private static bool AntiforgeryAttributeExists(ITypeSymbol classSymbol, CsrfNamedGroup group) { if (!group.AntiCsrfAttributes.Any()) { return(false); } return(classSymbol.HasDerivedClassAttribute(c => IsAntiForgeryToken(c, group))); }
private void VisitClass(ITypeSymbol classSymbol, CsrfNamedGroup group, Dictionary <Location, Diagnostic> diagnostics) { if (group?.Class?.Names.Any() == true) { var descendsFromController = classSymbol.IsDerivedFrom(group.Class.Names); if (!descendsFromController) { return; } } if (AntiforgeryAttributeExists(classSymbol, group)) { return; } if (IsClassIgnored(classSymbol, group)) { return; } foreach (var member in classSymbol.GetMembers()) { if (!(member is IMethodSymbol methodSymbol)) { continue; } var location = methodSymbol.Locations[0]; if (diagnostics.ContainsKey(location)) // first CsrfNamedGroup in a sequence wins { continue; } if (IsMethodIgnored(methodSymbol, group)) { continue; } if (AntiforgeryAttributeExists(methodSymbol, group)) { continue; } if (AreParametersSafe(methodSymbol, group)) { continue; } diagnostics.Add(location, Diagnostic.Create(group.Message != null ? group.Message : Rule, location)); } }
private static bool AreParametersSafe(IMethodSymbol methodSymbol, CsrfNamedGroup group) { foreach (var arg in methodSymbol.Parameters) { if (arg.HasAttribute(attributeData => HasApplicableAttribute(attributeData, group.Parameter.Exclude))) { return(true); } if (arg.HasAttribute(attributeData => HasApplicableAttribute(attributeData, group.Parameter.Include))) { return(false); } } return(group.Parameter.Include.Any()); }
private static bool IsMethodIgnored(IMethodSymbol methodSymbol, CsrfNamedGroup group) { if (!group.Method.Include.Any() && !group.Method.Exclude.Any()) { return(false); } if (methodSymbol.HasDerivedMethodAttribute(attributeData => HasApplicableAttribute(attributeData, group.Method.Exclude))) { return(true); } if (group.Method.Include.Any()) { return(!methodSymbol.HasDerivedMethodAttribute(attributeData => HasApplicableAttribute(attributeData, group.Method.Include))); } return(false); }
private static bool IsClassIgnored(ITypeSymbol classSymbol, CsrfNamedGroup group) { if (group.Class == null) { return(false); } if (!group.Class.Include.Any() && !group.Class.Exclude.Any()) { return(false); } if (classSymbol.HasDerivedClassAttribute(attributeData => HasApplicableAttribute(attributeData, group.Class.Exclude))) { return(true); } if (group.Class.Include.Any()) { return(!classSymbol.HasDerivedClassAttribute(attributeData => HasApplicableAttribute(attributeData, group.Class.Include))); } return(false); }
private static bool AntiforgeryAttributeExists(IMethodSymbol methodSymbol, CsrfNamedGroup group) { if (!group.AntiCsrfAttributes.Any()) { return(false); } return(methodSymbol.HasDerivedMethodAttribute(c => IsAntiForgeryToken(c, group))); }
private static bool IsAntiForgeryToken(AttributeData attributeData, CsrfNamedGroup group) => HasApplicableAttribute(attributeData, group.AntiCsrfAttributes);