private string CommentFor(MethodDefinition m, ReportWriter format, List <Regex> reviewedMethods)
{
if (!MethodPrivilegeDetector.IsMethodSignatureSafe(m))
{
return("#methodsignature_notsafe");
}
string unavailablereason = null;
bool criticaltype = false;
if (_criticalTypes.Contains(m.DeclaringType))
{
criticaltype = true;
unavailablereason = format.PropagationGraphStringFor(new[] { new PropagationReasonIsInCriticalType(m) });
}
else if (_canBeSscManual.Contains(m))
{
return("#available_manualSSC");
}
else if (_resultingSecurityCriticalMethods.Contains(m))
{
if (_methodRequiringPrivilegesThemselves.Contains(m))
{
unavailablereason = "method itself requires privileges";
}
else
{
unavailablereason = format.PropagationGraphStringFor(PropagationStackFor(m));
}
}
if (unavailablereason != null)
{
string prefix = "#unavailable_notreviewed ";
if (criticaltype || reviewedMethods.Any(r => r.Match(m.ToString()).Success))
{
prefix = "#unavailable_butreviewed ";
}
return(prefix + " (ML: " + Moonlight.GetSecurityStatusFor(m) + ") " + unavailablereason);
}
return("#available");
}
public virtual string PropagationGraphStringFor(IEnumerable <PropagationReason> stack)
{
string result = stack.Aggregate("",
(s, m) => m.MethodThatTaintedMe == null
? s + m.Explanation
: s + string.Format("{1} {0} (ML:{2}) which ", MethodSignatureProvider.SignatureFor(m.MethodThatTaintedMe), m.Explanation, Moonlight.GetSecurityStatusFor(m.MethodThatTaintedMe)));
return(result);
}
