public IEnumerable <VulnerabilityDetail> FindVulnerabilties(SyntaxNode syntaxNode, string filePath, SemanticModel model = null, Solution solution = null) { List <VulnerabilityDetail> vulnerabilities = new List <VulnerabilityDetail>(); IEnumerable <SyntaxNode> classDeclarations = syntaxNode.DescendantNodesAndSelf().OfType <ClassDeclarationSyntax>(); classDeclarations = classDeclarations.Union(syntaxNode.DescendantNodesAndSelf().OfType <StructDeclarationSyntax>()); foreach (var declaration in classDeclarations) { var symbol = (INamedTypeSymbol)model.GetDeclaredSymbol(declaration); if (symbol == null) { continue; } var fields = symbol.GetMembers().Where(m => m.Kind == SymbolKind.Field).OfType <IFieldSymbol>(); if (!fields.Any()) { continue; } var properties = GetExplictlyDeclaredProperties(symbol); if (!properties.Any()) { continue; } var propertyToField = new PropertyToField(fields); var allPropertyData = CollectPropertyData(properties, model.Compilation); // Check that if there is a single matching field name it is used by the property foreach (var data in allPropertyData) { var expectedField = propertyToField.GetMatchingField(data.PropertySymbol); if (expectedField != null) { SyntaxNodeOrToken unsafeNodeOrToken = null; if (!data.IgnoreGetter) { unsafeNodeOrToken = CheckExpectedFieldIsUsed(data.PropertySymbol.GetMethod, expectedField, data.ReadFields); if (unsafeNodeOrToken != null) { vulnerabilities.Add(VulnerabilityDetail.Create(filePath, unsafeNodeOrToken, Enums.ScannerType.PropertyAccessor, string.Format(message, "getter", unsafeNodeOrToken))); } } if (!data.IgnoreSetter) { unsafeNodeOrToken = CheckExpectedFieldIsUsed(data.PropertySymbol.SetMethod, expectedField, data.UpdatedFields); if (unsafeNodeOrToken != null) { vulnerabilities.Add(VulnerabilityDetail.Create(filePath, unsafeNodeOrToken, Enums.ScannerType.PropertyAccessor, string.Format(message, "setter", unsafeNodeOrToken))); } } } } } return(vulnerabilities); }
protected bool MatchPropertyToField(MemberInfo subject) { PropertyInfo property = subject as PropertyInfo; if (property == null) { return(false); } FieldInfo fieldInfo = PropertyToField.GetBackFieldInfo(property); return(fieldInfo != null); }
protected bool MatchReadOnlyProperty(MemberInfo subject) { PropertyInfo property = subject as PropertyInfo; if (property == null) { return(false); } if (CanReadCantWriteInsideType(property) || CanReadCantWriteInBaseType(property)) { return(PropertyToField.GetBackFieldInfo(property) == null); } return(false); }
private static bool IsSetFieldType(MemberInfo mi, bool declared) { var propertyTypeIsSet = mi.GetPropertyOrFieldType() .GetGenericIntercafesTypeDefinitions() .Contains(typeof(ISet <>)); if (propertyTypeIsSet) { return(true); } var backFieldInfo = PropertyToField.GetBackFieldInfo((PropertyInfo)mi); return(backFieldInfo != null && backFieldInfo .FieldType.GetGenericIntercafesTypeDefinitions().Contains(typeof(ISet <>))); }
protected bool MatchNoSetterProperty(MemberInfo subject) { PropertyInfo property = subject as PropertyInfo; if (property == null || property.CanWrite || !property.CanRead) { return(false); } FieldInfo fieldInfo = PropertyToField.GetBackFieldInfo(property); if (fieldInfo != null) { return(fieldInfo.FieldType == property.PropertyType); } return(false); }