public override void VisitAssignment(VisualBasicSyntaxNode node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState) { if (behavior != null || //Unknown API symbol == null || variableRightState.Taint != VariableTaint.Constant || Microsoft.CodeAnalysis.VisualBasic.VisualBasicExtensions.Kind(variableRightState.Node) != Microsoft.CodeAnalysis.VisualBasic.SyntaxKind.StringLiteralExpression || !IsPasswordField(symbol)) { return; } var constValue = state.AnalysisContext.SemanticModel.GetConstantValue(variableRightState.Node); if (constValue.HasValue && constValue.Value.Equals("")) { return; } var varSymbol = state.GetSymbol(variableRightState.Node); if (varSymbol != null && varSymbol.IsType("System.String.Empty")) { return; } var diagnostic = Diagnostic.Create(Rule, node.GetLocation()); state.AnalysisContext.ReportDiagnostic(diagnostic); }
public virtual void VisitAssignment(VisualBasicSyntaxNode node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState) { }
public override void VisitAssignment(VisualBasicSyntaxNode node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState) { if (node is VBSyntax.AssignmentStatementSyntax || node is VBSyntax.NamedFieldInitializerSyntax) { TagVariables(symbol, variableRightState); } }
private VariableState VisitAssignment(VisualBasicSyntaxNode node, ExpressionSyntax leftExpression, ExpressionSyntax rightExpression, ExecutionState state) { var leftSymbol = state.GetSymbol(leftExpression); MethodBehavior behavior = null; if (leftSymbol != null) { behavior = leftSymbol.GetMethodBehavior(state.AnalysisContext.Options.AdditionalFiles); } var variableState = VisitExpression(rightExpression, state); //Additional analysis by extension foreach (var ext in Extensions) { ext.VisitAssignment(node, state, behavior, leftSymbol, variableState); } if (leftSymbol != null) { var rightTypeSymbol = state.AnalysisContext.SemanticModel.GetTypeInfo(rightExpression).Type; if (rightTypeSymbol == null) { return(new VariableState(rightExpression, VariableTaint.Unknown)); } var leftTypeSymbol = state.AnalysisContext.SemanticModel.GetTypeInfo(leftExpression).Type; if (!state.AnalysisContext.SemanticModel.Compilation.ClassifyConversion(rightTypeSymbol, leftTypeSymbol).Exists) { return(new VariableState(rightExpression, VariableTaint.Unknown)); } } if (behavior != null && //Injection behavior.IsInjectableField && variableState.Taint != VariableTaint.Constant && //Skip safe values variableState.Taint != VariableTaint.Safe) { var newRule = LocaleUtil.GetDescriptor(behavior.LocaleInjection, "title_assignment"); var diagnostic = Diagnostic.Create(newRule, node.GetLocation()); state.AnalysisContext.ReportDiagnostic(diagnostic); } if (behavior != null && //Known Password API behavior.IsPasswordField && variableState.Taint == VariableTaint.Constant) //Only constant { var newRule = LocaleUtil.GetDescriptor(behavior.LocalePassword, "title_assignment"); var diagnostic = Diagnostic.Create(newRule, node.GetLocation()); state.AnalysisContext.ReportDiagnostic(diagnostic); } //TODO: taint the variable being assigned. return(variableState); }
public override void VisitAssignment(VisualBasicSyntaxNode node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState) { Analyzer.VisitAssignment(symbol, variableRightState); }
private static StatementSyntax ReturnStatement(VisualBasicSyntaxNode vbExpression) { return(vbExpression == null ? SyntaxFactory.ReturnStatement() : vbExpression.IsKind(SyntaxKind.EmptyStatement) ? SyntaxFactory.ReturnStatement().WithTriviaFrom(vbExpression) : SyntaxFactory.ReturnStatement((ExpressionSyntax)vbExpression)); }
StatementSyntax GetStatementSyntax(VisualBasicSyntaxNode node, Func <ExpressionSyntax, StatementSyntax> create) { if (node is StatementSyntax) { return((StatementSyntax)node); } return(create(node as ExpressionSyntax)); }
public static bool PrecedenceCouldChange(this VisualBasicSyntaxNode node) { bool parentIsBinaryExpression = node is BinaryExpressionSyntax; bool parentIsReturn = node.Parent is ReturnStatementSyntax; bool parentIsLambda = node.Parent is LambdaExpressionSyntax; bool parentIsNonArgumentExpression = node.Parent is Microsoft.CodeAnalysis.VisualBasic.Syntax.ExpressionSyntax && !(node.Parent is ArgumentSyntax); bool parentIsParenthesis = node.Parent is ParenthesizedExpressionSyntax; return(parentIsNonArgumentExpression && !parentIsBinaryExpression && !parentIsReturn && !parentIsLambda && !parentIsParenthesis); }
public override void VisitAssignment(VisualBasicSyntaxNode node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState) { if (behavior == null && //Unknown API (symbol != null && IsPasswordField(symbol)) && variableRightState.taint == VariableTaint.CONSTANT //Only constant ) { var diagnostic = Diagnostic.Create(Rule, node.GetLocation()); state.AnalysisContext.ReportDiagnostic(diagnostic); } }
public override void VisitAssignment(VisualBasicSyntaxNode node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState) { if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure")) { variableRightState.AddTag(VariableTag.HttpCookieSecure); } else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly")) { variableRightState.AddTag(VariableTag.HttpCookieHttpOnly); } }
public static Boolean IsOnLineByItself(VisualBasicSyntaxNode node) { Boolean result = false; // Seems like Trivia is Trivia No notion of with our without :) string existingLeadingTrivia = node.GetLeadingTrivia().ToString(); //string existingLeadingTriviaFull = node.GetLeadingTrivia().ToFullString(); string existingTrailingTrivia = node.GetTrailingTrivia().ToString(); //string existingTrailingTriviaFull = node.GetTrailingTrivia().ToFullString(); if (String.IsNullOrWhiteSpace(existingLeadingTrivia) && String.IsNullOrWhiteSpace(existingTrailingTrivia)) { result = true; } else { var triviaList = node.GetLeadingTrivia().ToSyntaxTriviaList(); Boolean leadingTriviaResult = false; foreach (SyntaxTrivia syntaxTrivia in node.GetLeadingTrivia().ToSyntaxTriviaList()) { var triviaKind = syntaxTrivia.Kind(); if (triviaKind == SyntaxKind.EndOfLineTrivia || triviaKind == SyntaxKind.WhitespaceTrivia || triviaKind == SyntaxKind.CommentTrivia) { leadingTriviaResult = true; } } Boolean trailingTriviaResult = false; foreach (SyntaxTrivia syntaxTrivia in node.GetTrailingTrivia().ToSyntaxTriviaList()) { var triviaKind = syntaxTrivia.Kind(); if (triviaKind == SyntaxKind.EndOfLineTrivia || triviaKind == SyntaxKind.WhitespaceTrivia || triviaKind == SyntaxKind.CommentTrivia) { trailingTriviaResult = true; } } result = leadingTriviaResult & trailingTriviaResult; } return(result); }
public static string GetContainingContext(VisualBasicSyntaxNode node, CodeAnalysisOptions displayInfo) { string ancestorContext = GetAncestorContext(node, displayInfo); string classModuleContext = GetClassModuleContext(node, displayInfo); string methodContext = GetMethodContext(node, displayInfo); string sourceContext = GetSourceContext(node, displayInfo); return(ancestorContext + classModuleContext + methodContext + sourceContext); }
public static T WithCsTrailingErrorComment <T>(this T dummyDestNode, VisualBasicSyntaxNode sourceNode, Exception exception) where T : CSharpSyntaxNode { var errorDirective = SyntaxFactory.ParseTrailingTrivia($"#error Cannot convert {sourceNode.GetType().Name} - see comment for details{Environment.NewLine}"); var errorDescription = sourceNode.DescribeConversionError(exception); var commentedText = "/* " + errorDescription + " */"; var trailingTrivia = SyntaxFactory.TriviaList(errorDirective.Concat(SyntaxFactory.Comment(commentedText))); return(dummyDestNode .WithTrailingTrivia(trailingTrivia) .WithAdditionalAnnotations(new SyntaxAnnotation(AnnotationConstants.ConversionErrorAnnotationKind, exception.ToString()))); }
private SyntaxList <StatementSyntax> CreateForEachStatement(VisualBasicSyntaxNode vbVariable, CSS.ExpressionSyntax csExpression, CSS.StatementSyntax csStatement, params StatementSyntax[] prefixExtraVbStatements) { var expression = (ExpressionSyntax)csExpression.Accept(_nodesVisitor); var stmt = ConvertBlock(csStatement, prefixExtraVbStatements); var block = SyntaxFactory.ForEachBlock( SyntaxFactory.ForEachStatement(vbVariable, expression), stmt, SyntaxFactory.NextStatement() ); return(SyntaxFactory.SingletonList <StatementSyntax>(block)); }
string MakeGotoSwitchLabel(VisualBasicSyntaxNode expression) { string expressionText; if (expression is ElseCaseClauseSyntax) { expressionText = "Default"; } else { expressionText = expression.ToString().Replace('.', '_'); } return($"_Select{_switchCount}_Case{expressionText}"); }
private static string GetMethodContext(VisualBasicSyntaxNode node, CodeAnalysisOptions displayInfo) { string methodContext = ""; if (displayInfo.DisplayMethodName) { methodContext += string.Format(" Method:({0, -35})", Helpers.VB.GetContainingMethodName(node)); } else if (displayInfo.DisplayContainingMethodBlock) { methodContext += string.Format(" MethodBlock:({0})", Helpers.VB.GetContainingMethodBlock(node)); } return(methodContext); }
private VariableState VisitAssignment(VisualBasicSyntaxNode node, ExpressionSyntax leftExpression, ExpressionSyntax rightExpression, ExecutionState state) { var leftSymbol = state.GetSymbol(leftExpression); MethodBehavior behavior = null; if (leftSymbol != null) { behavior = leftSymbol.GetMethodBehavior(ProjectConfiguration.Behavior); } var variableState = VisitExpression(rightExpression, state); //Additional analysis by extension foreach (var ext in Extensions) { ext.VisitAssignment(node, state, behavior, leftSymbol, variableState); } //if (leftSymbol != null) //{ // var rightTypeSymbol = state.AnalysisContext.SemanticModel.GetTypeInfo(rightExpression).Type; // if (rightTypeSymbol == null) // return new VariableState(rightExpression, VariableTaint.Unknown); // var leftTypeSymbol = state.AnalysisContext.SemanticModel.GetTypeInfo(leftExpression).Type; // if (!state.AnalysisContext.SemanticModel.Compilation.ClassifyConversion(rightTypeSymbol, leftTypeSymbol).Exists) // return new VariableState(rightExpression, VariableTaint.Unknown); //} if (variableState.Taint != VariableTaint.Constant && behavior != null && // compare if all required sanitization bits are set ((ulong)(variableState.Taint & VariableTaint.Safe) & behavior.InjectableField.RequiredTaintBits) != behavior.InjectableField.RequiredTaintBits && (variableState.Taint & (ProjectConfiguration.AuditMode ? VariableTaint.Tainted | VariableTaint.Unknown : VariableTaint.Tainted)) != 0) { var newRule = LocaleUtil.GetDescriptor(behavior.InjectableField.Locale, "title_assignment"); var diagnostic = Diagnostic.Create(newRule, node.GetLocation()); state.AnalysisContext.ReportDiagnostic(diagnostic); } //TODO: taint the variable being assigned. return(variableState); }
private void AddRegionData(VisualBasicSyntaxNode node) { /* * * どうやら、GetDirectives() が、階層関係なく再帰的に取得してくるみたい、かつ各ブロックで、ところどころ該当する同じ値を取得してくるので、 * トップレベルのノードだけで、全ての #Region を取得して返却する * * 宣言順にリスト登録されている。対応する開始 Region と終了 Region を取得するため、スタックを利用する * (開始ノードが、終了分までの情報を持っていない) * * */ var regionStack = new Stack <DirectiveTriviaSyntax>(); foreach (var child in node.GetDirectives()) { var childKind = child.Kind(); switch (childKind) { case SyntaxKind.RegionDirectiveTrivia: regionStack.Push(child); break; case SyntaxKind.EndRegionDirectiveTrivia: var startSyntax = regionStack.Pop(); var startLength = startSyntax.Span.Start; var endLength = child.Span.End; // #Region "aaa" のうち、冒頭の「#Region」と文字列を囲うダブルコーテーションを除去 var header = startSyntax.ToString(); header = header.Substring("#Region ".Length); header = header.Substring(1); header = header.Substring(0, header.Length - 1); Items.Add(new FoldingData { Name = header, StartOffset = startLength, EndOffset = endLength, }); break; } } }
public static string GetContainingMethodBlock(VisualBasicSyntaxNode node) { string methodBlock = "<METHODBLOCK>"; var a5 = node.Ancestors() .Where(x => x.IsKind(SyntaxKind.FunctionBlock) || x.IsKind(SyntaxKind.SubBlock)) .Cast <MethodBlockSyntax>().ToList(); if (a5.Count > 0) { methodBlock = node.Ancestors() .Where(x => x.IsKind(SyntaxKind.FunctionBlock) || x.IsKind(SyntaxKind.SubBlock)) .Cast <MethodBlockSyntax>().FirstOrDefault().ToString(); } return(methodBlock); }
public static bool PrecedenceCouldChange(this VisualBasicSyntaxNode node) { bool parentIsSameBinaryKind = node is BinaryExpressionSyntax && node.Parent is BinaryExpressionSyntax parent && parent.Kind() == node.Kind(); bool parentIsReturn = node.Parent is ReturnStatementSyntax; bool parentIsLambda = node.Parent is LambdaExpressionSyntax; bool parentIsNonArgumentExpression = node.Parent is Microsoft.CodeAnalysis.VisualBasic.Syntax.ExpressionSyntax && !(node.Parent is ArgumentSyntax); bool parentIsParenthesis = node.Parent is ParenthesizedExpressionSyntax; // Could be a full C# precedence table - this is just a common case bool parentIsAndOr = node.Parent.IsKind(SyntaxKind.AndAlsoExpression, SyntaxKind.OrElseExpression); bool nodeIsRelationalOrEqual = node.IsKind(SyntaxKind.EqualsExpression, SyntaxKind.NotEqualsExpression, SyntaxKind.LessThanExpression, SyntaxKind.LessThanOrEqualExpression, SyntaxKind.GreaterThanExpression, SyntaxKind.GreaterThanOrEqualExpression); bool csharpPrecedenceSame = parentIsAndOr && nodeIsRelationalOrEqual; return(parentIsNonArgumentExpression && !parentIsSameBinaryKind && !parentIsReturn && !parentIsLambda && !parentIsParenthesis && !csharpPrecedenceSame); }
public static string GetContainingMethodName(VisualBasicSyntaxNode node) { string methodName = "none"; var a5 = node.Ancestors() .Where(x => x.IsKind(SyntaxKind.FunctionBlock) || x.IsKind(SyntaxKind.SubBlock)) .Cast <MethodBlockSyntax>().ToList(); if (a5.Count > 0) { methodName = node.Ancestors() .Where(x => x.IsKind(SyntaxKind.FunctionBlock) || x.IsKind(SyntaxKind.SubBlock)) .Cast <MethodBlockSyntax>().First().SubOrFunctionStatement.Identifier.ToString(); } return(methodName); }
private VariableState VisitAssignment(VisualBasicSyntaxNode node, ExpressionSyntax leftExpression, ExpressionSyntax rightExpression, ExecutionState state) { var symbol = state.GetSymbol(leftExpression); MethodBehavior behavior = behaviorRepo.GetMethodBehavior(symbol); var variableState = VisitExpression(rightExpression, state); //Additionnal analysis by extension foreach (var ext in extensions) { ext.VisitAssignment(node, state, behavior, symbol, variableState); } IdentifierNameSyntax parentIdentifierSyntax = GetParentIdentifier(leftExpression); if (parentIdentifierSyntax != null) { state.MergeValue(ResolveIdentifier(parentIdentifierSyntax.Identifier), variableState); } if (behavior != null && //Injection behavior.isInjectableField && variableState.taint != VariableTaint.CONSTANT && //Skip safe values variableState.taint != VariableTaint.SAFE) { var newRule = LocaleUtil.GetDescriptor(behavior.localeInjection); var diagnostic = Diagnostic.Create(newRule, node.GetLocation()); state.AnalysisContext.ReportDiagnostic(diagnostic); } if (behavior != null && //Known Password API behavior.isPasswordField && variableState.taint == VariableTaint.CONSTANT //Only constant ) { var newRule = LocaleUtil.GetDescriptor(behavior.localePassword); var diagnostic = Diagnostic.Create(newRule, node.GetLocation()); state.AnalysisContext.ReportDiagnostic(diagnostic); } //TODO: tainted the variable being assign. return(variableState); }
public TypeSyntax ToCsTypeSyntax(ITypeSymbol typeSymbol, VisualBasicSyntaxNode contextNode) { if (typeSymbol.IsNullable()) { return(SyntaxFactory.NullableType(ToCsTypeSyntax(typeSymbol.GetNullableUnderlyingType(), contextNode))); } var predefined = typeSymbol.SpecialType.GetPredefinedKeywordKind(); if (predefined != Microsoft.CodeAnalysis.CSharp.SyntaxKind.None) { return(SyntaxFactory.PredefinedType(SyntaxFactory.Token(predefined))); } var typeName = typeSymbol.ToMinimalCSharpDisplayString(_semanticModel, contextNode.SpanStart); return(SyntaxFactory.ParseTypeName(typeName)); }
static VisualBasicSyntaxNode GetContainingBlock(VisualBasicSyntaxNode node) { //var block = node.Parent as VisualBasicSyntaxNode; //var blockKind = block.Kind(); var blockKindText = node.Parent.Kind().ToString(); if (blockKindText.Contains("Block")) { return((VisualBasicSyntaxNode)node.Parent); } if (blockKindText == "CompilationUnit") { return(node); } return(GetContainingBlock(node.Parent as VisualBasicSyntaxNode)); }
private static string GetClassModuleContext(VisualBasicSyntaxNode node, CodeAnalysisOptions displayInfo) { string classModuleContext = ""; if (displayInfo.DisplayClassOrModuleName) { var inClassBlock = node.Ancestors() .Where(x => x.IsKind(SyntaxKind.ClassBlock)) .Cast <ClassBlockSyntax>().ToList(); var inModuleBlock = node.Ancestors() .Where(x => x.IsKind(SyntaxKind.ModuleBlock)) .Cast <ModuleBlockSyntax>().ToList(); string typeName = "unknown"; string className = "unknown"; string moduleName = "unknown"; if (inClassBlock.Count > 0) { typeName = "Class"; className = node.Ancestors() .Where(x => x.IsKind(SyntaxKind.ClassBlock)) .Cast <ClassBlockSyntax>().First().ClassStatement.Identifier.ToString(); } if (inModuleBlock.Count > 0) { typeName = "Module"; moduleName = node.Ancestors() .Where(x => x.IsKind(SyntaxKind.ModuleBlock)) .Cast <ModuleBlockSyntax>().First().ModuleStatement.Identifier.ToString(); } classModuleContext = String.Format("{0, 8}{1,6}:({2,-25})", classModuleContext, typeName, typeName == "Class" ? className : moduleName); } return(classModuleContext); }
/// <summary> /// Compile the specified 'code' into an executable assembly. If 'assemblyFileName' /// is null then compile to an in-memory assembly. /// </summary> /// <param name="code">The code to compile.</param> /// <param name="referencedAssemblies">Any referenced assemblies.</param> /// <param name="sourceName">Path to a file on disk containing the source.</param> /// <returns>Any compile errors or null if compile was successful.</returns> private Compilation CompileTextToAssembly(string code, IEnumerable <MetadataReference> referencedAssemblies, out string sourceName) { string assemblyFileNameToCreate = Path.ChangeExtension(Path.Combine(Path.GetTempPath(), tempFileNamePrefix + Guid.NewGuid().ToString()), ".dll"); bool VB = code.IndexOf("Imports System") != -1; Compilation compilation; if (VB) { sourceName = Path.GetFileNameWithoutExtension(assemblyFileNameToCreate) + ".vb"; SyntaxTree syntaxTree = VisualBasicSyntaxTree.ParseText( code, new VisualBasicParseOptions(), path: sourceName); VisualBasicSyntaxNode syntaxRootNode = syntaxTree.GetRoot() as VisualBasicSyntaxNode; var encoded = VisualBasicSyntaxTree.Create(syntaxRootNode, null, sourceName, System.Text.Encoding.UTF8); compilation = VisualBasicCompilation.Create( Path.GetFileNameWithoutExtension(assemblyFileNameToCreate), new[] { encoded }, referencedAssemblies, new VisualBasicCompilationOptions(OutputKind.DynamicallyLinkedLibrary));; } else { sourceName = Path.GetFileNameWithoutExtension(assemblyFileNameToCreate) + ".cs"; SyntaxTree syntaxTree = CSharpSyntaxTree.ParseText( code, new CSharpParseOptions(), path: sourceName); CSharpSyntaxNode syntaxRootNode = syntaxTree.GetRoot() as CSharpSyntaxNode; var encoded = CSharpSyntaxTree.Create(syntaxRootNode, null, sourceName, System.Text.Encoding.UTF8); compilation = CSharpCompilation.Create( Path.GetFileNameWithoutExtension(assemblyFileNameToCreate), new[] { encoded }, referencedAssemblies, new CSharpCompilationOptions(OutputKind.DynamicallyLinkedLibrary)); } return(compilation); }
private void AddBlockData(VisualBasicSyntaxNode node) { // ブロック系は、開始ノードが、開始と終了の両方の文字列位置を持っているので、取得する var startLength = node.Span.Start; var endLength = node.Span.End; var header = node.ToString(); if (header.Contains(Environment.NewLine)) { header = header.Substring(0, header.IndexOf(Environment.NewLine)); header = $"{header} ..."; } Items.Add(new FoldingData { Name = header, StartOffset = startLength, EndOffset = endLength, }); }
private static string GetSourceContext(VisualBasicSyntaxNode node, CodeAnalysisOptions displayInfo) { string sourceContext = ""; if (displayInfo.DisplaySourceLocation) { var location = node.GetLocation(); var sourceSpan = location.SourceSpan; var lineSpan = location.GetLineSpan(); //// NB. Lines start at 0. Add one so when we look in Visual Studio it makes sense. //var startLine = location.GetLineSpan().StartLinePosition.Line + 1; //var endLine = location.GetLineSpan().EndLinePosition.Line + 1; sourceContext = string.Format("SourceSpan: {0} LineSpan: {1}", sourceSpan.ToString(), lineSpan.ToString()); } return(sourceContext); }
private async Task <T> ConvertHandledAsync <T>(VisualBasicSyntaxNode vbNode, SourceTriviaMapKind sourceTriviaMap) where T : CSharpSyntaxNode { try { var converted = (T)await _wrappedVisitor.Visit(vbNode); return(sourceTriviaMap == SourceTriviaMapKind.None || _syntaxTree != vbNode.SyntaxTree ? converted.WithoutSourceMapping() : sourceTriviaMap == SourceTriviaMapKind.SubNodesOnly ? converted : WithSourceMapping(vbNode, converted)); } catch (Exception e) when(_dummyLiteral is T dummy) { return(dummy.WithCsTrailingErrorComment(vbNode, e)); } catch (Exception e) when(_dummyStatement is T dummy) { return(dummy.WithCsTrailingErrorComment(vbNode, e)); } catch (Exception e) when(_dummyCompilationUnit is T dummy) { return(dummy.WithCsTrailingErrorComment(vbNode, e)); } catch (Exception e) when(!(e is ExceptionWithNodeInformation)) { throw e.WithNodeInformation(vbNode); } }
CSharpSyntaxNode Convert(VisualBasicSyntaxNode input, SemanticModel semanticModel, Document targetDocument) { return(VisualBasicConverter.Convert(input, semanticModel, targetDocument)); }