protected void AnalyzeObjectCreation(ISymbol variableSymbol, SyntaxNode objectCreationNode, SemanticModel model, Action <Diagnostic> reportDiagnostic) { if (!(SyntaxNodeHelper.GetSymbol(objectCreationNode, model) is IMethodSymbol symbol)) { return; } if (OjectCreationOperationsAnalyzed.Contains(objectCreationNode)) { return; } OjectCreationOperationsAnalyzed.Add(objectCreationNode); if (SecurityDiagnosticHelpers.IsXmlDocumentCtorDerived(symbol, XmlTypes)) { var env = AnalyzeObjectCreationForXmlDocument(symbol, objectCreationNode, model); if (variableSymbol != null) { XmlDocumentEnvironments[variableSymbol] = env; } else { TempXmlDocumentEnvironments[objectCreationNode] = env; } } else if (SecurityDiagnosticHelpers.IsXmlTextReaderCtorDerived(symbol, XmlTypes)) { var env = AnalyzeObjectCreationForXmlTextReader(symbol, objectCreationNode, model); if (variableSymbol != null) { XmlTextReaderEnvironments[variableSymbol] = env; } else { TempXmlTextReaderEnvironments[objectCreationNode] = env; } } else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsCtor(symbol, XmlTypes)) { var env = AnalyzeObjectCreationForXmlReaderSettings(objectCreationNode, model); if (variableSymbol != null) { XmlReaderSettingsEnvironments[variableSymbol] = env; } else { TempXmlReaderSettingsEnvironments[objectCreationNode] = env; } } else if (symbol.MatchMethodByName(XmlTypes.XPathDocument, WellKnownMemberNames.InstanceConstructorName)) { if (AreDefaultsSecure) { return; } if (SecurityDiagnosticHelpers.GetSpecifiedParameterIndex(symbol, XmlTypes, SecurityDiagnosticHelpers.IsXmlReaderType) == 0) { return; } var diag = Diagnostic.Create(XxeDiagnosticAnalyzer.Rule, objectCreationNode.GetLocation()); reportDiagnostic(diag); } }