roslyn-security-guard icon indicating copy to clipboard operation
roslyn-security-guard copied to clipboard

Published 20 hours ago verified publisher icon dotnet-security-guard

InsecureCookieAnalyzer: System.NullReferenceException error

Open abssd opened this issue 8 years ago • 13 comments

Compiler error: Warning AD0001 Analyzer 'RoslynSecurityGuard.Analyzers.CsrfTokenAnalyzer' threw an exception of type 'System.NullReferenceException' with message 'Object reference not set to an instance of an object.'.

abssd avatar Jan 16 '17 13:01 abssd

Do you have complete stacktrace ?

h3xstream avatar Jan 20 '17 17:01 h3xstream

We've seen same error in our internal TFS builds (offline environment). There's no stacktrace from analyzer in logs. Can you please point me to some guide how to enable more detailed logs for analyzers during build process in order to create requested stacktrace?

vlm--- avatar Jan 30 '17 10:01 vlm---

@vlm--- @abssd I have publish a new version to the visual studio marketplace. Let me know if it fix this NRE: https://marketplace.visualstudio.com/items?itemName=PhilippeArteau.RoslynSecurityGuard

h3xstream avatar Feb 14 '17 20:02 h3xstream

I am seeing a similar issue, with v2.3.0, installed yesterday (16 Feb 2017). Over 9000 instances of the message in my Error List (text/stack follows). Let me know how I can assist.

Warning	AD0001	Analyzer 'RoslynSecurityGuard.Analyzers.Taint.TaintAnalyzer' threw an exception of type 'System.Exception' with message 'Unhandle exception while visiting method Evaluate : Object reference not set to an instance of an object.'.	RoslynSecurityGuard	<Unknown>		1	Compiler	Active	Analyzer 'RoslynSecurityGuard.Analyzers.Taint.TaintAnalyzer' threw the following exception:
'Exception occurred with following context:
Compilation: Titan.Website
SyntaxTree: C:\Dev\Titan.Web\Titan.Website\Controllers\Api\InsightsController.cs
SyntaxNode: [HttpPost] public DataResponse< ... [MethodDeclarationSyntax]@[14935..15972) (364,8)-(393,9)

System.Exception: Unhandle exception while visiting method Evaluate : Object reference not set to an instance of an object. ---> System.NullReferenceException: Object reference not set to an instance of an object.
   at RoslynSecurityGuard.Analyzers.InsecureCookieAnalyzer.VisitEndMethodDeclaration(MethodDeclarationSyntax node, ExecutionState state)
   at RoslynSecurityGuard.Analyzers.Taint.CSharpCodeEvaluation.VisitMethods(SyntaxNodeAnalysisContext ctx)
   --- End of inner exception stack trace ---
   at RoslynSecurityGuard.Analyzers.Taint.CSharpCodeEvaluation.VisitMethods(SyntaxNodeAnalysisContext ctx)
   at RoslynSecurityGuard.Analyzers.Taint.TaintAnalyzer.VisitMethods(SyntaxNodeAnalysisContext obj)
   at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.<>c__DisplayClass42_1`1.<ExecuteSyntaxNodeAction>b__1()
   at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.ExecuteAndCatchIfThrows_NoLock(DiagnosticAnalyzer analyzer, Action analyze, Nullable`1 info)
-----
System.NullReferenceException: Object reference not set to an instance of an object.
   at RoslynSecurityGuard.Analyzers.InsecureCookieAnalyzer.VisitEndMethodDeclaration(MethodDeclarationSyntax node, ExecutionState state)
   at RoslynSecurityGuard.Analyzers.Taint.CSharpCodeEvaluation.VisitMethods(SyntaxNodeAnalysisContext ctx)
-----
'.

leahey avatar Feb 17 '17 16:02 leahey

@leahey Could you provide a approximation of the method InsightsController.Evaluate ? (You can renamed all the variables / Class names)

h3xstream avatar Feb 17 '17 19:02 h3xstream

Certainly - it follows. However, be aware that this error is occurring on many different methods, not just Evaluate().

public GrekResponse<RemoResult> Evaluate( int id )
{
	var result = new GrekResponse<RemoResult>();
	var user = MyUser;

	try
	{
		var remo = _remoService.Evaluate(user.GetUserProxyInfo(), user.User, id);
		result.IsSuccess = true;
		result.Data = remo;
	}
	catch ( UnauthorizedAccessException ex )
	{
		result.IsUnauthorizedAccessError = true;
                LogError( () => string.Format( "{0} => {1}", ex.Message, ex.StackTrace ) );
	}
	catch ( Exception ex )
	{
		LogError( ex );
	}

	result.ErrorMessages = ModelState.ErrorMessages();
	return result;
}

leahey avatar Feb 17 '17 19:02 leahey

It looks like my generics were mis-rendered. I'll attach a file instead. EvaluateMethod.txt

leahey avatar Feb 17 '17 19:02 leahey

Additional info, I was creating a console app just for some testing, and I got "Analyzer 'RoslynSecurityGuard.Analyzers.Taint.TaintAnalyzer' threw an exception of type 'System.Exception' with message 'Unhandle exception while visiting method Main : Object reference not set to an instance of an object.'."

for the following:

   class Program
    {
        int _intField = 42;

        static void Main(string[] args)
        {
            var localInt = 0;


        }
    }

leahey avatar Feb 18 '17 15:02 leahey

@leahey Sorry for the delay. Does the Evaluate method has some annotations?

h3xstream avatar Feb 23 '17 06:02 h3xstream

Hello. Evaluate() has an HttpPostAttribute, but nothing else.

leahey avatar Feb 24 '17 16:02 leahey

Any developments on this? I'm having to filter out thousands of AD0001 warnings.

leahey avatar Mar 03 '17 14:03 leahey

@leahey I have looked at it a couple of times. I can't find a potential NRE just by code review it in (InsecureCookieAnalyzer).

I have created a test case that scan the two samples provided before. And it does not create any fault in the test environment and in integration in VS 2017.

I will provide a debug extension that will try to isolate better the problem. I would have like to reproduce it so far this seems like the next step. (A update will come soon..)

h3xstream avatar Mar 04 '17 01:03 h3xstream

Seeing another instance of a very similar error on a almost standard new web project in Visual Studio 2017 update 3 preview 6 using RoslynSecurityGuard 2.3.0.0.

Severity	Code	Description	Project	File	Line	Suppression State
Warning	AD0001	Analyzer 'RoslynSecurityGuard.Analyzers.Taint.TaintAnalyzer' threw an exception of type 'System.Exception' with message 'Unhandle exception while visiting method OnException : Object reference not set to an instance of an object.'.	SampleWebApp	C:\Users\JesseHouwing\Source\Repos\Agile2017\Agile2017\SampleWebApp\CSC	1	Active
Severity	Code	Description	Project	File	Line	Suppression State
Warning	AD0001	Analyzer 'RoslynSecurityGuard.Analyzers.Taint.TaintAnalyzer' threw an exception of type 'System.Exception' with message 'Unhandle exception while visiting method OnException : Object reference not set to an instance of an object.'.	SampleWebApp		1	Active

Code that's causing the error:

using System;
using System.Web.Mvc;
using Microsoft.ApplicationInsights;

namespace SampleWebApp.ErrorHandler
{
    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)] 
    public class AiHandleErrorAttribute : HandleErrorAttribute
    {
        public override void OnException(ExceptionContext filterContext)
        {
            if (filterContext != null && filterContext.HttpContext != null && filterContext.Exception != null)
            {
                //If customError is Off, then AI HTTPModule will report the exception
                if (filterContext.HttpContext.IsCustomErrorEnabled)
                {   
                    var ai = new TelemetryClient();
                    ai.TrackException(filterContext.Exception);
                } 
            }
            base.OnException(filterContext);
        }
    }
}

jessehouwing avatar Jul 30 '17 12:07 jessehouwing