public override Task <ByteCodeAnalyzerResult> Analyze() { try { IEnumerable <MethodDefinition> methods = from type in this.Module.Types.Cast <TypeDefinition>() from method in type.Methods.Cast <MethodDefinition>() select method; IEnumerable <TypeReference> type_references = this.Module.GetTypeReferences().Where(tr => tr.Name == "SHA1CryptoServiceProvider" || tr.Name == "MD5CryptoServiceProvider"); if (type_references != null && type_references.Any()) { foreach (TypeReference tr in type_references) { this.ScriptEnvironment.Info("Type reference to SHA1CryptoServiceProvider found in module {0}", this.Module.Name); } foreach (MethodDefinition md in methods) { this.ScriptEnvironment.Debug("Method {0} returns {1}.", md.Name, md.MethodReturnType.ReturnType.Name); foreach (Instruction i in md.Body.Instructions.Where(i => i.OpCode == OpCodes.Call || i.OpCode == OpCodes.Callvirt && i.Operand != null)) { MethodReference mr = (MethodReference)i.Operand; if (mr.FullName.Contains("System.Security.Cryptography.HashAlgorithm::ComputeHash")) { this.ScriptEnvironment.Info("Detected a call to System.Security.Cryptography.HashAlgorithm::ComputeHash in method {0}", md.FullName); this.AnalyzerResult = new ByteCodeAnalyzerResult() { Analyzer = this, Executed = true, Succeded = true, IsVulnerable = true, ModuleName = this.Module.Name, LocationDescription = md.FullName }; return(Task.FromResult(this.AnalyzerResult)); } } } return(Task.FromResult(new ByteCodeAnalyzerResult() { Analyzer = this, ModuleName = this.Module.Name, Executed = true, Succeded = true, IsVulnerable = false, })); } else { return(Task.FromResult(new ByteCodeAnalyzerResult() { Analyzer = this, ModuleName = this.Module.Name, Executed = true, Succeded = true, IsVulnerable = false, })); } } catch (Exception e) { ScriptEnvironment.Error(e); List <Exception> exceptions = new List <Exception> { e }; if (e.InnerException != null) { exceptions.Add(e.InnerException); } return(Task.FromResult(new ByteCodeAnalyzerResult() { Analyzer = this, ModuleName = this.Module.Name, Executed = true, Succeded = false, Exceptions = exceptions, IsVulnerable = false, })); } }
public override Task <ByteCodeAnalyzerResult> Analyze() { if (!this.ApplicationOptions.ContainsKey("GendarmeRules")) { return(Task.FromResult(this.AnalyzerResult)); } try { DevAuditGendarmeRunner runner = new DevAuditGendarmeRunner(this.Module.Assembly, (string)this.ApplicationOptions["GendarmeRules"], this.ScriptEnvironment); runner.Execute(); // casting to Severity int saves a ton of memory since IComparable<T> can be used instead of IComparable var query = from n in runner.Defects orderby(int) n.Severity, n.Rule.Name select n; if (query.Any()) { /* * List<ByteCodeAnalyzerResult> results = query.Select(d => new ByteCodeAnalyzerResult() * { * Analyzer = this, * Executed = true, * Succeded = true, * IsVulnerable = true, * Severity = (int) d.Severity, * LocationDescription = d.Location.ToString(), * Confidence = (int) d.Confidence, * ModuleName = this.Module.Name, * Problem = d.Text, * Resolution = d.Rule.Solution * }).ToList(); */ List <string> diagnostics = query.Select(d => string.Format("Name: {0}\nProblem: {1}\nLocation: {2}\nSeverity: {3}", d.Rule.Name, d.Rule.Problem, d.Location, d.Severity.ToString())).ToList(); return(Task.FromResult(new ByteCodeAnalyzerResult() { Analyzer = this, Executed = true, Succeded = true, IsVulnerable = true, DiagnosticMessages = diagnostics, LocationDescription = "See diagnostics.", ModuleName = this.Module.Name })); } else { return(Task.FromResult(new ByteCodeAnalyzerResult() { Analyzer = this, Executed = true, Succeded = true, IsVulnerable = false, ModuleName = this.Module.Name })); } } catch (Exception e) { ScriptEnvironment.Error(e); return(Task.FromResult(new ByteCodeAnalyzerResult() { Analyzer = this, Executed = true, Succeded = false, Exceptions = new List <Exception>() { e }, IsVulnerable = false, ModuleName = this.Module.Name })); } }