Issue #40. Removed bad loop helper method.

pumasecurity · Feb 14, 2018 · 5daf570 · 5daf570
1 parent 4d2ccb6
commit 5daf570
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 57 deletions.
diff --git a/Rules/Analyzer/Crypto/DesDiagnosticAnalyzer.cs b/Rules/Analyzer/Crypto/DesDiagnosticAnalyzer.cs
@@ -42,9 +42,7 @@ public IEnumerable<DiagnosticInfo> GetDiagnosticInfo(SyntaxNodeAnalysisContext c
             if (!_expressionSyntaxAnalyzer.IsVulnerable(context.SemanticModel, syntax))
                 return result;
 
-
-            var location = Utils.GetParentLocalDeclarationStatement(syntax);
-            result.Add(new DiagnosticInfo(location != null ? location.GetLocation() : syntax.GetLocation()));
+            result.Add(new DiagnosticInfo(syntax.GetLocation()));
 
             return result;
         }

diff --git a/Rules/Analyzer/Crypto/Md5DiagnosticAnalyzer.cs b/Rules/Analyzer/Crypto/Md5DiagnosticAnalyzer.cs
@@ -43,8 +43,7 @@ public IEnumerable<DiagnosticInfo> GetDiagnosticInfo(SyntaxNodeAnalysisContext c
                 return result;
 
 
-            var location = Utils.GetParentLocalDeclarationStatement(syntax);
-            result.Add(new DiagnosticInfo(location != null ? location.GetLocation() : syntax.GetLocation()));
+            result.Add(new DiagnosticInfo(syntax.GetLocation()));
 
             return result;
         }

diff --git a/Rules/Analyzer/Crypto/Sha1DiagnosticAnalyzer.cs b/Rules/Analyzer/Crypto/Sha1DiagnosticAnalyzer.cs
@@ -42,9 +42,7 @@ public IEnumerable<DiagnosticInfo> GetDiagnosticInfo(SyntaxNodeAnalysisContext c
             if (!_expressionSyntaxAnalyzer.IsVulnerable(context.SemanticModel, syntax))
                 return result;
 
-
-            var location = Utils.GetParentLocalDeclarationStatement(syntax);
-            result.Add(new DiagnosticInfo(location != null ? location.GetLocation() : syntax.GetLocation()));
+            result.Add(new DiagnosticInfo(syntax.GetLocation()));
 
             return result;
         }

diff --git a/Rules/Common/Utils.cs b/Rules/Common/Utils.cs
@@ -187,39 +187,5 @@ public static bool IsXssWhiteListedType(ISymbol type)
             }
             return false;
         }
-
-        /// <summary>
-        /// Returns the entire declaration that contains an object create expression. Helps underline the entire line, rather than just a creation expression (right side) of a line.
-        /// </summary>
-        /// <param name="syntax"></param>
-        /// <returns></returns>
-        public static LocalDeclarationStatementSyntax GetParentLocalDeclarationStatement(ObjectCreationExpressionSyntax syntax)
-        {
-            var item = syntax.Parent;
-
-            while (true)
-            {
-                //Break if the item is null
-                if (item == null)
-                {
-                    break;
-                }
-
-                //Check the type
-                if (item is LocalDeclarationStatementSyntax)
-                {
-                    return item as LocalDeclarationStatementSyntax;
-                }
-
-                //If no good, walk up the chain to the next parent
-                if (item.Parent != null)
-                {
-                    item = item.Parent;
-                    continue;
-                }
-            }
-
-            return null;
-        }
     }
 }
diff --git a/Rules/Resources.Designer.cs b/Rules/Resources.Designer.cs
diff --git a/Rules/Resources.resx b/Rules/Resources.resx
@@ -622,27 +622,27 @@ Label controls are often found in HTML contexts, but can also appear in other co
     <value>sec0027-weak-algorithm-md5</value>
   </data>
   <data name="Analyzer_SEC0027_Description" xml:space="preserve">
-    <value>The MD5CryptoServiceProvider class uses the weak MD5 algorithm and is not an approved hashing algorithm.</value>
-  </data>
-  <data name="Analyzer_SEC0027_MessageFormat" xml:space="preserve">
     <value>Use the SHA256Managed (at least) preferably SHA512Managed for hashing operations. 
 
 NOTE. This not sufficient for password hashing, which requires a unique salt and adaptive hashing algorithm. See the documentation for secure password hashing advice.</value>
   </data>
+  <data name="Analyzer_SEC0027_MessageFormat" xml:space="preserve">
+    <value>The MD5CryptoServiceProvider class uses the weak MD5 algorithm and is not an approved hashing algorithm.</value>
+  </data>
   <data name="Analyzer_SEC0027_Title" xml:space="preserve">
     <value>Weak Cryptography Algorithm (MD5)</value>
   </data>
   <data name="Analyzer_SEC0028_Anchor" xml:space="preserve">
     <value>sec0028-weak-algorithm-sha1</value>
   </data>
   <data name="Analyzer_SEC0028_Description" xml:space="preserve">
-    <value>The SHA1 algorithm has known collision weaknesses and should no longer be used in a security context. Consider upgrading the algorithm to at least SHA2.</value>
-  </data>
-  <data name="Analyzer_SEC0028_MessageFormat" xml:space="preserve">
     <value>Use the SHA256Managed (at least) preferably SHA512Managed for hashing operations. 
 
 NOTE. This not sufficient for password hashing, which requires a unique salt and adaptive hashing algorithm. See the documentation for secure password hashing advice.</value>
   </data>
+  <data name="Analyzer_SEC0028_MessageFormat" xml:space="preserve">
+    <value>The SHA1 algorithm has known collision weaknesses and should no longer be used in a security context. Consider upgrading the algorithm to at least SHA2.</value>
+  </data>
   <data name="Analyzer_SEC0028_Title" xml:space="preserve">
     <value>Weak Cryptography Algorithm (SHA1)</value>
   </data>