Пример #1
0
        /// <summary>
        /// Resolves the side-effects in the call.
        /// </summary>
        private void ResolveSideEffectsInCall(ExpressionSyntax call, MethodSummary calleeSummary, IDataFlowNode node)
        {
            var invocation  = call as InvocationExpressionSyntax;
            var objCreation = call as ObjectCreationExpressionSyntax;

            if (calleeSummary is null ||
                (invocation is null && objCreation is null))
            {
                return;
            }

            ArgumentListSyntax argumentList;

            if (invocation != null)
            {
                argumentList = invocation.ArgumentList;
            }
            else
            {
                argumentList = objCreation.ArgumentList;
            }

            var sideEffects = this.ResolveSideEffectsInCall(argumentList, calleeSummary, node);

            foreach (var sideEffect in sideEffects)
            {
                node.DataFlowInfo.KillDefinitions(sideEffect.Key);

                SymbolDefinition definition = node.DataFlowInfo.GenerateDefinition(sideEffect.Key);
                DataFlowInfo.AssignTypeToDefinition(sideEffect.Key.Type, definition);
                node.DataFlowInfo.TaintDefinition(definition, definition);

                foreach (var symbol in sideEffect.Value)
                {
                    node.DataFlowInfo.TaintSymbol(symbol, sideEffect.Key);
                }
            }

            for (int index = 0; index < argumentList.Arguments.Count; index++)
            {
                if (!calleeSummary.SideEffectsInfo.ParameterAccesses.ContainsKey(index))
                {
                    continue;
                }

                var argIdentifier = AnalysisContext.GetRootIdentifier(
                    argumentList.Arguments[index].Expression);
                this.ResolveMethodParameterAccesses(argIdentifier, calleeSummary.SideEffectsInfo.ParameterAccesses[index], node);
            }

            foreach (var fieldAccess in calleeSummary.SideEffectsInfo.FieldAccesses)
            {
                foreach (var access in fieldAccess.Value)
                {
                    this.MapFieldAccessInStatement(fieldAccess.Key as IFieldSymbol, access);
                }
            }
        }
Пример #2
0
        /// <summary>
        /// Initializes the data-flow of the input parameters.
        /// </summary>
        private void InitializeParameters(IDataFlowNode node)
        {
            for (int idx = 0; idx < node.Summary.Method.ParameterList.Parameters.Count; idx++)
            {
                var parameter = node.Summary.Method.ParameterList.Parameters[idx];
                IParameterSymbol paramSymbol = this.SemanticModel.GetDeclaredSymbol(parameter);

                SymbolDefinition definition = node.DataFlowInfo.GenerateDefinition(paramSymbol);
                DataFlowInfo.AssignTypesToDefinition(node.Summary.ParameterTypes[parameter], definition);
                node.DataFlowInfo.TaintDefinition(definition, definition);
            }
        }
Пример #3
0
        /// <summary>
        /// Analyzes the data-flow of the binary expression.
        /// </summary>
        private void AnalyzeBinaryExpression(ExpressionSyntax expr, IDataFlowNode node)
        {
            this.ResolveSideEffectsInExpression(expr, node);

            var         identifier = AnalysisContext.GetIdentifier(expr);
            ISymbol     symbol     = this.SemanticModel.GetSymbolInfo(expr).Symbol;
            ITypeSymbol type       = this.SemanticModel.GetTypeInfo(expr).Type;

            if (node.DataFlowInfo.IsFreshSymbol(symbol))
            {
                SymbolDefinition definition = node.DataFlowInfo.GenerateDefinition(symbol);
                DataFlowInfo.AssignTypeToDefinition(type, definition);
                node.DataFlowInfo.TaintDefinition(definition, definition);
            }
        }
Пример #4
0
        /// <summary>
        /// Creates a new object that is a copy of the current instance.
        /// </summary>
        internal DataFlowInfo Clone()
        {
            var newInfo = new DataFlowInfo(this.DataFlowNode, this.AnalysisContext);

            newInfo.GeneratedDefinitions.UnionWith(this.GeneratedDefinitions);
            newInfo.KilledDefinitions.UnionWith(this.KilledDefinitions);
            newInfo.InputDefinitions.UnionWith(this.InputDefinitions);
            newInfo.OutputDefinitions.UnionWith(this.OutputDefinitions);

            foreach (var pair in this.TaintedDefinitions)
            {
                newInfo.TaintedDefinitions.Add(pair.Key, new HashSet <SymbolDefinition>(pair.Value));
            }

            return(newInfo);
        }
Пример #5
0
        /// <summary>
        /// Compare with the specified data-flow information.
        /// </summary>
        private bool Compare(DataFlowInfo oldInfo, DataFlowInfo newInfo)
        {
            if (!oldInfo.GeneratedDefinitions.SetEquals(newInfo.GeneratedDefinitions) ||
                !oldInfo.KilledDefinitions.SetEquals(newInfo.KilledDefinitions) ||
                !oldInfo.InputDefinitions.SetEquals(newInfo.InputDefinitions) ||
                !oldInfo.OutputDefinitions.SetEquals(newInfo.OutputDefinitions) ||
                !oldInfo.TaintedDefinitions.Keys.SequenceEqual(newInfo.TaintedDefinitions.Keys))
            {
                return(false);
            }

            foreach (var symbol in oldInfo.TaintedDefinitions)
            {
                if (!symbol.Value.SetEquals(newInfo.TaintedDefinitions[symbol.Key]))
                {
                    return(false);
                }
            }

            return(true);
        }
Пример #6
0
        /// <summary>
        /// Initializes the data-flow of field and properties.
        /// </summary>
        private void InitializeFieldsAndProperties(IDataFlowNode node)
        {
            var symbols = this.Summary.Method.DescendantNodes(n => true).
                          OfType <IdentifierNameSyntax>().Select(id => this.SemanticModel.
                                                                 GetSymbolInfo(id).Symbol).Where(s => s != null).Distinct();

            var fieldSymbols = symbols.Where(val => val.Kind == SymbolKind.Field);

            foreach (var fieldSymbol in fieldSymbols.Select(s => s as IFieldSymbol))
            {
                SymbolDefinition definition = node.DataFlowInfo.GenerateDefinition(fieldSymbol);
                DataFlowInfo.AssignTypeToDefinition(fieldSymbol.Type, definition);
                node.DataFlowInfo.TaintDefinition(definition, definition);
            }

            var propertySymbols = symbols.Where(val => val.Kind == SymbolKind.Property);

            foreach (var propertySymbol in propertySymbols.Select(s => s as IPropertySymbol))
            {
                SymbolDefinition definition = node.DataFlowInfo.GenerateDefinition(propertySymbol);
                DataFlowInfo.AssignTypeToDefinition(propertySymbol.Type, definition);
                node.DataFlowInfo.TaintDefinition(definition, definition);
            }
        }