Understanding the currrent ValueContentAnalysis.

[niravx23]

Hello everyone . Need Help!!

I am new to open source and I am trying to create a analyzer for detecting the parameter values used in crypto Algorithm invocations. And I dont know if the current built-in roslyn flowAnalyzers like dataFlow/ValueContentAnalysis are sufficient enough to do so.

Just a wild example of what I am trying to achieve:

class A
{
 public  static int KeySize = 32; 

 public static int GetKeySize()
{
 return  KeySize;
}

}

class test
{
       .
       . 
    int keySize = A.getKeySize();
    SomeCryptoAPIInovcationExpression(keySize);
       .
       .
       .
}

// For this Example i want my analyzer to show that the Node of Type ArgumentSyntax has a possible value of 32.

How do I achieve this? I tried the ValueContentAnalysis but was'nt able to get the values. Maybe I did something wrong can you help?

//Code I have written so far.

using System.Collections.Immutable;
using Analyzer.Utilities;
using Microsoft.CodeAnalysis;
using Microsoft.CodeAnalysis.CSharp;
using Microsoft.CodeAnalysis.CSharp.Syntax;
using Microsoft.CodeAnalysis.Diagnostics;
using Microsoft.CodeAnalysis.FlowAnalysis;
using Microsoft.CodeAnalysis.FlowAnalysis.DataFlow;
using Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.PointsToAnalysis;
using Microsoft.CodeAnalysis.FlowAnalysis.DataFlow.ValueContentAnalysis;
using Microsoft.CodeAnalysis.Operations;

[DiagnosticAnalyzer(LanguageNames.CSharp)]
public class MyCustomAnalyzer : DiagnosticAnalyzer
{
    public const string DiagnosticId = "MyCustomAnalyzer";
    private static readonly LocalizableString Title = "Title of the analyzer";
    private static readonly LocalizableString MessageFormat = "Message format of the analyzer";
    private static readonly LocalizableString Description = "Description of the analyzer";
    private const string Category = "Naming";

    private static readonly DiagnosticDescriptor Rule = new DiagnosticDescriptor(
        DiagnosticId, Title, MessageFormat, Category, DiagnosticSeverity.Warning, isEnabledByDefault: true, description: Description);

    public override ImmutableArray<DiagnosticDescriptor> SupportedDiagnostics => ImmutableArray.Create(Rule);

    public DiagnosticDescriptor AlwaysTrueFalseOrNullRule { get; private set; }


    public override void Initialize(AnalysisContext context)
    {
        context.ConfigureGeneratedCodeAnalysis(GeneratedCodeAnalysisFlags.Analyze | GeneratedCodeAnalysisFlags.ReportDiagnostics );
        context.EnableConcurrentExecution();
        context.RegisterSyntaxNodeAction(AnalyzeInvocations,SyntaxKind.InvocationExpression);
    }

    public static void AnalyzeInvocations(SyntaxNodeAnalysisContext context)
    {
        var containingSymbol = context.ContainingSymbol;
        var compilation = context.Compilation;
        var semanticModel = context.SemanticModel;
        var wellKnownTypeProvider = WellKnownTypeProvider.GetOrCreate(compilation);
        var methodNode = context.Node.Ancestors().OfType<MethodDeclarationSyntax>().First();


        var cfg = ControlFlowGraph.Create(methodNode, semanticModel);
        var valueContent = ValueContentAnalysis.TryGetOrComputeResult
                (
                cfg,
                containingSymbol,
                wellKnownTypeProvider,
                new AnalyzerOptions(new()),
                Rule,
                PointsToAnalysisKind.Complete,
                InterproceduralAnalysisKind.ContextSensitive,
                default
                );

        foreach (var child in context.Node.DescendantNodes().OfType<ArgumentSyntax>())
        {
            var data = valueContent[OperationKind.Invocation, child]; // breakpoint to see output
        }

    }

  

}

Any slight help or suggestion is highly appreciated. Thanks.