private bool DoIsEmptyString(Call call, int nth)
{
bool empty = false;
int index = m_info.Tracker.GetStackIndex(call.Index, nth);
if (index >= 0)
{
LoadString str = m_info.Instructions[index] as LoadString;
if (str != null)
{
empty = str.Value.Length == 0;
}
else
{
LoadStaticField field = m_info.Instructions[index] as LoadStaticField;
if (field != null)
{
empty = field.Field.DeclaringType.FullName == "System.String" && field.Field.Name == "Empty";
}
}
}
return(empty);
}
public void VisitLoad(LoadString load)
{
if (m_offset < 0)
{
if (DoMatch(load.Value))
{
m_offset = load.Untyped.Offset;
}
}
}
public void VisitLoad(LoadString load)
{
if (m_needsCheck)
{
if (CheckSpelling.Text(load.Value, ref m_details))
{
if (m_offset < 0)
{
m_offset = load.Untyped.Offset;
}
}
}
}
public void VisitNew(NewObj obj)
{
if (m_offset < 0)
{
if (obj.Ctor.ToString() == "System.Void System.Text.RegularExpressions.Regex::.ctor(System.String)")
{
LoadString prev = m_info.Instructions[obj.Index - 1] as LoadString;
if (prev != null && !DoIsValidRegEx(prev.Value))
{
m_offset = obj.Untyped.Offset;
}
}
}
}
private void DoCheck(TypedInstruction call, MethodReference target, int nth)
{
int index = m_info.Tracker.GetStackIndex(call.Index, nth);
if (index >= 0)
{
LoadString load = m_info.Instructions[index] as LoadString;
if (load != null)
{
m_offset = call.Untyped.Offset;
m_bad = target.ToString();
Log.DebugLine(this, "bad call at {0:X2}", m_offset);
}
}
}
private LoadString DoGetStringArg(Call call, int arg)
{
LoadString result = null;
int numArgs = call.Target.Parameters.Count;
int entry = numArgs - arg - 1;
int index = m_info.Tracker.GetStackIndex(call.Index, entry);
if (index >= 0)
{
result = m_info.Instructions[index] as LoadString;
}
return(result);
}
public void VisitLoad(LoadString load)
{
if (m_count <= m_max)
{
if (load.Value.Length == 0)
{
if (m_offset < 0)
{
m_offset = load.Untyped.Offset;
}
++m_count;
Log.DebugLine(this, "found empty string at {0:X2}", load.Untyped.Offset);
}
}
}
public void VisitLoad(LoadString load)
{
if (m_offset < 0)
{
// We don't want to force people to exclude rules for code that
// isn't actually broken: there should be some sort of work around
// that they can use. Unfortunately there really isn't a way to do
// this with verbatim strings so if a string has more than three
// new lines we'll assume it's a verbatim string and skip it.
int count = DoCountNewLines(load.Value);
if (count > 0 && count <= m_maxNewLines)
{
m_offset = load.Untyped.Offset;
Log.DebugLine(this, "found new line at {0:X2}", m_offset);
}
}
}
public void VisitNew(NewObj obj)
{
if (m_offset < 0 && m_args.Count > 0)
{
if (obj.Ctor.ToString() == "System.Void System.ArgumentNullException::.ctor(System.String)" || obj.Ctor.ToString() == "System.Void System.ArgumentOutOfRangeException::.ctor(System.String)")
{
LoadString load = m_info.Instructions[obj.Index - 1] as LoadString;
if (load != null)
{
if (m_args.IndexOf(load.Value) < 0)
{
m_offset = obj.Untyped.Offset;
Log.DebugLine(this, "bad new at {0:X2}", m_offset);
}
}
}
}
}
public void VisitNew(NewObj newer)
{
if (m_offset < 0 && newer.Ctor.ToString().StartsWith("System.Void System.ObjectDisposedException::.ctor("))
{
int numArgs = newer.Ctor.Parameters.Count;
int index = m_info.Tracker.GetStackIndex(newer.Index, numArgs - 1);
if (index >= 0)
{
LoadString arg = m_info.Instructions[index] as LoadString;
if (arg != null)
{
m_offset = newer.Untyped.Offset;
Log.DebugLine(this, "bad exception at {0:X2}", m_offset);
}
}
}
}
public void ZStackIndex()
{
DoInit("StackIndex");
int index = GetIndex("second");
int i = m_tracker.GetStackIndex(index, 0);
Code code = m_instructions[i].Untyped.OpCode.Code;
Assert.AreEqual(Code.Box, code);
i = m_tracker.GetStackIndex(index, 1);
code = m_instructions[i].Untyped.OpCode.Code;
Assert.AreEqual(Code.Ldstr, code);
LoadString load = m_instructions[i] as LoadString;
Assert.IsTrue(load.Value.Contains("blah"));
}
public void SML_Instruction_LoadString_Good()
{
string[] inputOpcodes = new string[] { "a" };
Stack stack = new Stack();
Stack expectedStack = new Stack();
Mock <IVirtualMachine> mock = new Mock <IVirtualMachine>(MockBehavior.Strict);
LoadString loadString = new LoadString
{
VirtualMachine = mock.Object,
Operands = inputOpcodes
};
mock.Setup(m => m.Stack).Returns(stack);
loadString.Run();
expectedStack.Push(inputOpcodes[0]);
Assert.AreEqual(mock.Object.Stack.Pop(), expectedStack.Pop());
}
public void VisitNew(NewObj obj)
{
if (m_offset < 0)
{
if (obj.Ctor.ToString() == "System.Void System.ArgumentException::.ctor(System.String)")
{
LoadString load = m_info.Instructions[obj.Index - 1] as LoadString;
if (load != null)
{
for (int i = 0; i < m_info.Method.Parameters.Count; ++i)
{
if (m_info.Method.Parameters[i].Name == load.Value)
{
m_offset = obj.Untyped.Offset;
Log.DebugLine(this, "bad new at {0:X2}", m_offset);
}
}
}
}
}
}
public void VisitCall(Call call)
{
if (m_offset < 0)
{
if (Array.IndexOf(m_targets1, call.Target.ToString()) >= 0)
{
LoadString prev = m_info.Instructions[call.Index - 1] as LoadString;
if (prev != null && !DoIsValidRegEx(prev.Value))
{
m_offset = call.Untyped.Offset;
}
}
else if (Array.IndexOf(m_targets2, call.Target.ToString()) >= 0)
{
LoadString prev = m_info.Instructions[call.Index - 2] as LoadString;
if (prev != null && !DoIsValidRegEx(prev.Value))
{
m_offset = call.Untyped.Offset;
}
}
}
}
public void VisitNew(NewObj obj)
{
if (m_offset < 0)
{
if (obj.Ctor.ToString().StartsWith("System.Void System.Security.NamedPermissionSet::.ctor(System.String"))
{
int numArgs = obj.Ctor.Parameters.Count;
int entry = numArgs - 1;
int index = m_info.Tracker.GetStackIndex(obj.Index, entry);
if (index >= 0)
{
LoadString load = m_info.Instructions[index] as LoadString;
if (load != null && Array.IndexOf(m_bad, load.Value) >= 0)
{
m_offset = load.Untyped.Offset;
Log.DebugLine(this, "found bad code at {0:X2}", m_offset);
}
}
}
}
}
public void VisitCall(Call call)
{
if (m_offset < 0)
{
// string.Format("x = {0}, y = {1}", x, y)
int numArgs = call.Target.Parameters.Count;
if (numArgs > 1) // ignore stuff like string.Format(Localize("x = {0}"), x);
{
for (int arg = 0; arg < numArgs; ++arg)
{
LoadString load = DoGetStringArg(call, arg);
if (load != null)
{
int numFormatArgs = DoCountFormatArgs(load.Value);
if (numFormatArgs > 0)
{
if (arg + 1 < numArgs && call.Target.Parameters[arg + 1].ParameterType.FullName == "System.Object[]")
{
int arrayLen = DoGetArrayLen(load.Index + 1, call.Index - 1);
if (numFormatArgs != arrayLen)
{
m_offset = call.Untyped.Offset;
Log.DebugLine(this, "format has {0} arguments, but there are {1} params arguments at {2:X2}", numFormatArgs.ToString(), arrayLen, m_offset.ToString());
}
}
else if (numFormatArgs != numArgs - arg - 1)
{
m_offset = call.Untyped.Offset;
Log.DebugLine(this, "format has {0} arguments, but there are {1} actual arguments at {2:X2}", numFormatArgs.ToString(), numArgs - arg - 1, m_offset.ToString());
}
}
}
}
}
}
}
[DisableRule("PO1004", "TempDir")] // it's ok to use /tmp here
public void VisitLoad(LoadString load)
{
if (m_offset < 0 && load.Value.Length > 1)
{
if (load.Value.StartsWith("/tmp"))
{
m_offset = load.Untyped.Offset;
}
else if (load.Value.StartsWith("/var/tmp"))
{
m_offset = load.Untyped.Offset;
}
else if (load.Value.Substring(1).StartsWith(@":\Windows\Temp"))
{
if (char.IsLetter(load.Value[0]))
{
m_offset = load.Untyped.Offset;
}
}
}
}
public void VisitCall(Call call)
{
if (m_offset < 0)
{
if (call.Target.ToString().StartsWith("System.String System.String::Concat("))
{
for (int nth = 0; nth < call.Target.Parameters.Count && m_offset < 0; ++nth)
{
int index = m_info.Tracker.GetStackIndex(call.Index, nth);
if (index >= 0)
{
LoadString load = m_info.Instructions[index] as LoadString;
if (load != null && DoBadString(load.Value))
{
m_offset = call.Untyped.Offset;
Log.DebugLine(this, "bad concat at at {0:X2}", m_offset);
}
}
}
}
}
}