public static void ReportDiagnosticIfNonGenerated(this CompilationAnalysisContext context, GeneratedCodeRecognizer generatedCodeRecognizer, Diagnostic diagnostic)
{
if (ShouldAnalyze(context, generatedCodeRecognizer, diagnostic.Location.SourceTree, context.Compilation, context.Options))
{
context.ReportDiagnosticWhenActive(diagnostic);
}
}
// This functions is called for each issue found by cbde after it runs
private void OnCbdeIssue(String key, String message, Location loc, CompilationAnalysisContext context)
{
if (!ruleIdToDiagDescriptor.ContainsKey(key))
{
throw new InvalidOperationException($"CBDE should not raise issues on key {key}");
}
context.ReportDiagnosticWhenActive(Diagnostic.Create(ruleIdToDiagDescriptor[key], loc, message));
}
public static void ReportDiagnosticIfNonGenerated(
this CompilationAnalysisContext context,
GeneratedCodeRecognizer generatedCodeRecognizer,
Diagnostic diagnostic,
Compilation compilation)
{
if (!diagnostic.Location.SourceTree.IsGenerated(generatedCodeRecognizer, compilation))
{
context.ReportDiagnosticWhenActive(diagnostic);
}
}
private void ReportValidateRequest(XDocument doc, string webConfigPath, CompilationAnalysisContext c)
{
foreach (var pages in doc.XPathSelectElements("configuration/system.web/pages"))
{
if (pages.GetAttributeIfBoolValueIs("validateRequest", false) is { } validateRequest &&
validateRequest.CreateLocation(webConfigPath) is { } location)
{
c.ReportDiagnosticWhenActive(Diagnostic.Create(rule, location));
}
}
}
private void ReportOnCollectedAttributes(CompilationAnalysisContext context, ConcurrentDictionary <SyntaxNode, Attributes> attributesOverTheLimit)
{
foreach (var invalidAttributes in attributesOverTheLimit.Values)
{
context.ReportDiagnosticWhenActive(
invalidAttributes.SecondaryAttribute != null
? Diagnostic.Create(rule, invalidAttributes.MainAttribute.GetLocation(), new List <Location> {
invalidAttributes.SecondaryAttribute.GetLocation()
})
: Diagnostic.Create(rule, invalidAttributes.MainAttribute.GetLocation()));
}
}
private void ReportOnConflictingTransparencyAttributes(CompilationAnalysisContext compilationContext,
Dictionary <SyntaxNode, AttributeSyntax> nodesWithSecuritySafeCritical,
Dictionary <SyntaxNode, AttributeSyntax> nodesWithSecurityCritical)
{
var assemblySecurityCriticalAttribute = compilationContext.Compilation.Assembly
.GetAttributes(KnownType.System_Security_SecurityCriticalAttribute)
.FirstOrDefault();
if (assemblySecurityCriticalAttribute != null)
{
var assemblySecurityLocation = assemblySecurityCriticalAttribute.ApplicationSyntaxReference
.GetSyntax().GetLocation();
// All parts declaring the 'SecuritySafeCriticalAttribute' are incorrect since the assembly
// itself is marked as 'SecurityCritical'.
foreach (var item in nodesWithSecuritySafeCritical)
{
compilationContext.ReportDiagnosticWhenActive(Diagnostic.Create(rule, item.Value.GetLocation(),
additionalLocations: new[] { assemblySecurityLocation }));
}
}
else
{
foreach (var item in nodesWithSecuritySafeCritical)
{
var current = item.Key.Parent;
while (current != null)
{
if (nodesWithSecurityCritical.ContainsKey(current))
{
compilationContext.ReportDiagnosticWhenActive(Diagnostic.Create(rule, item.Value.GetLocation(),
additionalLocations: new[] { nodesWithSecurityCritical[current].GetLocation() }));
break;
}
current = current.Parent;
}
}
}
}
private void ReportEmptyPassword(XDocument doc, string webConfigPath, CompilationAnalysisContext c)
{
foreach (var addAttribute in doc.XPathSelectElements("configuration/connectionStrings/add"))
{
if (addAttribute.Attribute("connectionString") is { } connectionString &&
IsVulnerable(connectionString.Value) &&
!HasSanitizers(connectionString.Value) &&
connectionString.CreateLocation(webConfigPath) is { } location)
{
c.ReportDiagnosticWhenActive(Diagnostic.Create(Rule, location));
}
}
}
private void ReportRequestValidationMode(XDocument doc, string webConfigPath, CompilationAnalysisContext c)
{
foreach (var httpRuntime in doc.XPathSelectElements("configuration/system.web/httpRuntime"))
{
if (httpRuntime.Attribute("requestValidationMode") is { } requestValidationMode &&
decimal.TryParse(requestValidationMode.Value, NumberStyles.Number, CultureInfo.InvariantCulture, out var value) &&
value < MinimumAcceptedRequestValidationModeValue &&
requestValidationMode.CreateLocation(webConfigPath) is { } location)
{
c.ReportDiagnosticWhenActive(Diagnostic.Create(rule, location));
}
}
}
private void ReportDuplicates(CompilationAnalysisContext compilationAnalysisContext,
Dictionary <string, List <LiteralExpressionSyntax> > stringWithLiterals)
{
foreach (var item in stringWithLiterals)
{
if (item.Value.Count > Threshold)
{
// Report issues as project-level
compilationAnalysisContext.ReportDiagnosticWhenActive(Diagnostic.Create(rule, null,
additionalLocations: item.Value.Select(x => x.GetLocation()).OrderBy(x => x.SourceSpan),
messageArgs: new object[] { item.Key, item.Value.Count }));
}
}
}