From 23619eb8692e54dc60fbd60bf324b481edf04019 Mon Sep 17 00:00:00 2001 From: Manish Vasani Date: Thu, 3 Dec 2020 08:33:17 -0800 Subject: [PATCH] Harden InterproceduralAnalysisConfiguration to prevent null tree argument Change the API argument for `InterproceduralAnalysisConfiguration.Create` to avoid null syntax tree being passed into it. Fixes #4491. I will create a separate PR to port the fix to 2.9.x branch --- .../PublicAPI.Unshipped.txt | 6 ++---- .../DisposableFieldsShouldBeDisposed.cs | 2 +- .../DoNotDisableHttpClientCRLCheck.cs | 2 +- .../Security/DoNotInstallRootCert.cs | 2 +- .../Security/DoNotSetSwitch.cs | 2 +- ...DoNotUseCreateEncryptorWithNonDefaultIV.cs | 2 +- ...ascriptSerializerWithSimpleTypeResolver.cs | 2 +- ...nsecureDeserializerJsonNetWithoutBinder.cs | 2 +- ...seInsecureDeserializerWithoutBinderBase.cs | 2 +- .../DoNotUseInsecureSettingsForJsonNet.cs | 2 +- ...NotUseWeakKDFInsufficientIterationCount.cs | 2 +- .../Security/SetHttpOnlyForHttpCookie.cs | 2 +- .../SourceTriggeredTaintedDataAnalyzerBase.cs | 21 ++++++++++++------- .../Security/UseContainerLevelAccessPolicy.cs | 2 +- .../Security/UseSecureCookiesASPNetCore.cs | 2 +- .../UseSharedAccessProtocolHttpsOnly.cs | 2 +- ...CodeForSqlInjectionVulnerabilitiesTests.cs | 6 ++++++ .../PropertySetAnalysisTests.cs | 2 +- .../DisposeAnalysis/DisposeAnalysis.cs | 14 ++++++------- .../GlobalFlowStateAnalysis.cs | 8 +++++-- .../ParameterValidationAnalysis.cs | 18 ++++++++-------- .../TaintedDataAnalysis.cs | 2 +- .../ValueContentAnalysis.cs | 18 +++++++++------- .../InterproceduralAnalysisConfiguration.cs | 15 ++++++------- 24 files changed, 79 insertions(+), 59 deletions(-) diff --git a/src/Microsoft.CodeAnalysis.AnalyzerUtilities/PublicAPI.Unshipped.txt b/src/Microsoft.CodeAnalysis.AnalyzerUtilities/PublicAPI.Unshipped.txt index dc2c988d26..1acbe5c21e 100644 --- a/src/Microsoft.CodeAnalysis.AnalyzerUtilities/PublicAPI.Unshipped.txt +++ b/src/Microsoft.CodeAnalysis.AnalyzerUtilities/PublicAPI.Unshipped.txt @@ -45,6 +45,8 @@ override Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.DataFlowOperationVisitor? copyAnalysisResult, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.DataFlowAnalysisResult? valueContentAnalysisResult, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisData!, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.DisposeAnalysis.DisposeAnalysisContext!, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.DisposeAnalysis.DisposeAbstractValue!>? interproceduralAnalysisData) -> Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.DisposeAnalysis.DisposeAnalysisContext! override Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.PointsToAnalysis.PointsToAnalysisContext.ForkForInterproceduralAnalysis(Microsoft.CodeAnalysis.IMethodSymbol! invokedMethod, Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowGraph! invokedControlFlowGraph, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.PointsToAnalysis.PointsToAnalysisResult? pointsToAnalysisResult, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.DataFlowAnalysisResult? copyAnalysisResult, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.DataFlowAnalysisResult? valueContentAnalysisResult, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisData? interproceduralAnalysisData) -> Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.PointsToAnalysis.PointsToAnalysisContext! override Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.ValueContentAnalysis.ValueContentAnalysisContext.ForkForInterproceduralAnalysis(Microsoft.CodeAnalysis.IMethodSymbol! invokedMethod, Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowGraph! invokedControlFlowGraph, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.PointsToAnalysis.PointsToAnalysisResult? pointsToAnalysisResult, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.DataFlowAnalysisResult? copyAnalysisResult, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.DataFlowAnalysisResult? valueContentAnalysisResult, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisData? interproceduralAnalysisData) -> Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.ValueContentAnalysis.ValueContentAnalysisContext! +static Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisConfiguration.Create(Microsoft.CodeAnalysis.Diagnostics.AnalyzerOptions! analyzerOptions, Microsoft.CodeAnalysis.DiagnosticDescriptor! rule, Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowGraph! cfg, Microsoft.CodeAnalysis.Compilation! compilation, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisKind defaultInterproceduralAnalysisKind, System.Threading.CancellationToken cancellationToken, uint defaultMaxInterproceduralMethodCallChain = 3, uint defaultMaxInterproceduralLambdaOrLocalFunctionCallChain = 3) -> Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisConfiguration +static Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisConfiguration.Create(Microsoft.CodeAnalysis.Diagnostics.AnalyzerOptions! analyzerOptions, System.Collections.Immutable.ImmutableArray rules, Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowGraph! cfg, Microsoft.CodeAnalysis.Compilation! compilation, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisKind defaultInterproceduralAnalysisKind, System.Threading.CancellationToken cancellationToken, uint defaultMaxInterproceduralMethodCallChain = 3, uint defaultMaxInterproceduralLambdaOrLocalFunctionCallChain = 3) -> Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisConfiguration static Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.ValueContentAnalysis.ValueContentAnalysis.TryGetOrComputeResult(Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowGraph! cfg, Microsoft.CodeAnalysis.ISymbol! owningSymbol, Analyzer.Utilities.WellKnownTypeProvider! wellKnownTypeProvider, Microsoft.CodeAnalysis.Diagnostics.AnalyzerOptions! analyzerOptions, Microsoft.CodeAnalysis.DiagnosticDescriptor! rule, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.PointsToAnalysis.PointsToAnalysisKind defaultPointsToAnalysisKind, System.Threading.CancellationToken cancellationToken, out Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.DataFlowAnalysisResult? copyAnalysisResult, out Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.PointsToAnalysis.PointsToAnalysisResult? pointsToAnalysisResult, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisKind interproceduralAnalysisKind = Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisKind.None, bool pessimisticAnalysis = true, bool performCopyAnalysisIfNotUserConfigured = false, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisPredicate? interproceduralAnalysisPredicate = null, System.Collections.Immutable.ImmutableArray additionalSupportedValueTypes = default(System.Collections.Immutable.ImmutableArray), System.Func? getValueContentValueForAdditionalSupportedValueTypeOperation = null) -> Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.DataFlowAnalysisResult? ~Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.AbstractDataFlowAnalysisContext Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.AbstractDataFlowAnalysisContext.AbstractDataFlowAnalysisContext(Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.AbstractValueDomain! valueDomain, Analyzer.Utilities.WellKnownTypeProvider! wellKnownTypeProvider, Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowGraph! controlFlowGraph, Microsoft.CodeAnalysis.ISymbol! owningSymbol, Microsoft.CodeAnalysis.Diagnostics.AnalyzerOptions! analyzerOptions, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisConfiguration interproceduralAnalysisConfig, bool pessimisticAnalysis, bool predicateAnalysis, bool exceptionPathsAnalysis, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.DataFlowAnalysisResult? copyAnalysisResult, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.PointsToAnalysis.PointsToAnalysisResult? pointsToAnalysisResult, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.DataFlowAnalysisResult? valueContentAnalysisResult, System.Func! tryGetOrComputeAnalysisResult, Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowGraph? parentControlFlowGraph, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisData? interproceduralAnalysisData, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisPredicate? interproceduralAnalysisPredicate) -> void @@ -643,10 +645,6 @@ static Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.DataFlowAnalysis.FlowBranch(Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.DataFlowOperationVisitor! operationVisitor, Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowBranch! branch, TAnalysisData! data) -> TAnalysisData! static Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.DataFlowOperationVisitor.EqualsHelper(System.Collections.Generic.IDictionary! dict1, System.Collections.Generic.IDictionary! dict2) -> bool static Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.DisposeAnalysis.DisposeAnalysis.TryGetOrComputeResult(Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowGraph! cfg, Microsoft.CodeAnalysis.ISymbol! owningSymbol, Analyzer.Utilities.WellKnownTypeProvider! wellKnownTypeProvider, Microsoft.CodeAnalysis.Diagnostics.AnalyzerOptions! analyzerOptions, Microsoft.CodeAnalysis.DiagnosticDescriptor! rule, System.Collections.Immutable.ImmutableHashSet! disposeOwnershipTransferLikelyTypes, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.PointsToAnalysis.PointsToAnalysisKind defaultPointsToAnalysisKind, bool trackInstanceFields, bool exceptionPathsAnalysis, System.Threading.CancellationToken cancellationToken, out Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.PointsToAnalysis.PointsToAnalysisResult? pointsToAnalysisResult, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisKind interproceduralAnalysisKind = Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisKind.ContextSensitive, bool performCopyAnalysisIfNotUserConfigured = false, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisPredicate? interproceduralAnalysisPredicate = null, bool defaultDisposeOwnershipTransferAtConstructor = false, bool defaultDisposeOwnershipTransferAtMethodCall = false) -> Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.DisposeAnalysis.DisposeAnalysisResult? -static Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisConfiguration.Create(Microsoft.CodeAnalysis.Diagnostics.AnalyzerOptions! analyzerOptions, Microsoft.CodeAnalysis.DiagnosticDescriptor! rule, Microsoft.CodeAnalysis.ISymbol! symbol, Microsoft.CodeAnalysis.Compilation! compilation, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisKind defaultInterproceduralAnalysisKind, System.Threading.CancellationToken cancellationToken, uint defaultMaxInterproceduralMethodCallChain = 3, uint defaultMaxInterproceduralLambdaOrLocalFunctionCallChain = 3) -> Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisConfiguration -static Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisConfiguration.Create(Microsoft.CodeAnalysis.Diagnostics.AnalyzerOptions! analyzerOptions, Microsoft.CodeAnalysis.DiagnosticDescriptor! rule, Microsoft.CodeAnalysis.SyntaxTree! tree, Microsoft.CodeAnalysis.Compilation! compilation, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisKind defaultInterproceduralAnalysisKind, System.Threading.CancellationToken cancellationToken, uint defaultMaxInterproceduralMethodCallChain = 3, uint defaultMaxInterproceduralLambdaOrLocalFunctionCallChain = 3) -> Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisConfiguration -static Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisConfiguration.Create(Microsoft.CodeAnalysis.Diagnostics.AnalyzerOptions! analyzerOptions, System.Collections.Immutable.ImmutableArray rules, Microsoft.CodeAnalysis.ISymbol! symbol, Microsoft.CodeAnalysis.Compilation! compilation, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisKind defaultInterproceduralAnalysisKind, System.Threading.CancellationToken cancellationToken, uint defaultMaxInterproceduralMethodCallChain = 3, uint defaultMaxInterproceduralLambdaOrLocalFunctionCallChain = 3) -> Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisConfiguration -static Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisConfiguration.Create(Microsoft.CodeAnalysis.Diagnostics.AnalyzerOptions! analyzerOptions, System.Collections.Immutable.ImmutableArray rules, Microsoft.CodeAnalysis.SyntaxTree! tree, Microsoft.CodeAnalysis.Compilation! compilation, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisKind defaultInterproceduralAnalysisKind, System.Threading.CancellationToken cancellationToken, uint defaultMaxInterproceduralMethodCallChain = 3, uint defaultMaxInterproceduralLambdaOrLocalFunctionCallChain = 3) -> Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisConfiguration static Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisConfiguration.operator !=(Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisConfiguration left, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisConfiguration right) -> bool static Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisConfiguration.operator ==(Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisConfiguration left, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralAnalysisConfiguration right) -> bool static Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralCaptureId.operator !=(Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralCaptureId left, Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.InterproceduralCaptureId right) -> bool diff --git a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Runtime/DisposableFieldsShouldBeDisposed.cs b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Runtime/DisposableFieldsShouldBeDisposed.cs index 3b25c2301f..bbe53307b4 100644 --- a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Runtime/DisposableFieldsShouldBeDisposed.cs +++ b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Runtime/DisposableFieldsShouldBeDisposed.cs @@ -167,7 +167,7 @@ void OnOperationBlockStart(OperationBlockStartAnalysisContext operationBlockStar var wellKnownTypeProvider = WellKnownTypeProvider.GetOrCreate(operationContext.Compilation); var interproceduralAnalysisConfig = InterproceduralAnalysisConfiguration.Create( - operationBlockStartContext.Options, Rule, containingMethod, operationBlockStartContext.Compilation, InterproceduralAnalysisKind.None, operationBlockStartContext.CancellationToken); + operationBlockStartContext.Options, Rule, cfg, operationBlockStartContext.Compilation, InterproceduralAnalysisKind.None, operationBlockStartContext.CancellationToken); var pointsToAnalysisResult = PointsToAnalysis.TryGetOrComputeResult(cfg, containingMethod, operationBlockStartContext.Options, wellKnownTypeProvider, PointsToAnalysisKind.PartialWithoutTrackingFieldsAndProperties, diff --git a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotDisableHttpClientCRLCheck.cs b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotDisableHttpClientCRLCheck.cs index 0debb2613f..e38fce2bb8 100644 --- a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotDisableHttpClientCRLCheck.cs +++ b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotDisableHttpClientCRLCheck.cs @@ -198,7 +198,7 @@ public override void Initialize(AnalysisContext context) InterproceduralAnalysisConfiguration.Create( compilationAnalysisContext.Options, SupportedDiagnostics, - rootOperationsNeedingAnalysis.First().Item1.Syntax.SyntaxTree, + rootOperationsNeedingAnalysis.First().Item1, compilationAnalysisContext.Compilation, defaultInterproceduralAnalysisKind: InterproceduralAnalysisKind.ContextSensitive, cancellationToken: compilationAnalysisContext.CancellationToken)); diff --git a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotInstallRootCert.cs b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotInstallRootCert.cs index caeae0609c..9da53b439f 100644 --- a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotInstallRootCert.cs +++ b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotInstallRootCert.cs @@ -186,7 +186,7 @@ public override void Initialize(AnalysisContext context) InterproceduralAnalysisConfiguration.Create( compilationAnalysisContext.Options, SupportedDiagnostics, - rootOperationsNeedingAnalysis.First().Item1.Syntax.SyntaxTree, + rootOperationsNeedingAnalysis.First().Item1, compilationAnalysisContext.Compilation, defaultInterproceduralAnalysisKind: InterproceduralAnalysisKind.ContextSensitive, cancellationToken: compilationAnalysisContext.CancellationToken)); diff --git a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotSetSwitch.cs b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotSetSwitch.cs index bb3f1c6623..5328215d36 100644 --- a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotSetSwitch.cs +++ b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotSetSwitch.cs @@ -129,7 +129,7 @@ public override void Initialize(AnalysisContext context) InterproceduralAnalysisConfiguration.Create( operationAnalysisContext.Options, SupportedDiagnostics, - invocationOperation.Syntax.SyntaxTree, + invocationOperation, operationAnalysisContext.Compilation, InterproceduralAnalysisKind.None, // Just looking for simple cases. operationAnalysisContext.CancellationToken), diff --git a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotUseCreateEncryptorWithNonDefaultIV.cs b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotUseCreateEncryptorWithNonDefaultIV.cs index 8ff8526628..1f526b816d 100644 --- a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotUseCreateEncryptorWithNonDefaultIV.cs +++ b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotUseCreateEncryptorWithNonDefaultIV.cs @@ -161,7 +161,7 @@ public override void Initialize(AnalysisContext context) InterproceduralAnalysisConfiguration.Create( compilationAnalysisContext.Options, SupportedDiagnostics, - rootOperationsNeedingAnalysis.First().Item1.Syntax.SyntaxTree, + rootOperationsNeedingAnalysis.First().Item1, compilationAnalysisContext.Compilation, defaultInterproceduralAnalysisKind: InterproceduralAnalysisKind.ContextSensitive, cancellationToken: compilationAnalysisContext.CancellationToken)); diff --git a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotUseInsecureDeserializerJavascriptSerializerWithSimpleTypeResolver.cs b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotUseInsecureDeserializerJavascriptSerializerWithSimpleTypeResolver.cs index e25f7b8d79..9c05849383 100644 --- a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotUseInsecureDeserializerJavascriptSerializerWithSimpleTypeResolver.cs +++ b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotUseInsecureDeserializerJavascriptSerializerWithSimpleTypeResolver.cs @@ -222,7 +222,7 @@ public override void Initialize(AnalysisContext context) InterproceduralAnalysisConfiguration.Create( compilationAnalysisContext.Options, SupportedDiagnostics, - rootOperationsNeedingAnalysis.First().Operation.Syntax.SyntaxTree, + rootOperationsNeedingAnalysis.First().Operation, compilationAnalysisContext.Compilation, defaultInterproceduralAnalysisKind: InterproceduralAnalysisKind.ContextSensitive, cancellationToken: compilationAnalysisContext.CancellationToken)); diff --git a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotUseInsecureDeserializerJsonNetWithoutBinder.cs b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotUseInsecureDeserializerJsonNetWithoutBinder.cs index 8e26e8f206..da94f36d53 100644 --- a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotUseInsecureDeserializerJsonNetWithoutBinder.cs +++ b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotUseInsecureDeserializerJsonNetWithoutBinder.cs @@ -204,7 +204,7 @@ public override void Initialize(AnalysisContext context) InterproceduralAnalysisConfiguration.Create( compilationAnalysisContext.Options, SupportedDiagnostics, - rootOperationsNeedingAnalysis.First().Operation.Syntax.SyntaxTree, + rootOperationsNeedingAnalysis.First().Operation, compilationAnalysisContext.Compilation, defaultInterproceduralAnalysisKind: InterproceduralAnalysisKind.ContextSensitive, cancellationToken: compilationAnalysisContext.CancellationToken)); diff --git a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotUseInsecureDeserializerWithoutBinderBase.cs b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotUseInsecureDeserializerWithoutBinderBase.cs index 3dc4391db6..97bce8258c 100644 --- a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotUseInsecureDeserializerWithoutBinderBase.cs +++ b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotUseInsecureDeserializerWithoutBinderBase.cs @@ -191,7 +191,7 @@ public sealed override void Initialize(AnalysisContext context) InterproceduralAnalysisConfiguration.Create( compilationAnalysisContext.Options, SupportedDiagnostics, - rootOperationsNeedingAnalysis.First().Operation.Syntax.SyntaxTree, + rootOperationsNeedingAnalysis.First().Operation, compilationAnalysisContext.Compilation, defaultInterproceduralAnalysisKind: InterproceduralAnalysisKind.ContextSensitive, cancellationToken: compilationAnalysisContext.CancellationToken)); diff --git a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotUseInsecureSettingsForJsonNet.cs b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotUseInsecureSettingsForJsonNet.cs index 186577d45e..0839d26e18 100644 --- a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotUseInsecureSettingsForJsonNet.cs +++ b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotUseInsecureSettingsForJsonNet.cs @@ -229,7 +229,7 @@ public override void Initialize(AnalysisContext context) InterproceduralAnalysisConfiguration.Create( compilationAnalysisContext.Options, SupportedDiagnostics, - rootOperationsNeedingAnalysis.First().Operation.Syntax.SyntaxTree, + rootOperationsNeedingAnalysis.First().Operation, compilationAnalysisContext.Compilation, defaultInterproceduralAnalysisKind: InterproceduralAnalysisKind.ContextSensitive, cancellationToken: compilationAnalysisContext.CancellationToken)); diff --git a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotUseWeakKDFInsufficientIterationCount.cs b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotUseWeakKDFInsufficientIterationCount.cs index 1a8a5ef0b4..6386b30ada 100644 --- a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotUseWeakKDFInsufficientIterationCount.cs +++ b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/DoNotUseWeakKDFInsufficientIterationCount.cs @@ -185,7 +185,7 @@ public override void Initialize(AnalysisContext context) InterproceduralAnalysisConfiguration.Create( compilationAnalysisContext.Options, SupportedDiagnostics, - tree, + rootOperationsNeedingAnalysis.First().Item1, compilationStartAnalysisContext.Compilation, defaultInterproceduralAnalysisKind: InterproceduralAnalysisKind.ContextSensitive, cancellationToken: cancellationToken)); diff --git a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/SetHttpOnlyForHttpCookie.cs b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/SetHttpOnlyForHttpCookie.cs index 9fbf95df84..00494e4781 100644 --- a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/SetHttpOnlyForHttpCookie.cs +++ b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/SetHttpOnlyForHttpCookie.cs @@ -166,7 +166,7 @@ public override void Initialize(AnalysisContext context) InterproceduralAnalysisConfiguration.Create( compilationAnalysisContext.Options, SupportedDiagnostics, - rootOperationsNeedingAnalysis.First().Operation.Syntax.SyntaxTree, + rootOperationsNeedingAnalysis.First().Operation, compilationAnalysisContext.Compilation, defaultInterproceduralAnalysisKind: InterproceduralAnalysisKind.ContextSensitive, cancellationToken: compilationAnalysisContext.CancellationToken)); diff --git a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/SourceTriggeredTaintedDataAnalyzerBase.cs b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/SourceTriggeredTaintedDataAnalyzerBase.cs index 72f3273486..7ec2c43c93 100644 --- a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/SourceTriggeredTaintedDataAnalyzerBase.cs +++ b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/SourceTriggeredTaintedDataAnalyzerBase.cs @@ -77,13 +77,6 @@ public override void Initialize(AnalysisContext context) } WellKnownTypeProvider wellKnownTypeProvider = WellKnownTypeProvider.GetOrCreate(compilation); - InterproceduralAnalysisConfiguration interproceduralAnalysisConfiguration = InterproceduralAnalysisConfiguration.Create( - options, - SupportedDiagnostics, - owningSymbol, - operationBlockStartContext.Compilation, - defaultInterproceduralAnalysisKind: InterproceduralAnalysisKind.ContextSensitive, - cancellationToken: cancellationToken); Lazy controlFlowGraphFactory = new Lazy( () => operationBlockStartContext.OperationBlocks.GetControlFlowGraph()); Lazy pointsToFactory = new Lazy( @@ -94,6 +87,13 @@ public override void Initialize(AnalysisContext context) return null; } + InterproceduralAnalysisConfiguration interproceduralAnalysisConfiguration = InterproceduralAnalysisConfiguration.Create( + options, + SupportedDiagnostics, + controlFlowGraphFactory.Value, + operationBlockStartContext.Compilation, + defaultInterproceduralAnalysisKind: InterproceduralAnalysisKind.ContextSensitive, + cancellationToken: cancellationToken); return PointsToAnalysis.TryGetOrComputeResult( controlFlowGraphFactory.Value, owningSymbol, @@ -111,6 +111,13 @@ public override void Initialize(AnalysisContext context) return (null, null); } + InterproceduralAnalysisConfiguration interproceduralAnalysisConfiguration = InterproceduralAnalysisConfiguration.Create( + options, + SupportedDiagnostics, + controlFlowGraphFactory.Value, + operationBlockStartContext.Compilation, + defaultInterproceduralAnalysisKind: InterproceduralAnalysisKind.ContextSensitive, + cancellationToken: cancellationToken); ValueContentAnalysisResult? valuecontentAnalysisResult = ValueContentAnalysis.TryGetOrComputeResult( controlFlowGraphFactory.Value, owningSymbol, diff --git a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/UseContainerLevelAccessPolicy.cs b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/UseContainerLevelAccessPolicy.cs index 0a45e4840a..b9d48d9f9f 100644 --- a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/UseContainerLevelAccessPolicy.cs +++ b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/UseContainerLevelAccessPolicy.cs @@ -142,7 +142,7 @@ public override void Initialize(AnalysisContext context) var interproceduralAnalysisConfig = InterproceduralAnalysisConfiguration.Create( operationAnalysisContext.Options, SupportedDiagnostics, - operationAnalysisContext.Operation.Syntax.SyntaxTree, + operationAnalysisContext.Operation, operationAnalysisContext.Compilation, defaultInterproceduralAnalysisKind: InterproceduralAnalysisKind.None, cancellationToken: operationAnalysisContext.CancellationToken, diff --git a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/UseSecureCookiesASPNetCore.cs b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/UseSecureCookiesASPNetCore.cs index a27d6245a0..c095084820 100644 --- a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/UseSecureCookiesASPNetCore.cs +++ b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/UseSecureCookiesASPNetCore.cs @@ -181,7 +181,7 @@ public override void Initialize(AnalysisContext context) InterproceduralAnalysisConfiguration.Create( compilationAnalysisContext.Options, SupportedDiagnostics, - rootOperationsNeedingAnalysis.First().Item1.Syntax.SyntaxTree, + rootOperationsNeedingAnalysis.First().Item1, compilationAnalysisContext.Compilation, defaultInterproceduralAnalysisKind: InterproceduralAnalysisKind.ContextSensitive, cancellationToken: compilationAnalysisContext.CancellationToken)); diff --git a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/UseSharedAccessProtocolHttpsOnly.cs b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/UseSharedAccessProtocolHttpsOnly.cs index f9b2c4a842..7de2aba787 100644 --- a/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/UseSharedAccessProtocolHttpsOnly.cs +++ b/src/NetAnalyzers/Core/Microsoft.NetCore.Analyzers/Security/UseSharedAccessProtocolHttpsOnly.cs @@ -140,7 +140,7 @@ public override void Initialize(AnalysisContext context) var interproceduralAnalysisConfig = InterproceduralAnalysisConfiguration.Create( operationAnalysisContext.Options, SupportedDiagnostics, - protocolsArgumentOperation.Syntax.SyntaxTree, + protocolsArgumentOperation, operationAnalysisContext.Compilation, defaultInterproceduralAnalysisKind: InterproceduralAnalysisKind.None, cancellationToken: operationAnalysisContext.CancellationToken, diff --git a/src/NetAnalyzers/UnitTests/Microsoft.NetCore.Analyzers/Security/ReviewCodeForSqlInjectionVulnerabilitiesTests.cs b/src/NetAnalyzers/UnitTests/Microsoft.NetCore.Analyzers/Security/ReviewCodeForSqlInjectionVulnerabilitiesTests.cs index dd5238ad31..5724dc08a6 100644 --- a/src/NetAnalyzers/UnitTests/Microsoft.NetCore.Analyzers/Security/ReviewCodeForSqlInjectionVulnerabilitiesTests.cs +++ b/src/NetAnalyzers/UnitTests/Microsoft.NetCore.Analyzers/Security/ReviewCodeForSqlInjectionVulnerabilitiesTests.cs @@ -3792,5 +3792,11 @@ public async Task HttpServerUtility_HtmlEncode_StringWriterOverload_WrongSanitiz }, }.RunAsync(); } + + [Fact, WorkItem(4491, "https://github.com/dotnet/roslyn-analyzers/issues/4491")] + public async Task AssemblyAttributeRegressionTest() + { + await VerifyVisualBasicWithDependenciesAsync(@""); + } } } diff --git a/src/Utilities.UnitTests/FlowAnalysis/Analysis/PropertySetAnalysis/PropertySetAnalysisTests.cs b/src/Utilities.UnitTests/FlowAnalysis/Analysis/PropertySetAnalysis/PropertySetAnalysisTests.cs index fbd1edaf9a..9be577f2f3 100644 --- a/src/Utilities.UnitTests/FlowAnalysis/Analysis/PropertySetAnalysis/PropertySetAnalysisTests.cs +++ b/src/Utilities.UnitTests/FlowAnalysis/Analysis/PropertySetAnalysis/PropertySetAnalysisTests.cs @@ -90,7 +90,7 @@ public PropertySetAnalysisParameters(string typeToTrack, ConstructorMapper const InterproceduralAnalysisConfiguration.Create( new AnalyzerOptions(ImmutableArray.Empty), dummy, - symbol, + cfg, compilation, InterproceduralAnalysisKind.ContextSensitive, cancellationSource.Token)); diff --git a/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/DisposeAnalysis/DisposeAnalysis.cs b/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/DisposeAnalysis/DisposeAnalysis.cs index b581afe754..5c6349fd5e 100644 --- a/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/DisposeAnalysis/DisposeAnalysis.cs +++ b/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/DisposeAnalysis/DisposeAnalysis.cs @@ -1,5 +1,6 @@ // Copyright (c) Microsoft. All Rights Reserved. Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. +using System; using System.Collections.Immutable; using System.Diagnostics; using System.Threading; @@ -50,10 +51,15 @@ private DisposeAnalysis(DisposeAnalysisDomain analysisDomain, DisposeDataFlowOpe bool defaultDisposeOwnershipTransferAtConstructor = false, bool defaultDisposeOwnershipTransferAtMethodCall = false) { + if (cfg == null) + { + throw new ArgumentNullException(nameof(cfg)); + } + Debug.Assert(!owningSymbol.IsConfiguredToSkipAnalysis(analyzerOptions, rule, wellKnownTypeProvider.Compilation, cancellationToken)); var interproceduralAnalysisConfig = InterproceduralAnalysisConfiguration.Create( - analyzerOptions, rule, owningSymbol, wellKnownTypeProvider.Compilation, interproceduralAnalysisKind, cancellationToken); + analyzerOptions, rule, cfg, wellKnownTypeProvider.Compilation, interproceduralAnalysisKind, cancellationToken); var disposeOwnershipTransferAtConstructor = analyzerOptions.GetDisposeOwnershipTransferAtConstructorOption( rule, owningSymbol, wellKnownTypeProvider.Compilation, defaultValue: defaultDisposeOwnershipTransferAtConstructor, cancellationToken); var disposeOwnershipTransferAtMethodCall = analyzerOptions.GetDisposeOwnershipTransferAtMethodCall( @@ -95,12 +101,6 @@ private DisposeAnalysis(DisposeAnalysisDomain analysisDomain, DisposeDataFlowOpe return null; } - if (cfg == null) - { - Debug.Fail("Expected non-null CFG"); - return null; - } - var analysisContext = DisposeAnalysisContext.Create( DisposeAbstractValueDomain.Default, wellKnownTypeProvider, cfg, owningSymbol, analyzerOptions, interproceduralAnalysisConfig, interproceduralAnalysisPredicate, PessimisticAnalysis, exceptionPathsAnalysis, pointsToAnalysisResult, TryGetOrComputeResultForAnalysisContext, diff --git a/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/GlobalFlowStateAnalysis/GlobalFlowStateAnalysis.cs b/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/GlobalFlowStateAnalysis/GlobalFlowStateAnalysis.cs index 1efd3ef61a..288273a30f 100644 --- a/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/GlobalFlowStateAnalysis/GlobalFlowStateAnalysis.cs +++ b/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/GlobalFlowStateAnalysis/GlobalFlowStateAnalysis.cs @@ -69,8 +69,13 @@ private GlobalFlowStateAnalysis(GlobalFlowStateAnalysisDomain analysisDomain, Gl ImmutableArray additionalSupportedValueTypes = default, Func? getValueContentValueForAdditionalSupportedValueTypeOperation = null) { + if (cfg == null) + { + throw new ArgumentNullException(nameof(cfg)); + } + var interproceduralAnalysisConfig = InterproceduralAnalysisConfiguration.Create( - analyzerOptions, rule, owningSymbol, wellKnownTypeProvider.Compilation, interproceduralAnalysisKind, cancellationToken); + analyzerOptions, rule, cfg, wellKnownTypeProvider.Compilation, interproceduralAnalysisKind, cancellationToken); var pointsToAnalysisKind = analyzerOptions.GetPointsToAnalysisKindOption(rule, owningSymbol, wellKnownTypeProvider.Compilation, defaultValue: PointsToAnalysisKind.PartialWithoutTrackingFieldsAndProperties, cancellationToken); return TryGetOrComputeResult(cfg, owningSymbol, createOperationVisitor, wellKnownTypeProvider, analyzerOptions, @@ -94,7 +99,6 @@ private GlobalFlowStateAnalysis(GlobalFlowStateAnalysisDomain analysisDomain, Gl ImmutableArray additionalSupportedValueTypes = default, Func? getValueContentValueForAdditionalSupportedValueTypeOperation = null) { - RoslynDebug.Assert(cfg != null); RoslynDebug.Assert(owningSymbol != null); PointsToAnalysisResult? pointsToAnalysisResult = null; diff --git a/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/ParameterValidationAnalysis/ParameterValidationAnalysis.cs b/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/ParameterValidationAnalysis/ParameterValidationAnalysis.cs index 356c6e5078..7358e67081 100644 --- a/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/ParameterValidationAnalysis/ParameterValidationAnalysis.cs +++ b/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/ParameterValidationAnalysis/ParameterValidationAnalysis.cs @@ -40,17 +40,23 @@ private ParameterValidationAnalysis(ParameterValidationAnalysisDomain analysisDo { Debug.Assert(!owningSymbol.IsConfiguredToSkipAnalysis(analyzerOptions, rule, compilation, cancellationToken)); + var cfg = topmostBlock.GetEnclosingControlFlowGraph(); + if (cfg == null) + { + return ImmutableDictionary.Empty; + } + var interproceduralAnalysisConfig = InterproceduralAnalysisConfiguration.Create( - analyzerOptions, rule, topmostBlock.Syntax.SyntaxTree, compilation, interproceduralAnalysisKind, cancellationToken, defaultMaxInterproceduralMethodCallChain); + analyzerOptions, rule, cfg, compilation, interproceduralAnalysisKind, cancellationToken, defaultMaxInterproceduralMethodCallChain); var performCopyAnalysis = analyzerOptions.GetCopyAnalysisOption(rule, topmostBlock.Syntax.SyntaxTree, compilation, defaultValue: false, cancellationToken); var nullCheckValidationMethods = analyzerOptions.GetNullCheckValidationMethodsOption(rule, topmostBlock.Syntax.SyntaxTree, compilation, cancellationToken); var pointsToAnalysisKind = analyzerOptions.GetPointsToAnalysisKindOption(rule, topmostBlock.Syntax.SyntaxTree, compilation, defaultPointsToAnalysisKind, cancellationToken); - return GetOrComputeHazardousParameterUsages(topmostBlock, compilation, owningSymbol, analyzerOptions, + return GetOrComputeHazardousParameterUsages(cfg, compilation, owningSymbol, analyzerOptions, nullCheckValidationMethods, pointsToAnalysisKind, interproceduralAnalysisConfig, performCopyAnalysis, pessimisticAnalysis); } private static ImmutableDictionary GetOrComputeHazardousParameterUsages( - IBlockOperation topmostBlock, + ControlFlowGraph cfg, Compilation compilation, ISymbol owningSymbol, AnalyzerOptions analyzerOptions, @@ -60,12 +66,6 @@ private ParameterValidationAnalysis(ParameterValidationAnalysisDomain analysisDo bool performCopyAnalysis, bool pessimisticAnalysis) { - var cfg = topmostBlock.GetEnclosingControlFlowGraph(); - if (cfg == null) - { - return ImmutableDictionary.Empty; - } - var wellKnownTypeProvider = WellKnownTypeProvider.GetOrCreate(compilation); var pointsToAnalysisResult = PointsToAnalysis.PointsToAnalysis.TryGetOrComputeResult(cfg, owningSymbol, analyzerOptions, wellKnownTypeProvider, pointsToAnalysisKind, interproceduralAnalysisConfig, interproceduralAnalysisPredicate: null, pessimisticAnalysis, performCopyAnalysis); diff --git a/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/TaintedDataAnalysis/TaintedDataAnalysis.cs b/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/TaintedDataAnalysis/TaintedDataAnalysis.cs index 5f5a11817f..0bb192d2bf 100644 --- a/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/TaintedDataAnalysis/TaintedDataAnalysis.cs +++ b/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/TaintedDataAnalysis/TaintedDataAnalysis.cs @@ -34,7 +34,7 @@ private TaintedDataAnalysis(TaintedDataAnalysisDomain analysisDomain, TaintedDat CancellationToken cancellationToken) { var interproceduralAnalysisConfig = InterproceduralAnalysisConfiguration.Create( - analyzerOptions, rule, containingMethod, compilation, InterproceduralAnalysisKind.ContextSensitive, cancellationToken); + analyzerOptions, rule, cfg, compilation, InterproceduralAnalysisKind.ContextSensitive, cancellationToken); return TryGetOrComputeResult(cfg, compilation, containingMethod, analyzerOptions, taintedSourceInfos, taintedSanitizerInfos, taintedSinkInfos, interproceduralAnalysisConfig); } diff --git a/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/ValueContentAnalysis/ValueContentAnalysis.cs b/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/ValueContentAnalysis/ValueContentAnalysis.cs index 044f5efbc5..273af7ffcb 100644 --- a/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/ValueContentAnalysis/ValueContentAnalysis.cs +++ b/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/ValueContentAnalysis/ValueContentAnalysis.cs @@ -57,10 +57,15 @@ private ValueContentAnalysis(ValueContentAnalysisDomain analysisDomain, ValueCon ImmutableArray additionalSupportedValueTypes = default, Func? getValueContentValueForAdditionalSupportedValueTypeOperation = null) { + if (cfg == null) + { + throw new ArgumentNullException(nameof(cfg)); + } + Debug.Assert(!owningSymbol.IsConfiguredToSkipAnalysis(analyzerOptions, rule, wellKnownTypeProvider.Compilation, cancellationToken)); var interproceduralAnalysisConfig = InterproceduralAnalysisConfiguration.Create( - analyzerOptions, rule, owningSymbol, wellKnownTypeProvider.Compilation, interproceduralAnalysisKind, cancellationToken); + analyzerOptions, rule, cfg, wellKnownTypeProvider.Compilation, interproceduralAnalysisKind, cancellationToken); return TryGetOrComputeResult(cfg, owningSymbol, analyzerOptions, wellKnownTypeProvider, pointsToAnalysisKind: analyzerOptions.GetPointsToAnalysisKindOption(rule, owningSymbol, wellKnownTypeProvider.Compilation, defaultPointsToAnalysisKind, cancellationToken), interproceduralAnalysisConfig, out copyAnalysisResult, @@ -86,18 +91,17 @@ private ValueContentAnalysis(ValueContentAnalysisDomain analysisDomain, ValueCon ImmutableArray additionalSupportedValueTypes = default, Func? getValueContentValueForAdditionalSupportedValueTypeOperation = null) { + if (cfg == null) + { + throw new ArgumentNullException(nameof(cfg)); + } + copyAnalysisResult = null; pointsToAnalysisResult = pointsToAnalysisKind != PointsToAnalysisKind.None ? PointsToAnalysis.PointsToAnalysis.TryGetOrComputeResult(cfg, owningSymbol, analyzerOptions, wellKnownTypeProvider, pointsToAnalysisKind, out copyAnalysisResult, interproceduralAnalysisConfig, interproceduralAnalysisPredicate, pessimisticAnalysis, performCopyAnalysis) : null; - if (cfg == null) - { - Debug.Fail("Expected non-null CFG"); - return null; - } - var analysisContext = ValueContentAnalysisContext.Create( ValueContentAbstractValueDomain.Default, wellKnownTypeProvider, cfg, owningSymbol, analyzerOptions, interproceduralAnalysisConfig, pessimisticAnalysis, copyAnalysisResult, diff --git a/src/Utilities/FlowAnalysis/FlowAnalysis/Framework/DataFlow/InterproceduralAnalysisConfiguration.cs b/src/Utilities/FlowAnalysis/FlowAnalysis/Framework/DataFlow/InterproceduralAnalysisConfiguration.cs index 0e7519ddb2..d08bca7db7 100644 --- a/src/Utilities/FlowAnalysis/FlowAnalysis/Framework/DataFlow/InterproceduralAnalysisConfiguration.cs +++ b/src/Utilities/FlowAnalysis/FlowAnalysis/Framework/DataFlow/InterproceduralAnalysisConfiguration.cs @@ -40,16 +40,16 @@ public struct InterproceduralAnalysisConfiguration : IEquatable Create(analyzerOptions, rule, symbol.Locations[0].SourceTree, compilation, defaultInterproceduralAnalysisKind, + => Create(analyzerOptions, rule, cfg.OriginalOperation.Syntax.SyntaxTree, compilation, defaultInterproceduralAnalysisKind, cancellationToken, defaultMaxInterproceduralMethodCallChain, defaultMaxInterproceduralLambdaOrLocalFunctionCallChain); - public static InterproceduralAnalysisConfiguration Create( + private static InterproceduralAnalysisConfiguration Create( AnalyzerOptions analyzerOptions, DiagnosticDescriptor rule, SyntaxTree tree, @@ -84,25 +84,26 @@ public struct InterproceduralAnalysisConfiguration : IEquatable rules, - ISymbol symbol, + ControlFlowGraph cfg, Compilation compilation, InterproceduralAnalysisKind defaultInterproceduralAnalysisKind, CancellationToken cancellationToken, uint defaultMaxInterproceduralMethodCallChain = DefaultMaxInterproceduralMethodCallChain, uint defaultMaxInterproceduralLambdaOrLocalFunctionCallChain = DefaultMaxInterproceduralLambdaOrLocalFunctionCallChain) - => Create(analyzerOptions, rules, symbol.Locations[0].SourceTree, compilation, defaultInterproceduralAnalysisKind, + => Create(analyzerOptions, rules, cfg.OriginalOperation, compilation, defaultInterproceduralAnalysisKind, cancellationToken, defaultMaxInterproceduralMethodCallChain, defaultMaxInterproceduralLambdaOrLocalFunctionCallChain); - public static InterproceduralAnalysisConfiguration Create( + internal static InterproceduralAnalysisConfiguration Create( AnalyzerOptions analyzerOptions, ImmutableArray rules, - SyntaxTree tree, + IOperation operation, Compilation compilation, InterproceduralAnalysisKind defaultInterproceduralAnalysisKind, CancellationToken cancellationToken, uint defaultMaxInterproceduralMethodCallChain = DefaultMaxInterproceduralMethodCallChain, uint defaultMaxInterproceduralLambdaOrLocalFunctionCallChain = DefaultMaxInterproceduralLambdaOrLocalFunctionCallChain) { + var tree = operation.Syntax.SyntaxTree; InterproceduralAnalysisKind maxKind = InterproceduralAnalysisKind.None; uint maxMethodCallChain = 0; uint maxLambdaorLocalFunctionCallChain = 0;