Puma Scan is a software security Visual Studio extension that provides real time, continuous source code analysis as development teams write code. Vulnerabilities are immediately displayed in the development environment as spell check and compiler warnings, preventing security bugs from entering your applications.
Debugging the release 2.0 branch to benchmark findings across the old version versus new version. Analayzers are failing to fire:
Warning AD0001 Analyzer 'Puma.Security.Rules.Suites.PathTamperingDiagnosticSuite' threw an exception of type 'System.ArgumentNullException' with message 'Value cannot be null.
Parameter name: syntax'
System.ArgumentNullException: Value cannot be null.
Parameter name: syntax
at Microsoft.CodeAnalysis.CSharp.CSharpSemanticModel.CheckSyntaxNode(CSharpSyntaxNode syntax)
at Microsoft.CodeAnalysis.CSharp.CSharpSemanticModel.GetSymbolInfo(ExpressionSyntax expression, CancellationToken cancellationToken)
at Microsoft.CodeAnalysis.CSharp.CSharpExtensions.GetSymbolInfo(SemanticModel semanticModel, ExpressionSyntax expression, CancellationToken cancellationToken)
at Puma.Security.Rules.Analyzer.Core.IdentifierNameSyntaxAnalyzer.CanIgnore(SemanticModel model, SyntaxNode syntax)
at Puma.Security.Rules.Analyzer.Core.SyntaxNodeAnalyzer.CanIgnore(SemanticModel model, SyntaxNode syntax)
at Puma.Security.Rules.Analyzer.Core.InvocationExpressionSyntaxAnalyzer.<>cDisplayClass7_0.b0(ArgumentSyntax p)
at System.Linq.Enumerable.All[TSource](IEnumerable1 source, Func2 predicate)
at Puma.Security.Rules.Analyzer.Core.InvocationExpressionSyntaxAnalyzer.CanSuppressArguments(SemanticModel model, ArgumentListSyntax argumentList)
at Puma.Security.Rules.Analyzer.Core.InvocationExpressionSyntaxAnalyzer.CanSuppress(SemanticModel model, SyntaxNode syntax)
at Puma.Security.Rules.Analyzer.Core.BaseCodeBlockAnalyzer.OnCompilationEnd(CompilationAnalysisContext pumaContext)
at Puma.Security.Rules.Core.BaseSyntaxDiagnosticSuite.<>cDisplayClass2_0.b0(CompilationAnalysisContext context)
at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.<>c.b__36_1(ValueTuple2 data) at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.ExecuteAndCatchIfThrows_NoLock[TArg](DiagnosticAnalyzer analyzer, Action1 analyze, TArg argument, Nullable`1 info)
Debugging the release 2.0 branch to benchmark findings across the old version versus new version. Analayzers are failing to fire:
Warning AD0001 Analyzer 'Puma.Security.Rules.Suites.PathTamperingDiagnosticSuite' threw an exception of type 'System.ArgumentNullException' with message 'Value cannot be null. Parameter name: syntax'
System.ArgumentNullException: Value cannot be null. Parameter name: syntax at Microsoft.CodeAnalysis.CSharp.CSharpSemanticModel.CheckSyntaxNode(CSharpSyntaxNode syntax) at Microsoft.CodeAnalysis.CSharp.CSharpSemanticModel.GetSymbolInfo(ExpressionSyntax expression, CancellationToken cancellationToken) at Microsoft.CodeAnalysis.CSharp.CSharpExtensions.GetSymbolInfo(SemanticModel semanticModel, ExpressionSyntax expression, CancellationToken cancellationToken) at Puma.Security.Rules.Analyzer.Core.IdentifierNameSyntaxAnalyzer.CanIgnore(SemanticModel model, SyntaxNode syntax) at Puma.Security.Rules.Analyzer.Core.SyntaxNodeAnalyzer.CanIgnore(SemanticModel model, SyntaxNode syntax) at Puma.Security.Rules.Analyzer.Core.InvocationExpressionSyntaxAnalyzer.<>cDisplayClass7_0.b0(ArgumentSyntax p)
at System.Linq.Enumerable.All[TSource](IEnumerableb 0(CompilationAnalysisContext context)
at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.<>c.b__36_1(ValueTuple
1 source, Func2 predicate) at Puma.Security.Rules.Analyzer.Core.InvocationExpressionSyntaxAnalyzer.CanSuppressArguments(SemanticModel model, ArgumentListSyntax argumentList) at Puma.Security.Rules.Analyzer.Core.InvocationExpressionSyntaxAnalyzer.CanSuppress(SemanticModel model, SyntaxNode syntax) at Puma.Security.Rules.Analyzer.Core.BaseCodeBlockAnalyzer.OnCompilationEnd(CompilationAnalysisContext pumaContext) at Puma.Security.Rules.Core.BaseSyntaxDiagnosticSuite.<>cDisplayClass2_0.2 data) at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.ExecuteAndCatchIfThrows_NoLock[TArg](DiagnosticAnalyzer analyzer, Action1 analyze, TArg argument, Nullable`1 info)'.