From 73b7e64cf68e1d3eb126eadd7556cd87370f5582 Mon Sep 17 00:00:00 2001 From: LingxiaChen Date: Mon, 11 Nov 2019 14:59:12 +0800 Subject: [PATCH 1/2] Add a unit test. --- .../Security/DoNotHardCodeCertificateTests.cs | 51 +++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotHardCodeCertificateTests.cs b/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotHardCodeCertificateTests.cs index dd4a837207..3f8369ebca 100644 --- a/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotHardCodeCertificateTests.cs +++ b/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotHardCodeCertificateTests.cs @@ -3,6 +3,7 @@ using System.Collections.Generic; using Microsoft.CodeAnalysis; using Microsoft.CodeAnalysis.Diagnostics; +using Test.Utilities; using Xunit; using Xunit.Abstractions; @@ -383,6 +384,56 @@ public void TestMethod(byte[] bytes, string path) }"); } + // Didn't find out what causes NRE. + [Fact, WorkItem(3012, "https://github.com/dotnet/roslyn-analyzers/issues/3012")] + public void Test_ExampleCodeFromTheIssue_NoDiagnostic() + { + VerifyCSharp(@" +using System; +using System.Globalization; +using System.IO; +using System.Security; +using System.Security.Cryptography; +using System.Security.Cryptography.X509Certificates; +using System.Text; +using System.Text.RegularExpressions; + +class Constants +{ + public static Regex UnhashedNameIdRegex = new Regex(@""^[a-zA-Z0-9]\d{2}[a-zA-Z0-9](-\d{3}){2}[A-Za-z0-9]$""); +} + +class TestClass +{ + public static string Calculate(string unhashedNameId) + { + if (string.IsNullOrWhiteSpace(unhashedNameId)) + { + throw new ArgumentNullException(nameof(unhashedNameId), $""{ nameof(unhashedNameId)} must not be null, empty or whitespace.""); + } + + if (!Constants.UnhashedNameIdRegex.IsMatch(unhashedNameId)) + { + throw new ArgumentException($""{ nameof(unhashedNameId)} does not match '{Constants.UnhashedNameIdRegex}'."", nameof(unhashedNameId)); + } + + using (var sha = new SHA256Managed()) + { + byte[] textData = Encoding.UTF8.GetBytes(unhashedNameId); + byte[] crypto = sha.ComputeHash(textData); + + var nameId = new StringBuilder(); + foreach (byte hash in crypto) + { + nameId.Append(hash.ToString(""x2"", CultureInfo.InvariantCulture)); + } + + return nameId.ToString(); + } + } +}"); + } + protected override DiagnosticAnalyzer GetBasicDiagnosticAnalyzer() { return new DoNotHardCodeCertificate(); From d874dd902858066409f7c815f5dfe11c02243f00 Mon Sep 17 00:00:00 2001 From: LingxiaChen Date: Wed, 13 Nov 2019 12:52:03 +0800 Subject: [PATCH 2/2] Remove extra ValueContentAnalysis. --- .../FlowAnalysis/Analysis/TaintedDataAnalysis/SourceInfo.cs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/TaintedDataAnalysis/SourceInfo.cs b/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/TaintedDataAnalysis/SourceInfo.cs index fb7f6371f7..d26d851212 100644 --- a/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/TaintedDataAnalysis/SourceInfo.cs +++ b/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/TaintedDataAnalysis/SourceInfo.cs @@ -2,6 +2,7 @@ using System; using System.Collections.Immutable; +using System.Linq; using Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.PointsToAnalysis; using Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.ValueContentAnalysis; using Microsoft.CodeAnalysis.Operations; @@ -140,7 +141,7 @@ internal class SourceInfo : ITaintedDataInfo, IEquatable /// /// Indicates that this uses s. /// - public bool RequiresValueContentAnalysis => this.TaintedMethodsNeedsValueContentAnalysis != null; + public bool RequiresValueContentAnalysis => this.TaintedMethodsNeedsValueContentAnalysis.Any(); public override int GetHashCode() {