private void AnalyzeObjectCreationInternal(OperationAnalysisContext context, ISymbol variable, IOperation valueOpt) { IObjectCreationOperation objCreation = valueOpt as IObjectCreationOperation; if (objCreation == null) { return; } if (_objectCreationOperationsAnalyzed.Contains(objCreation)) { return; } else { _objectCreationOperationsAnalyzed.Add(objCreation); } if (SecurityDiagnosticHelpers.IsXmlDocumentCtorDerived(objCreation.Constructor, _xmlTypes)) { AnalyzeObjectCreationForXmlDocument(context, variable, objCreation); } else if (SecurityDiagnosticHelpers.IsXmlTextReaderCtorDerived(objCreation.Constructor, _xmlTypes)) { AnalyzeObjectCreationForXmlTextReader(context, variable, objCreation); } else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsCtor(objCreation.Constructor, _xmlTypes)) { AnalyzeObjectCreationForXmlReaderSettings(context, variable, objCreation); } else { AnalyzeMethodOverloads(context, objCreation.Constructor, objCreation.Arguments, objCreation.Syntax); } }
protected void AnalyzeObjectCreation(ISymbol variableSymbol, SyntaxNode objectCreationNode, SemanticModel model, Action <Diagnostic> reportDiagnostic) { if (!(SyntaxNodeHelper.GetSymbol(objectCreationNode, model) is IMethodSymbol symbol)) { return; } if (OjectCreationOperationsAnalyzed.Contains(objectCreationNode)) { return; } OjectCreationOperationsAnalyzed.Add(objectCreationNode); if (SecurityDiagnosticHelpers.IsXmlDocumentCtorDerived(symbol, XmlTypes)) { var env = AnalyzeObjectCreationForXmlDocument(symbol, objectCreationNode, model); if (variableSymbol != null) { XmlDocumentEnvironments[variableSymbol] = env; } else { TempXmlDocumentEnvironments[objectCreationNode] = env; } } else if (SecurityDiagnosticHelpers.IsXmlTextReaderCtorDerived(symbol, XmlTypes)) { var env = AnalyzeObjectCreationForXmlTextReader(symbol, objectCreationNode, model); if (variableSymbol != null) { XmlTextReaderEnvironments[variableSymbol] = env; } else { TempXmlTextReaderEnvironments[objectCreationNode] = env; } } else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsCtor(symbol, XmlTypes)) { var env = AnalyzeObjectCreationForXmlReaderSettings(objectCreationNode, model); if (variableSymbol != null) { XmlReaderSettingsEnvironments[variableSymbol] = env; } else { TempXmlReaderSettingsEnvironments[objectCreationNode] = env; } } else if (symbol.MatchMethodByName(XmlTypes.XPathDocument, WellKnownMemberNames.InstanceConstructorName)) { if (AreDefaultsSecure) { return; } var diag = Diagnostic.Create(XxeDiagnosticAnalyzer.Rule, objectCreationNode.GetLocation()); reportDiagnostic(diag); } }