/// <summary> Находит возможные вызовы REST сервисов </summary> private void CheckHttpRequests(ArgumentSyntax node) { if (node.GetText().ToString().Contains("http")) { Error(node.GetLocation(), "Возможен запрос в интернет", ListViewErrors.Criticality.Средний, $"Проверить доверенность внешнего сервиса: {node.GetText()}"); } }
private static void Analyze(SyntaxNodeAnalysisContext context, SeparatedSyntaxList <ArgumentSyntax> arguments) { ArgumentSyntax previousParameter = arguments[1]; int firstParameterLine = arguments[0].GetLine(); int previousLine = previousParameter.GetLine(); Func <int, int, bool> lineCondition; if (firstParameterLine == previousLine) { // arguments must be on same line lineCondition = (param1Line, param2Line) => param1Line == param2Line; } else { // each argument must be on its own line lineCondition = (param1Line, param2Line) => param1Line != param2Line; } for (int i = 2; i < arguments.Count; ++i) { ArgumentSyntax currentParameter = arguments[i]; int currentLine = currentParameter.GetLine(); if (lineCondition(previousLine, currentLine)) { previousLine = currentLine; continue; } context.ReportDiagnostic(Diagnostic.Create(Descriptor, currentParameter.GetLocation())); return; } }
private void Analyze(SyntaxNodeAnalysisContext context) { InvocationExpressionSyntax invocationExpression = (InvocationExpressionSyntax)context.Node; MemberAccessExpressionSyntax memberAccessExpression = invocationExpression.Expression as MemberAccessExpressionSyntax; if (memberAccessExpression == null) { return; } string memberName = memberAccessExpression.Name.ToString(); if (memberName != "IsTrue" && memberName != "IsFalse") { return; } if (invocationExpression.ArgumentList.Arguments.Count == 0) { return; } ArgumentSyntax arg0 = invocationExpression.ArgumentList.Arguments[0]; if (arg0.Expression.Kind() == SyntaxKind.ParenthesizedExpression) { context.ReportDiagnostic(Diagnostic.Create(Rule, arg0.GetLocation())); } }
private static void HandleArgument(SyntaxNodeAnalysisContext context, ArgumentSyntax argument) { if (argument.TryGetTypeofValue(context.SemanticModel, context.CancellationToken, out var ownerType) && !ownerType.IsAssignableTo(KnownSymbol.DependencyObject, context.Compilation)) { context.ReportDiagnostic(Diagnostic.Create(Descriptor, argument.GetLocation(), KnownSymbol.DependencyProperty.RegisterAttached.Name)); } }
private static void HandleArgument(SyntaxNodeAnalysisContext context, ArgumentSyntax argument) { if (argument.TryGetTypeofValue(context.SemanticModel, context.CancellationToken, out var ownerType) && !ownerType.Equals(context.ContainingSymbol.ContainingType)) { context.ReportDiagnostic(Diagnostic.Create(Descriptor, argument.GetLocation(), context.ContainingSymbol.ContainingType)); } }
private static Location InspectArgument(ArgumentSyntax argument, IMethodSymbol method, SemanticModel semanticModel) { if (IsStringParameter(argument, semanticModel) && ParameterIsReferenced(argument, method)) { return(Location.None); } // no string, so no paramName; hence we have to report it anyway return(argument.GetLocation()); }
private void AnalyzeSuffix(ArgumentSyntax argument, SemanticModel semanticModel, ICollection <Diagnostic> list) { var argumentName = argument.ToString(); if (argumentName.EndsWith(Suffix, StringComparison.Ordinal)) { var location = argument.GetLocation(); var symbol = semanticModel.LookupSymbols(location.SourceSpan.Start, name: argumentName).FirstOrDefault(); if (symbol != null) { list.Add(Issue(symbol, argumentName.WithoutSuffix(Suffix))); } } }
private static void HandleCallback(SyntaxNodeAnalysisContext context, ArgumentSyntax eventArgument, ArgumentSyntax callbackArg, DiagnosticDescriptor descriptor) { var invokedHandler = (IdentifierNameSyntax)callbackArg.Expression; if (eventArgument.Expression is IdentifierNameSyntax identifierName && EventManager.IsMatch(invokedHandler.Identifier.ValueText, identifierName.Identifier.ValueText) == false) { if (EventManager.TryGetExpectedCallbackName(identifierName.Identifier.ValueText, out var expectedName)) { var properties = ImmutableDictionary.CreateRange(new[] { new KeyValuePair <string, string>("ExpectedName", expectedName) }); context.ReportDiagnostic(Diagnostic.Create(descriptor, callbackArg.GetLocation(), properties, expectedName)); } else { context.ReportDiagnostic(Diagnostic.Create(descriptor, callbackArg.GetLocation(), "On" + identifierName.Identifier.ValueText)); } } if (eventArgument.Expression is MemberAccessExpressionSyntax memberAccess && memberAccess.Name is IdentifierNameSyntax nameSyntax && EventManager.IsMatch(invokedHandler.Identifier.ValueText, nameSyntax.Identifier.ValueText) == false) { if (EventManager.TryGetExpectedCallbackName(nameSyntax.Identifier.ValueText, out var expectedName)) { var properties = ImmutableDictionary.CreateRange( new[] { new KeyValuePair <string, string>("ExpectedName", expectedName), }); context.ReportDiagnostic( Diagnostic.Create(descriptor, callbackArg.GetLocation(), properties, expectedName)); } else { context.ReportDiagnostic( Diagnostic.Create(descriptor, callbackArg.GetLocation(), "On" + nameSyntax.Identifier.ValueText)); } } }
public override void GetSinks(SyntaxNodeAnalysisContext context, DiagnosticId ruleId) { var syntax = context.Node as InvocationExpressionSyntax; ArgumentSyntax argumentSyntaxStatement = null; if (!_expressionSyntaxAnalyzer.IsVulnerable(context.SemanticModel, syntax, out argumentSyntaxStatement)) { return; } if (VulnerableSyntaxNodes.All(p => p.Sink.GetLocation() != argumentSyntaxStatement.GetLocation())) { VulnerableSyntaxNodes.Push(_vulnerableSyntaxNodeFactory.Create(argumentSyntaxStatement)); } }
private static void AnalyzeArgument( SyntaxNodeAnalysisContext context, ArgumentSyntax argument, ISymbol constantAttribute ) { // Get the associated parameter var parameter = argument.DetermineParameter( context.SemanticModel, allowParams: false ); // Parameter is somehow null, so do nothing if (parameter == null) { return; } // Parameter is not [Constant], so do nothing if (!HasAttribute(parameter, constantAttribute)) { return; } // Argument is a constant value, so do nothing if (context.SemanticModel.GetConstantValue(argument.Expression).HasValue) { return; } // Argument was defined as [Constant] already, so trust it var argumentSymbol = context.SemanticModel.GetSymbolInfo(argument.Expression).Symbol; if (argumentSymbol != null && HasAttribute(argumentSymbol, constantAttribute)) { return; } // Argument is not constant, so report it context.ReportDiagnostic( Diagnostic.Create( descriptor: Diagnostics.NonConstantPassedToConstantParameter, location: argument.GetLocation(), messageArgs: parameter.Name ) ); }
protected override void Analyze(SyntaxNodeAnalysisContext context, InvocationExpressionSyntax invocation, IMethodSymbol method) { SeparatedSyntaxList <ArgumentSyntax> arguments = invocation.ArgumentList.Arguments; if (arguments.Count > 1) { ArgumentSyntax arg = arguments[1]; Optional <object> value = context.SemanticModel.GetConstantValue(arg.Expression); if (value.HasValue && !IsValidContentType(value.Value)) { context.ReportDiagnostic(Diagnostic.Create( _descriptor, arg.GetLocation(), value.Value ?? "null")); } } }
public override void VisitArgument(ArgumentSyntax node) { InsertLLOCMap(node.GetLocation()); base.VisitArgument(node); }
private void AnalyzeInvocation(SyntaxNodeAnalysisContext context, InvocationExpressionSyntax invocationExpressionSyntax) { if (invocationExpressionSyntax.ArgumentList == null) { return; } if (invocationExpressionSyntax.ArgumentList.Arguments.Count == 0) { return; } if (!(invocationExpressionSyntax.ArgumentList.Arguments[0].Expression is SimpleLambdaExpressionSyntax lambdaExpressionSyntax)) { return; } if (lambdaExpressionSyntax.Body == null) { return; } if (!(lambdaExpressionSyntax.Body is AssignmentExpressionSyntax assignmentExpressionSyntax)) { return; } if (!(assignmentExpressionSyntax.Left is MemberAccessExpressionSyntax accessExpressionSyntax)) { return; } var symbolInfo = context.SemanticModel.GetSymbolInfo(accessExpressionSyntax); if (symbolInfo.Symbol == null) { return; } if (!(symbolInfo.Symbol is IEventSymbol eventSymbol)) { return; } if (!(eventSymbol.Type is INamedTypeSymbol namedTypeSymbol)) { return; } SymbolInfo raiseSymbol = context.SemanticModel.GetSymbolInfo(invocationExpressionSyntax.Expression); if (raiseSymbol.Symbol == null || !(raiseSymbol.Symbol is IMethodSymbol raiseMethodSymbol)) { return; } int firstArgument = 0; int argumentsToCheck; if (raiseMethodSymbol.Parameters.Last().IsParams) { argumentsToCheck = invocationExpressionSyntax.ArgumentList.Arguments.Count - 1; if (namedTypeSymbol.DelegateInvokeMethod.Parameters.Length != argumentsToCheck) { context.ReportDiagnostic(Diagnostic.Create(ArgumentCountRule, invocationExpressionSyntax.GetLocation())); return; } } else { bool isError = false; //it has a single eventargs argument. Compiler has made sure that the types are the same, make sure the delegate takes object sender, event args if (namedTypeSymbol.DelegateInvokeMethod.Parameters.Length != 2) { isError = true; } if (!isError && namedTypeSymbol.DelegateInvokeMethod.Parameters[0].Type.Name != "Object") { isError = true; } if (isError) { context.ReportDiagnostic(Diagnostic.Create(ArgumentCountRule, invocationExpressionSyntax.GetLocation())); return; } argumentsToCheck = 2; if (raiseMethodSymbol.Parameters.Length == 2) { firstArgument = 1; } } for (int i = firstArgument; i < argumentsToCheck; i++) { ArgumentSyntax argument = invocationExpressionSyntax.ArgumentList.Arguments[(i + 1) - firstArgument]; ITypeSymbol expectedType = namedTypeSymbol.DelegateInvokeMethod.Parameters[i].Type; SymbolInfo typeSymbol = context.SemanticModel.GetSymbolInfo(argument.Expression); Conversion conversion = context.SemanticModel.ClassifyConversion(argument.Expression, expectedType); if (!conversion.IsImplicit) { context.ReportDiagnostic(Diagnostic.Create(TypeMismatchRule, argument.GetLocation(), argument.Expression, typeSymbol.Symbol?.Name, expectedType.Name)); } } }
private void AnalyzeCodeBlock(SyntaxNodeAnalysisContext context) { InvocationExpressionSyntax call = context.Node as InvocationExpressionSyntax; if (call == null) { return; } // If we are not calling the DefineSwitchDefault methods on LocalAppContext then we can safely ignore this. if (!IsCallToDefineSwitchDefault(call, context.SemanticModel)) { return; } // Validate that the second argument is true. ArgumentSyntax args = call.ArgumentList.Arguments[1]; if (args.Expression.Kind() != SyntaxKind.TrueLiteralExpression) { context.ReportDiagnostic(Diagnostic.Create(s_appContextDefaultNotInitializedToTrueDiagnostic, args.GetLocation(), call)); } // check that we are doing this inside an if statement var containingIfStatement = call.Ancestors().FirstOrDefault(n => n.Kind() == SyntaxKind.IfStatement) as IfStatementSyntax; if (containingIfStatement == null) { context.ReportDiagnostic(Diagnostic.Create(s_appContextDefaultValueDefinedOutsideIfConditionDiagnostic, args.GetLocation(), call)); } else { // are we inside the switch? either as a block or as a switchcase? if (!(containingIfStatement.Parent.Kind() == SyntaxKind.SwitchSection || containingIfStatement.Parent.Parent.Kind() == SyntaxKind.SwitchSection)) { context.ReportDiagnostic(Diagnostic.Create(s_appContextDefaultValueDefinedOutsideIfConditionDiagnostic, args.GetLocation(), call)); } } // Validate that the if statement is using the appropriate expression if (containingIfStatement.Condition.Kind() != SyntaxKind.LessThanOrEqualExpression) { context.ReportDiagnostic(Diagnostic.Create(s_appContextDefaultUsedUnexpectedIfStatementDiagnostic, containingIfStatement.GetLocation())); } }