public override ProblemCollection Check(TypeNode cls) { lock (_currentTypeLock) { if (!cls.IsDerivedFrom("CDS.Core.Utils.Inspection.SafeSqlBuilder")) { return(Problems); } _currentType = cls; foreach (var m in cls.Members) { var meth = m as Method; if (meth != null && !m.IsPrivate) { VisitParameters(meth.Parameters); } VisitMethodCallStatements(m); } } return(Problems); }
public override ProblemCollection Check(TypeNode type) { if (type.Attributes.Any(a => a.Type.FullName == "CDS.ProxyFactory.SingletonAttribute") && type.IsDerivedFrom("System.IDisposable")) { Problems.Add(new Problem(this.GetResolution())); } return Problems; }
public override ProblemCollection Check(TypeNode cls) { lock (_currentTypeLock) { if (!cls.IsDerivedFrom("CDS.Core.Utils.Inspection.SafeSqlBuilder")) return Problems; _currentType = cls; foreach (var m in cls.Members) { var meth = m as Method; if (meth != null && !m.IsPrivate) VisitParameters(meth.Parameters); VisitMethodCallStatements(m); } } return Problems; }
/// <summary> /// Numeric, bool, DateTime, etc. types are safe from SQL/XSS injection. User-defined types composed entirely of safe types are also safe. /// </summary> protected bool IsTypeSafe(TypeNode t, HashSet <string> checkedTypes = null) { if (t == null) { return(true); } if (checkedTypes == null) { checkedTypes = new HashSet <string>(); } else if (checkedTypes.Contains(t.FullName)) //don't recurse infinitely into self-referencing types { return(true); } checkedTypes.Add(t.FullName); if (IsStringIsh(t) || (t.TemplateArguments != null && t.TemplateArguments.Any(a => IsStringIsh(a)))) { return(false); } if (t.IsPrimitiveNumeric || t is EnumNode) { return(true); } if (_maybeSafeGenericTypes.Any(a => t.IsDerivedFrom(a)) && t.TemplateArguments != null && t.TemplateArguments.All(a => IsTypeSafe(a, checkedTypes))) { return(true); } if (_safeTypes.Contains(t.FullName)) { return(true); } return(t.Members.Where(w => w.Name.Name != "ToString").All(a => IsTypeSafe(a, checkedTypes))); }
private bool IsCountedMember(TypeNode callee, Member boundMember) { return(_caller != callee && !_caller.IsDerivedFrom(callee) && boundMember.NodeType != NodeType.InstanceInitializer); }
/// <summary> /// Numeric, bool, DateTime, etc. types are safe from SQL/XSS injection. User-defined types composed entirely of safe types are also safe. /// </summary> protected bool IsTypeSafe(TypeNode t, HashSet<string> checkedTypes = null) { if (t == null) return true; if (checkedTypes == null) checkedTypes = new HashSet<string>(); else if (checkedTypes.Contains(t.FullName)) //don't recurse infinitely into self-referencing types return true; checkedTypes.Add(t.FullName); if (IsStringIsh(t) || (t.TemplateArguments != null && t.TemplateArguments.Any(a => IsStringIsh(a)))) return false; if (t.IsPrimitiveNumeric || t is EnumNode) return true; if (_maybeSafeGenericTypes.Any(a => t.IsDerivedFrom(a)) && t.TemplateArguments != null && t.TemplateArguments.All(a => IsTypeSafe(a, checkedTypes))) return true; if (_safeTypes.Contains(t.FullName)) return true; return t.Members.Where(w => w.Name.Name != "ToString").All(a => IsTypeSafe(a, checkedTypes)); }
public static bool IsController(this TypeNode node) { return(node.IsPublic && node.IsDerivedFrom("System.Web.Mvc.Controller")); }
public override ProblemCollection Check(TypeNode type) { if (type.Attributes.Any(a => a.Type.FullName == "CDS.ProxyFactory.SingletonAttribute") && type.IsDerivedFrom("System.IDisposable")) { Problems.Add(new Problem(this.GetResolution())); } return(Problems); }
private bool ToBeIncluded(TypeNode type) { return(type != _type && !_type.IsDerivedFrom(type)); }