public static ValueContentAnalysisResult?TryGetOrComputeResult(
            ControlFlowGraph cfg,
            ISymbol owningSymbol,
            WellKnownTypeProvider wellKnownTypeProvider,
            AnalyzerOptions analyzerOptions,
            DiagnosticDescriptor rule,
            PointsToAnalysisKind defaultPointsToAnalysisKind,
            out CopyAnalysisResult?copyAnalysisResult,
            out PointsToAnalysisResult?pointsToAnalysisResult,
            InterproceduralAnalysisKind interproceduralAnalysisKind = InterproceduralAnalysisKind.None,
            bool pessimisticAnalysis = true,
            bool performCopyAnalysisIfNotUserConfigured = false,
            InterproceduralAnalysisPredicate?interproceduralAnalysisPredicate = null,
            ImmutableArray <INamedTypeSymbol> additionalSupportedValueTypes   = default,
            Func <IOperation, ValueContentAbstractValue>?getValueContentValueForAdditionalSupportedValueTypeOperation = null)
        {
            if (cfg == null)
            {
                throw new ArgumentNullException(nameof(cfg));
            }

            Debug.Assert(!analyzerOptions.IsConfiguredToSkipAnalysis(rule, owningSymbol, wellKnownTypeProvider.Compilation));

            var interproceduralAnalysisConfig = InterproceduralAnalysisConfiguration.Create(
                analyzerOptions, rule, cfg, wellKnownTypeProvider.Compilation, interproceduralAnalysisKind);

            return(TryGetOrComputeResult(cfg, owningSymbol, analyzerOptions, wellKnownTypeProvider,
                                         pointsToAnalysisKind: analyzerOptions.GetPointsToAnalysisKindOption(rule, owningSymbol, wellKnownTypeProvider.Compilation, defaultPointsToAnalysisKind),
                                         interproceduralAnalysisConfig, out copyAnalysisResult,
                                         out pointsToAnalysisResult, pessimisticAnalysis,
                                         performCopyAnalysis: analyzerOptions.GetCopyAnalysisOption(rule, owningSymbol, wellKnownTypeProvider.Compilation, defaultValue: performCopyAnalysisIfNotUserConfigured),
                                         interproceduralAnalysisPredicate,
                                         additionalSupportedValueTypes,
                                         getValueContentValueForAdditionalSupportedValueTypeOperation));
        }
示例#2
0
        public static ImmutableDictionary <IParameterSymbol, SyntaxNode> GetOrComputeHazardousParameterUsages(
            IBlockOperation topmostBlock,
            Compilation compilation,
            ISymbol owningSymbol,
            AnalyzerOptions analyzerOptions,
            DiagnosticDescriptor rule,
            CancellationToken cancellationToken,
            PointsToAnalysisKind defaultPointsToAnalysisKind        = PointsToAnalysisKind.PartialWithoutTrackingFieldsAndProperties,
            InterproceduralAnalysisKind interproceduralAnalysisKind = InterproceduralAnalysisKind.ContextSensitive,
            uint defaultMaxInterproceduralMethodCallChain           = 1, // By default, we only want to track method calls one level down.
            bool pessimisticAnalysis = false)
        {
            Debug.Assert(!analyzerOptions.IsConfiguredToSkipAnalysis(rule, owningSymbol, compilation, cancellationToken));

            var cfg = topmostBlock.GetEnclosingControlFlowGraph();

            if (cfg == null)
            {
                return(ImmutableDictionary <IParameterSymbol, SyntaxNode> .Empty);
            }

            var interproceduralAnalysisConfig = InterproceduralAnalysisConfiguration.Create(
                analyzerOptions, rule, cfg, compilation, interproceduralAnalysisKind, cancellationToken, defaultMaxInterproceduralMethodCallChain);
            var performCopyAnalysis        = analyzerOptions.GetCopyAnalysisOption(rule, topmostBlock.Syntax.SyntaxTree, compilation, defaultValue: false, cancellationToken);
            var nullCheckValidationMethods = analyzerOptions.GetNullCheckValidationMethodsOption(rule, topmostBlock.Syntax.SyntaxTree, compilation, cancellationToken);
            var pointsToAnalysisKind       = analyzerOptions.GetPointsToAnalysisKindOption(rule, topmostBlock.Syntax.SyntaxTree, compilation, defaultPointsToAnalysisKind, cancellationToken);

            return(GetOrComputeHazardousParameterUsages(cfg, compilation, owningSymbol, analyzerOptions,
                                                        nullCheckValidationMethods, pointsToAnalysisKind, interproceduralAnalysisConfig, performCopyAnalysis, pessimisticAnalysis));
        }
示例#3
0
        public static DisposeAnalysisResult?TryGetOrComputeResult(
            ControlFlowGraph cfg,
            ISymbol owningSymbol,
            WellKnownTypeProvider wellKnownTypeProvider,
            AnalyzerOptions analyzerOptions,
            DiagnosticDescriptor rule,
            ImmutableHashSet <INamedTypeSymbol> disposeOwnershipTransferLikelyTypes,
            PointsToAnalysisKind defaultPointsToAnalysisKind,
            bool trackInstanceFields,
            bool exceptionPathsAnalysis,
            CancellationToken cancellationToken,
            out PointsToAnalysisResult?pointsToAnalysisResult,
            InterproceduralAnalysisKind interproceduralAnalysisKind           = InterproceduralAnalysisKind.ContextSensitive,
            bool performCopyAnalysisIfNotUserConfigured                       = false,
            InterproceduralAnalysisPredicate?interproceduralAnalysisPredicate = null,
            bool defaultDisposeOwnershipTransferAtConstructor                 = false,
            bool defaultDisposeOwnershipTransferAtMethodCall                  = false)
        {
            if (cfg == null)
            {
                throw new ArgumentNullException(nameof(cfg));
            }

            Debug.Assert(!analyzerOptions.IsConfiguredToSkipAnalysis(rule, owningSymbol, wellKnownTypeProvider.Compilation, cancellationToken));

            var interproceduralAnalysisConfig = InterproceduralAnalysisConfiguration.Create(
                analyzerOptions, rule, cfg, wellKnownTypeProvider.Compilation, interproceduralAnalysisKind, cancellationToken);
            var disposeOwnershipTransferAtConstructor = analyzerOptions.GetDisposeOwnershipTransferAtConstructorOption(
                rule, owningSymbol, wellKnownTypeProvider.Compilation, defaultValue: defaultDisposeOwnershipTransferAtConstructor, cancellationToken);
            var disposeOwnershipTransferAtMethodCall = analyzerOptions.GetDisposeOwnershipTransferAtMethodCall(
                rule, owningSymbol, wellKnownTypeProvider.Compilation, defaultValue: defaultDisposeOwnershipTransferAtMethodCall, cancellationToken);

            return(TryGetOrComputeResult(cfg, owningSymbol, analyzerOptions, wellKnownTypeProvider,
                                         interproceduralAnalysisConfig, interproceduralAnalysisPredicate,
                                         disposeOwnershipTransferLikelyTypes, disposeOwnershipTransferAtConstructor,
                                         disposeOwnershipTransferAtMethodCall, trackInstanceFields, exceptionPathsAnalysis,
                                         pointsToAnalysisKind: analyzerOptions.GetPointsToAnalysisKindOption(rule, owningSymbol, wellKnownTypeProvider.Compilation, defaultPointsToAnalysisKind, cancellationToken),
                                         performCopyAnalysis: analyzerOptions.GetCopyAnalysisOption(rule, owningSymbol, wellKnownTypeProvider.Compilation, defaultValue: performCopyAnalysisIfNotUserConfigured, cancellationToken),
                                         isConfiguredToSkipAnalysis: (ISymbol symbol) => analyzerOptions.IsConfiguredToSkipAnalysis(rule, symbol, owningSymbol, wellKnownTypeProvider.Compilation, cancellationToken),
                                         out pointsToAnalysisResult));
        }
示例#4
0
        public override void Initialize(AnalysisContext context)
        {
            context.EnableConcurrentExecution();
            context.ConfigureGeneratedCodeAnalysis(GeneratedCodeAnalysisFlags.Analyze | GeneratedCodeAnalysisFlags.ReportDiagnostics);

            context.RegisterCompilationStartAction(
                (CompilationStartAnalysisContext compilationContext) =>
            {
                Compilation compilation             = compilationContext.Compilation;
                TaintedDataConfig taintedDataConfig = TaintedDataConfig.GetOrCreate(compilation);
                TaintedDataSymbolMap <SourceInfo> sourceInfoSymbolMap = taintedDataConfig.GetSourceSymbolMap(this.SinkKind);
                if (sourceInfoSymbolMap.IsEmpty)
                {
                    return;
                }

                TaintedDataSymbolMap <SinkInfo> sinkInfoSymbolMap = taintedDataConfig.GetSinkSymbolMap(this.SinkKind);
                if (sinkInfoSymbolMap.IsEmpty)
                {
                    return;
                }

                compilationContext.RegisterOperationBlockStartAction(
                    operationBlockStartContext =>
                {
                    ISymbol owningSymbol                = operationBlockStartContext.OwningSymbol;
                    AnalyzerOptions options             = operationBlockStartContext.Options;
                    CancellationToken cancellationToken = operationBlockStartContext.CancellationToken;
                    if (options.IsConfiguredToSkipAnalysis(TaintedDataEnteringSinkDescriptor, owningSymbol, compilation))
                    {
                        return;
                    }

                    WellKnownTypeProvider wellKnownTypeProvider      = WellKnownTypeProvider.GetOrCreate(compilation);
                    Lazy <ControlFlowGraph?> controlFlowGraphFactory = new Lazy <ControlFlowGraph?>(
                        () => operationBlockStartContext.OperationBlocks.GetControlFlowGraph());
                    Lazy <PointsToAnalysisResult?> pointsToFactory = new Lazy <PointsToAnalysisResult?>(
                        () =>
                    {
                        if (controlFlowGraphFactory.Value == null)
                        {
                            return(null);
                        }

                        InterproceduralAnalysisConfiguration interproceduralAnalysisConfiguration = InterproceduralAnalysisConfiguration.Create(
                            options,
                            SupportedDiagnostics,
                            controlFlowGraphFactory.Value,
                            operationBlockStartContext.Compilation,
                            defaultInterproceduralAnalysisKind: InterproceduralAnalysisKind.ContextSensitive);
                        return(PointsToAnalysis.TryGetOrComputeResult(
                                   controlFlowGraphFactory.Value,
                                   owningSymbol,
                                   options,
                                   wellKnownTypeProvider,
                                   PointsToAnalysisKind.Complete,
                                   interproceduralAnalysisConfiguration,
                                   interproceduralAnalysisPredicate: null));
                    });
                    Lazy <(PointsToAnalysisResult?, ValueContentAnalysisResult?)> valueContentFactory = new Lazy <(PointsToAnalysisResult?, ValueContentAnalysisResult?)>(
                        () =>
                    {
                        if (controlFlowGraphFactory.Value == null)
                        {
                            return(null, null);
                        }

                        InterproceduralAnalysisConfiguration interproceduralAnalysisConfiguration = InterproceduralAnalysisConfiguration.Create(
                            options,
                            SupportedDiagnostics,
                            controlFlowGraphFactory.Value,
                            operationBlockStartContext.Compilation,
                            defaultInterproceduralAnalysisKind: InterproceduralAnalysisKind.ContextSensitive);
                        ValueContentAnalysisResult?valuecontentAnalysisResult = ValueContentAnalysis.TryGetOrComputeResult(
                            controlFlowGraphFactory.Value,
                            owningSymbol,
                            options,
                            wellKnownTypeProvider,
                            PointsToAnalysisKind.Complete,
                            interproceduralAnalysisConfiguration,
                            out _,
                            out PointsToAnalysisResult? p);

                        return(p, valuecontentAnalysisResult);
                    });

                    PooledHashSet <IOperation> rootOperationsNeedingAnalysis = PooledHashSet <IOperation> .GetInstance();

                    operationBlockStartContext.RegisterOperationAction(
                        operationAnalysisContext =>
                    {
                        IPropertyReferenceOperation propertyReferenceOperation = (IPropertyReferenceOperation)operationAnalysisContext.Operation;
                        if (sourceInfoSymbolMap.IsSourceProperty(propertyReferenceOperation.Property))
                        {
                            lock (rootOperationsNeedingAnalysis)
                            {
                                rootOperationsNeedingAnalysis.Add(propertyReferenceOperation.GetRoot());
                            }
                        }
                    },
                        OperationKind.PropertyReference);

                    if (sourceInfoSymbolMap.RequiresParameterReferenceAnalysis)
                    {
                        operationBlockStartContext.RegisterOperationAction(
                            operationAnalysisContext =>
                        {
                            IParameterReferenceOperation parameterReferenceOperation = (IParameterReferenceOperation)operationAnalysisContext.Operation;
                            if (sourceInfoSymbolMap.IsSourceParameter(parameterReferenceOperation.Parameter, wellKnownTypeProvider))
                            {
                                lock (rootOperationsNeedingAnalysis)
                                {
                                    rootOperationsNeedingAnalysis.Add(parameterReferenceOperation.GetRoot());
                                }
                            }
                        },
                            OperationKind.ParameterReference);
                    }

                    operationBlockStartContext.RegisterOperationAction(
                        operationAnalysisContext =>
                    {
                        IInvocationOperation invocationOperation = (IInvocationOperation)operationAnalysisContext.Operation;
                        if (sourceInfoSymbolMap.IsSourceMethod(
                                invocationOperation.TargetMethod,
                                invocationOperation.Arguments,
                                pointsToFactory,
                                valueContentFactory,
                                out _))
                        {
                            lock (rootOperationsNeedingAnalysis)
                            {
                                rootOperationsNeedingAnalysis.Add(invocationOperation.GetRoot());
                            }
                        }
                    },
                        OperationKind.Invocation);

                    if (TaintedDataConfig.HasTaintArraySource(SinkKind))
                    {
                        operationBlockStartContext.RegisterOperationAction(
                            operationAnalysisContext =>
                        {
                            IArrayInitializerOperation arrayInitializerOperation = (IArrayInitializerOperation)operationAnalysisContext.Operation;
                            if (arrayInitializerOperation.GetAncestor <IArrayCreationOperation>(OperationKind.ArrayCreation)?.Type is IArrayTypeSymbol arrayTypeSymbol &&
                                sourceInfoSymbolMap.IsSourceConstantArrayOfType(arrayTypeSymbol, arrayInitializerOperation))
                            {
                                lock (rootOperationsNeedingAnalysis)
                                {
                                    rootOperationsNeedingAnalysis.Add(operationAnalysisContext.Operation.GetRoot());
                                }
                            }
                        },
                            OperationKind.ArrayInitializer);
                    }

                    operationBlockStartContext.RegisterOperationBlockEndAction(
                        operationBlockAnalysisContext =>
                    {
                        try
                        {
                            lock (rootOperationsNeedingAnalysis)
                            {
                                if (!rootOperationsNeedingAnalysis.Any())
                                {
                                    return;
                                }

                                if (controlFlowGraphFactory.Value == null)
                                {
                                    return;
                                }

                                foreach (IOperation rootOperation in rootOperationsNeedingAnalysis)
                                {
                                    TaintedDataAnalysisResult?taintedDataAnalysisResult = TaintedDataAnalysis.TryGetOrComputeResult(
                                        controlFlowGraphFactory.Value,
                                        operationBlockAnalysisContext.Compilation,
                                        operationBlockAnalysisContext.OwningSymbol,
                                        operationBlockAnalysisContext.Options,
                                        TaintedDataEnteringSinkDescriptor,
                                        sourceInfoSymbolMap,
                                        taintedDataConfig.GetSanitizerSymbolMap(this.SinkKind),
                                        sinkInfoSymbolMap);
                                    if (taintedDataAnalysisResult == null)
                                    {
                                        return;
                                    }

                                    foreach (TaintedDataSourceSink sourceSink in taintedDataAnalysisResult.TaintedDataSourceSinks)
                                    {
                                        if (!sourceSink.SinkKinds.Contains(this.SinkKind))
                                        {
                                            continue;
                                        }

                                        foreach (SymbolAccess sourceOrigin in sourceSink.SourceOrigins)
                                        {
                                            // Something like:
                                            // CA3001: Potential SQL injection vulnerability was found where '{0}' in method '{1}' may be tainted by user-controlled data from '{2}' in method '{3}'.
                                            Diagnostic diagnostic = Diagnostic.Create(
                                                this.TaintedDataEnteringSinkDescriptor,
                                                sourceSink.Sink.Location,
                                                additionalLocations: new Location[] { sourceOrigin.Location },
                                                messageArgs: new object[] {
                                                sourceSink.Sink.Symbol.ToDisplayString(SymbolDisplayFormat.MinimallyQualifiedFormat),
                                                sourceSink.Sink.AccessingMethod.ToDisplayString(SymbolDisplayFormat.MinimallyQualifiedFormat),
                                                sourceOrigin.Symbol.ToDisplayString(SymbolDisplayFormat.MinimallyQualifiedFormat),
                                                sourceOrigin.AccessingMethod.ToDisplayString(SymbolDisplayFormat.MinimallyQualifiedFormat)
                                            });
                                            operationBlockAnalysisContext.ReportDiagnostic(diagnostic);
                                        }
                                    }
                                }
                            }
                        }
                        finally
                        {
                            rootOperationsNeedingAnalysis.Free(compilationContext.CancellationToken);
                        }
                    });
                });
            });
        }
        public override void Initialize(AnalysisContext context)
        {
            if (!Debugger.IsAttached) // prefer single thread for debugging in development
            {
                context.EnableConcurrentExecution();
            }

            if (context.IsAuditMode())
            {
                context.ConfigureGeneratedCodeAnalysis(GeneratedCodeAnalysisFlags.Analyze | GeneratedCodeAnalysisFlags.ReportDiagnostics);
            }
            else
            {
                context.ConfigureGeneratedCodeAnalysis(GeneratedCodeAnalysisFlags.None);
            }

            context.RegisterCompilationStartAction(
                (CompilationStartAnalysisContext compilationContext) =>
            {
                var config = Configuration.GetOrCreate(compilationContext);

                if (config.AuditMode)
                {
                    TaintedDataSymbolMap <SinkInfo> sinkInfoSymbolMap = config.TaintConfiguration.GetSinkSymbolMap(this.SinkKind);
                    if (sinkInfoSymbolMap.IsEmpty)
                    {
                        return;
                    }

                    Compilation compilation = compilationContext.Compilation;
                    compilationContext.RegisterOperationBlockStartAction(
                        operationBlockStartContext =>
                    {
                        ISymbol owningSymbol                = operationBlockStartContext.OwningSymbol;
                        AnalyzerOptions options             = operationBlockStartContext.Options;
                        CancellationToken cancellationToken = operationBlockStartContext.CancellationToken;
                        if (options.IsConfiguredToSkipAnalysis(TaintedDataEnteringSinkDescriptor, owningSymbol, compilation, cancellationToken))
                        {
                            return;
                        }

                        WellKnownTypeProvider wellKnownTypeProvider = WellKnownTypeProvider.GetOrCreate(compilation);

                        void CreateWarning(OperationAnalysisContext operationAnalysisContext, Location location, ISymbol paramSymbol, ISymbol symbol)
                        {
                            // Something like:
                            // CA3001: Potential SQL injection vulnerability was found where '{0}' in method '{1}' may be tainted by user-controlled data from '{2}' in method '{3}'.
                            Diagnostic diagnostic = Diagnostic.Create(
                                this.TaintedDataEnteringSinkDescriptor,
                                location,
                                additionalLocations: new Location[] { location },
                                messageArgs: new object[] {
                                paramSymbol.Name,
                                symbol.ToDisplayString(SymbolDisplayFormat.MinimallyQualifiedFormat),
                                symbol.ToDisplayString(SymbolDisplayFormat.MinimallyQualifiedFormat),
                                symbol.ToDisplayString(SymbolDisplayFormat.MinimallyQualifiedFormat)
                            });
                            operationAnalysisContext.ReportDiagnostic(diagnostic);
                        }

                        bool IsConstant(IOperation operation, IOperation value, OperationAnalysisContext operationAnalysisContext)
                        {
                            if (value.ConstantValue.HasValue || value is ITypeOfOperation)
                            {
                                return(true);
                            }

                            if (!operation.TryGetEnclosingControlFlowGraph(out var cfg))
                            {
                                return(false);
                            }

                            var valueContentResult = ValueContentAnalysis.TryGetOrComputeResult(cfg, owningSymbol, wellKnownTypeProvider,
                                                                                                operationAnalysisContext.Options, TaintedDataEnteringSinkDescriptor, PointsToAnalysisKind.Complete, operationAnalysisContext.CancellationToken);
                            if (valueContentResult == null)
                            {
                                return(false);
                            }

                            ValueContentAbstractValue abstractValue = valueContentResult[value.Kind, value.Syntax];
                            return(abstractValue.NonLiteralState == ValueContainsNonLiteralState.No);
                        }

                        operationBlockStartContext.RegisterOperationAction(
                            operationAnalysisContext =>
                        {
                            IAssignmentOperation operation = (IAssignmentOperation)operationAnalysisContext.Operation;
                            if (!(operation.Target is IPropertyReferenceOperation propertyReferenceOperation))
                            {
                                return;
                            }

                            IEnumerable <SinkInfo>?infosForType = sinkInfoSymbolMap.GetInfosForType(propertyReferenceOperation.Member.ContainingType);
                            if (infosForType != null &&
                                infosForType.Any(x => x.SinkProperties.Contains(propertyReferenceOperation.Member.MetadataName)) &&
                                !IsConstant(operation, operation.Value, operationAnalysisContext))
                            {
                                CreateWarning(
                                    operationAnalysisContext,
                                    propertyReferenceOperation.Syntax.GetLocation(),
                                    operation.Value.Type,
                                    propertyReferenceOperation.Member);
                            }
                        },
                            OperationKind.SimpleAssignment);

                        operationBlockStartContext.RegisterOperationAction(
                            operationAnalysisContext =>
                        {
                            IInvocationOperation invocationOperation = (IInvocationOperation)operationAnalysisContext.Operation;
                            IEnumerable <SinkInfo>?infosForType      = sinkInfoSymbolMap.GetInfosForType(invocationOperation.TargetMethod.ContainingType);
                            if (infosForType == null)
                            {
                                return;
                            }

                            foreach (SinkInfo sinkInfo in infosForType)
                            {
                                foreach (IArgumentOperation taintedArgument in invocationOperation.Arguments.Where(x => !IsConstant(x, x.Value, operationAnalysisContext)))
                                {
                                    if (sinkInfo.SinkMethodParameters.TryGetValue(invocationOperation.TargetMethod.MetadataName, out ImmutableHashSet <string> sinkParameters) &&
                                        sinkParameters.Contains(taintedArgument.Parameter.MetadataName))
                                    {
                                        CreateWarning(operationAnalysisContext, invocationOperation.Syntax.GetLocation(), taintedArgument.Parameter, invocationOperation.TargetMethod);
                                        return;
                                    }
                                }
                            }
                        },
                            OperationKind.Invocation);

                        operationBlockStartContext.RegisterOperationAction(
                            operationAnalysisContext =>
                        {
                            IObjectCreationOperation invocationOperation = (IObjectCreationOperation)operationAnalysisContext.Operation;
                            IEnumerable <SinkInfo>?infosForType          = sinkInfoSymbolMap.GetInfosForType(invocationOperation.Constructor.ContainingType);
                            if (infosForType == null)
                            {
                                return;
                            }

                            foreach (SinkInfo sinkInfo in infosForType)
                            {
                                foreach (IArgumentOperation taintedArgument in invocationOperation.Arguments.Where(x => !IsConstant(x, x.Value, operationAnalysisContext)))
                                {
                                    if (sinkInfo.IsAnyStringParameterInConstructorASink &&
                                        taintedArgument.Parameter.Type.SpecialType == SpecialType.System_String)
                                    {
                                        CreateWarning(operationAnalysisContext, invocationOperation.Syntax.GetLocation(), taintedArgument.Parameter, invocationOperation.Constructor);
                                        return;
                                    }
                                    else if (sinkInfo.SinkMethodParameters.TryGetValue(invocationOperation.Constructor.MetadataName, out ImmutableHashSet <string> sinkParameters) &&
                                             sinkParameters.Contains(taintedArgument.Parameter.MetadataName))
                                    {
                                        CreateWarning(operationAnalysisContext, invocationOperation.Syntax.GetLocation(), taintedArgument.Parameter, invocationOperation.Constructor);
                                        return;
                                    }
                                }
                            }
                        },
                            OperationKind.ObjectCreation);
                    });
                }
                else
                {
                    TaintedDataSymbolMap <SourceInfo> sourceInfoSymbolMap = config.TaintConfiguration.GetSourceSymbolMap(this.SinkKind);
                    if (sourceInfoSymbolMap.IsEmpty)
                    {
                        return;
                    }

                    TaintedDataSymbolMap <SinkInfo> sinkInfoSymbolMap = config.TaintConfiguration.GetSinkSymbolMap(this.SinkKind);
                    if (sinkInfoSymbolMap.IsEmpty)
                    {
                        return;
                    }

                    Compilation compilation = compilationContext.Compilation;
                    compilationContext.RegisterOperationBlockStartAction(
                        operationBlockStartContext =>
                    {
                        ISymbol owningSymbol                = operationBlockStartContext.OwningSymbol;
                        AnalyzerOptions options             = operationBlockStartContext.Options;
                        CancellationToken cancellationToken = operationBlockStartContext.CancellationToken;
                        if (options.IsConfiguredToSkipAnalysis(TaintedDataEnteringSinkDescriptor, owningSymbol, compilation, cancellationToken))
                        {
                            return;
                        }

                        WellKnownTypeProvider wellKnownTypeProvider      = WellKnownTypeProvider.GetOrCreate(compilation);
                        Lazy <ControlFlowGraph?> controlFlowGraphFactory = new Lazy <ControlFlowGraph?>(
                            () => operationBlockStartContext.OperationBlocks.GetControlFlowGraph());
                        Lazy <PointsToAnalysisResult?> pointsToFactory = new Lazy <PointsToAnalysisResult?>(
                            () =>
                        {
                            if (controlFlowGraphFactory.Value == null)
                            {
                                return(null);
                            }

                            InterproceduralAnalysisConfiguration interproceduralAnalysisConfiguration = InterproceduralAnalysisConfiguration.Create(
                                options,
                                SupportedDiagnostics,
                                controlFlowGraphFactory.Value,
                                operationBlockStartContext.Compilation,
                                defaultInterproceduralAnalysisKind: InterproceduralAnalysisKind.ContextSensitive,
                                cancellationToken: cancellationToken,
                                defaultMaxInterproceduralMethodCallChain: config.MaxInterproceduralMethodCallChain,
                                defaultMaxInterproceduralLambdaOrLocalFunctionCallChain: config.MaxInterproceduralLambdaOrLocalFunctionCallChain);
                            return(PointsToAnalysis.TryGetOrComputeResult(
                                       controlFlowGraphFactory.Value,
                                       owningSymbol,
                                       options,
                                       wellKnownTypeProvider,
                                       PointsToAnalysisKind.Complete,
                                       interproceduralAnalysisConfiguration,
                                       interproceduralAnalysisPredicate: null));
                        });
                        Lazy <(PointsToAnalysisResult?, ValueContentAnalysisResult?)> valueContentFactory = new Lazy <(PointsToAnalysisResult?, ValueContentAnalysisResult?)>(
                            () =>
                        {
                            if (controlFlowGraphFactory.Value == null)
                            {
                                return(null, null);
                            }

                            InterproceduralAnalysisConfiguration interproceduralAnalysisConfiguration = InterproceduralAnalysisConfiguration.Create(
                                options,
                                SupportedDiagnostics,
                                controlFlowGraphFactory.Value,
                                operationBlockStartContext.Compilation,
                                defaultInterproceduralAnalysisKind: InterproceduralAnalysisKind.ContextSensitive,
                                cancellationToken: cancellationToken,
                                defaultMaxInterproceduralMethodCallChain: config.MaxInterproceduralMethodCallChain,
                                defaultMaxInterproceduralLambdaOrLocalFunctionCallChain: config.MaxInterproceduralLambdaOrLocalFunctionCallChain);
                            ValueContentAnalysisResult?valuecontentAnalysisResult = ValueContentAnalysis.TryGetOrComputeResult(
                                controlFlowGraphFactory.Value,
                                owningSymbol,
                                options,
                                wellKnownTypeProvider,
                                PointsToAnalysisKind.Complete,
                                interproceduralAnalysisConfiguration,
                                out _,
                                out PointsToAnalysisResult? p);

                            return(p, valuecontentAnalysisResult);
                        });

                        var rootOperationsNeedingAnalysis = PooledHashSet <IOperation> .GetInstance();

                        operationBlockStartContext.RegisterOperationAction(
                            operationAnalysisContext =>
                        {
                            IPropertyReferenceOperation propertyReferenceOperation = (IPropertyReferenceOperation)operationAnalysisContext.Operation;
                            if (sourceInfoSymbolMap.IsSourceProperty(propertyReferenceOperation.Property))
                            {
                                lock (rootOperationsNeedingAnalysis)
                                {
                                    rootOperationsNeedingAnalysis.Add(propertyReferenceOperation.GetRoot());
                                }
                            }
                        },
                            OperationKind.PropertyReference);

                        if (sourceInfoSymbolMap.RequiresFieldReferenceAnalysis)
                        {
                            operationBlockStartContext.RegisterOperationAction(
                                operationAnalysisContext =>
                            {
                                IFieldReferenceOperation fieldReferenceOperation = (IFieldReferenceOperation)operationAnalysisContext.Operation;
                                if (sourceInfoSymbolMap.IsSourceField(fieldReferenceOperation.Field))
                                {
                                    lock (rootOperationsNeedingAnalysis)
                                    {
                                        rootOperationsNeedingAnalysis.Add(fieldReferenceOperation.GetRoot());
                                    }
                                }
                            },
                                OperationKind.FieldReference);
                        }

                        if (sourceInfoSymbolMap.RequiresParameterReferenceAnalysis)
                        {
                            operationBlockStartContext.RegisterOperationAction(
                                operationAnalysisContext =>
                            {
                                IParameterReferenceOperation parameterReferenceOperation = (IParameterReferenceOperation)operationAnalysisContext.Operation;
                                if (sourceInfoSymbolMap.IsSourceParameter(parameterReferenceOperation.Parameter, wellKnownTypeProvider))
                                {
                                    lock (rootOperationsNeedingAnalysis)
                                    {
                                        rootOperationsNeedingAnalysis.Add(parameterReferenceOperation.GetRoot());
                                    }
                                }
                            },
                                OperationKind.ParameterReference);
                        }

                        operationBlockStartContext.RegisterOperationAction(
                            operationAnalysisContext =>
                        {
                            IInvocationOperation invocationOperation = (IInvocationOperation)operationAnalysisContext.Operation;
                            if (sourceInfoSymbolMap.IsSourceMethod(
                                    invocationOperation.TargetMethod,
                                    invocationOperation.Arguments,
                                    pointsToFactory,
                                    valueContentFactory,
                                    out _))
                            {
                                lock (rootOperationsNeedingAnalysis)
                                {
                                    rootOperationsNeedingAnalysis.Add(invocationOperation.GetRoot());
                                }
                            }
                        },
                            OperationKind.Invocation);

                        if (config.TaintConfiguration.HasTaintArraySource(SinkKind, config))
                        {
                            operationBlockStartContext.RegisterOperationAction(
                                operationAnalysisContext =>
                            {
                                IArrayInitializerOperation arrayInitializerOperation = (IArrayInitializerOperation)operationAnalysisContext.Operation;
                                if (arrayInitializerOperation.GetAncestor <IArrayCreationOperation>(OperationKind.ArrayCreation)?.Type is IArrayTypeSymbol arrayTypeSymbol &&
                                    sourceInfoSymbolMap.IsSourceConstantArrayOfType(arrayTypeSymbol, arrayInitializerOperation))
                                {
                                    lock (rootOperationsNeedingAnalysis)
                                    {
                                        rootOperationsNeedingAnalysis.Add(operationAnalysisContext.Operation.GetRoot());
                                    }
                                }
                            },
                                OperationKind.ArrayInitializer);
                        }

                        operationBlockStartContext.RegisterOperationBlockEndAction(
                            operationBlockAnalysisContext =>
                        {
                            try
                            {
                                lock (rootOperationsNeedingAnalysis)
                                {
                                    if (!rootOperationsNeedingAnalysis.Any())
                                    {
                                        return;
                                    }

                                    if (controlFlowGraphFactory.Value == null)
                                    {
                                        return;
                                    }

                                    foreach (IOperation rootOperation in rootOperationsNeedingAnalysis)
                                    {
                                        TaintedDataAnalysisResult?taintedDataAnalysisResult = TaintedDataAnalysis.TryGetOrComputeResult(
                                            controlFlowGraphFactory.Value,
                                            operationBlockAnalysisContext.Compilation,
                                            operationBlockAnalysisContext.OwningSymbol,
                                            operationBlockAnalysisContext.Options,
                                            TaintedDataEnteringSinkDescriptor,
                                            sourceInfoSymbolMap,
                                            config.TaintConfiguration.GetSanitizerSymbolMap(this.SinkKind),
                                            sinkInfoSymbolMap,
                                            operationBlockAnalysisContext.CancellationToken,
                                            config.MaxInterproceduralMethodCallChain,
                                            config.MaxInterproceduralLambdaOrLocalFunctionCallChain);
                                        if (taintedDataAnalysisResult == null)
                                        {
                                            return;
                                        }

                                        foreach (TaintedDataSourceSink sourceSink in taintedDataAnalysisResult.TaintedDataSourceSinks)
                                        {
                                            if (!sourceSink.SinkKinds.Contains(this.SinkKind))
                                            {
                                                continue;
                                            }

                                            foreach (SymbolAccess sourceOrigin in sourceSink.SourceOrigins)
                                            {
                                                // Something like:
                                                // CA3001: Potential SQL injection vulnerability was found where '{0}' in method '{1}' may be tainted by user-controlled data from '{2}' in method '{3}'.
                                                Diagnostic diagnostic = Diagnostic.Create(
                                                    this.TaintedDataEnteringSinkDescriptor,
                                                    sourceSink.Sink.Location,
                                                    additionalLocations: new Location[] { sourceOrigin.Location },
                                                    messageArgs: new object[] {
                                                    sourceSink.Sink.Symbol.Name,
                                                    sourceSink.Sink.AccessingMethod.ToDisplayString(SymbolDisplayFormat.MinimallyQualifiedFormat),
                                                    sourceOrigin.Symbol.ToDisplayString(SymbolDisplayFormat.MinimallyQualifiedFormat),
                                                    sourceOrigin.AccessingMethod.ToDisplayString(SymbolDisplayFormat.MinimallyQualifiedFormat)
                                                });
                                                operationBlockAnalysisContext.ReportDiagnostic(diagnostic);
                                            }
                                        }
                                    }
                                }
                            }
                            finally
                            {
                                rootOperationsNeedingAnalysis.Free(compilationContext.CancellationToken);
                            }
                        });
                    });
                }
            });
        }
示例#6
0
        public override void Initialize(AnalysisContext context)
        {
            if (!Debugger.IsAttached) // prefer single thread for debugging in development
            {
                context.EnableConcurrentExecution();
            }

            if (context.IsAuditMode())
            {
                context.ConfigureGeneratedCodeAnalysis(GeneratedCodeAnalysisFlags.Analyze | GeneratedCodeAnalysisFlags.ReportDiagnostics);
            }
            else
            {
                context.ConfigureGeneratedCodeAnalysis(GeneratedCodeAnalysisFlags.None);
            }

            context.RegisterCompilationStartAction(
                (CompilationStartAnalysisContext compilationContext) =>
            {
                var config = Configuration.GetOrCreate(compilationContext);

                TaintedDataSymbolMap <SinkInfo> sinkInfoSymbolMap = config.TaintConfiguration.GetSinkSymbolMap(this.SinkKind);
                if (sinkInfoSymbolMap.IsEmpty)
                {
                    return;
                }

                Compilation compilation = compilationContext.Compilation;
                compilationContext.RegisterOperationBlockStartAction(
                    operationBlockStartContext =>
                {
                    ISymbol owningSymbol                = operationBlockStartContext.OwningSymbol;
                    AnalyzerOptions options             = operationBlockStartContext.Options;
                    CancellationToken cancellationToken = operationBlockStartContext.CancellationToken;
                    if (options.IsConfiguredToSkipAnalysis(TaintedDataEnteringSinkDescriptor, owningSymbol, compilation, cancellationToken))
                    {
                        return;
                    }

                    WellKnownTypeProvider wellKnownTypeProvider = WellKnownTypeProvider.GetOrCreate(compilation);
                    var warnings = PooledHashSet <Location> .GetInstance();

                    void CreateWarning(OperationAnalysisContext operationAnalysisContext, Location location, ISymbol symbol)
                    {
                        warnings.Add(location);

                        Diagnostic diagnostic = Diagnostic.Create(
                            this.TaintedDataEnteringSinkDescriptor,
                            location,
                            additionalLocations: new Location[] { location },
                            messageArgs: new object[] {
                            symbol.ToDisplayString(SymbolDisplayFormat.MinimallyQualifiedFormat),
                        });
                        operationAnalysisContext.ReportDiagnostic(diagnostic);
                    }

                    bool IsHardcoded(IOperation operation, IOperation value, OperationAnalysisContext operationAnalysisContext)
                    {
                        bool IsEmptyString(object?value)
                        {
                            return(Equals(value, null) || Equals(value, string.Empty));
                        }

                        if (value.ConstantValue.HasValue && !IsEmptyString(value.ConstantValue.Value))
                        {
                            return(true);
                        }

                        if (value.Kind == OperationKind.ArrayCreation &&
                            value is IArrayCreationOperation arrayValue &&
                            arrayValue.Initializer?.Children.All(x => x.ConstantValue.HasValue) == true)
                        {
                            return(true);
                        }

                        if (!operation.TryGetEnclosingControlFlowGraph(out var cfg))
                        {
                            return(false);
                        }

                        var valueContentResult = ValueContentAnalysis.TryGetOrComputeResult(cfg, owningSymbol, wellKnownTypeProvider,
                                                                                            operationAnalysisContext.Options, TaintedDataEnteringSinkDescriptor, PointsToAnalysisKind.Complete, operationAnalysisContext.CancellationToken);
                        if (valueContentResult == null)
                        {
                            return(false);
                        }

                        ValueContentAbstractValue abstractValue = valueContentResult[value.Kind, value.Syntax];
                        if (abstractValue.NonLiteralState != ValueContainsNonLiteralState.No)
                        {
                            return(false);
                        }

                        if (abstractValue.LiteralValues.All(IsEmptyString))
                        {
                            return(false);
                        }

                        return(true);
                    }

                    var rootOperationsNeedingAnalysis = PooledHashSet <IOperation> .GetInstance();
                    var sourceInfosBuilder            = PooledHashSet <SourceInfo> .GetInstance();

                    Lazy <ControlFlowGraph?> controlFlowGraphFactory = new Lazy <ControlFlowGraph?>(
                        () => operationBlockStartContext.OperationBlocks.GetControlFlowGraph());

                    operationBlockStartContext.RegisterOperationAction(
                        operationAnalysisContext =>
                    {
                        var operation = (IFieldReferenceOperation)operationAnalysisContext.Operation;
                        if ((operation.Field.IsConst && operation.ConstantValue.HasValue) ||
                            operation.Field.IsReadOnly /* huge assumption that it is set to a hardcoded value in initializer or constructor */)
                        {
                            lock (rootOperationsNeedingAnalysis)
                            {
                                rootOperationsNeedingAnalysis.Add(operationAnalysisContext.Operation.GetRoot());
                                sourceInfosBuilder.AddSourceInfo(
                                    operation.Field.ContainingType.ToString(),
                                    isInterface: false,
                                    taintedProperties: null,
                                    taintedFields: Enumerable.Repeat(operation.Field.Name, 1),
                                    taintedMethods: null);
                            }
                        }
                    },
                        OperationKind.FieldReference);

                    operationBlockStartContext.RegisterOperationBlockEndAction(
                        operationBlockAnalysisContext =>
                    {
                        try
                        {
                            lock (rootOperationsNeedingAnalysis)
                            {
                                if (!rootOperationsNeedingAnalysis.Any())
                                {
                                    return;
                                }

                                if (controlFlowGraphFactory.Value == null)
                                {
                                    return;
                                }

                                var sourceInfos = sourceInfosBuilder.ToImmutable();

                                foreach (IOperation rootOperation in rootOperationsNeedingAnalysis)
                                {
                                    TaintedDataAnalysisResult?taintedDataAnalysisResult = TaintedDataAnalysis.TryGetOrComputeResult(
                                        controlFlowGraphFactory.Value,
                                        operationBlockAnalysisContext.Compilation,
                                        operationBlockAnalysisContext.OwningSymbol,
                                        operationBlockAnalysisContext.Options,
                                        TaintedDataEnteringSinkDescriptor,
                                        new TaintedDataSymbolMap <SourceInfo>(wellKnownTypeProvider, sourceInfos),
                                        config.TaintConfiguration.GetSanitizerSymbolMap(this.SinkKind),
                                        sinkInfoSymbolMap,
                                        operationBlockAnalysisContext.CancellationToken,
                                        config.MaxInterproceduralMethodCallChain,
                                        config.MaxInterproceduralLambdaOrLocalFunctionCallChain);

                                    if (taintedDataAnalysisResult == null)
                                    {
                                        return;
                                    }

                                    foreach (TaintedDataSourceSink sourceSink in taintedDataAnalysisResult.TaintedDataSourceSinks)
                                    {
                                        if (!sourceSink.SinkKinds.Contains(this.SinkKind))
                                        {
                                            continue;
                                        }

                                        foreach (SymbolAccess sourceOrigin in sourceSink.SourceOrigins)
                                        {
                                            if (warnings.Contains(sourceSink.Sink.Location))
                                            {
                                                continue;
                                            }

                                            Diagnostic diagnostic = Diagnostic.Create(
                                                this.TaintedDataEnteringSinkDescriptor,
                                                sourceSink.Sink.Location,
                                                additionalLocations: new Location[] { sourceOrigin.Location },
                                                messageArgs: new object[] {
                                                sourceSink.Sink.Symbol.ToDisplayString(SymbolDisplayFormat.MinimallyQualifiedFormat)
                                            });
                                            operationBlockAnalysisContext.ReportDiagnostic(diagnostic);
                                        }
                                    }
                                }
                            }
                        }
                        finally
                        {
                            warnings.Free(compilationContext.CancellationToken);
                            sourceInfosBuilder.Free(compilationContext.CancellationToken);
                            rootOperationsNeedingAnalysis.Free(compilationContext.CancellationToken);
                        }
                    });

                    operationBlockStartContext.RegisterOperationAction(
                        operationAnalysisContext =>
                    {
                        var operation = (IAssignmentOperation)operationAnalysisContext.Operation;
                        if (!(operation.Target is IPropertyReferenceOperation propertyReferenceOperation))
                        {
                            return;
                        }

                        IEnumerable <SinkInfo>?infosForType = sinkInfoSymbolMap.GetInfosForType(propertyReferenceOperation.Member.ContainingType);
                        if (infosForType != null &&
                            infosForType.Any(x => x.SinkProperties.Contains(propertyReferenceOperation.Member.MetadataName)) &&
                            IsHardcoded(operation, operation.Value, operationAnalysisContext))
                        {
                            CreateWarning(
                                operationAnalysisContext,
                                propertyReferenceOperation.Syntax.GetLocation(),
                                propertyReferenceOperation.Member);
                        }
                    },
                        OperationKind.SimpleAssignment);

                    operationBlockStartContext.RegisterOperationAction(
                        operationAnalysisContext =>
                    {
                        var invocationOperation             = (IInvocationOperation)operationAnalysisContext.Operation;
                        IEnumerable <SinkInfo>?infosForType = sinkInfoSymbolMap.GetInfosForType(invocationOperation.TargetMethod.ContainingType);
                        if (infosForType == null)
                        {
                            return;
                        }

                        foreach (SinkInfo sinkInfo in infosForType)
                        {
                            foreach (IArgumentOperation taintedArgument in invocationOperation.Arguments.Where(x => IsHardcoded(x, x.Value, operationAnalysisContext)))
                            {
                                if (sinkInfo.SinkMethodParameters.TryGetValue(invocationOperation.TargetMethod.MetadataName, out ImmutableHashSet <string> sinkParameters) &&
                                    sinkParameters.Contains(taintedArgument.Parameter.MetadataName))
                                {
                                    CreateWarning(
                                        operationAnalysisContext,
                                        invocationOperation.Syntax.GetLocation(),
                                        invocationOperation.TargetMethod);
                                    return;
                                }
                            }
                        }
                    },
                        OperationKind.Invocation);

                    operationBlockStartContext.RegisterOperationAction(
                        operationAnalysisContext =>
                    {
                        var invocationOperation             = (IObjectCreationOperation)operationAnalysisContext.Operation;
                        IEnumerable <SinkInfo>?infosForType = sinkInfoSymbolMap.GetInfosForType(invocationOperation.Constructor.ContainingType);
                        if (infosForType == null)
                        {
                            return;
                        }

                        foreach (SinkInfo sinkInfo in infosForType)
                        {
                            foreach (IArgumentOperation taintedArgument in invocationOperation.Arguments.Where(x => IsHardcoded(x, x.Value, operationAnalysisContext)))
                            {
                                if (sinkInfo.IsAnyStringParameterInConstructorASink &&
                                    taintedArgument.Parameter.Type.SpecialType == SpecialType.System_String)
                                {
                                    CreateWarning(
                                        operationAnalysisContext,
                                        invocationOperation.Syntax.GetLocation(),
                                        taintedArgument.Parameter);
                                    return;
                                }
                                else if (sinkInfo.SinkMethodParameters.TryGetValue(invocationOperation.Constructor.MetadataName, out ImmutableHashSet <string> sinkParameters) &&
                                         sinkParameters.Contains(taintedArgument.Parameter.MetadataName))
                                {
                                    CreateWarning(
                                        operationAnalysisContext,
                                        invocationOperation.Syntax.GetLocation(),
                                        taintedArgument.Parameter);
                                    return;
                                }
                            }
                        }
                    },
                        OperationKind.ObjectCreation);
                });
            });
        }
        public override void Initialize(AnalysisContext context)
        {
            if (!Debugger.IsAttached) // prefer single thread for debugging in development
            {
                context.EnableConcurrentExecution();
            }

            if (context.IsAuditMode())
            {
                context.ConfigureGeneratedCodeAnalysis(GeneratedCodeAnalysisFlags.Analyze | GeneratedCodeAnalysisFlags.ReportDiagnostics);
            }
            else
            {
                context.ConfigureGeneratedCodeAnalysis(GeneratedCodeAnalysisFlags.None);
            }

            context.RegisterCompilationStartAction(
                (CompilationStartAnalysisContext compilationStartAnalysisContext) =>
            {
                Compilation compilation   = compilationStartAnalysisContext.Compilation;
                var wellKnownTypeProvider = WellKnownTypeProvider.GetOrCreate(compilation);

                if (!wellKnownTypeProvider.TryGetOrCreateTypeByMetadataName(ValidatorTypeName, out var validatorType))
                {
                    return;
                }

                var rootOperationsNeedingAnalysis = PooledHashSet <(IOperation, ISymbol)> .GetInstance();

                compilationStartAnalysisContext.RegisterOperationBlockStartAction(
                    operationBlockStartContext =>
                {
                    ISymbol owningSymbol                = operationBlockStartContext.OwningSymbol;
                    AnalyzerOptions options             = operationBlockStartContext.Options;
                    CancellationToken cancellationToken = operationBlockStartContext.CancellationToken;
                    if (options.IsConfiguredToSkipAnalysis(RuleRequiredPasswordValidators, owningSymbol, compilation, cancellationToken))
                    {
                        return;
                    }

                    operationBlockStartContext.RegisterOperationAction(
                        (OperationAnalysisContext operationAnalysisContext) =>
                    {
                        var returnOperation = (IReturnOperation)operationAnalysisContext.Operation;

                        if (validatorType.Equals(returnOperation.ReturnedValue?.Type))
                        {
                            lock (rootOperationsNeedingAnalysis)
                            {
                                rootOperationsNeedingAnalysis.Add(
                                    (returnOperation.GetRoot(), operationAnalysisContext.ContainingSymbol));
                            }
                        }
                    },
                        OperationKind.Return);

                    operationBlockStartContext.RegisterOperationAction(
                        (OperationAnalysisContext operationAnalysisContext) =>
                    {
                        var argumentOperation = (IArgumentOperation)operationAnalysisContext.Operation;

                        if (argumentOperation.Parameter.Type.Equals(validatorType))
                        {
                            lock (rootOperationsNeedingAnalysis)
                            {
                                rootOperationsNeedingAnalysis.Add((argumentOperation.GetRoot(), operationAnalysisContext.ContainingSymbol));
                            }
                        }
                    },
                        OperationKind.Argument);

                    operationBlockStartContext.RegisterOperationAction(
                        ctx =>
                    {
                        var operation = (IObjectCreationOperation)ctx.Operation;
                        if (validatorType.Equals(operation.Type))
                        {
                            lock (rootOperationsNeedingAnalysis)
                            {
                                rootOperationsNeedingAnalysis.Add((operation.GetRoot(), ctx.ContainingSymbol));
                            }
                        }
                    },
                        OperationKind.ObjectCreation);
                });

                compilationStartAnalysisContext.RegisterCompilationEndAction(
                    (CompilationAnalysisContext compilationAnalysisContext) =>
                {
                    PooledDictionary <(Location Location, IMethodSymbol?Method), HazardousUsageEvaluationResult>?allResults = null;

                    try
                    {
                        lock (rootOperationsNeedingAnalysis)
                        {
                            if (!rootOperationsNeedingAnalysis.Any())
                            {
                                return;
                            }

                            PooledDictionary <(Location Location, IMethodSymbol?Method), HazardousUsageEvaluationResult>?GetHazardousUsages(
                                ConstructorMapper constructorMapper,
                                PropertyMapperCollection propertyMappers,
                                HazardousUsageEvaluatorCollection hazardousUsageEvaluators)
                            {
                                return(PropertySetAnalysis.BatchGetOrComputeHazardousUsages(
                                           compilationAnalysisContext.Compilation,
                                           rootOperationsNeedingAnalysis,
                                           compilationAnalysisContext.Options,
                                           ValidatorTypeName,
                                           constructorMapper,
                                           propertyMappers,
                                           hazardousUsageEvaluators,
                                           InterproceduralAnalysisConfiguration.Create(
                                               compilationAnalysisContext.Options,
                                               SupportedDiagnostics,
                                               rootOperationsNeedingAnalysis.First().Item1,
                                               compilationAnalysisContext.Compilation,
                                               defaultInterproceduralAnalysisKind: InterproceduralAnalysisKind.ContextSensitive,
                                               cancellationToken: compilationAnalysisContext.CancellationToken)));
                            }

                            var configuration = Configuration.GetOrCreate(compilationStartAnalysisContext);

                            foreach (var requiredProperty in configuration.PasswordValidatorRequiredProperties)
                            {
                                allResults?.Free(compilationAnalysisContext.CancellationToken);
                                allResults = null;
                                (PropertyMapperCollection propertyMappers, ConstructorMapper constructorMapper) =
                                    BuildRequiredPropertiesMappers((x) => PropertySetToTrueCallback(x, configuration.AuditMode), requiredProperty);
                                allResults = GetHazardousUsages(constructorMapper, propertyMappers, HazardousUsageEvaluators);
                                ReportDiagnostics(
                                    RuleRequiredPasswordValidators,
                                    compilationAnalysisContext,
                                    allResults,
                                    configuration.AuditMode,
                                    requiredProperty);
                            }

                            allResults?.Free(compilationAnalysisContext.CancellationToken);
                            allResults = null;
                            (PropertyMapperCollection propertyMappers2, ConstructorMapper constructorMapper2) =
                                BuildRequiredPropertiesMappers((x) => PropertyLenCallback(x, configuration.AuditMode, configuration.PasswordValidatorRequiredLength), "RequiredLength");
                            allResults = GetHazardousUsages(constructorMapper2, propertyMappers2, HazardousUsageEvaluators);
                            ReportDiagnostics(
                                RulePasswordLength,
                                compilationAnalysisContext,
                                allResults,
                                configuration.AuditMode,
                                configuration.PasswordValidatorRequiredLength);

                            var hazardousUsageEvaluators = new HazardousUsageEvaluatorCollection(
                                new HazardousUsageEvaluator(
                                    HazardousUsageEvaluatorKind.Return,
                                    (abstractValue) => PropertiesCountEvaluatorCallback(
                                        abstractValue, configuration.MinimumPasswordValidatorProperties, configuration.AuditMode)),
                                new HazardousUsageEvaluator(
                                    HazardousUsageEvaluatorKind.Initialization,
                                    (abstractValue) => PropertiesCountEvaluatorCallback(
                                        abstractValue, configuration.MinimumPasswordValidatorProperties, configuration.AuditMode)),
                                new HazardousUsageEvaluator(
                                    HazardousUsageEvaluatorKind.Argument,
                                    (abstractValue) => PropertiesCountEvaluatorCallback(
                                        abstractValue, configuration.MinimumPasswordValidatorProperties, configuration.AuditMode)));
                            allResults?.Free(compilationAnalysisContext.CancellationToken);
                            allResults = null;
                            (PropertyMapperCollection propertyMappers3, ConstructorMapper constructorMapper3) =
                                BuildRequiredPropertiesMappers((x) => PropertySetToTrueCallback(x, configuration.AuditMode), AllPropertyNames);
                            allResults = GetHazardousUsages(constructorMapper3, propertyMappers3, hazardousUsageEvaluators);
                            ReportDiagnostics(
                                RulePasswordValidators,
                                compilationAnalysisContext,
                                allResults,
                                configuration.AuditMode,
                                configuration.MinimumPasswordValidatorProperties);
                        }
                    }
                    finally
                    {
                        rootOperationsNeedingAnalysis.Free(compilationAnalysisContext.CancellationToken);
                        allResults?.Free(compilationAnalysisContext.CancellationToken);
                    }
                });
            });
        }
        public override void Initialize(AnalysisContext context)
        {
            if (!Debugger.IsAttached) // prefer single thread for debugging in development
            {
                context.EnableConcurrentExecution();
            }

            if (context.IsAuditMode())
            {
                context.ConfigureGeneratedCodeAnalysis(GeneratedCodeAnalysisFlags.Analyze | GeneratedCodeAnalysisFlags.ReportDiagnostics);
            }
            else
            {
                context.ConfigureGeneratedCodeAnalysis(GeneratedCodeAnalysisFlags.None);
            }

            context.RegisterCompilationStartAction(
                (CompilationStartAnalysisContext compilationContext) =>
            {
                var config = Configuration.GetOrCreate(compilationContext);

                TaintedDataSymbolMap <SinkInfo> sinkInfoSymbolMap = config.TaintConfiguration.GetSinkSymbolMap(this.SinkKind);
                if (sinkInfoSymbolMap.IsEmpty)
                {
                    return;
                }

                Compilation compilation = compilationContext.Compilation;
                compilationContext.RegisterOperationBlockStartAction(
                    operationBlockStartContext =>
                {
                    ISymbol owningSymbol                = operationBlockStartContext.OwningSymbol;
                    AnalyzerOptions options             = operationBlockStartContext.Options;
                    CancellationToken cancellationToken = operationBlockStartContext.CancellationToken;
                    if (options.IsConfiguredToSkipAnalysis(TaintedDataEnteringSinkDescriptor, owningSymbol, compilation, cancellationToken))
                    {
                        return;
                    }

                    WellKnownTypeProvider wellKnownTypeProvider = WellKnownTypeProvider.GetOrCreate(compilation);
                    var warnings = PooledHashSet <Location> .GetInstance();

                    void CreateWarning(OperationAnalysisContext operationAnalysisContext, Location location, ISymbol symbol)
                    {
                        warnings.Add(location);

                        Diagnostic diagnostic = Diagnostic.Create(
                            this.TaintedDataEnteringSinkDescriptor,
                            location,
                            additionalLocations: new Location[] { location },
                            messageArgs: new object[] {
                            symbol.ToDisplayString(SymbolDisplayFormat.MinimallyQualifiedFormat),
                        });
                        operationAnalysisContext.ReportDiagnostic(diagnostic);
                    }

                    bool IsHardcoded(IOperation operation, IOperation value, OperationAnalysisContext operationAnalysisContext)
                    {
                        bool IsEmptyString(object?value)
                        {
                            return(Equals(value, null) || Equals(value, string.Empty));
                        }

                        if (value.ConstantValue.HasValue && !IsEmptyString(value.ConstantValue.Value))
                        {
                            return(true);
                        }

                        if (value.Kind == OperationKind.ArrayCreation &&
                            value is IArrayCreationOperation arrayValue &&
                            arrayValue.Initializer?.Children.All(x => x.ConstantValue.HasValue) == true)
                        {
                            return(true);
                        }

                        if (!operation.TryGetEnclosingControlFlowGraph(out var cfg))
                        {
                            return(false);
                        }

                        var valueContentResult = ValueContentAnalysis.TryGetOrComputeResult(cfg, owningSymbol, wellKnownTypeProvider,
                                                                                            operationAnalysisContext.Options, TaintedDataEnteringSinkDescriptor, PointsToAnalysisKind.Complete, operationAnalysisContext.CancellationToken);
                        if (valueContentResult == null)
                        {
                            return(false);
                        }

                        ValueContentAbstractValue abstractValue = valueContentResult[value.Kind, value.Syntax];
                        if (abstractValue.NonLiteralState != ValueContainsNonLiteralState.No)
                        {
                            return(false);
                        }

                        if (abstractValue.LiteralValues.All(IsEmptyString))
                        {
                            return(false);
                        }

                        return(true);
                    }

                    operationBlockStartContext.RegisterOperationAction(
                        operationAnalysisContext =>
                    {
                        var operation = (IAssignmentOperation)operationAnalysisContext.Operation;
                        if (!(operation.Target is IPropertyReferenceOperation propertyReferenceOperation))
                        {
                            return;
                        }

                        IEnumerable <SinkInfo>?infosForType = sinkInfoSymbolMap.GetInfosForType(propertyReferenceOperation.Member.ContainingType);
                        if (infosForType != null &&
                            infosForType.Any(x => x.SinkProperties.Contains(propertyReferenceOperation.Member.MetadataName)) &&
                            IsHardcoded(operation, operation.Value, operationAnalysisContext))
                        {
                            CreateWarning(
                                operationAnalysisContext,
                                propertyReferenceOperation.Syntax.GetLocation(),
                                propertyReferenceOperation.Member);
                        }
                    },
                        OperationKind.SimpleAssignment);

                    operationBlockStartContext.RegisterOperationAction(
                        operationAnalysisContext =>
                    {
                        var invocationOperation             = (IInvocationOperation)operationAnalysisContext.Operation;
                        IEnumerable <SinkInfo>?infosForType = sinkInfoSymbolMap.GetInfosForType(invocationOperation.TargetMethod.ContainingType);
                        if (infosForType == null)
                        {
                            return;
                        }

                        foreach (SinkInfo sinkInfo in infosForType)
                        {
                            foreach (IArgumentOperation taintedArgument in invocationOperation.Arguments.Where(x => IsHardcoded(x, x.Value, operationAnalysisContext)))
                            {
                                if (sinkInfo.SinkMethodParameters.TryGetValue(invocationOperation.TargetMethod.MetadataName, out ImmutableHashSet <string> sinkParameters) &&
                                    sinkParameters.Contains(taintedArgument.Parameter.MetadataName))
                                {
                                    CreateWarning(
                                        operationAnalysisContext,
                                        invocationOperation.Syntax.GetLocation(),
                                        invocationOperation.TargetMethod);
                                    return;
                                }
                            }
                        }
                    },
                        OperationKind.Invocation);

                    operationBlockStartContext.RegisterOperationAction(
                        operationAnalysisContext =>
                    {
                        var invocationOperation             = (IObjectCreationOperation)operationAnalysisContext.Operation;
                        IEnumerable <SinkInfo>?infosForType = sinkInfoSymbolMap.GetInfosForType(invocationOperation.Constructor.ContainingType);
                        if (infosForType == null)
                        {
                            return;
                        }

                        foreach (SinkInfo sinkInfo in infosForType)
                        {
                            foreach (IArgumentOperation taintedArgument in invocationOperation.Arguments.Where(x => IsHardcoded(x, x.Value, operationAnalysisContext)))
                            {
                                if (sinkInfo.IsAnyStringParameterInConstructorASink &&
                                    taintedArgument.Parameter.Type.SpecialType == SpecialType.System_String)
                                {
                                    CreateWarning(
                                        operationAnalysisContext,
                                        invocationOperation.Syntax.GetLocation(),
                                        taintedArgument.Parameter);
                                    return;
                                }
                                else if (sinkInfo.SinkMethodParameters.TryGetValue(invocationOperation.Constructor.MetadataName, out ImmutableHashSet <string> sinkParameters) &&
                                         sinkParameters.Contains(taintedArgument.Parameter.MetadataName))
                                {
                                    CreateWarning(
                                        operationAnalysisContext,
                                        invocationOperation.Syntax.GetLocation(),
                                        taintedArgument.Parameter);
                                    return;
                                }
                            }
                        }
                    },
                        OperationKind.ObjectCreation);
                });
            });
        }
        public override void Initialize(AnalysisContext context)
        {
            if (!Debugger.IsAttached) // prefer single thread for debugging in development
            {
                context.EnableConcurrentExecution();
            }

            if (context.IsAuditMode())
            {
                context.ConfigureGeneratedCodeAnalysis(GeneratedCodeAnalysisFlags.Analyze | GeneratedCodeAnalysisFlags.ReportDiagnostics);
            }
            else
            {
                context.ConfigureGeneratedCodeAnalysis(GeneratedCodeAnalysisFlags.None);
            }

            if (!Debugger.IsAttached) // prefer single thread for debugging in development
            {
                context.EnableConcurrentExecution();
            }

            if (context.IsAuditMode())
            {
                context.ConfigureGeneratedCodeAnalysis(GeneratedCodeAnalysisFlags.Analyze | GeneratedCodeAnalysisFlags.ReportDiagnostics);
            }
            else
            {
                context.ConfigureGeneratedCodeAnalysis(GeneratedCodeAnalysisFlags.None);
            }

            context.RegisterCompilationStartAction(
                (CompilationStartAnalysisContext compilationContext) =>
            {
                Compilation compilation   = compilationContext.Compilation;
                var wellKnownTypeProvider = WellKnownTypeProvider.GetOrCreate(compilation);

                if (!wellKnownTypeProvider.TryGetOrCreateTypeByMetadataName("System.Xml.Xsl.XsltSettings", out var type))
                {
                    return;
                }

                var configuration = Configuration.GetOrCreate(compilationContext);

                compilationContext.RegisterOperationBlockStartAction(
                    operationBlockStartContext =>
                {
                    ISymbol owningSymbol                = operationBlockStartContext.OwningSymbol;
                    AnalyzerOptions options             = operationBlockStartContext.Options;
                    CancellationToken cancellationToken = operationBlockStartContext.CancellationToken;
                    if (options.IsConfiguredToSkipAnalysis(Rule, owningSymbol, compilation, cancellationToken))
                    {
                        return;
                    }

                    bool?GetValue(IOperation operation, IOperation value, OperationAnalysisContext operationAnalysisContext)
                    {
                        if (value.ConstantValue.HasValue && value.ConstantValue.Value is bool isEnableScript)
                        {
                            return(isEnableScript);
                        }

                        if (!operation.TryGetEnclosingControlFlowGraph(out var cfg))
                        {
                            return(null);
                        }

                        var valueContentResult = ValueContentAnalysis.TryGetOrComputeResult(cfg, owningSymbol, wellKnownTypeProvider,
                                                                                            operationAnalysisContext.Options, Rule, PointsToAnalysisKind.Complete, operationAnalysisContext.CancellationToken);
                        if (valueContentResult == null)
                        {
                            return(null);
                        }

                        ValueContentAbstractValue abstractValue = valueContentResult[value.Kind, value.Syntax];

                        PropertySetAbstractValueKind kind = PropertySetCallbacks.EvaluateLiteralValues(abstractValue, (object?o) => o is true);
                        if (kind == PropertySetAbstractValueKind.MaybeFlagged || kind == PropertySetAbstractValueKind.Flagged)
                        {
                            return(true);
                        }

                        kind = PropertySetCallbacks.EvaluateLiteralValues(abstractValue, (object?o) => o is false);
                        if (kind == PropertySetAbstractValueKind.Flagged)
                        {
                            return(false);
                        }

                        return(null);
                    }

                    operationBlockStartContext.RegisterOperationAction(
                        ctx =>
                    {
                        IAssignmentOperation operation = (IAssignmentOperation)ctx.Operation;
                        if (!(operation.Target is IPropertyReferenceOperation propertyReferenceOperation))
                        {
                            return;
                        }

                        if (propertyReferenceOperation.Member.ContainingType != type)
                        {
                            return;
                        }

                        if (propertyReferenceOperation.Member.Name == "EnableScript")
                        {
                            var enableScript = GetValue(operation, operation.Value, ctx);
                            if ((enableScript.HasValue && enableScript.Value) ||
                                !enableScript.HasValue && configuration.AuditMode)
                            {
                                ctx.ReportDiagnostic(Diagnostic.Create(Rule, operation.Syntax.GetLocation()));
                            }
                        }
                    },
                        OperationKind.SimpleAssignment);

                    operationBlockStartContext.RegisterOperationAction(
                        ctx =>
                    {
                        var operation = (IPropertyReferenceOperation)ctx.Operation;
                        if (operation.Property.ContainingType != type || operation.Property.Name != "TrustedXslt")
                        {
                            return;
                        }

                        ctx.ReportDiagnostic(Diagnostic.Create(Rule, operation.Syntax.GetLocation()));
                    },
                        OperationKind.PropertyReference);

                    operationBlockStartContext.RegisterOperationAction(
                        ctx =>
                    {
                        IObjectCreationOperation invocationOperation = (IObjectCreationOperation)ctx.Operation;
                        if (invocationOperation.Constructor.ContainingType != type)
                        {
                            return;
                        }

                        var enableScriptArg = invocationOperation.Arguments.FirstOrDefault(x => x.Parameter.Name == "enableScript");
                        if (enableScriptArg == null)
                        {
                            return;
                        }

                        var enableScript = GetValue(invocationOperation, enableScriptArg.Value, ctx);
                        if ((enableScript.HasValue && enableScript.Value) ||
                            !enableScript.HasValue && configuration.AuditMode)
                        {
                            ctx.ReportDiagnostic(Diagnostic.Create(Rule, invocationOperation.Syntax.GetLocation()));
                        }
                    },
                        OperationKind.ObjectCreation);
                });
            });
        }