protected override void Initialize(SonarAnalysisContext context) { ObjectCreationTracker.Track(context, ObjectCreationTracker.WhenDerivesOrImplements(KnownType.RestSharp_IRestRequest)); InvocationTracker.Track(context, InvocationTracker.MatchMethod( new MemberDescriptor(KnownType.System_Net_Http_HttpClient, "GetAsync"), new MemberDescriptor(KnownType.System_Net_Http_HttpClient, "GetByteArrayAsync"), new MemberDescriptor(KnownType.System_Net_Http_HttpClient, "GetStreamAsync"), new MemberDescriptor(KnownType.System_Net_Http_HttpClient, "GetStringAsync"), new MemberDescriptor(KnownType.System_Net_Http_HttpClient, "SendAsync"), new MemberDescriptor(KnownType.System_Net_Http_HttpClient, "PostAsync"), new MemberDescriptor(KnownType.System_Net_Http_HttpClient, "PutAsync"), new MemberDescriptor(KnownType.System_Net_Http_HttpClient, "DeleteAsync"), new MemberDescriptor(KnownType.System_Net_WebClient, "DownloadData"), new MemberDescriptor(KnownType.System_Net_WebClient, "DownloadDataAsync"), new MemberDescriptor(KnownType.System_Net_WebClient, "DownloadDataTaskAsync"), new MemberDescriptor(KnownType.System_Net_WebClient, "DownloadFile"), new MemberDescriptor(KnownType.System_Net_WebClient, "DownloadFileAsync"), new MemberDescriptor(KnownType.System_Net_WebClient, "DownloadFileTaskAsync"), new MemberDescriptor(KnownType.System_Net_WebClient, "DownloadString"), new MemberDescriptor(KnownType.System_Net_WebClient, "DownloadStringAsync"), new MemberDescriptor(KnownType.System_Net_WebClient, "DownloadStringTaskAsync"), new MemberDescriptor(KnownType.System_Net_WebClient, "OpenRead"), new MemberDescriptor(KnownType.System_Net_WebClient, "OpenReadAsync"), new MemberDescriptor(KnownType.System_Net_WebClient, "OpenReadTaskAsync"), new MemberDescriptor(KnownType.System_Net_WebClient, "OpenWrite"), new MemberDescriptor(KnownType.System_Net_WebClient, "OpenWriteAsync"), new MemberDescriptor(KnownType.System_Net_WebClient, "OpenWriteTaskAsync"), new MemberDescriptor(KnownType.System_Net_WebClient, "UploadData"), new MemberDescriptor(KnownType.System_Net_WebClient, "UploadDataAsync"), new MemberDescriptor(KnownType.System_Net_WebClient, "UploadDataTaskAsync"), new MemberDescriptor(KnownType.System_Net_WebClient, "UploadFile"), new MemberDescriptor(KnownType.System_Net_WebClient, "UploadFileAsync"), new MemberDescriptor(KnownType.System_Net_WebClient, "UploadFileTaskAsync"), new MemberDescriptor(KnownType.System_Net_WebClient, "UploadString"), new MemberDescriptor(KnownType.System_Net_WebClient, "UploadStringAsync"), new MemberDescriptor(KnownType.System_Net_WebClient, "UploadStringTaskAsync"), new MemberDescriptor(KnownType.System_Net_WebClient, "UploadValues"), new MemberDescriptor(KnownType.System_Net_WebClient, "UploadValuesAsync"), new MemberDescriptor(KnownType.System_Net_WebClient, "UploadValuesTaskAsync"), new MemberDescriptor(KnownType.System_Net_WebRequest, "Create"), new MemberDescriptor(KnownType.System_Net_WebRequest, "CreateDefault"), new MemberDescriptor(KnownType.System_Net_WebRequest, "CreateHttp"))); }
protected override void Initialize(SonarAnalysisContext context) { PropertyAccessTracker.Track(context, PropertyAccessTracker.MatchProperty(new MemberDescriptor(KnownType.System_Web_HttpCookie, "Value")), PropertyAccessTracker.MatchSetter()); ObjectCreationTracker.Track(context, ObjectCreationTracker.MatchConstructor(KnownType.System_Web_HttpCookie), ObjectCreationTracker.ArgumentAtIndexIs(1, KnownType.System_String)); ElementAccessTracker.Track(context, ElementAccessTracker.MatchIndexerIn(KnownType.System_Web_HttpCookie), ElementAccessTracker.ArgumentAtIndexIs(0, KnownType.System_String), ElementAccessTracker.MatchSetter()); ElementAccessTracker.Track(context, ElementAccessTracker.MatchIndexerIn(KnownType.Microsoft_AspNetCore_Http_IHeaderDictionary), ElementAccessTracker.ArgumentAtIndexEquals(0, "Set-Cookie"), ElementAccessTracker.MatchSetter()); ElementAccessTracker.Track(context, ElementAccessTracker.MatchIndexerIn( KnownType.Microsoft_AspNetCore_Http_IRequestCookieCollection, KnownType.Microsoft_AspNetCore_Http_IResponseCookies), ElementAccessTracker.MatchSetter()); ElementAccessTracker.Track(context, ElementAccessTracker.MatchIndexerIn(KnownType.System_Collections_Specialized_NameValueCollection), ElementAccessTracker.MatchSetter(), ElementAccessTracker.MatchProperty(new MemberDescriptor(KnownType.System_Web_HttpCookie, "Values"))); InvocationTracker.Track(context, InvocationTracker.MatchMethod(new MemberDescriptor(KnownType.Microsoft_AspNetCore_Http_IResponseCookies, "Append"))); InvocationTracker.Track(context, InvocationTracker.MatchMethod( new MemberDescriptor(KnownType.System_Collections_Generic_IDictionary_TKey_TValue, "Add"), new MemberDescriptor(KnownType.System_Collections_Generic_IDictionary_TKey_TValue_VB, "Add")), InvocationTracker.ArgumentAtIndexEquals(0, "Set-Cookie"), InvocationTracker.MethodHasParameters(2), IsIHeadersDictionary()); InvocationTracker.Track(context, InvocationTracker.MatchMethod(new MemberDescriptor(KnownType.System_Collections_Specialized_NameObjectCollectionBase, "Add")), InvocationTracker.MatchProperty(new MemberDescriptor(KnownType.System_Web_HttpCookie, "Values"))); }
protected override void Initialize(SonarAnalysisContext context) { ObjectCreationTracker.Track(context, ObjectCreationTracker.MatchConstructor( KnownType.System_Security_Permissions_PrincipalPermission)); ObjectCreationTracker.Track(context, ObjectCreationTracker.WhenDerivesOrImplementsAny( KnownType.System_Security_Principal_IIdentity, KnownType.System_Security_Principal_IPrincipal)); InvocationTracker.Track(context, InvocationTracker.MatchMethod( new MemberDescriptor(KnownType.System_Security_Principal_WindowsIdentity, "GetCurrent"), new MemberDescriptor(KnownType.System_IdentityModel_Tokens_SecurityTokenHandler, "ValidateToken"), new MemberDescriptor(KnownType.System_AppDomain, "SetPrincipalPolicy"), new MemberDescriptor(KnownType.System_AppDomain, "SetThreadPrincipal"))); PropertyAccessTracker.Track(context, PropertyAccessTracker.MatchProperty( new MemberDescriptor(KnownType.System_Web_HttpContext, "User"), new MemberDescriptor(KnownType.System_Threading_Thread, "CurrentPrincipal"))); MethodDeclarationTracker.Track(context, MethodDeclarationTracker.AnyParameterIsOfType( KnownType.System_Security_Principal_IIdentity, KnownType.System_Security_Principal_IPrincipal), MethodDeclarationTracker.IsOrdinaryMethod()); MethodDeclarationTracker.Track(context, MethodDeclarationTracker.DecoratedWithAnyAttribute( KnownType.System_Security_Permissions_PrincipalPermissionAttribute)); BaseTypeTracker.Track(context, BaseTypeTracker.MatchSubclassesOf( KnownType.System_Security_Principal_IIdentity, KnownType.System_Security_Principal_IPrincipal)); }
protected override void Initialize(SonarAnalysisContext context) { // ASP.NET Core InvocationTracker.Track(context, InvocationTracker.MatchMethod( new MemberDescriptor(KnownType.Microsoft_AspNetCore_Hosting_WebHostBuilderExtensions, "ConfigureLogging"), new MemberDescriptor(KnownType.Microsoft_Extensions_DependencyInjection_LoggingServiceCollectionExtensions, "AddLogging"), new MemberDescriptor(KnownType.Microsoft_Extensions_Logging_ConsoleLoggerExtensions, "AddConsole"), new MemberDescriptor(KnownType.Microsoft_Extensions_Logging_DebugLoggerFactoryExtensions, "AddDebug"), new MemberDescriptor(KnownType.Microsoft_Extensions_Logging_EventLoggerFactoryExtensions, "AddEventLog"), new MemberDescriptor(KnownType.Microsoft_Extensions_Logging_EventLoggerFactoryExtensions, "AddEventSourceLogger"), new MemberDescriptor(KnownType.Microsoft_Extensions_Logging_EventSourceLoggerFactoryExtensions, "AddEventSourceLogger"), new MemberDescriptor(KnownType.Microsoft_Extensions_Logging_AzureAppServicesLoggerFactoryExtensions, "AddAzureWebAppDiagnostics")), InvocationTracker.MethodIsExtension()); ObjectCreationTracker.Track(context, ObjectCreationTracker.WhenImplements(KnownType.Microsoft_Extensions_Logging_ILoggerFactory)); // log4net InvocationTracker.Track(context, InvocationTracker.MatchMethod( new MemberDescriptor(KnownType.log4net_Config_XmlConfigurator, "Configure"), new MemberDescriptor(KnownType.log4net_Config_XmlConfigurator, "ConfigureAndWatch"), new MemberDescriptor(KnownType.log4net_Config_DOMConfigurator, "Configure"), new MemberDescriptor(KnownType.log4net_Config_DOMConfigurator, "ConfigureAndWatch"), new MemberDescriptor(KnownType.log4net_Config_BasicConfigurator, "Configure"))); // NLog PropertyAccessTracker.Track(context, PropertyAccessTracker.MatchSetter(), PropertyAccessTracker.MatchProperty( new MemberDescriptor(KnownType.NLog_LogManager, "Configuration"))); // Serilog ObjectCreationTracker.Track(context, ObjectCreationTracker.WhenDerivesFrom(KnownType.Serilog_LoggerConfiguration)); }
protected override void Initialize(SonarAnalysisContext context) { ObjectCreationTracker.Track(context, ObjectCreationTracker.WhenDerivesOrImplementsAny(algorithmTypes)); InvocationTracker.Track(context, InvocationTracker.MatchMethod(new MemberDescriptor(KnownType.System_Security_Cryptography_DSA, CreateMethodName), new MemberDescriptor(KnownType.System_Security_Cryptography_HMAC, CreateMethodName), new MemberDescriptor(KnownType.System_Security_Cryptography_MD5, CreateMethodName), new MemberDescriptor(KnownType.System_Security_Cryptography_RIPEMD160, CreateMethodName), new MemberDescriptor(KnownType.System_Security_Cryptography_SHA1, CreateMethodName)), InvocationTracker.MethodHasParameters(0)); InvocationTracker.Track(context, InvocationTracker.MatchMethod(new MemberDescriptor(KnownType.System_Security_Cryptography_AsymmetricAlgorithm, CreateMethodName), new MemberDescriptor(KnownType.System_Security_Cryptography_CryptoConfig, "CreateFromName"), new MemberDescriptor(KnownType.System_Security_Cryptography_DSA, CreateMethodName), new MemberDescriptor(KnownType.System_Security_Cryptography_HashAlgorithm, CreateMethodName), new MemberDescriptor(KnownType.System_Security_Cryptography_HMAC, CreateMethodName), new MemberDescriptor(KnownType.System_Security_Cryptography_KeyedHashAlgorithm, CreateMethodName), new MemberDescriptor(KnownType.System_Security_Cryptography_MD5, CreateMethodName), new MemberDescriptor(KnownType.System_Security_Cryptography_RIPEMD160, CreateMethodName), new MemberDescriptor(KnownType.System_Security_Cryptography_SHA1, CreateMethodName)), InvocationTracker.ArgumentAtIndexIsAny(0, unsafeAlgorithms)); }
private void TrackObjectCreation(SonarAnalysisContext context, KnownType[] objectCreationTypes, int argumentIndex) => ObjectCreationTracker.Track(context, ObjectCreationTracker.MatchConstructor(objectCreationTypes), ObjectCreationTracker.ArgumentAtIndexIs(argumentIndex, KnownType.System_String), c => IsTracked(GetArgumentAtIndex(c, argumentIndex), c), Conditions.ExceptWhen(ObjectCreationTracker.ArgumentAtIndexIsConst(argumentIndex)));
internal CookieShouldBeSecure(IAnalyzerConfiguration analyzerConfiguration) : base(analyzerConfiguration) { ObjectCreationTracker = new CSharpObjectCreationTracker(analyzerConfiguration, rule); }
private static void SetupObjectCreationTracker(ObjectCreationTracker <SyntaxKind> tracker, TrackerInput input) => tracker.Track(input, tracker.MatchConstructor(KnownType.Microsoft_AspNetCore_Cors_Infrastructure_CorsPolicyBuilder), c => ContainsStar((ObjectCreationExpressionSyntax)c.Node, c.SemanticModel));