private VariableState VisitAssignment(VisualBasicSyntaxNode node, ExpressionSyntax leftExpression, ExpressionSyntax rightExpression, ExecutionState state) { var symbol = state.GetSymbol(leftExpression); MethodBehavior behavior = BehaviorRepo.GetMethodBehavior(symbol); var variableState = VisitExpression(rightExpression, state); //Additional analysis by extension foreach (var ext in Extensions) { ext.VisitAssignment(node, state, behavior, symbol, variableState); } IdentifierNameSyntax parentIdentifierSyntax = GetParentIdentifier(leftExpression); if (parentIdentifierSyntax != null) { state.MergeValue(ResolveIdentifier(parentIdentifierSyntax.Identifier), variableState); } if (behavior != null && //Injection behavior.IsInjectableField && variableState.Taint != VariableTaint.Constant && //Skip safe values variableState.Taint != VariableTaint.Safe) { var newRule = LocaleUtil.GetDescriptor(behavior.LocaleInjection, "title_assignment"); var diagnostic = Diagnostic.Create(newRule, node.GetLocation()); state.AnalysisContext.ReportDiagnostic(diagnostic); } if (behavior != null && //Known Password API behavior.IsPasswordField && variableState.Taint == VariableTaint.Constant) //Only constant { var newRule = LocaleUtil.GetDescriptor(behavior.LocalePassword, "title_assignment"); var diagnostic = Diagnostic.Create(newRule, node.GetLocation()); state.AnalysisContext.ReportDiagnostic(diagnostic); } //TODO: taint the variable being assigned. return(variableState); }
private VariableState VisitAssignment(AssignmentExpressionSyntax node, ExecutionState state) { var leftSymbol = state.GetSymbol(node.Left); MethodBehavior behavior = null; if (leftSymbol != null) { behavior = leftSymbol.GetMethodBehavior(state.AnalysisContext.Options.AdditionalFiles); } var variableState = VisitExpression(node.Right, state); //Additional analysis by extension foreach (var ext in Extensions) { ext.VisitAssignment(node, state, behavior, leftSymbol, variableState); } if (leftSymbol != null) { var rightTypeSymbol = state.AnalysisContext.SemanticModel.GetTypeInfo(node.Right).Type; if (rightTypeSymbol == null) { return(new VariableState(node.Right, VariableTaint.Unknown)); } var leftTypeSymbol = state.AnalysisContext.SemanticModel.GetTypeInfo(node.Left).Type; if (!state.AnalysisContext.SemanticModel.Compilation.ClassifyConversion(rightTypeSymbol, leftTypeSymbol).IsImplicit) { return(new VariableState(node.Right, VariableTaint.Unknown)); } } IdentifierNameSyntax parentIdentifierSyntax = GetParentIdentifier(node.Left); if (parentIdentifierSyntax != null) { state.MergeValue(ResolveIdentifier(parentIdentifierSyntax.Identifier), variableState); } if (behavior != null && //Injection behavior.IsInjectableField && variableState.Taint != VariableTaint.Constant && //Skip safe values variableState.Taint != VariableTaint.Safe) { var newRule = LocaleUtil.GetDescriptor(behavior.LocaleInjection, "title_assignment"); var diagnostic = Diagnostic.Create(newRule, node.GetLocation()); state.AnalysisContext.ReportDiagnostic(diagnostic); } if (behavior != null && //Known Password API behavior.IsPasswordField && variableState.Taint == VariableTaint.Constant) //Only constant { var newRule = LocaleUtil.GetDescriptor(behavior.LocalePassword, "title_assignment"); var diagnostic = Diagnostic.Create(newRule, node.GetLocation()); state.AnalysisContext.ReportDiagnostic(diagnostic); } //TODO: taint the variable being assigned. return(variableState); }