private void AnalyzeAssignment(OperationAnalysisContext context) { IAssignmentExpression expression = context.Operation as IAssignmentExpression; if (expression.Target == null) { return; } SemanticModel model = context.Compilation.GetSemanticModel(expression.Syntax.SyntaxTree); var propRef = expression.Target as IPropertyReferenceExpression; if (propRef == null) // A variable/field assignment { ISymbol symbolAssignedTo = expression.Target.Syntax.GetDeclaredOrReferencedSymbol(model); if (symbolAssignedTo != null) { AnalyzeObjectCreationInternal(context, symbolAssignedTo, expression.Value); } } else // A property assignment { ISymbol assignedSymbol = propRef.Instance.Syntax.GetDeclaredOrReferencedSymbol(model); if (propRef.Property.MatchPropertyByName(_xmlTypes.XmlDocument, "XmlResolver")) { AnalyzeXmlResolverPropertyAssignmentForXmlDocument(context, assignedSymbol, expression); } else { bool isXmlTextReaderXmlResolverProperty = SecurityDiagnosticHelpers.IsXmlTextReaderXmlResolverPropertyDerived(propRef.Property, _xmlTypes); bool isXmlTextReaderDtdProcessingProperty = !isXmlTextReaderXmlResolverProperty && SecurityDiagnosticHelpers.IsXmlTextReaderDtdProcessingPropertyDerived(propRef.Property, _xmlTypes); if (isXmlTextReaderXmlResolverProperty || isXmlTextReaderDtdProcessingProperty) { AnalyzeXmlTextReaderProperties(context, assignedSymbol, expression, isXmlTextReaderXmlResolverProperty, isXmlTextReaderDtdProcessingProperty); } else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsType(propRef.Instance.Type, _xmlTypes)) { XmlReaderSettingsEnvironment env; if (!_xmlReaderSettingsEnvironments.TryGetValue(assignedSymbol, out env)) { env = new XmlReaderSettingsEnvironment(_isFrameworkSecure); _xmlReaderSettingsEnvironments[assignedSymbol] = env; } IConversionExpression conv = expression.Value as IConversionExpression; if (conv != null && SecurityDiagnosticHelpers.IsXmlReaderSettingsXmlResolverProperty( propRef.Property, _xmlTypes) ) { if (SecurityDiagnosticHelpers.IsXmlSecureResolverType(conv.Operand.Type, _xmlTypes)) { env.IsSecureResolver = true; } else if (SecurityDiagnosticHelpers.IsExpressionEqualsNull(conv.Operand)) { env.IsSecureResolver = true; } } else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsDtdProcessingProperty(propRef.Property, _xmlTypes)) { env.IsDtdProcessingDisabled = !SecurityDiagnosticHelpers.IsExpressionEqualsDtdProcessingParse(expression.Value); } else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsMaxCharactersFromEntitiesProperty(propRef.Property, _xmlTypes)) { env.IsMaxCharactersFromEntitiesLimited = !SecurityDiagnosticHelpers.IsExpressionEqualsIntZero(expression.Value); } } else { AnalyzeNeverSetProperties(context, propRef.Property, expression.Syntax.GetLocation()); } } } }
private void AnalyzeObjectCreationForXmlReaderSettings(ISymbol variable, IObjectCreationExpression objCreation) { XmlReaderSettingsEnvironment xmlReaderSettingsEnv = new XmlReaderSettingsEnvironment(_isFrameworkSecure); if (variable != null) { _xmlReaderSettingsEnvironments[variable] = xmlReaderSettingsEnv; } xmlReaderSettingsEnv.XmlReaderSettingsDefinition = objCreation.Syntax; foreach (ISymbolInitializer init in objCreation.MemberInitializers) { var prop = init as IPropertyInitializer; if (prop != null) { if (SecurityDiagnosticHelpers.IsXmlReaderSettingsXmlResolverProperty( prop.InitializedProperty, _xmlTypes) ) { IConversionExpression operation = prop.Value as IConversionExpression; if (operation == null) { return; } if (SecurityDiagnosticHelpers.IsXmlSecureResolverType(operation.Operand.Type, _xmlTypes)) { xmlReaderSettingsEnv.IsSecureResolver = true; } else if (SecurityDiagnosticHelpers.IsExpressionEqualsNull(operation.Operand)) { xmlReaderSettingsEnv.IsSecureResolver = true; } } else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsDtdProcessingProperty(prop.InitializedProperty, _xmlTypes)) { xmlReaderSettingsEnv.IsDtdProcessingDisabled = !SecurityDiagnosticHelpers.IsExpressionEqualsDtdProcessingParse(prop.Value); } else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsMaxCharactersFromEntitiesProperty(prop.InitializedProperty, _xmlTypes)) { xmlReaderSettingsEnv.IsMaxCharactersFromEntitiesLimited = !SecurityDiagnosticHelpers.IsExpressionEqualsIntZero(prop.Value); } } } }