C# (CSharp) IInvocationExpressionVulnerableSyntaxNodeFactory.Create примеры использования

Пример #1

Файл: ResponseRedirectAnalyzer.cs Проект: pumasecurity/puma-scan

        public override void GetSinks(SyntaxNodeAnalysisContext context, DiagnosticId ruleId)
        {
            var syntax = context.Node as InvocationExpressionSyntax;

            if (!_expressionSyntaxAnalyzer.IsVulnerable(context.SemanticModel, syntax, ruleId))
            {
                return;
            }

            if (VulnerableSyntaxNodes.All(p => p.Sink.GetLocation() != syntax?.GetLocation()))
            {
                VulnerableSyntaxNodes.Push(_vulnerableSyntaxNodeFactory.Create(syntax));
            }
        }

Пример #2

Файл: IOFileAnalyzer.cs Проект: likescam/puma-scan_code-realtime-scan

        public override void GetSinks(SyntaxNodeAnalysisContext context, DiagnosticId ruleId)
        {
            var syntax = context.Node as InvocationExpressionSyntax;

            if (_fileReadExpressionAnalyzer.IsVulnerable(context.SemanticModel, syntax, ruleId))
            {
                if (VulnerableSyntaxNodes.All(p => p.Sink.GetLocation() != syntax?.GetLocation()))
                {
                    VulnerableSyntaxNodes.Push(_vulnerableSyntaxNodeFactory.Create(syntax, "file read"));
                }
            }

            if (_fileWriteExpressionAnalyzer.IsVulnerable(context.SemanticModel, syntax, ruleId))
            {
                if (VulnerableSyntaxNodes.All(p => p.Sink.GetLocation() != syntax?.GetLocation()))
                {
                    VulnerableSyntaxNodes.Push(_vulnerableSyntaxNodeFactory.Create(syntax, "file write"));
                }
            }

            if (_fileOpenExpressionAnalyzer.IsVulnerable(context.SemanticModel, syntax, ruleId))
            {
                if (VulnerableSyntaxNodes.All(p => p.Sink.GetLocation() != syntax?.GetLocation()))
                {
                    VulnerableSyntaxNodes.Push(_vulnerableSyntaxNodeFactory.Create(syntax, "file open"));
                }
            }

            if (_fileDeleteExpressionAnalyzer.IsVulnerable(context.SemanticModel, syntax, ruleId))
            {
                if (VulnerableSyntaxNodes.All(p => p.Sink.GetLocation() != syntax?.GetLocation()))
                {
                    VulnerableSyntaxNodes.Push(_vulnerableSyntaxNodeFactory.Create(syntax, "file delete"));
                }
            }
        }

Пример #3

Файл: MvcRedirectAnalyzer.cs Проект: likescam/puma-scan_code-realtime-scan

        public override void GetSinks(SyntaxNodeAnalysisContext context, DiagnosticId ruleId)
        {
            var syntax = context.Node as InvocationExpressionSyntax;

            if (!_expressionSyntaxAnalyzer.IsVulnerable(context.SemanticModel, syntax, ruleId))
            {
                return;
            }

            //TODO: NEEDS A CUSTOM IMPLEMENTATION TO CHECK IF PARM1 STARTS W/ A NON-TAINTED VALUE.
            //E.G. CONFIGSETTING + Request PARM IS OK / FALSE POSITIVE
            //TODO: NEEDS CLEANSE METHOD AS WELL
            if (VulnerableSyntaxNodes.All(p => p.Sink.GetLocation() != syntax?.GetLocation()))
            {
                VulnerableSyntaxNodes.Push(_vulnerableSyntaxNodeFactory.Create(syntax));
            }
        }