public bool IsVulnerable(SemanticModel model, ObjectCreationExpressionSyntax syntax) { if (!syntax.ToString().Contains("FilePathResult")) { return(false); } var symbol = model.GetSymbolInfo(syntax).Symbol as IMethodSymbol; if (symbol.IsCtorFor("System.Web.Mvc.FilePathResult")) { if (syntax.ArgumentList.Arguments.Count > 0) { var argSyntax = syntax.ArgumentList.Arguments[0].Expression; var expressionAnalyzer = ExpressionSyntaxAnalyzerFactory.Create(argSyntax); if (expressionAnalyzer.CanSuppress(model, argSyntax)) { return(false); } //TODO: if still vulnerable after eliminating any low hanging fruit - then we need to perform data flow analysis } return(true); } return(false); }
public bool IsVulnerable(SemanticModel model, InvocationExpressionSyntax syntax) { if (!syntax.ToString().Contains("Redirect")) { return(false); } var symbol = model.GetSymbolInfo(syntax).Symbol as IMethodSymbol; if (symbol?.Name == "Redirect" && symbol?.ReceiverType.ToString() == "System.Web.Mvc.Controller") { if (syntax.ArgumentList.Arguments.Count == 1) { var argSyntax = syntax.ArgumentList.Arguments[0].Expression; var expressionAnalyzer = ExpressionSyntaxAnalyzerFactory.Create(argSyntax); if (expressionAnalyzer.CanSuppress(model, argSyntax)) { return(false); } //TODO: if still vulnerable after eliminating any low hanging fruit - then we need to perform data flow analysis } return(true); } return(false); }
public bool IsVulnerable(SemanticModel model, InvocationExpressionSyntax syntax) { if (!ContainsFileOpenCommands(syntax)) { return(false); } var symbol = model.GetSymbolInfo(syntax).Symbol as IMethodSymbol; if (!IsFileOpenCommand(symbol)) { return(false); } if (syntax.ArgumentList.Arguments.Count > 0) { var argSyntax = syntax.ArgumentList.Arguments[0].Expression; var expressionAnalyzer = ExpressionSyntaxAnalyzerFactory.Create(argSyntax); if (expressionAnalyzer.CanSuppress(model, argSyntax)) { return(false); } //TODO: if still vulnerable after eliminating any low hanging fruit - then we need to perform data flow analysis } return(true); }
public bool IsVulnerable(SemanticModel model, InvocationExpressionSyntax syntax) { if (ContainsSearchCommands(syntax)) { var symbol = model.GetSymbolInfo(syntax).Symbol as IMethodSymbol; if (IsSearchCommand(symbol)) { var memberAccess = syntax.Expression as MemberAccessExpressionSyntax; var identifier = memberAccess?.Expression as IdentifierNameSyntax; var containingBlock = syntax.FirstAncestorOrSelf <BlockSyntax>(); if (containingBlock == null) { return(false); } var filter = GetFilterFromConstructor(model, containingBlock, identifier) ?? GetFilterFromAssignment(containingBlock, identifier); if (filter != null) { var expressionSyntax = filter as ExpressionSyntax; if (expressionSyntax != null) { var expressionAnalyzer = ExpressionSyntaxAnalyzerFactory.Create(expressionSyntax); return(!expressionAnalyzer.CanSuppress(model, expressionSyntax)); } } return(true); } } return(false); }
public bool IsVulnerable(SemanticModel model, ObjectCreationExpressionSyntax syntax) { if (!syntax.ToString().Contains("DirectoryEntry")) { return(false); } var symbol = model.GetSymbolInfo(syntax).Symbol as IMethodSymbol; if (symbol.IsCtorFor("System.DirectoryServices.DirectoryEntry")) { if (syntax.ArgumentList?.Arguments.Count > 0) { var argSyntax = syntax.ArgumentList.Arguments[0].Expression; var expressionAnalyzer = ExpressionSyntaxAnalyzerFactory.Create(argSyntax); if (expressionAnalyzer.CanSuppress(model, argSyntax)) { return(false); } } var filter = syntax.Initializer?.Expressions.OfType <AssignmentExpressionSyntax>() .FirstOrDefault(p => (p.Left as IdentifierNameSyntax)?.Identifier.ValueText == "Path"); if (filter != null) { var expressionAnalyzer = ExpressionSyntaxAnalyzerFactory.Create(filter.Right); if (expressionAnalyzer.CanSuppress(model, filter.Right)) { return(false); } } if (filter == null && syntax.ArgumentList?.Arguments.Count == 0) { return(false); } return(true); } return(false); }
public bool IsVulnerable(SemanticModel model, AssignmentExpressionSyntax syntax) { var leftSyntax = syntax?.Left as MemberAccessExpressionSyntax; if (leftSyntax == null || leftSyntax.Name.Identifier.ValueText.ToLower() != "text") { return(false); } var leftSymbol = model.GetSymbolInfo(leftSyntax).Symbol; if (!leftSymbol.ToString().StartsWith("System.Web.UI.WebControls.Label.Text")) { return(false); } var expressionAnalyzer = ExpressionSyntaxAnalyzerFactory.Create(syntax.Right); return(!expressionAnalyzer.CanSuppress(model, syntax.Right)); }