Taint Analyzer Null Reference Exception

Question

Taint Analyzer Null Reference Exception

sjmcallister opened this issue 8 years ago · 6 comments

Analyzer 'RoslynSecurityGuard.Analyzers.Taint.TaintAnalyzer' threw an exception of type 'System.NullReferenceException' with message 'Object reference not set to an instance of an object.'.

This happened right after rebuilding my project.

h3xstream commented 8 years ago

Thanks

Answer 1 · 2016-11-14T19:30:34.000Z

Did you download the extension recently?
There was a bug two weeks ago with class having empty method (native binding)..

Answer 2 · 2016-11-14T19:32:44.000Z

I will investigate #30 which seems to be the same case.

Answer 3 · 2016-11-15T11:50:08.000Z

I have same exception in same analyzer:

Analyzer 'RoslynSecurityGuard.Analyzers.Taint.TaintAnalyzer' threw an exception of type 'System.NullReferenceException' with message 'Object reference not set to an instance of an object.'.   
Analyzer 'RoslynSecurityGuard.Analyzers.Taint.TaintAnalyzer' threw the following exception:
'Exception occurred with following context:
Compilation: <Redacted>
SyntaxTree: file.cs
SyntaxNode: public <Redacted> Execute( ... [MethodDeclarationSyntax]@[1638..3317) (39,8)-(66,9)

System.NullReferenceException: Object reference not set to an instance of an object.
   at RoslynSecurityGuard.Analyzers.Taint.TaintAnalyzer.VisitInvocationAndCreation(ExpressionSyntax node, ArgumentListSyntax argList, ExecutionState state)
   at RoslynSecurityGuard.Analyzers.Taint.TaintAnalyzer.VisitMethodInvocation(InvocationExpressionSyntax node, ExecutionState state)
   at RoslynSecurityGuard.Analyzers.Taint.TaintAnalyzer.VisitExpression(ExpressionSyntax expression, ExecutionState state)
   at RoslynSecurityGuard.Analyzers.Taint.TaintAnalyzer.VisitInvocationAndCreation(ExpressionSyntax node, ArgumentListSyntax argList, ExecutionState state)
   at RoslynSecurityGuard.Analyzers.Taint.TaintAnalyzer.VisitObjectCreation(ObjectCreationExpressionSyntax node, ExecutionState state)
   at RoslynSecurityGuard.Analyzers.Taint.TaintAnalyzer.VisitExpression(ExpressionSyntax expression, ExecutionState state)
   at RoslynSecurityGuard.Analyzers.Taint.TaintAnalyzer.VisitStatement(SyntaxNode node, ExecutionState state)
   at RoslynSecurityGuard.Analyzers.Taint.TaintAnalyzer.VisitStatement(SyntaxNode node, ExecutionState state)
   at RoslynSecurityGuard.Analyzers.Taint.TaintAnalyzer.VisitStatement(SyntaxNode node, ExecutionState state)
   at RoslynSecurityGuard.Analyzers.Taint.TaintAnalyzer.VisitMethodDeclaration(MethodDeclarationSyntax node, ExecutionState state)
   at RoslynSecurityGuard.Analyzers.Taint.TaintAnalyzer.VisitMethods(SyntaxNodeAnalysisContext ctx)
   at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.<>c__DisplayClass42_1.<ExecuteSyntaxNodeAction>b__1()
   at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.ExecuteAndCatchIfThrows_NoLock(DiagnosticAnalyzer analyzer, Action analyze, Nullable info)
-----
'.

Hope this helps you to identify it

Answer 4 · 2016-11-15T14:46:28.000Z

You can test this new release:
https://dotnet-security-guard.github.io/releases/RoslynSecurityGuard-2.1.0.vsix

The stacktrace was missing the line number because I build it in Release mode. But I'm pretty sure it is #20.

Answer 5 · 2016-11-16T08:58:44.000Z

Yes i confirm that error in TaintAnalyzer is gone for my project in new version. Thank you for quick response, great job.