public void VisitAssignment(Microsoft.CodeAnalysis.VisualBasic.Syntax.AssignmentStatementSyntax node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState) { //Looking for Assigment to Secure or HttpOnly property var assigment = node; if (assigment.Left is Microsoft.CodeAnalysis.VisualBasic.Syntax.MemberAccessExpressionSyntax) { var memberAccess = (Microsoft.CodeAnalysis.VisualBasic.Syntax.MemberAccessExpressionSyntax)assigment.Left; if (memberAccess.Expression is Microsoft.CodeAnalysis.VisualBasic.Syntax.IdentifierNameSyntax) { var identifier = (Microsoft.CodeAnalysis.VisualBasic.Syntax.IdentifierNameSyntax)memberAccess.Expression; string variableAccess = identifier.Identifier.ValueText; if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "Secure")) { state.AddTag(variableAccess, VariableTag.HttpCookieSecure); } else if (AnalyzerUtil.SymbolMatch(symbol, "HttpCookie", "HttpOnly")) { state.AddTag(variableAccess, VariableTag.HttpCookieHttpOnly); } } } }
public void VisitAssignment(Microsoft.CodeAnalysis.VisualBasic.Syntax.AssignmentStatementSyntax node, ExecutionState state, MethodBehavior behavior, ISymbol symbol, VariableState variableRightState) { if (behavior == null && //Unknown API (symbol != null && IsPasswordField(symbol)) && variableRightState.taint == VariableTaint.CONSTANT //Only constant ) { var diagnostic = Diagnostic.Create(Rule, node.GetLocation()); state.AnalysisContext.ReportDiagnostic(diagnostic); } }
/// <summary> /// Make winforms designer work: https://github.com/icsharpcode/CodeConverter/issues/321 /// </summary> public SyntaxList <StatementSyntax> GetPostAssignmentStatements(Microsoft.CodeAnalysis.VisualBasic.Syntax.AssignmentStatementSyntax node, ISymbol potentialPropertySymbol) { if (CommonConversions.MustInlinePropertyWithEventsAccess(node, potentialPropertySymbol)) { var fieldName = SyntaxFactory.IdentifierName("_" + potentialPropertySymbol.Name); var handledMethods = _handledMethodsFromPropertyWithEventName[potentialPropertySymbol.Name].ToArray(); if (handledMethods.Any()) { var postAssignmentStatements = handledMethods.SelectMany(h => h.GetPostInitializationStatements(potentialPropertySymbol.Name, fieldName)); return(SyntaxFactory.List(postAssignmentStatements)); } } return(SyntaxFactory.List <StatementSyntax>()); }
// public static bool IsKind(this SyntaxToken token, SyntaxKind kind) // { // return token.RawKind == (int)kind; // } // // public static bool IsKind(this SyntaxTrivia trivia, SyntaxKind kind) // { // return trivia.RawKind == (int)kind; // } // // public static bool IsKind(this SyntaxNode node, SyntaxKind kind) // { // return node?.RawKind == (int)kind; // } // // public static bool IsKind(this SyntaxNodeOrToken nodeOrToken, SyntaxKind kind) // { // return nodeOrToken.RawKind == (int)kind; // } // // public static SyntaxNode GetParent(this SyntaxNode node) // { // return node != null ? node.Parent : null; // } public static bool HasOperandOfUnconvertedType(this Microsoft.CodeAnalysis.VisualBasic.Syntax.AssignmentStatementSyntax node, string operandType, SemanticModel semanticModel) { return(new[] { node.Left, node.Right }.Any(e => ExpressionSyntaxExtensions.UnconvertedIsType(e, operandType, semanticModel))); }