentStarString((InvocationExpressionSyntax)c.Node, c.SemanticModel)); tracker.Track(input, tracker.MatchMethod(new MemberDescriptor(KnownType.Microsoft_AspNetCore_Cors_Infrastructure_CorsPolicyBuilder, "WithOrigins")), c => ContainsStar(((InvocationExpressionSyntax)c.Node).ArgumentList.Arguments.Select(a => a.Expression), c.SemanticModel)); tracker.Track(input, tracker.MatchMethod(new MemberDescriptor(KnownType.Microsoft_AspNetCore_Cors_Infrastructure_CorsPolicyBuilder, "AllowAnyOrigin"))); }