rspec/rules/S2257/vbnet/rule.adoc

The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Standard algorithms like ``++AES++``, ``++RSA++``, ``++SHA++``, ... should be used instead.


This rule tracks custom implementation of these types from ``++System.Security.Cryptography++`` namespace:

* ``++AsymmetricAlgorithm++``
* ``++AsymmetricKeyExchangeDeformatter++``
* ``++AsymmetricKeyExchangeFormatter++``
* ``++AsymmetricSignatureDeformatter++``
* ``++AsymmetricSignatureFormatter++``
* ``++DeriveBytes++``
* ``++HashAlgorithm++``
* ``++ICryptoTransform++``
* ``++SymmetricAlgorithm++``

include::../recommended.adoc[]

== Sensitive Code Example

----
Public Class CustomHash     ' Noncompliant
    Inherits HashAlgorithm

    Private fResult() As Byte

    Public Overrides Sub Initialize()
        fResult = Nothing
    End Sub

    Protected Overrides Function HashFinal() As Byte()
        Return fResult
    End Function

    Protected Overrides Sub HashCore(array() As Byte, ibStart As Integer, cbSize As Integer)
        fResult = If(fResult, array.Take(8).ToArray)
    End Sub

End Class
----

== Compliant Solution

----
Dim mySHA256 As SHA256 = SHA256.Create()
----

include::../see.adoc[]
ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

endif::env-github,rspecator-view[]
make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Standard algorithms like ``++AES++``, ``++RSA++``, ``++SHA++``, ... should be used instead.

Force linebreaks 2021-02-02 15:02:10 +01:00
make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			This rule tracks custom implementation of these types from ``++System.Security.Cryptography++`` namespace:

			* ``++AsymmetricAlgorithm++``
			* ``++AsymmetricKeyExchangeDeformatter++``
			* ``++AsymmetricKeyExchangeFormatter++``
			* ``++AsymmetricSignatureDeformatter++``
			* ``++AsymmetricSignatureFormatter++``
			* ``++DeriveBytes++``
			* ``++HashAlgorithm++``
			* ``++ICryptoTransform++``
			* ``++SymmetricAlgorithm++``
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00
			`include::../recommended.adoc[]`

			`== Sensitive Code Example`

			`----`
			`Public Class CustomHash ' Noncompliant`
			`Inherits HashAlgorithm`

			`Private fResult() As Byte`

			`Public Overrides Sub Initialize()`
			`fResult = Nothing`
			`End Sub`

			`Protected Overrides Function HashFinal() As Byte()`
			`Return fResult`
			`End Function`

			`Protected Overrides Sub HashCore(array() As Byte, ibStart As Integer, cbSize As Integer)`
			`fResult = If(fResult, array.Take(8).ToArray)`
			`End Sub`

			`End Class`
			`----`

			`== Compliant Solution`

			`----`
			`Dim mySHA256 As SHA256 = SHA256.Create()`
			`----`

			`include::../see.adoc[]`
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00			`ifdef::env-github,rspecator-view[]`

			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

			`include::../message.adoc[]`

			`endif::env-github,rspecator-view[]`