-
Notifications
You must be signed in to change notification settings - Fork 457
/
DoNotAddArchiveItemPathToTheTargetFileSystemPath.cs
29 lines (24 loc) · 1.49 KB
/
DoNotAddArchiveItemPathToTheTargetFileSystemPath.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
// Copyright (c) Microsoft. All Rights Reserved. Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using Analyzer.Utilities.FlowAnalysis.Analysis.TaintedDataAnalysis;
using Microsoft.CodeAnalysis;
using Microsoft.CodeAnalysis.Diagnostics;
using Microsoft.NetCore.Analyzers.Security.Helpers;
namespace Microsoft.NetCore.Analyzers.Security
{
[DiagnosticAnalyzer(LanguageNames.CSharp, LanguageNames.VisualBasic)]
public class DoNotAddArchiveItemPathToTheTargetFileSystemPath : SourceTriggeredTaintedDataAnalyzerBase
{
internal const string RuleId = "CA5389";
internal static DiagnosticDescriptor Rule = SecurityHelpers.CreateDiagnosticDescriptor(
RuleId,
typeof(MicrosoftNetCoreAnalyzersResources),
nameof(MicrosoftNetCoreAnalyzersResources.DoNotAddArchiveItemPathToTheTargetFileSystemPath),
nameof(MicrosoftNetCoreAnalyzersResources.DoNotAddArchiveItemPathToTheTargetFileSystemPathMessage),
isEnabledByDefault: false,
helpLinkUri: null,
descriptionResourceStringName: nameof(MicrosoftNetCoreAnalyzersResources.DoNotAddArchiveItemPathToTheTargetFileSystemPathDescription),
customTags: WellKnownDiagnosticTagsExtensions.DataflowAndTelemetry);
protected override SinkKind SinkKind { get { return SinkKind.ZipSlip; } }
protected override DiagnosticDescriptor TaintedDataEnteringSinkDescriptor { get { return Rule; } }
}
}