public static VulnerabilityDetail Create(string filePath, System.Xml.XPath.XPathNavigator element, Enums.ScannerType category = Enums.ScannerType.None, string message = null) { string code = "OPT" + category.GetHashCode().ToString("D4"); return(new VulnerabilityDetail { FilePath = filePath, CodeSnippet = element.OuterXml.Trim(), LineNumber = Mapper.Map.GetLineNumber(element), Code = code, Description = GetResourceString(code, "Description"), Message = string.IsNullOrWhiteSpace(message) ? GetResourceString(code, "MessageFormat") : message, Type = category, Title = GetResourceString(code, "Title") }); }
/// <summary> /// This method wiil check whether the SyntaxNode is vulnerable or not /// </summary> /// <param name="node"></param> /// <param name="model"></param> /// <param name="solution"></param> /// <param name="callingSymbol"></param> /// <param name="parameterNode"></param> /// <returns></returns> public static bool IsVulnerable(SyntaxNode node, SemanticModel model, Solution solution = null, ISymbol callingSymbol = null, Enums.ScannerType scannerType = Enums.ScannerType.None) { if (node is IdentifierNameSyntax) { ITypeSymbol type = model.GetTypeInfo(node).Type; if (type == null || type.SpecialType != SpecialType.System_String) { return(false); } bool vulnerable = false; ISymbol symbol = model.GetSymbol(node); if (symbol == null || symbol.Equals(callingSymbol, SymbolEqualityComparer.Default)) { return(false); } var references = SymbolFinder.FindReferencesAsync(symbol, solution).Result; foreach (var reference in references) { var currentNode = reference.Definition.Locations.First().SourceTree.GetRoot().FindNode(reference.Definition.Locations.First().SourceSpan); vulnerable = IsVulnerable(currentNode, model, solution, callingSymbol); foreach (var refLocation in reference.Locations) { currentNode = refLocation.Location.SourceTree.GetRoot().FindNode(refLocation.Location.SourceSpan); if (currentNode.SpanStart < node.SpanStart && CheckSameMethod(currentNode, node)) { var assignment = currentNode.Ancestors().OfType <AssignmentExpressionSyntax>().FirstOrDefault(); if (assignment == null) { continue; } if (currentNode.SpanStart < assignment.Right.SpanStart) { vulnerable = IsVulnerable(assignment.Right, refLocation.Document.GetSemanticModelAsync().Result, solution, symbol); } } } } return(vulnerable); } else if (node is BinaryExpressionSyntax) { var left = IsVulnerable((node as BinaryExpressionSyntax).Left, model, solution, callingSymbol); var right = IsVulnerable((node as BinaryExpressionSyntax).Right, model, solution, callingSymbol); return(left || right); } else if (node is VariableDeclaratorSyntax variableDeclarator && variableDeclarator.Initializer != null) { return(IsVulnerable(variableDeclarator.Initializer.Value, model, solution, callingSymbol)); }
public static VulnerabilityDetail Create(string filePath, SyntaxNodeOrToken codeSnippet, Enums.ScannerType category, string message = null) { string code = "OPT" + category.GetHashCode().ToString("D4"); return(new VulnerabilityDetail { FilePath = filePath, CodeSnippet = codeSnippet.ToString(), LineNumber = Mapper.Map.GetLineNumber(codeSnippet), Code = code, Description = GetResourceString(code, "Description"), Message = string.IsNullOrWhiteSpace(message) ? GetResourceString(code, "MessageFormat") : message, Type = category, Title = GetResourceString(code, "Title") }); }
public FormAuthenticationScanner(Enums.ScannerType paramScannerType) => scannerType = paramScannerType;