public void OutsideClassDeclaration()
        {
            var unit = GetUnit("WithoutNamespace.cs");

            string qualifiedName = QualifiedNameResolver.Resolve(unit);

            Assert.AreEqual("", qualifiedName);
        }
        public void NestedTypesWithoutNamespace()
        {
            var unit = GetUnit("NestedTypesWithoutNamespace.cs");
            var methodDeclaration = unit.DescendantNodes().OfType <MethodDeclarationSyntax>().First();

            string qualifiedName = QualifiedNameResolver.Resolve(methodDeclaration);

            Assert.AreEqual("Container+Nest", qualifiedName);
        }
        public void NestedTypes()
        {
            var unit = GetUnit("NestedTypes.cs.test");
            var methodDeclaration = unit.DescendantNodes().OfType <MethodDeclarationSyntax>().First();

            string qualifiedName = QualifiedNameResolver.Resolve(methodDeclaration);

            Assert.AreEqual("BankingApp.TestFiles.Container+Nest", qualifiedName);
        }
        public void MultipleNamespaces()
        {
            var unit = GetUnit("MultipleNamespaces.cs");
            var methodDeclaration = unit.DescendantNodes().OfType <MethodDeclarationSyntax>().First();

            string qualifiedName = QualifiedNameResolver.Resolve(methodDeclaration);

            Assert.AreEqual("BankingApp.TestFiles.MultipleNamespaces", qualifiedName);
        }
        public void StringLiteralToken()
        {
            var unit = GetUnit("WithoutNamespace.cs");
            var stringLiteralToken = unit.DescendantTokens()
                                     .Where(n => n.Kind() == SyntaxKind.StringLiteralToken)
                                     .First();

            string qualifiedName = QualifiedNameResolver.Resolve(stringLiteralToken);

            Assert.AreEqual("WithoutNamespace", qualifiedName);
        }
        public override void Analyze(CsFile csFile)
        {
            var assignments = csFile.GetUnit().DescendantNodes().OfType <AssignmentExpressionSyntax>();

            var vulnerabilities = assignments
                                  .Where(IsEcbCipherMode)
                                  .Select(assignment => new Vulnerability
            {
                Code               = "EcbCipherMode",
                Title              = "Unsafe cipher mode used",
                Description        = $"You may leak information by using the ECB cipher mode. Encrypting the same block of bits using this mode returns the same output.",
                FilePath           = csFile.FilePath,
                FullyQualifiedName = QualifiedNameResolver.Resolve(assignment),
                LineNumber         = assignment.Right.GetLocation().GetLineSpan().StartLinePosition.Line + 1
            }).ToList();

            vulnerabilities.ForEach(OnVulnerabilityDiscovered);
        }
        public override void Analyze(CsFile csFile)
        {
            var accessExpressions = csFile.GetUnit().DescendantNodes().OfType <MemberAccessExpressionSyntax>();

            var vulnerabilities = accessExpressions
                                  .Where(expression => expression.Name.ToString() == PhoneNumberProperty)
                                  .Select(expression => new Vulnerability
            {
                Code               = "PhoneNumberAccess",
                Title              = "Access to phone number",
                Description        = $"Be careful accessing the phone number of your user. This is personally identifying information (PII).",
                FilePath           = csFile.FilePath,
                FullyQualifiedName = QualifiedNameResolver.Resolve(expression),
                LineNumber         = expression.GetLocation().GetLineSpan().StartLinePosition.Line + 1
            }).ToList();

            vulnerabilities.ForEach(OnVulnerabilityDiscovered);
        }
Пример #8
0
        public override void Analyze(CsFile csFile)
        {
            var accessExpressions = csFile.GetUnit().DescendantNodes().OfType <MemberAccessExpressionSyntax>();

            var vulnerabilities = accessExpressions
                                  .Where(IsLogMethod)
                                  .Select(expression => new Vulnerability
            {
                Code               = "Logging",
                Title              = "Logging was found",
                Description        = $"Logging was found in the app: Log.{GetMethodName(expression)}(...). Other apps may read the logs.",
                FilePath           = csFile.FilePath,
                FullyQualifiedName = QualifiedNameResolver.Resolve(expression),
                LineNumber         = expression.GetLocation().GetLineSpan().StartLinePosition.Line + 1
            }).ToList();

            vulnerabilities.ForEach(OnVulnerabilityDiscovered);
        }
        public override void Analyze(CsFile csFile)
        {
            var accessExpressions = csFile.GetUnit().DescendantNodes().OfType <MemberAccessExpressionSyntax>();

            var vulnerabilities = accessExpressions
                                  .Where(expression => expression.ToString().Contains(Callback))
                                  .Select(expression => new Vulnerability
            {
                Code               = "CertificateValidation",
                Title              = "Certificate validation overwritten",
                Description        = $"Certificate validation callback is overwritten. This may open the door to man-in-the-middle attacks.",
                FilePath           = csFile.FilePath,
                FullyQualifiedName = QualifiedNameResolver.Resolve(expression),
                LineNumber         = expression.GetLocation().GetLineSpan().StartLinePosition.Line + 1
            }).ToList();

            vulnerabilities.ForEach(OnVulnerabilityDiscovered);
        }
Пример #10
0
        public override void Analyze(CsFile csFile)
        {
            var accessExpressions = csFile.GetUnit().DescendantNodes().OfType <MemberAccessExpressionSyntax>();

            var vulnerabilities = accessExpressions
                                  .Where(expression => expression.ToString() == WorldReadableMode)
                                  .Select(expression => new Vulnerability
            {
                Code               = "WorldReadable",
                Title              = "WorldReadable file found",
                Description        = $"A WorldReadable file may expose sensitive data to other apps.",
                FilePath           = csFile.FilePath,
                FullyQualifiedName = QualifiedNameResolver.Resolve(expression),
                LineNumber         = expression.GetLocation().GetLineSpan().StartLinePosition.Line + 1
            }).ToList();

            vulnerabilities.ForEach(OnVulnerabilityDiscovered);
        }
        public override void Analyze(CsFile csFile)
        {
            var invocations = csFile.GetUnit().DescendantNodes().OfType <InvocationExpressionSyntax>();

            var vulnerabilities = invocations
                                  .Where(IsPermissionCheck)
                                  .Select(invocation =>
                                          new Vulnerability
            {
                Code               = "CheckPermission",
                Title              = "Permissions may not be enforced",
                Description        = $"Permissions may not be enforced when using this method in an exported component: {GetMethodName(invocation)}(...).",
                FilePath           = csFile.FilePath,
                FullyQualifiedName = QualifiedNameResolver.Resolve(invocation),
                LineNumber         = invocation.GetLocation().GetLineSpan().StartLinePosition.Line + 1
            }).ToList();

            vulnerabilities.ForEach(OnVulnerabilityDiscovered);
        }
        public override void Analyze(CsFile csFile)
        {
            var accessExpressions = csFile.GetUnit().DescendantNodes().OfType <MemberAccessExpressionSyntax>();

            var vulnerabilities = accessExpressions
                                  .Where(expression => expression.ToString().Contains(Callback))
                                  .Select(expression => new Vulnerability
            {
                Code               = "CertificateValidation",
                Title              = "Certificate validation overwritten",
                SeverityLevel      = SeverityLevel.High,
                Description        = $"Certificate validation is overwritten. Incorrectly implementing this validation may open the door to man-in-the-middle attacks. Please check your implementation to see if your vulnerable (e.g. always returning true).",
                FilePath           = csFile.FilePath,
                FullyQualifiedName = QualifiedNameResolver.Resolve(expression),
                LineNumber         = expression.GetLocation().GetLineSpan().StartLinePosition.Line + 1
            }).ToList();

            vulnerabilities.ForEach(OnVulnerabilityDiscovered);
        }
Пример #13
0
        public override void Analyze(CsFile csFile)
        {
            var invocations = csFile.GetUnit().DescendantNodes().OfType <InvocationExpressionSyntax>();

            var expressions = invocations.Select(expression => expression.Expression);

            var vulnerabilities = expressions
                                  .Where(IsExternalStorageMethod)
                                  .Select(expression => new Vulnerability
            {
                Code               = "ExternalStorage",
                Title              = "External storage is used",
                Description        = $"Files on external storage can be accessed by any app. Check this method: {GetMethodName(expression)}(...).",
                FilePath           = csFile.FilePath,
                FullyQualifiedName = QualifiedNameResolver.Resolve(expression),
                LineNumber         = expression.GetLocation().GetLineSpan().StartLinePosition.Line + 1
            }).ToList();

            vulnerabilities.ForEach(OnVulnerabilityDiscovered);
        }
Пример #14
0
        public override void Analyze(CsFile csFile)
        {
            var stringLiteralTokens = csFile.GetUnit().DescendantTokens()
                                      .Where(n => n.Kind() == SyntaxKind.StringLiteralToken);

            var vulnerabilities = stringLiteralTokens
                                  .Where(IsHttpUrl)
                                  .Where(IsNotIgnored)
                                  .Select(literal => new Vulnerability
            {
                Code               = "HardcodedHttpUrl",
                Title              = "Hardcoded HTTP URL found",
                Description        = $"HTTP traffic may not be encrypted, which opens the door to man-in-the-middle attacks. HTTP URL: {literal.ValueText}.",
                FilePath           = csFile.FilePath,
                FullyQualifiedName = QualifiedNameResolver.Resolve(literal),
                LineNumber         = literal.GetLocation().GetLineSpan().StartLinePosition.Line + 1
            }).ToList();

            vulnerabilities.ForEach(OnVulnerabilityDiscovered);
        }
        public override void Analyze(CsFile csFile)
        {
            var assignments = csFile.GetUnit().DescendantNodes().OfType <AssignmentExpressionSyntax>();

            var accessExpressions = assignments
                                    .Where(expression => expression.Left is MemberAccessExpressionSyntax)
                                    .Select(expression => (MemberAccessExpressionSyntax)expression.Left);

            var vulnerabilities = accessExpressions
                                  .Where(expression => expression.Name.ToString() == _javaScriptEnabledProperty)
                                  .Select(expression => new Vulnerability
            {
                Code               = "JavaScriptEnabled",
                Title              = "JavaScript enabled in WebView",
                Description        = $"Enabling JavaScript in a WebView opens the door to XSS attacks.",
                FilePath           = csFile.FilePath,
                FullyQualifiedName = QualifiedNameResolver.Resolve(expression),
                LineNumber         = expression.GetLocation().GetLineSpan().StartLinePosition.Line + 1
            }).ToList();

            vulnerabilities.ForEach(OnVulnerabilityDiscovered);
        }
        public override void Analyze(CsFile csFile)
        {
            var invocationExpressions = csFile.GetUnit().DescendantNodes().OfType <InvocationExpressionSyntax>();

            var accessExpressions = invocationExpressions
                                    .Where(expression => expression.Expression is MemberAccessExpressionSyntax)
                                    .Select(expression => (MemberAccessExpressionSyntax)expression.Expression);

            var vulnerabilities = accessExpressions
                                  .Where(expression => expression.Name.ToString() == _addJavascriptInterfaceMethod)
                                  .Select(expression => new Vulnerability
            {
                Code               = "JavascriptInterface",
                Title              = "JavascriptInterface is added to a WebView",
                Description        = $"Adding a JavascriptInterface to a WebView might allow remote code execution attacks.",
                FilePath           = csFile.FilePath,
                FullyQualifiedName = QualifiedNameResolver.Resolve(expression),
                LineNumber         = expression.GetLocation().GetLineSpan().StartLinePosition.Line + 1
            }).ToList();

            vulnerabilities.ForEach(OnVulnerabilityDiscovered);
        }
        public void SyntaxNodeIsNull()
        {
            string qualifiedName = QualifiedNameResolver.Resolve(null);

            Assert.AreEqual("", qualifiedName);
        }