rspec/rules/S5547/vbnet/rule.adoc

include::../description.adoc[]

== Noncompliant Code Example

For https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography?view=netcore-3.1[System.Security.Cryptography] library, these old cryptographic algorithms should no longer be used for any reason:

----
Dim TripleDES1 As new TripleDESCryptoServiceProvider() ' Noncompliant: Triple DES is vulnerable to meet-in-the-middle attack

Dim SimpleDES As New DESCryptoServiceProvider() ' Noncompliant: DES works with 56-bit keys allow attacks via exhaustive search

Dim RC2 As new RC2CryptoServiceProvider() ' Noncompliant: RC2 is vulnerable to a related-key attack
----
For Bouncycastle library, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000339[AESFastEngine has a side channel leak], it is possible to gain information about the key used to initialize the cipher:

----
Dim AesFast As new AesFastEngine() ' Noncompliant
----

== Compliant Solution

For https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography?view=netcore-3.1[System.Security.Cryptography] library, it's recommended to use ``++AesCryptoServiceProvider++``:

----
Dim AES As new AesCryptoServiceProvider() ' Compliant
----
For Bouncycastle library, it's recommended to use ``++AESEngine++``:

----
Dim AES As new AESEngine() ' Compliant
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]
'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]
process the in-line code syntax separately 2021-01-28 15:53:33 +01:00			`include::../description.adoc[]`

			`== Noncompliant Code Example`

			`For https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography?view=netcore-3.1[System.Security.Cryptography] library, these old cryptographic algorithms should no longer be used for any reason:`

			`----`
			`Dim TripleDES1 As new TripleDESCryptoServiceProvider() ' Noncompliant: Triple DES is vulnerable to meet-in-the-middle attack`

			`Dim SimpleDES As New DESCryptoServiceProvider() ' Noncompliant: DES works with 56-bit keys allow attacks via exhaustive search`

			`Dim RC2 As new RC2CryptoServiceProvider() ' Noncompliant: RC2 is vulnerable to a related-key attack`
			`----`
			`For Bouncycastle library, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000339[AESFastEngine has a side channel leak], it is possible to gain information about the key used to initialize the cipher:`

			`----`
Nightly update 2021-02-02 04:09:31 +00:00			`Dim AesFast As new AesFastEngine() ' Noncompliant`
process the in-line code syntax separately 2021-01-28 15:53:33 +01:00			`----`

			`== Compliant Solution`

			For https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography?view=netcore-3.1[System.Security.Cryptography] library, it's recommended to use ``++AesCryptoServiceProvider++``:

			`----`
			`Dim AES As new AesCryptoServiceProvider() ' Compliant`
			`----`
			For Bouncycastle library, it's recommended to use ``++AESEngine++``:

			`----`
			`Dim AES As new AESEngine() ' Compliant`
			`----`

			`include::../see.adoc[]`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`ifdef::env-github,rspecator-view[]`
RULEAPI-576: add a horizontal rule between rule description and comments 2021-06-08 15:52:13 +02:00			`'''`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`== Comments And Links`
			`(visible only on this page)`

			`include::../comments-and-links.adoc[]`
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`endif::env-github,rspecator-view[]`