public override ProblemCollection Check(TypeNode cls)
{
lock (_currentTypeLock)
{
if (!cls.IsDerivedFrom("CDS.Core.Utils.Inspection.SafeSqlBuilder"))
{
return(Problems);
}
_currentType = cls;
foreach (var m in cls.Members)
{
var meth = m as Method;
if (meth != null && !m.IsPrivate)
{
VisitParameters(meth.Parameters);
}
VisitMethodCallStatements(m);
}
}
return(Problems);
}
public override ProblemCollection Check(TypeNode type)
{
if (type.Attributes.Any(a => a.Type.FullName == "CDS.ProxyFactory.SingletonAttribute") && type.IsDerivedFrom("System.IDisposable"))
{
Problems.Add(new Problem(this.GetResolution()));
}
return Problems;
}
public override ProblemCollection Check(TypeNode cls)
{
lock (_currentTypeLock)
{
if (!cls.IsDerivedFrom("CDS.Core.Utils.Inspection.SafeSqlBuilder"))
return Problems;
_currentType = cls;
foreach (var m in cls.Members)
{
var meth = m as Method;
if (meth != null && !m.IsPrivate)
VisitParameters(meth.Parameters);
VisitMethodCallStatements(m);
}
}
return Problems;
}
/// <summary>
/// Numeric, bool, DateTime, etc. types are safe from SQL/XSS injection. User-defined types composed entirely of safe types are also safe.
/// </summary>
protected bool IsTypeSafe(TypeNode t, HashSet <string> checkedTypes = null)
{
if (t == null)
{
return(true);
}
if (checkedTypes == null)
{
checkedTypes = new HashSet <string>();
}
else if (checkedTypes.Contains(t.FullName)) //don't recurse infinitely into self-referencing types
{
return(true);
}
checkedTypes.Add(t.FullName);
if (IsStringIsh(t) || (t.TemplateArguments != null && t.TemplateArguments.Any(a => IsStringIsh(a))))
{
return(false);
}
if (t.IsPrimitiveNumeric || t is EnumNode)
{
return(true);
}
if (_maybeSafeGenericTypes.Any(a => t.IsDerivedFrom(a)) && t.TemplateArguments != null && t.TemplateArguments.All(a => IsTypeSafe(a, checkedTypes)))
{
return(true);
}
if (_safeTypes.Contains(t.FullName))
{
return(true);
}
return(t.Members.Where(w => w.Name.Name != "ToString").All(a => IsTypeSafe(a, checkedTypes)));
}
private bool IsCountedMember(TypeNode callee, Member boundMember)
{
return(_caller != callee &&
!_caller.IsDerivedFrom(callee) &&
boundMember.NodeType != NodeType.InstanceInitializer);
}
/// <summary>
/// Numeric, bool, DateTime, etc. types are safe from SQL/XSS injection. User-defined types composed entirely of safe types are also safe.
/// </summary>
protected bool IsTypeSafe(TypeNode t, HashSet<string> checkedTypes = null)
{
if (t == null)
return true;
if (checkedTypes == null)
checkedTypes = new HashSet<string>();
else if (checkedTypes.Contains(t.FullName)) //don't recurse infinitely into self-referencing types
return true;
checkedTypes.Add(t.FullName);
if (IsStringIsh(t) || (t.TemplateArguments != null && t.TemplateArguments.Any(a => IsStringIsh(a))))
return false;
if (t.IsPrimitiveNumeric || t is EnumNode)
return true;
if (_maybeSafeGenericTypes.Any(a => t.IsDerivedFrom(a)) && t.TemplateArguments != null && t.TemplateArguments.All(a => IsTypeSafe(a, checkedTypes)))
return true;
if (_safeTypes.Contains(t.FullName))
return true;
return t.Members.Where(w => w.Name.Name != "ToString").All(a => IsTypeSafe(a, checkedTypes));
}
public static bool IsController(this TypeNode node)
{
return(node.IsPublic && node.IsDerivedFrom("System.Web.Mvc.Controller"));
}
public override ProblemCollection Check(TypeNode type)
{
if (type.Attributes.Any(a => a.Type.FullName == "CDS.ProxyFactory.SingletonAttribute") && type.IsDerivedFrom("System.IDisposable"))
{
Problems.Add(new Problem(this.GetResolution()));
}
return(Problems);
}
private bool ToBeIncluded(TypeNode type)
{
return(type != _type && !_type.IsDerivedFrom(type));
}
