search

dotnet-security-guard / roslyn-security-guard

Roslyn analyzers that aim to help security audit on .NET applications.
https://dotnet-security-guard.github.io
GNU Lesser General Public License v3.0
208 stars 38 forks source link

Your Taint analyzer doesn't sniff for nulls #65

Open WillSullivan opened 7 years ago

WillSullivan commented 7 years ago

I've had your Taint analyzer throw on a number of different methods, but I can't reliably repro. Happens a lot, tho. Like to see the call stack here it goes

Warning AD0001  Analyzer 'RoslynSecurityGuard.Analyzers.Taint.TaintAnalyzer' threw an exception of type 'System.Exception' with message 'Unhandle exception while visiting method Main : Object reference not set to an instance of an object.'.    
UnifiedConfig       1   Active  Analyzer 'RoslynSecurityGuard.Analyzers.Taint.TaintAnalyzer' threw the following exception:
'Exception occurred with following context:
Compilation: UnifiedConfig
SyntaxTree: D:\TEST_PROJECTS\UnifiedConfig\UnifiedConfig\Program.cs
SyntaxNode: static void Main(string[] args) ... [MethodDeclarationSyntax]@[236..962) (11,8)-(24,9)

System.Exception: Unhandle exception while visiting method Main : Object reference not set to an instance of an object. ---> System.NullReferenceException: Object reference not set to an instance of an object.
   at RoslynSecurityGuard.Analyzers.InsecureCookieAnalyzer.VisitEndMethodDeclaration(MethodDeclarationSyntax node, ExecutionState state)
   at RoslynSecurityGuard.Analyzers.Taint.CSharpCodeEvaluation.VisitMethods(SyntaxNodeAnalysisContext ctx)
   --- End of inner exception stack trace ---
   at RoslynSecurityGuard.Analyzers.Taint.CSharpCodeEvaluation.VisitMethods(SyntaxNodeAnalysisContext ctx)
   at RoslynSecurityGuard.Analyzers.Taint.TaintAnalyzer.VisitMethods(SyntaxNodeAnalysisContext obj)
   at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.<>c__DisplayClass42_1`1.<ExecuteSyntaxNodeAction>b__1()
   at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.ExecuteAndCatchIfThrows_NoLock(DiagnosticAnalyzer analyzer, Action analyze, Nullable`1 info)
-----
System.NullReferenceException: Object reference not set to an instance of an object.
   at RoslynSecurityGuard.Analyzers.InsecureCookieAnalyzer.VisitEndMethodDeclaration(MethodDeclarationSyntax node, ExecutionState state)
   at RoslynSecurityGuard.Analyzers.Taint.CSharpCodeEvaluation.VisitMethods(SyntaxNodeAnalysisContext ctx)

A little more sniffing in your Taint may be warranted.

I'm totally serious this is not a joke no matter how many times I say Taint.

drchilds commented 7 years ago

I'm also getting tons of similar results. Heh heh... he said "taint."

Analyzer 'RoslynSecurityGuard.Analyzers.Taint.TaintAnalyzer' threw an exception of type 'System.Exception' with message 'Unhandle exception while visiting method AddLineItem : Object reference not set to an instance of an object.'.

h3xstream commented 7 years ago

It is likely going to be fix by #67