-
Notifications
You must be signed in to change notification settings - Fork 458
/
SourceInfo.cs
176 lines (161 loc) · 9.08 KB
/
SourceInfo.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
// Copyright (c) Microsoft. All Rights Reserved. Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System;
using System.Collections.Immutable;
using System.Linq;
using Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.PointsToAnalysis;
using Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.ValueContentAnalysis;
using Microsoft.CodeAnalysis.Operations;
namespace Analyzer.Utilities.FlowAnalysis.Analysis.TaintedDataAnalysis
{
internal delegate bool PointsToCheck(ImmutableArray<PointsToAbstractValue> pointsTos);
internal delegate bool ValueContentCheck(ImmutableArray<PointsToAbstractValue> pointsTos, ImmutableArray<ValueContentAbstractValue> valueContents);
internal delegate bool MethodMatcher(string methodName, ImmutableArray<IArgumentOperation> arguments);
/// <summary>
/// Info for tainted data sources, which generate tainted data.
/// </summary>
internal class SourceInfo : ITaintedDataInfo, IEquatable<SourceInfo>
{
/// <summary>
/// Constructs.
/// </summary>
/// <param name="fullTypeName">Full type name of the...type (namespace + type).</param>
/// <param name="taintedProperties">Properties that generate tainted data.</param>
/// <param name="taintedMethods">Methods that generate tainted data and whose arguments don't need extra analysis.</param>
/// <param name="taintedMethodsNeedsPointsToAnalysis">Methods that generate tainted data and whose arguments don't need extra value content analysis.</param>
/// <param name="taintedMethodsNeedsValueContentAnalysis">Methods that generate tainted data and whose arguments need extra value content analysis and points to analysis.</param>
/// <param name="taintConstantArray"></param>
public SourceInfo(
string fullTypeName,
bool isInterface,
ImmutableHashSet<string> taintedProperties,
ImmutableHashSet<(MethodMatcher, ImmutableHashSet<string>)> taintedMethods,
ImmutableHashSet<(MethodMatcher, ImmutableHashSet<(PointsToCheck, string)>)> taintedMethodsNeedsPointsToAnalysis,
ImmutableHashSet<(MethodMatcher, ImmutableHashSet<(ValueContentCheck, string)>)> taintedMethodsNeedsValueContentAnalysis,
ImmutableHashSet<(MethodMatcher, ImmutableHashSet<(string, string)>)> transferMethods,
bool taintConstantArray)
{
FullTypeName = fullTypeName ?? throw new ArgumentNullException(nameof(fullTypeName));
IsInterface = isInterface;
TaintedProperties = taintedProperties ?? throw new ArgumentNullException(nameof(taintedProperties));
TaintedMethods = taintedMethods ?? throw new ArgumentNullException(nameof(taintedMethods));
TaintedMethodsNeedsPointsToAnalysis = taintedMethodsNeedsPointsToAnalysis ?? throw new ArgumentNullException(nameof(taintedMethodsNeedsPointsToAnalysis));
TaintedMethodsNeedsValueContentAnalysis = taintedMethodsNeedsValueContentAnalysis ?? throw new ArgumentNullException(nameof(taintedMethodsNeedsValueContentAnalysis));
TransferMethods = transferMethods ?? throw new ArgumentNullException(nameof(transferMethods));
TaintConstantArray = taintConstantArray;
}
/// <summary>
/// Full type name of the...type (namespace + type).
/// </summary>
public string FullTypeName { get; }
/// <summary>
/// Indicates this type is an interface.
/// </summary>
public bool IsInterface { get; }
/// <summary>
/// Properties that generate tainted data.
/// </summary>
public ImmutableHashSet<string> TaintedProperties { get; }
/// <summary>
/// Methods that generate tainted data.
/// TaintedTarget is the tainted target (arguments / return value).
/// </summary>
public ImmutableHashSet<(MethodMatcher MethodMatcher, ImmutableHashSet<string> TaintedTargets)> TaintedMethods { get; }
/// <summary>
/// Methods that generate tainted data and whose arguments don't need extra value content analysis.
/// </summary>
/// <remarks>
/// MethodMatcher determines if the outermost tuple applies, based on the method names and arguments.
/// PointsToCheck determines if the inner tuple applies, based on the method invocation's arguments PointsToAbstractValues.
/// TaintedTarget is the tainted target (arguments / return value).
///
/// Example:
/// (
/// (methodName, argumentOperations) => methodName == "Bar", // MethodMatcher
/// {
/// (
/// (pointsTos) => true, // PointsToCheck
/// TaintedTargetValue.Return // TaintedTarget
/// )
/// }
/// )
///
/// will treat any invocation of the "Bar" method's return value as tainted.
/// </remarks>
public ImmutableHashSet<(MethodMatcher MethodMatcher, ImmutableHashSet<(PointsToCheck PointsToCheck, string TaintedTarget)>)> TaintedMethodsNeedsPointsToAnalysis { get; }
/// <summary>
/// Methods that generate tainted data and whose arguments need extra value content analysis and points to analysis.
/// </summary>
/// <remarks>
/// MethodMatcher determines if the outermost tuple applies, based on the method names and arguments.
/// ValueContentCheck determines if the inner tuple applies, based on the method invocation's arguments PointsToAbstractValues and ValueContentAbstractValues.
/// TaintedTarget is the tainted target (arguments / return value).
///
/// Example:
/// (
/// (methodName, argumentOperations) => methodName == "Bar", // MethodMatcher
/// {
/// (
/// (pointsTos, valueContents) => true, // ValueContentCheck
/// TaintedTargetValue.Return // TaintedTarget
/// )
/// }
/// )
///
/// will treat any invocation of the "Bar" method's return value as tainted.
/// </remarks>
public ImmutableHashSet<(MethodMatcher MethodMatcher, ImmutableHashSet<(ValueContentCheck ValueContentCheck, string TaintedTarget)>)> TaintedMethodsNeedsValueContentAnalysis { get; }
/// <summary>
/// Methods that could taint another argument when one of its argument is tainted.
/// </summary>
/// <remarks>
/// MethodMatcher determines if the outermost tuple applies, based on the method names and arguments.
/// (IfTaintedParameter, ThenTaintedTarget) determines if the ThenTaintedTarget is tainted, based on if the IfTaintedParameter is tainted.
///
/// Example:
/// (
/// (methodName, argumentOperations) => methodName == "Bar", // MethodMatcher
/// {
/// ("a", "b")
/// }
/// )
///
/// will treat the parameter "b" as tainted when parameter "a" is tainted of the "Bar" method.
/// </remarks>
public ImmutableHashSet<(MethodMatcher MethodMatcher, ImmutableHashSet<(string IfTaintedParameter, string ThenTaintedTarget)>)> TransferMethods { get; }
/// <summary>
/// Indicates arrays initialized with constant values of this type generates tainted data.
/// </summary>
public bool TaintConstantArray { get; }
/// <summary>
/// Indicates that this <see cref="SourceInfo"/> uses <see cref="ValueContentAbstractValue"/>s.
/// </summary>
public bool RequiresValueContentAnalysis => this.TaintedMethodsNeedsValueContentAnalysis.Any();
public override int GetHashCode()
{
return HashUtilities.Combine(this.TaintConstantArray.GetHashCode(),
HashUtilities.Combine(this.TaintedProperties,
HashUtilities.Combine(this.TaintedMethods,
HashUtilities.Combine(this.TaintedMethodsNeedsPointsToAnalysis,
HashUtilities.Combine(this.TaintedMethodsNeedsValueContentAnalysis,
HashUtilities.Combine(this.TransferMethods,
HashUtilities.Combine(this.IsInterface.GetHashCode(),
StringComparer.Ordinal.GetHashCode(this.FullTypeName))))))));
}
public override bool Equals(object obj)
{
return obj is SourceInfo other ? this.Equals(other) : false;
}
public bool Equals(SourceInfo other)
{
return other != null
&& this.FullTypeName == other.FullTypeName
&& this.IsInterface == other.IsInterface
&& this.TaintedProperties == other.TaintedProperties
&& this.TaintedMethods == other.TaintedMethods
&& this.TaintedMethodsNeedsPointsToAnalysis == other.TaintedMethodsNeedsPointsToAnalysis
&& this.TaintedMethodsNeedsValueContentAnalysis == other.TaintedMethodsNeedsValueContentAnalysis
&& this.TransferMethods == other.TransferMethods
&& this.TaintConstantArray == other.TaintConstantArray;
}
}
}