diff --git a/src/Microsoft.NetCore.Analyzers/Core/Security/SourceTriggeredTaintedDataAnalyzerBase.cs b/src/Microsoft.NetCore.Analyzers/Core/Security/SourceTriggeredTaintedDataAnalyzerBase.cs index baf9418cc6..ab4e42ff5e 100644 --- a/src/Microsoft.NetCore.Analyzers/Core/Security/SourceTriggeredTaintedDataAnalyzerBase.cs +++ b/src/Microsoft.NetCore.Analyzers/Core/Security/SourceTriggeredTaintedDataAnalyzerBase.cs @@ -77,6 +77,11 @@ public override void Initialize(AnalysisContext context) } ControlFlowGraph cfg = operationBlockStartContext.OperationBlocks.GetControlFlowGraph(); + if (cfg == null) + { + return; + } + WellKnownTypeProvider wellKnownTypeProvider = WellKnownTypeProvider.GetOrCreate(compilation); InterproceduralAnalysisConfiguration interproceduralAnalysisConfiguration = InterproceduralAnalysisConfiguration.Create( options, @@ -115,12 +120,11 @@ public override void Initialize(AnalysisContext context) operationAnalysisContext => { IPropertyReferenceOperation propertyReferenceOperation = (IPropertyReferenceOperation)operationAnalysisContext.Operation; - IOperation rootOperation = operationAnalysisContext.Operation.GetRoot(); if (sourceInfoSymbolMap.IsSourceProperty(propertyReferenceOperation.Property)) { lock (rootOperationsNeedingAnalysis) { - rootOperationsNeedingAnalysis.Add(rootOperation); + rootOperationsNeedingAnalysis.Add(propertyReferenceOperation.GetRoot()); } } }, @@ -130,20 +134,16 @@ public override void Initialize(AnalysisContext context) operationAnalysisContext => { IInvocationOperation invocationOperation = (IInvocationOperation)operationAnalysisContext.Operation; - IOperation rootOperation = operationAnalysisContext.Operation.GetRoot(); - if (rootOperation.TryGetEnclosingControlFlowGraph(out ControlFlowGraph cfg)) + if (sourceInfoSymbolMap.IsSourceMethod( + invocationOperation.TargetMethod, + invocationOperation.Arguments, + pointsToFactory, + valueContentFactory, + out _)) { - if (sourceInfoSymbolMap.IsSourceMethod( - invocationOperation.TargetMethod, - invocationOperation.Arguments, - pointsToFactory, - valueContentFactory, - out _)) + lock (rootOperationsNeedingAnalysis) { - lock (rootOperationsNeedingAnalysis) - { - rootOperationsNeedingAnalysis.Add(rootOperation); - } + rootOperationsNeedingAnalysis.Add(invocationOperation.GetRoot()); } } }, @@ -181,11 +181,6 @@ public override void Initialize(AnalysisContext context) foreach (IOperation rootOperation in rootOperationsNeedingAnalysis) { - if (!rootOperation.TryGetEnclosingControlFlowGraph(out ControlFlowGraph cfg)) - { - continue; - } - TaintedDataAnalysisResult taintedDataAnalysisResult = TaintedDataAnalysis.TryGetOrComputeResult( cfg, operationBlockAnalysisContext.Compilation, diff --git a/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotHardCodeCertificateTests.cs b/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotHardCodeCertificateTests.cs index 3f8369ebca..55b56b1ce4 100644 --- a/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotHardCodeCertificateTests.cs +++ b/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotHardCodeCertificateTests.cs @@ -434,6 +434,20 @@ public static string Calculate(string unhashedNameId) }"); } + [Fact] + public void Test_NullCfg_NoDiagnostic() + { + VerifyCSharp(@" +using System; + +public class TestClass +{ + public static string ContentName => ""Satya""; + + public static readonly byte[] ByteArray = Convert.FromBase64String(""Some strings.""); +}"); + } + protected override DiagnosticAnalyzer GetBasicDiagnosticAnalyzer() { return new DoNotHardCodeCertificate();