ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S2257/csharp/rule.adoc

39 lines
1.1 KiB
Plaintext
Raw Normal View History

make in-line code blocks verbatim
2021-01-27 13:42:22 +01:00
The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Standard algorithms like ``++AES++``, ``++RSA++``, ``++SHA++``, ... should be used instead.
This rule tracks custom implementation of these types from ``++System.Security.Cryptography++`` namespace:
* ``++AsymmetricAlgorithm++``
* ``++AsymmetricKeyExchangeDeformatter++``
* ``++AsymmetricKeyExchangeFormatter++``
* ``++AsymmetricSignatureDeformatter++``
* ``++AsymmetricSignatureFormatter++``
* ``++DeriveBytes++``
* ``++HashAlgorithm++``
* ``++ICryptoTransform++``
* ``++SymmetricAlgorithm++``
Add all rules, update all rules fixing the inline code syntax
2020-12-21 15:38:52 +01:00
include::../recommended.adoc[]
== Sensitive Code Example
----
public class CustomHash : HashAlgorithm // Noncompliant
{
private byte[] result;
public override void Initialize() => result = null;
protected override byte[] HashFinal() => result;
protected override void HashCore(byte[] array, int ibStart, int cbSize) =>
result ??= array.Take(8).ToArray();
}
----
== Compliant Solution
----
SHA256 mySHA256 = SHA256.Create()
----
include::../see.adoc[]
Reference in New Issue Copy Permalink