ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S2257/csharp/rule.adoc

39 lines
1.1 KiB
Plaintext
Raw Normal View History

change the inline-code delimitters
2020-12-23 14:59:06 +01:00
The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Standard algorithms like ``AES``, ``RSA``, ``SHA``, ... should be used instead.
This rule tracks custom implementation of these types from ``System.Security.Cryptography`` namespace:
* ``AsymmetricAlgorithm``
* ``AsymmetricKeyExchangeDeformatter``
* ``AsymmetricKeyExchangeFormatter``
* ``AsymmetricSignatureDeformatter``
* ``AsymmetricSignatureFormatter``
* ``DeriveBytes``
* ``HashAlgorithm``
* ``ICryptoTransform``
* ``SymmetricAlgorithm``
Add all rules, update all rules fixing the inline code syntax
2020-12-21 15:38:52 +01:00
include::../recommended.adoc[]
== Sensitive Code Example
----
public class CustomHash : HashAlgorithm // Noncompliant
{
private byte[] result;
public override void Initialize() => result = null;
protected override byte[] HashFinal() => result;
protected override void HashCore(byte[] array, int ibStart, int cbSize) =>
result ??= array.Take(8).ToArray();
}
----
== Compliant Solution
----
SHA256 mySHA256 = SHA256.Create()
----
include::../see.adoc[]
Reference in New Issue Copy Permalink