public void VisitAssignment(Microsoft.CodeAnalysis.VisualBasic.Syntax.AssignmentStatementSyntax node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState)
{
//Looking for Assigment to Secure or HttpOnly property
var assigment = node;
if (assigment.Left is Microsoft.CodeAnalysis.VisualBasic.Syntax.MemberAccessExpressionSyntax)
{
var memberAccess = (Microsoft.CodeAnalysis.VisualBasic.Syntax.MemberAccessExpressionSyntax)assigment.Left;
if (memberAccess.Expression is Microsoft.CodeAnalysis.VisualBasic.Syntax.IdentifierNameSyntax)
{
var identifier = (Microsoft.CodeAnalysis.VisualBasic.Syntax.IdentifierNameSyntax)memberAccess.Expression;
string variableAccess = identifier.Identifier.ValueText;
if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure"))
{
state.AddTag(variableAccess, VariableTag.HttpCookieSecure);
}
else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly"))
{
state.AddTag(variableAccess, VariableTag.HttpCookieHttpOnly);
}
}
}
}
public void VisitAssignment(Microsoft.CodeAnalysis.VisualBasic.Syntax.AssignmentStatementSyntax node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState)
{
if (behavior == null && //Unknown API
(symbol != null && IsPasswordField(symbol)) &&
variableRightState.taint == VariableTaint.CONSTANT //Only constant
)
{
var diagnostic = Diagnostic.Create(Rule, node.GetLocation());
state.AnalysisContext.ReportDiagnostic(diagnostic);
}
}
/// <summary>
/// Make winforms designer work: https://github.com/icsharpcode/CodeConverter/issues/321
/// </summary>
public SyntaxList <StatementSyntax> GetPostAssignmentStatements(Microsoft.CodeAnalysis.VisualBasic.Syntax.AssignmentStatementSyntax node, ISymbol potentialPropertySymbol)
{
if (CommonConversions.MustInlinePropertyWithEventsAccess(node, potentialPropertySymbol))
{
var fieldName = SyntaxFactory.IdentifierName("_" + potentialPropertySymbol.Name);
var handledMethods = _handledMethodsFromPropertyWithEventName[potentialPropertySymbol.Name].ToArray();
if (handledMethods.Any())
{
var postAssignmentStatements = handledMethods.SelectMany(h =>
h.GetPostInitializationStatements(potentialPropertySymbol.Name, fieldName));
return(SyntaxFactory.List(postAssignmentStatements));
}
}
return(SyntaxFactory.List <StatementSyntax>());
}
// public static bool IsKind(this SyntaxToken token, SyntaxKind kind)
// {
// return token.RawKind == (int)kind;
// }
//
// public static bool IsKind(this SyntaxTrivia trivia, SyntaxKind kind)
// {
// return trivia.RawKind == (int)kind;
// }
//
// public static bool IsKind(this SyntaxNode node, SyntaxKind kind)
// {
// return node?.RawKind == (int)kind;
// }
//
// public static bool IsKind(this SyntaxNodeOrToken nodeOrToken, SyntaxKind kind)
// {
// return nodeOrToken.RawKind == (int)kind;
// }
//
// public static SyntaxNode GetParent(this SyntaxNode node)
// {
// return node != null ? node.Parent : null;
// }
public static bool HasOperandOfUnconvertedType(this Microsoft.CodeAnalysis.VisualBasic.Syntax.AssignmentStatementSyntax node, string operandType, SemanticModel semanticModel)
{
return(new[] { node.Left, node.Right }.Any(e => ExpressionSyntaxExtensions.UnconvertedIsType(e, operandType, semanticModel)));
}
