public override void VisitAssignment(VisualBasicSyntaxNode node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState) { if (behavior != null || //Unknown API symbol == null || variableRightState.Taint != VariableTaint.Constant || Microsoft.CodeAnalysis.VisualBasic.VisualBasicExtensions.Kind(variableRightState.Node) != Microsoft.CodeAnalysis.VisualBasic.SyntaxKind.StringLiteralExpression || !IsPasswordField(symbol)) { return; } var constValue = state.AnalysisContext.SemanticModel.GetConstantValue(variableRightState.Node); if (constValue.HasValue && constValue.Value.Equals("")) { return; } var varSymbol = state.GetSymbol(variableRightState.Node); if (varSymbol != null && varSymbol.IsType("System.String.Empty")) { return; } var diagnostic = Diagnostic.Create(Rule, node.GetLocation()); state.AnalysisContext.ReportDiagnostic(diagnostic); }
public override void VisitAssignment(VisualBasicSyntaxNode node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState) { Analyzer.VisitAssignment(symbol, variableRightState); }
public override void VisitAssignment(CSharpSyntax.AssignmentExpressionSyntax node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState) { Analyzer.VisitAssignment(symbol, variableRightState); }
public override void VisitAssignment(VB.VisualBasicSyntaxNode node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState) { if (node is VBSyntax.AssignmentStatementSyntax || node is VBSyntax.NamedFieldInitializerSyntax) { Analyzer.TagVariables(symbol, variableRightState); } }
public override void VisitAssignment(CSharpSyntax.AssignmentExpressionSyntax node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState) { if (node != null) { TagVariables(symbol, variableRightState); } }
public override void VisitAssignment(VisualBasicSyntaxNode node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState) { if (behavior == null && //Unknown API symbol != null && IsPasswordField(symbol) && variableRightState.Taint == VariableTaint.Constant) //Only constant { var diagnostic = Diagnostic.Create(Rule, node.GetLocation()); state.AnalysisContext.ReportDiagnostic(diagnostic); } }
public override void VisitAssignment(VisualBasicSyntaxNode node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState) { if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure")) { variableRightState.AddTag(VariableTag.HttpCookieSecure); } else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly")) { variableRightState.AddTag(VariableTag.HttpCookieHttpOnly); } }
public static MethodBehaviors GetMethodsBehavior(Type dsaType, Type proxyType) { MethodBehaviors behaviors = new MethodBehaviors(); List <MethodInfo> methods = GetAgentMethods(dsaType, proxyType); OfflineBehavior defaultBehavior = GetDefaultBehavior(dsaType); foreach (MethodInfo method in methods) { OfflineBehavior methodOfflineBehavior = GetMethodBehavior(dsaType, method.Name); MethodBehavior behavior = GenerateMethodBehavior(method, methodOfflineBehavior, defaultBehavior); behaviors.Add(behavior); } return(behaviors); }
public override void VisitAssignment(CSharpSyntax.AssignmentExpressionSyntax node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState) { //Looking for Assignment to Secure or HttpOnly property if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure")) { variableRightState.AddTag(VariableTag.HttpCookieSecure); } else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly")) { variableRightState.AddTag(VariableTag.HttpCookieHttpOnly); } }
public override void VisitAssignment(CSharpSyntax.AssignmentExpressionSyntax node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState) { if (behavior == null && //Unknown API (symbol != null && IsPasswordField(symbol)) && variableRightState.taint == VariableTaint.CONSTANT //Only constant ) { var diagnostic = Diagnostic.Create(Rule, node.GetLocation()); state.AnalysisContext.ReportDiagnostic(diagnostic); } }
public void VisitAssignment(AssignmentExpressionSyntax node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState) { //Looking for Assigment to Secure or HttpOnly property var assigment = node; if (assigment.Left is MemberAccessExpressionSyntax) { var memberAccess = (MemberAccessExpressionSyntax)assigment.Left; if (memberAccess.Expression is IdentifierNameSyntax) { var identifier = (IdentifierNameSyntax)memberAccess.Expression; string variableAccess = identifier.Identifier.ValueText; if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure")) { state.AddTag(variableAccess, VariableTag.HttpCookieSecure); } else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly")) { state.AddTag(variableAccess, VariableTag.HttpCookieHttpOnly); } } } }
private static MethodBehavior GenerateMethodBehavior(MethodInfo method, OfflineBehavior methodOffBehavior, OfflineBehavior defaultOffBehavior) { MethodBehavior behavior = new MethodBehavior(method, false); behavior.Expiration = null; behavior.MaxRetries = null; behavior.Stamps = null; behavior.Tag = null; if (methodOffBehavior != null) { if (defaultOffBehavior == null) { behavior.Expiration = methodOffBehavior.Expiration - DateTime.Now; behavior.MaxRetries = methodOffBehavior.MaxRetries; behavior.Stamps = methodOffBehavior.Stamps; behavior.Tag = methodOffBehavior.Tag; } else { TimeSpan methoBehaviorExpiration = new TimeSpan(); TimeSpan defaultBehaviorExpiration = new TimeSpan(); if (methodOffBehavior.Expiration.HasValue) { methoBehaviorExpiration = methodOffBehavior.Expiration.Value - DateTime.Now; methoBehaviorExpiration = new TimeSpan(methoBehaviorExpiration.Days, methoBehaviorExpiration.Hours, methoBehaviorExpiration.Minutes, methoBehaviorExpiration.Seconds); } if (defaultOffBehavior.Expiration.HasValue) { defaultBehaviorExpiration = defaultOffBehavior.Expiration.Value - DateTime.Now; defaultBehaviorExpiration = new TimeSpan(defaultBehaviorExpiration.Days, defaultBehaviorExpiration.Hours, defaultBehaviorExpiration.Minutes, defaultBehaviorExpiration.Seconds); } if (methoBehaviorExpiration != null && defaultBehaviorExpiration != null && !(methoBehaviorExpiration.Equals(defaultBehaviorExpiration))) { behavior.Expiration = methoBehaviorExpiration; behavior.IsOverride = true; } if (!(methodOffBehavior.MaxRetries.Equals(defaultOffBehavior.MaxRetries))) { behavior.MaxRetries = methodOffBehavior.MaxRetries; behavior.IsOverride = true; } if (!(methodOffBehavior.Stamps.Equals(defaultOffBehavior.Stamps))) { behavior.Stamps = methodOffBehavior.Stamps; behavior.IsOverride = true; } if (methodOffBehavior.Tag != null && !(methodOffBehavior.Tag.Equals(defaultOffBehavior.Tag))) { behavior.Tag = methodOffBehavior.Tag; behavior.IsOverride = true; } } } return(behavior); }
public void VisitAssignment(AssignmentExpressionSyntax node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState) { var assignment = node; if (assignment is AssignmentExpressionSyntax) { // Only PasswordValidator properties will cause a new tag to be added if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequiredLength")) { variableRightState.AddTag(VariableTag.RequiredLengthIsSet); } else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireDigit")) { variableRightState.AddTag(VariableTag.RequireDigitIsSet); } else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireLowercase")) { variableRightState.AddTag(VariableTag.RequireLowercaseIsSet); } else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireNonLetterOrDigit")) { variableRightState.AddTag(VariableTag.RequireNonLetterOrDigitIsSet); } else if (AnalyzerUtil.SymbolMatch(symbol, type: "PasswordValidator", name: "RequireUppercase")) { variableRightState.AddTag(VariableTag.RequireUppercaseIsSet); } } }