Merge pull request #73 from pumasecurity/features/vs2022

Features/vs2022

.pumafile

@@ -1,5 +1,5 @@
 {
-  "Version": "1.4.2",
+  "Version": "1.4.4",
   "LogLevel": "Error",
   "GeneralSettings": {
     "DataflowAnalysisEnabled": true,
@@ -277,11 +277,18 @@
     },
     {
       "Id": "SEC0038",
-      "Name": "Security Misconfiguration",
+      "Name": "Directory Listing Enabled",
       "RiskRating": "Low",
       "Severity": "Warning",
       "Enabled": true
     },
+    {
+      "Id": "SEC0039",
+      "Name": "Open Source Security",
+      "RiskRating": "High",
+      "Severity": "Warning",
+      "Enabled": true
+    },
     {
       "Id": "SEC0100",
       "Name": "Raw Inline Expression",
@@ -503,6 +510,48 @@
         "^[Ii][Vv]$",
         "^[Pp][Aa][Ss][Ss][Ww][Oo][Rr][Dd]$"
       ]
+    },
+    {
+      "Id": "SEC1000",
+      "Name": "Injection",
+      "RiskRating": "High",
+      "Severity": "Warning",
+      "Enabled": true
+    },
+    {
+      "Id": "SEC1001",
+      "Name": "Injection",
+      "RiskRating": "Medium",
+      "Severity": "Warning",
+      "Enabled": true
+    },
+    {
+      "Id": "SEC1002",
+      "Name": "Injection",
+      "RiskRating": "Medium",
+      "Severity": "Warning",
+      "Enabled": true
+    },
+    {
+      "Id": "SEC1003",
+      "Name": "Cross-Site Scripting",
+      "RiskRating": "Medium",
+      "Severity": "Warning",
+      "Enabled": true
+    },
+    {
+      "Id": "SEC1004",
+      "Name": "Cross-Site Scripting",
+      "RiskRating": "Medium",
+      "Severity": "Warning",
+      "Enabled": true
+    },
+    {
+      "Id": "SEC1005",
+      "Name": "Cross-Site Scripting",
+      "RiskRating": "Medium",
+      "Severity": "Warning",
+      "Enabled": true
     }
   ],
   "Exceptions": [],

Puma.Security.Rules.Vsix.VS2022/Properties/AssemblyInfo.cs

@@ -0,0 +1,33 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following 
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("Puma.Security.Rules.Vsix.VS2022")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("Puma.Security.Rules.Vsix.VS2022")]
+[assembly: AssemblyCopyright("")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible 
+// to COM components.  If you need to access a type in this assembly from 
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version 
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers 
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]

Puma.Security.Rules.Vsix.VS2022/Publish/Production/overview.md

@@ -0,0 +1,34 @@
+Security analyzers for C# that performs static code analysis for vulnerabilities identified in the OWASP Top 10, SANS/CWE Top 25, and other common insecure coding patterns.
+
+## Analysis Categories
+
+- Insecure Configuration
+- SQL Injection
+- LDAP Injection
+- Path Tampering
+- Weak Password Configuration
+- Unvalidated Redirects
+- Cross-Site Scripting
+- Cross-Site Request Forgery
+- Weak Input Validation
+- Insecure Cryptography
+- Deserialization Vulnerabilities
+- Missing Access Control
+
+See the git repository for more details: https://github.com/pumasecurity/puma-scan
+
+## Start Scanning
+
+[https://github.com/pumasecurity/puma-scan/wiki](https://github.com/pumasecurity/puma-scan/wiki)
+
+## Building Custom Rules
+
+[Contributing to the Puma Scan Community Edition](https://pumasecurity.io/resources/blog/contributing-to-puma-scan-community-edition/)
+
+## Release Notes
+
+[https://github.com/pumasecurity/puma-scan/releases](https://github.com/pumasecurity/puma-scan/releases)
+
+## Issues or Questions
+
+For tracking purposes, Q & A has been disabled for this extension. [GitHub](https://github.com/pumasecurity/puma-scan) is the central repository for tracking questions and issues. Please read the [wiki](https://github.com/pumasecurity/puma-scan/wiki) and review the existing [GitHub issues](https://github.com/pumasecurity/puma-scan/issues) before opening new [GitHub issues](https://github.com/pumasecurity/puma-scan/issues) for questions and support.

Puma.Security.Rules.Vsix.VS2022/Publish/Production/publishManifest.json

@@ -0,0 +1,13 @@
+{
+  "$schema": "http://json.schemastore.org/vsix-publish",
+  "categories": [ "Coding", "Security" ],
+  "identity": {
+    "internalName": "PumaScan2022",
+    "displayName": "Puma Scan Community 2022"
+  },
+  "overview": "overview.md",
+  "priceCategory": "free",
+  "publisher": "PumaSecurity",
+  "private": false,
+  "qna": false
+}

Puma.Security.Rules.Vsix.VS2022/Puma.Security.Rules.Vsix.VS2022.csproj

@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="15.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <MinimumVisualStudioVersion>17.0</MinimumVisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <SchemaVersion>2.0</SchemaVersion>
+    <ProjectTypeGuids>{82b43b9b-a64c-4715-b499-d71e9ca2bd60};{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}</ProjectTypeGuids>
+    <ProjectGuid>{7DBF6327-917C-4528-996E-C04BA6924CF7}</ProjectGuid>
+    <OutputType>Library</OutputType>
+    <AppDesignerFolder>Properties</AppDesignerFolder>
+    <RootNamespace>Puma.Security.Rules.Vsix</RootNamespace>
+    <AssemblyName>Puma.Security.Rules.Vsix.VS2022</AssemblyName>
+    <TargetFrameworkVersion>v4.7.2</TargetFrameworkVersion>
+    <GeneratePkgDefFile>false</GeneratePkgDefFile>
+    <UseCodebase>true</UseCodebase>
+    <IncludeAssemblyInVSIXContainer>false</IncludeAssemblyInVSIXContainer>
+    <IncludeDebugSymbolsInVSIXContainer>false</IncludeDebugSymbolsInVSIXContainer>
+    <IncludeDebugSymbolsInLocalVSIXDeployment>false</IncludeDebugSymbolsInLocalVSIXDeployment>
+    <CopyBuildOutputToOutputDirectory>false</CopyBuildOutputToOutputDirectory>
+    <CopyOutputSymbolsToOutputDirectory>false</CopyOutputSymbolsToOutputDirectory>
+    <StartAction>Program</StartAction>
+    <StartProgram Condition="'$(DevEnvDir)' != ''">$(DevEnvDir)devenv.exe</StartProgram>
+    <StartArguments>/rootsuffix Exp</StartArguments>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Compile Include="Properties\AssemblyInfo.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="packages.config" />
+    <None Include="Publish\Production\overview.md" />
+    <None Include="Publish\Production\publishManifest.json" />
+    <None Include="source.extension.vsixmanifest">
+      <SubType>Designer</SubType>
+    </None>
+  </ItemGroup>
+  <ItemGroup>
+    <Reference Include="Microsoft.Web.XmlTransform, Version=3.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.Web.Xdt.3.1.0\lib\net40\Microsoft.Web.XmlTransform.dll</HintPath>
+    </Reference>
+    <Reference Include="System" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\Puma.Security.Rules\Puma.Security.Rules.csproj">
+      <Project>{b198b981-d039-43d2-8b84-2b4f1bc1a1ba}</Project>
+      <Name>Puma.Security.Rules</Name>
+    </ProjectReference>
+  </ItemGroup>
+  <ItemGroup>
+    <Content Include="..\Puma.Security.Rules.Vsix\License.txt">
+      <Link>License.txt</Link>
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+      <IncludeInVSIX>true</IncludeInVSIX>
+    </Content>
+    <Content Include="..\Puma.Security.Rules.Vsix\logo-200x200.png">
+      <Link>logo-200x200.png</Link>
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+      <IncludeInVSIX>true</IncludeInVSIX>
+    </Content>
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+  <Import Project="$(VSToolsPath)\VSSDK\Microsoft.VsSDK.targets" Condition="'$(VSToolsPath)' != ''" />
+  <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
+       Other similar extension points exist, see Microsoft.Common.targets.
+  <Target Name="BeforeBuild">
+  </Target>
+  <Target Name="AfterBuild">
+  </Target>
+  -->
+</Project>

Puma.Security.Rules.Vsix.VS2022/packages.config

@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="utf-8"?>
+<packages>
+	<package id="Microsoft.VSSDK.VsixSignTool" version="16.2.29116.78" targetFramework="net472" />
+	<package id="Microsoft.Web.Xdt" version="3.1.0" targetFramework="net472" />
+</packages>

Puma.Security.Rules.Vsix.VS2022/source.extension.vsixmanifest

@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="utf-8"?>
+<PackageManifest Version="2.0.0" xmlns="http://schemas.microsoft.com/developer/vsx-schema/2011" xmlns:d="http://schemas.microsoft.com/developer/vsx-schema-design/2011">
+	<Metadata>
+		<Identity Id="Puma.Security.Rules.Vsix.VS2022.5abd99bc-a6f7-42c4-b17a-c757bea7ced5" Version="2.2.0.0" Language="en-US" Publisher="Puma Security" />
+		<DisplayName>Puma Scan 2022</DisplayName>
+		<Description xml:space="preserve">Puma Scan Community Edition is a free extension that provides secure code analysis as development teams write code. Vulnerabilities are displayed as spell check and compiler warnings.</Description>
+		<MoreInfo>https://github.com/pumasecurity/puma-scan</MoreInfo>
+		<License>License.txt</License>
+		<GettingStartedGuide>https://github.com/pumasecurity/puma-scan/wiki</GettingStartedGuide>
+		<ReleaseNotes>https://github.com/pumasecurity/puma-scan/releases</ReleaseNotes>
+		<Icon>logo-200x200.png</Icon>
+		<PreviewImage>logo-200x200.png</PreviewImage>
+		<Tags>Security;Secure Coding;OWASP;CWE;Code Scan;Puma;Puma Scan;Puma Scan Community;Static Analysis</Tags>
+	</Metadata>
+	<Installation>
+		<InstallationTarget Id="Microsoft.VisualStudio.Community" Version="[17.0, 18.0)">
+			<ProductArchitecture>amd64</ProductArchitecture>
+		</InstallationTarget>
+		<InstallationTarget Version="[17.0,18.0)" Id="Microsoft.VisualStudio.Pro">
+			<ProductArchitecture>amd64</ProductArchitecture>
+		</InstallationTarget>
+		<InstallationTarget Version="[17.0,18.0)" Id="Microsoft.VisualStudio.Enterprise">
+			<ProductArchitecture>amd64</ProductArchitecture>
+		</InstallationTarget>
+	</Installation>
+	<Dependencies>
+		<Dependency Id="Microsoft.Framework.NDP" DisplayName="Microsoft .NET Framework" d:Source="Manual" Version="[4.5,)" />
+	</Dependencies>
+	<Prerequisites>
+		<Prerequisite Id="Microsoft.VisualStudio.Component.CoreEditor" Version="[17.0,18.0)" DisplayName="Visual Studio core editor" />
+		<Prerequisite Id="Microsoft.VisualStudio.Component.Roslyn.LanguageServices" Version="[17.0,18.0)" DisplayName="C# and Visual Basic" />
+	</Prerequisites>
+	<Assets>
+		<Asset Type="Microsoft.VisualStudio.MefComponent" d:Source="Project" d:ProjectName="Puma.Security.Rules.Vsix" Path="|Puma.Security.Rules|"/>
+		<Asset Type="Microsoft.VisualStudio.Analyzer" d:Source="Project" d:ProjectName="Puma.Security.Rules.Vsix" Path="|Puma.Security.Rules|"/>
+	</Assets>
+</PackageManifest>

PumaScan.sln

@@ -1,7 +1,7 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio Version 16
-VisualStudioVersion = 16.0.30011.22
+# Visual Studio Version 17
+VisualStudioVersion = 17.0.32014.148
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Puma.Security.Rules", "Puma.Security.Rules\Puma.Security.Rules.csproj", "{B198B981-D039-43D2-8B84-2B4F1BC1A1BA}"
 EndProject
@@ -33,28 +33,56 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 		README.md = README.md
 	EndProjectSection
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Puma.Security.Rules.Vsix.VS2022", "Puma.Security.Rules.Vsix.VS2022\Puma.Security.Rules.Vsix.VS2022.csproj", "{7DBF6327-917C-4528-996E-C04BA6924CF7}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
+		Debug|x86 = Debug|x86
 		Release|Any CPU = Release|Any CPU
+		Release|x86 = Release|x86
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
 		{B198B981-D039-43D2-8B84-2B4F1BC1A1BA}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{B198B981-D039-43D2-8B84-2B4F1BC1A1BA}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{B198B981-D039-43D2-8B84-2B4F1BC1A1BA}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{B198B981-D039-43D2-8B84-2B4F1BC1A1BA}.Debug|x86.Build.0 = Debug|Any CPU
 		{B198B981-D039-43D2-8B84-2B4F1BC1A1BA}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{B198B981-D039-43D2-8B84-2B4F1BC1A1BA}.Release|Any CPU.Build.0 = Release|Any CPU
+		{B198B981-D039-43D2-8B84-2B4F1BC1A1BA}.Release|x86.ActiveCfg = Release|Any CPU
+		{B198B981-D039-43D2-8B84-2B4F1BC1A1BA}.Release|x86.Build.0 = Release|Any CPU
 		{50CD394B-EBB9-4572-9C36-62FFE781A7EA}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{50CD394B-EBB9-4572-9C36-62FFE781A7EA}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{50CD394B-EBB9-4572-9C36-62FFE781A7EA}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{50CD394B-EBB9-4572-9C36-62FFE781A7EA}.Debug|x86.Build.0 = Debug|Any CPU
 		{50CD394B-EBB9-4572-9C36-62FFE781A7EA}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{50CD394B-EBB9-4572-9C36-62FFE781A7EA}.Release|Any CPU.Build.0 = Release|Any CPU
+		{50CD394B-EBB9-4572-9C36-62FFE781A7EA}.Release|x86.ActiveCfg = Release|Any CPU
+		{50CD394B-EBB9-4572-9C36-62FFE781A7EA}.Release|x86.Build.0 = Release|Any CPU
 		{D22E20C3-699D-4FB0-98CE-C009FC81FBD9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{D22E20C3-699D-4FB0-98CE-C009FC81FBD9}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{D22E20C3-699D-4FB0-98CE-C009FC81FBD9}.Debug|x86.ActiveCfg = Debug|x86
+		{D22E20C3-699D-4FB0-98CE-C009FC81FBD9}.Debug|x86.Build.0 = Debug|x86
 		{D22E20C3-699D-4FB0-98CE-C009FC81FBD9}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{D22E20C3-699D-4FB0-98CE-C009FC81FBD9}.Release|Any CPU.Build.0 = Release|Any CPU
+		{D22E20C3-699D-4FB0-98CE-C009FC81FBD9}.Release|x86.ActiveCfg = Release|x86
+		{D22E20C3-699D-4FB0-98CE-C009FC81FBD9}.Release|x86.Build.0 = Release|x86
 		{D5AED582-DD4A-46A6-B6B7-27F094D87C47}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{D5AED582-DD4A-46A6-B6B7-27F094D87C47}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{D5AED582-DD4A-46A6-B6B7-27F094D87C47}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{D5AED582-DD4A-46A6-B6B7-27F094D87C47}.Debug|x86.Build.0 = Debug|Any CPU
 		{D5AED582-DD4A-46A6-B6B7-27F094D87C47}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{D5AED582-DD4A-46A6-B6B7-27F094D87C47}.Release|Any CPU.Build.0 = Release|Any CPU
+		{D5AED582-DD4A-46A6-B6B7-27F094D87C47}.Release|x86.ActiveCfg = Release|Any CPU
+		{D5AED582-DD4A-46A6-B6B7-27F094D87C47}.Release|x86.Build.0 = Release|Any CPU
+		{7DBF6327-917C-4528-996E-C04BA6924CF7}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{7DBF6327-917C-4528-996E-C04BA6924CF7}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{7DBF6327-917C-4528-996E-C04BA6924CF7}.Debug|x86.ActiveCfg = Debug|x86
+		{7DBF6327-917C-4528-996E-C04BA6924CF7}.Debug|x86.Build.0 = Debug|x86
+		{7DBF6327-917C-4528-996E-C04BA6924CF7}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{7DBF6327-917C-4528-996E-C04BA6924CF7}.Release|Any CPU.Build.0 = Release|Any CPU
+		{7DBF6327-917C-4528-996E-C04BA6924CF7}.Release|x86.ActiveCfg = Release|x86
+		{7DBF6327-917C-4528-996E-C04BA6924CF7}.Release|x86.Build.0 = Release|x86
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE

build/set-installer-version.ps1

@@ -20,4 +20,21 @@ $node.SetAttribute("Version", $BuildVersion);
 Write-Host "Saving $vsixManifestPath..."
 $xml.Save($vsixManifestPath)
 
+# vsixmanifest 2022
+$vsixManifestPath = Get-Location | Resolve-Path | Join-Path -ChildPath ".\Puma.Security.Rules.Vsix.VS2022\source.extension.vsixmanifest"
+$content = Get-Content $vsixManifestPath
+$xml = New-Object System.Xml.XmlDocument
+
+Write-Host "Reading $vsixManifestPath..."
+$xml.LoadXml($content)
+$namespace = New-Object System.Xml.XmlNamespaceManager($xml.NameTable)
+$namespace.AddNamespace("ns", "http://schemas.microsoft.com/developer/vsx-schema/2011")
+$node = $xml.SelectSingleNode("//ns:PackageManifest/ns:Metadata/ns:Identity", $namespace)
+
+Write-Host "Setting $vsixManifestPath release attributes..."
+$node.SetAttribute("Version", $BuildVersion);
+
+Write-Host "Saving $vsixManifestPath..."
+$xml.Save($vsixManifestPath)
+
 Write-Host "Finish VSIX installer configuration..."