private void AnalyzeObjectCreationInternal(OperationAnalysisContext context, ISymbol variable, IOperation valueOpt)
{
IObjectCreationOperation objCreation = valueOpt as IObjectCreationOperation;
if (objCreation == null)
{
return;
}
if (_objectCreationOperationsAnalyzed.Contains(objCreation))
{
return;
}
else
{
_objectCreationOperationsAnalyzed.Add(objCreation);
}
if (SecurityDiagnosticHelpers.IsXmlDocumentCtorDerived(objCreation.Constructor, _xmlTypes))
{
AnalyzeObjectCreationForXmlDocument(context, variable, objCreation);
}
else if (SecurityDiagnosticHelpers.IsXmlTextReaderCtorDerived(objCreation.Constructor, _xmlTypes))
{
AnalyzeObjectCreationForXmlTextReader(context, variable, objCreation);
}
else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsCtor(objCreation.Constructor, _xmlTypes))
{
AnalyzeObjectCreationForXmlReaderSettings(context, variable, objCreation);
}
else
{
AnalyzeMethodOverloads(context, objCreation.Constructor, objCreation.Arguments, objCreation.Syntax);
}
}
protected void AnalyzeObjectCreation(ISymbol variableSymbol,
SyntaxNode objectCreationNode,
SemanticModel model,
Action <Diagnostic> reportDiagnostic)
{
if (!(SyntaxNodeHelper.GetSymbol(objectCreationNode, model) is IMethodSymbol symbol))
{
return;
}
if (OjectCreationOperationsAnalyzed.Contains(objectCreationNode))
{
return;
}
OjectCreationOperationsAnalyzed.Add(objectCreationNode);
if (SecurityDiagnosticHelpers.IsXmlDocumentCtorDerived(symbol, XmlTypes))
{
var env = AnalyzeObjectCreationForXmlDocument(symbol, objectCreationNode, model);
if (variableSymbol != null)
{
XmlDocumentEnvironments[variableSymbol] = env;
}
else
{
TempXmlDocumentEnvironments[objectCreationNode] = env;
}
}
else if (SecurityDiagnosticHelpers.IsXmlTextReaderCtorDerived(symbol, XmlTypes))
{
var env = AnalyzeObjectCreationForXmlTextReader(symbol, objectCreationNode, model);
if (variableSymbol != null)
{
XmlTextReaderEnvironments[variableSymbol] = env;
}
else
{
TempXmlTextReaderEnvironments[objectCreationNode] = env;
}
}
else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsCtor(symbol, XmlTypes))
{
var env = AnalyzeObjectCreationForXmlReaderSettings(objectCreationNode, model);
if (variableSymbol != null)
{
XmlReaderSettingsEnvironments[variableSymbol] = env;
}
else
{
TempXmlReaderSettingsEnvironments[objectCreationNode] = env;
}
}
else if (symbol.MatchMethodByName(XmlTypes.XPathDocument, WellKnownMemberNames.InstanceConstructorName))
{
if (AreDefaultsSecure)
{
return;
}
var diag = Diagnostic.Create(XxeDiagnosticAnalyzer.Rule, objectCreationNode.GetLocation());
reportDiagnostic(diag);
}
}