private XmlTextReaderEnvironment AnalyzeObjectCreationForXmlTextReader(IMethodSymbol symbol, SyntaxNode node, SemanticModel model) { var env = new XmlTextReaderEnvironment(AreDefaultsSecure, symbol, node); if (!ReferenceEquals(symbol.ContainingType, XmlTypes.XmlTextReader)) { // We assume the design of derived type is secure env.IsDtdProcessingDisabled = true; env.IsSecureResolver = true; } foreach (SyntaxNode arg in SyntaxNodeHelper.GetObjectInitializerExpressionNodes(node)) { SyntaxNode argLhs = SyntaxNodeHelper.GetAssignmentLeftNode(arg); SyntaxNode argRhs = SyntaxNodeHelper.GetAssignmentRightNode(arg); ISymbol argLhsSymbol = SyntaxNodeHelper.GetSymbol(argLhs, model); if (SecurityDiagnosticHelpers.IsXmlTextReaderXmlResolverPropertyDerived(argLhsSymbol, XmlTypes)) { env.IsSecureResolver = SyntaxNodeHelper.NodeHasConstantValueNull(argRhs, model) || SecurityDiagnosticHelpers.IsXmlSecureResolverType(model.GetTypeInfo(argRhs).Type, XmlTypes); } else if (SecurityDiagnosticHelpers.IsXmlTextReaderDtdProcessingPropertyDerived(argLhsSymbol, XmlTypes)) { env.IsDtdProcessingDisabled = !SyntaxNodeHelper.NodeHasConstantValue(argRhs, model, 2 /*DtdProcessing.Parse*/); } else if (SecurityDiagnosticHelpers.IsXmlTextReaderProhibitDtdPropertyDerived(argLhsSymbol, XmlTypes)) { env.IsDtdProcessingDisabled = !SyntaxNodeHelper.NodeHasConstantValue(argRhs, model, false); } } return(env); }
private void AnalyzePropertyAssignment(IPropertySymbol symbol, SyntaxNode lhs, SyntaxNode rhs, SemanticModel model) { if (SecurityDiagnosticHelpers.IsXmlDocumentXmlResolverPropertyDerived(symbol, XmlTypes)) { ISymbol lhsExpressionSymbol = SyntaxNodeHelper.GetSymbol(lhs, model); if (lhsExpressionSymbol == null) { return; } var env = GetEnvironment(lhsExpressionSymbol, lhs, XmlDocumentEnvironments, TempXmlDocumentEnvironments); bool oldIsSecureResolver = env.IsSecureResolver; env.IsSecureResolver = SyntaxNodeHelper.NodeHasConstantValueNull(rhs, model) || SecurityDiagnosticHelpers.IsXmlSecureResolverType(model.GetTypeInfo(rhs).Type, XmlTypes); if (oldIsSecureResolver && !env.IsSecureResolver) { env.Definition = rhs; } } else if (SecurityDiagnosticHelpers.IsXmlTextReaderXmlResolverPropertyDerived(symbol, XmlTypes)) { ISymbol lhsExpressionSymbol = SyntaxNodeHelper.GetSymbol(lhs, model); if (lhsExpressionSymbol == null) { return; } var env = GetEnvironment(lhsExpressionSymbol, lhs, XmlTextReaderEnvironments, TempXmlTextReaderEnvironments); bool oldIsSecureResolver = env.IsSecureResolver; env.IsSecureResolver = SyntaxNodeHelper.NodeHasConstantValueNull(rhs, model) || SecurityDiagnosticHelpers.IsXmlSecureResolverType(model.GetTypeInfo(rhs).Type, XmlTypes); if (oldIsSecureResolver && !env.IsSecureResolver) { env.Definition = rhs; } } else if (SecurityDiagnosticHelpers.IsXmlTextReaderDtdProcessingPropertyDerived(symbol, XmlTypes)) { ISymbol lhsExpressionSymbol = SyntaxNodeHelper.GetSymbol(lhs, model); if (lhsExpressionSymbol == null) { return; } var env = GetEnvironment(lhsExpressionSymbol, lhs, XmlTextReaderEnvironments, TempXmlTextReaderEnvironments); bool oldIsDtdProcessingDisabled = env.IsDtdProcessingDisabled; env.IsDtdProcessingDisabled = !SyntaxNodeHelper.NodeHasConstantValue(rhs, model, 2 /*DtdProcessing.Parse*/); if (oldIsDtdProcessingDisabled && !env.IsDtdProcessingDisabled) { env.Definition = rhs; } } else if (SecurityDiagnosticHelpers.IsXmlTextReaderProhibitDtdPropertyDerived(symbol, XmlTypes)) { ISymbol lhsExpressionSymbol = SyntaxNodeHelper.GetSymbol(lhs, model); if (lhsExpressionSymbol == null) { return; } var env = GetEnvironment(lhsExpressionSymbol, lhs, XmlTextReaderEnvironments, TempXmlTextReaderEnvironments); bool oldIsDtdProcessingDisabled = env.IsDtdProcessingDisabled; env.IsDtdProcessingDisabled = !SyntaxNodeHelper.NodeHasConstantValue(rhs, model, false); if (oldIsDtdProcessingDisabled && !env.IsDtdProcessingDisabled) { env.Definition = rhs; } } else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsDtdProcessingProperty(symbol, XmlTypes)) { ISymbol lhsExpressionSymbol = SyntaxNodeHelper.GetSymbol(lhs, model); if (lhsExpressionSymbol == null) { return; } var env = GetEnvironment(lhsExpressionSymbol, lhs, XmlReaderSettingsEnvironments, TempXmlReaderSettingsEnvironments); bool oldIsDtdProcessingDisabled = env.IsDtdProcessingDisabled; env.IsDtdProcessingDisabled = !SyntaxNodeHelper.NodeHasConstantValue(rhs, model, 2 /*DtdProcessing.Parse*/); if (oldIsDtdProcessingDisabled && !env.IsDtdProcessingDisabled) { env.Definition = rhs; } } else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsProhibitDtdProperty(symbol, XmlTypes)) { var lhsExpressionSymbol = SyntaxNodeHelper.GetSymbol(lhs, model); if (lhsExpressionSymbol == null) { return; } var env = GetEnvironment(lhsExpressionSymbol, lhs, XmlReaderSettingsEnvironments, TempXmlReaderSettingsEnvironments); bool oldIsDtdProcessingDisabled = env.IsDtdProcessingDisabled; env.IsDtdProcessingDisabled = !SyntaxNodeHelper.NodeHasConstantValue(rhs, model, false); if (oldIsDtdProcessingDisabled && !env.IsDtdProcessingDisabled) { env.Definition = rhs; } } else if (SecurityDiagnosticHelpers.IsXmlReaderSettingsMaxCharactersFromEntitiesProperty(symbol, XmlTypes)) { ISymbol lhsExpressionSymbol = SyntaxNodeHelper.GetSymbol(lhs, model); if (lhsExpressionSymbol == null) { return; } var env = GetEnvironment(lhsExpressionSymbol, lhs, XmlReaderSettingsEnvironments, TempXmlReaderSettingsEnvironments); //bool oldIsMaxCharactersFromEntitiesLimited = env.IsMaxCharactersFromEntitiesLimited; env.IsMaxCharactersFromEntitiesLimited = !SyntaxNodeHelper.NodeHasConstantValue(rhs, model, 0); //if (!env.IsMaxCharactersFromEntitiesLimited) // env.Definition = rhs; } }