public IEnumerable <DiagnosticInfo> GetDiagnosticInfo(SyntaxNodeAnalysisContext context)
{
var result = new List <DiagnosticInfo>();
var syntax = context.Node as InvocationExpressionSyntax;
if (_fileReadExpressionAnalyzer.IsVulnerable(context.SemanticModel, syntax))
{
result.Add(new DiagnosticInfo(syntax.GetLocation(), "File"));
}
if (_fileWriteExpressionAnalyzer.IsVulnerable(context.SemanticModel, syntax))
{
result.Add(new DiagnosticInfo(syntax.GetLocation(), "File"));
}
if (_fileOpenExpressionAnalyzer.IsVulnerable(context.SemanticModel, syntax))
{
result.Add(new DiagnosticInfo(syntax.GetLocation(), "File"));
}
if (_fileDeleteExpressionAnalyzer.IsVulnerable(context.SemanticModel, syntax))
{
result.Add(new DiagnosticInfo(syntax.GetLocation(), "File"));
}
return(result);
}
public override void GetSinks(SyntaxNodeAnalysisContext context, DiagnosticId ruleId)
{
var syntax = context.Node as InvocationExpressionSyntax;
if (_fileReadExpressionAnalyzer.IsVulnerable(context.SemanticModel, syntax, ruleId))
{
if (VulnerableSyntaxNodes.All(p => p.Sink.GetLocation() != syntax?.GetLocation()))
{
VulnerableSyntaxNodes.Push(_vulnerableSyntaxNodeFactory.Create(syntax, "file read"));
}
}
if (_fileWriteExpressionAnalyzer.IsVulnerable(context.SemanticModel, syntax, ruleId))
{
if (VulnerableSyntaxNodes.All(p => p.Sink.GetLocation() != syntax?.GetLocation()))
{
VulnerableSyntaxNodes.Push(_vulnerableSyntaxNodeFactory.Create(syntax, "file write"));
}
}
if (_fileOpenExpressionAnalyzer.IsVulnerable(context.SemanticModel, syntax, ruleId))
{
if (VulnerableSyntaxNodes.All(p => p.Sink.GetLocation() != syntax?.GetLocation()))
{
VulnerableSyntaxNodes.Push(_vulnerableSyntaxNodeFactory.Create(syntax, "file open"));
}
}
if (_fileDeleteExpressionAnalyzer.IsVulnerable(context.SemanticModel, syntax, ruleId))
{
if (VulnerableSyntaxNodes.All(p => p.Sink.GetLocation() != syntax?.GetLocation()))
{
VulnerableSyntaxNodes.Push(_vulnerableSyntaxNodeFactory.Create(syntax, "file delete"));
}
}
}
