From 78b78960b4dffe880fadf1af444d161eaae125d4 Mon Sep 17 00:00:00 2001 From: LingxiaChen Date: Mon, 18 Nov 2019 15:36:26 +0800 Subject: [PATCH 1/2] Fix null cfg bug. --- .../SourceTriggeredTaintedDataAnalyzerBase.cs | 33 ++++++++----------- .../Security/DoNotHardCodeCertificateTests.cs | 16 ++++++++- 2 files changed, 29 insertions(+), 20 deletions(-) diff --git a/src/Microsoft.NetCore.Analyzers/Core/Security/SourceTriggeredTaintedDataAnalyzerBase.cs b/src/Microsoft.NetCore.Analyzers/Core/Security/SourceTriggeredTaintedDataAnalyzerBase.cs index baf9418cc6..ab4e42ff5e 100644 --- a/src/Microsoft.NetCore.Analyzers/Core/Security/SourceTriggeredTaintedDataAnalyzerBase.cs +++ b/src/Microsoft.NetCore.Analyzers/Core/Security/SourceTriggeredTaintedDataAnalyzerBase.cs @@ -77,6 +77,11 @@ public override void Initialize(AnalysisContext context) } ControlFlowGraph cfg = operationBlockStartContext.OperationBlocks.GetControlFlowGraph(); + if (cfg == null) + { + return; + } + WellKnownTypeProvider wellKnownTypeProvider = WellKnownTypeProvider.GetOrCreate(compilation); InterproceduralAnalysisConfiguration interproceduralAnalysisConfiguration = InterproceduralAnalysisConfiguration.Create( options, @@ -115,12 +120,11 @@ public override void Initialize(AnalysisContext context) operationAnalysisContext => { IPropertyReferenceOperation propertyReferenceOperation = (IPropertyReferenceOperation)operationAnalysisContext.Operation; - IOperation rootOperation = operationAnalysisContext.Operation.GetRoot(); if (sourceInfoSymbolMap.IsSourceProperty(propertyReferenceOperation.Property)) { lock (rootOperationsNeedingAnalysis) { - rootOperationsNeedingAnalysis.Add(rootOperation); + rootOperationsNeedingAnalysis.Add(propertyReferenceOperation.GetRoot()); } } }, @@ -130,20 +134,16 @@ public override void Initialize(AnalysisContext context) operationAnalysisContext => { IInvocationOperation invocationOperation = (IInvocationOperation)operationAnalysisContext.Operation; - IOperation rootOperation = operationAnalysisContext.Operation.GetRoot(); - if (rootOperation.TryGetEnclosingControlFlowGraph(out ControlFlowGraph cfg)) + if (sourceInfoSymbolMap.IsSourceMethod( + invocationOperation.TargetMethod, + invocationOperation.Arguments, + pointsToFactory, + valueContentFactory, + out _)) { - if (sourceInfoSymbolMap.IsSourceMethod( - invocationOperation.TargetMethod, - invocationOperation.Arguments, - pointsToFactory, - valueContentFactory, - out _)) + lock (rootOperationsNeedingAnalysis) { - lock (rootOperationsNeedingAnalysis) - { - rootOperationsNeedingAnalysis.Add(rootOperation); - } + rootOperationsNeedingAnalysis.Add(invocationOperation.GetRoot()); } } }, @@ -181,11 +181,6 @@ public override void Initialize(AnalysisContext context) foreach (IOperation rootOperation in rootOperationsNeedingAnalysis) { - if (!rootOperation.TryGetEnclosingControlFlowGraph(out ControlFlowGraph cfg)) - { - continue; - } - TaintedDataAnalysisResult taintedDataAnalysisResult = TaintedDataAnalysis.TryGetOrComputeResult( cfg, operationBlockAnalysisContext.Compilation, diff --git a/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotHardCodeCertificateTests.cs b/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotHardCodeCertificateTests.cs index 3f8369ebca..6e36877bc8 100644 --- a/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotHardCodeCertificateTests.cs +++ b/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotHardCodeCertificateTests.cs @@ -434,7 +434,21 @@ public static string Calculate(string unhashedNameId) }"); } - protected override DiagnosticAnalyzer GetBasicDiagnosticAnalyzer() + [Fact] + public void Test_NullCfg_NoDiagnostic() + { + VerifyCSharp(@" +using System; + +public class TestClass +{ + public static string ContentName => ""Satya""; + + public static readonly byte[] ByteArray = Convert.FromBase64String(""Some strings.""); +}"); + } + + protected override DiagnosticAnalyzer GetBasicDiagnosticAnalyzer() { return new DoNotHardCodeCertificate(); } From a50d6c981602b549ff1cec4afa2bb59c3686bbcc Mon Sep 17 00:00:00 2001 From: LingxiaChen Date: Mon, 18 Nov 2019 17:04:45 +0800 Subject: [PATCH 2/2] Fix formatting. --- .../UnitTests/Security/DoNotHardCodeCertificateTests.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotHardCodeCertificateTests.cs b/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotHardCodeCertificateTests.cs index 6e36877bc8..55b56b1ce4 100644 --- a/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotHardCodeCertificateTests.cs +++ b/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotHardCodeCertificateTests.cs @@ -448,7 +448,7 @@ public class TestClass }"); } - protected override DiagnosticAnalyzer GetBasicDiagnosticAnalyzer() + protected override DiagnosticAnalyzer GetBasicDiagnosticAnalyzer() { return new DoNotHardCodeCertificate(); }