rspec/rules/S5344/csharp/highlighting.adoc

=== Highlighting

==== .NET Core

For `Microsoft.AspNetCore.Identity`:
When `PasswordHasherOptions.IterationCount` is < 100,000, highlight the IterationCount attribute.
When `PasswordHasherOptions.CompatibilityMode` is set to `PasswordHasherCompatibilityMode.IdentityV2`, highlight the
corresponding attribute.

For `Microsoft.AspNetCore.Cryptography.KeyDerivation`:
When `KeyDerivation.Pbkdf2` is called with `iterationCount` < 100,000, highlight the iterationCount parameter.

For `System.Security.Cryptography`:
When Rfc2898DeriveBytes is instantiated with an `iterations` parameter < 100,000, highlight the iterations parameter.
When Rfc2898DeriveBytes is instantiated without a `hashAlgorithm` parameter highlight the whole constructor call.

==== .NET framework

For `Microsoft.AspNet.Identity`:
When a `PasswordHasher` is instantiated highlight the constructor.

For `System.Security.Cryptography`:
When Rfc2898DeriveBytes is instantiated with an `iterations` parameter < 100,000 or
when Rfc2898DeriveBytes.Pbkdf2 is called with an `iterations` parameter < 100,000, highlight the iterations parameter.
When Rfc2898DeriveBytes is instantiated without a `hashAlgorithm` parameter highlight the whole constructor call.

==== BouncyCastle

For `Org.BouncyCastle.Crypto.Generators.OpenBsdBCrypt`, or `Org.BouncyCastle.Crypto.Generators.BCrypt`:
When `Generate` is called with cost < 12, highlight the cost parameter.

For `Org.BouncyCastle.Crypto.PbeParametersGenerator`:
When `Init` is called with `iterationCount` < 100,000, highlight the iteration count parameter.

For `Org.BouncyCastle.Crypto.Generators.SCrypt`:
When `Generate` is called with N < 2^12, r < 8, or dklen < 32, highlight the weak parameter.
Modify rule S5344: Set 100k as PBKDF reco & update highlights (APPSEC-1631) (#3843) 2024-04-03 14:28:20 +02:00			`=== Highlighting`

			`==== .NET Core`

			For `Microsoft.AspNetCore.Identity`:
Minor cleanup/refactoring on S5344 for C# and Python (#3936) * Fix S5344 numbers 100 000 -> 100,000 * Refactor the message for SCrypt.Generate on C# * Review 1 * Review 1 2024-05-16 16:03:24 +02:00			When `PasswordHasherOptions.IterationCount` is < 100,000, highlight the IterationCount attribute.
Modify rule S5344: Set 100k as PBKDF reco & update highlights (APPSEC-1631) (#3843) 2024-04-03 14:28:20 +02:00			When `PasswordHasherOptions.CompatibilityMode` is set to `PasswordHasherCompatibilityMode.IdentityV2`, highlight the
			`corresponding attribute.`

			For `Microsoft.AspNetCore.Cryptography.KeyDerivation`:
Minor cleanup/refactoring on S5344 for C# and Python (#3936) * Fix S5344 numbers 100 000 -> 100,000 * Refactor the message for SCrypt.Generate on C# * Review 1 * Review 1 2024-05-16 16:03:24 +02:00			When `KeyDerivation.Pbkdf2` is called with `iterationCount` < 100,000, highlight the iterationCount parameter.
Modify rule S5344: Set 100k as PBKDF reco & update highlights (APPSEC-1631) (#3843) 2024-04-03 14:28:20 +02:00
			For `System.Security.Cryptography`:
Minor cleanup/refactoring on S5344 for C# and Python (#3936) * Fix S5344 numbers 100 000 -> 100,000 * Refactor the message for SCrypt.Generate on C# * Review 1 * Review 1 2024-05-16 16:03:24 +02:00			When Rfc2898DeriveBytes is instantiated with an `iterations` parameter < 100,000, highlight the iterations parameter.
Modify rule S5344: Set 100k as PBKDF reco & update highlights (APPSEC-1631) (#3843) 2024-04-03 14:28:20 +02:00			When Rfc2898DeriveBytes is instantiated without a `hashAlgorithm` parameter highlight the whole constructor call.

			`==== .NET framework`

			For `Microsoft.AspNet.Identity`:
			When a `PasswordHasher` is instantiated highlight the constructor.

			For `System.Security.Cryptography`:
Minor cleanup/refactoring on S5344 for C# and Python (#3936) * Fix S5344 numbers 100 000 -> 100,000 * Refactor the message for SCrypt.Generate on C# * Review 1 * Review 1 2024-05-16 16:03:24 +02:00			When Rfc2898DeriveBytes is instantiated with an `iterations` parameter < 100,000 or
			when Rfc2898DeriveBytes.Pbkdf2 is called with an `iterations` parameter < 100,000, highlight the iterations parameter.
Modify rule S5344: Set 100k as PBKDF reco & update highlights (APPSEC-1631) (#3843) 2024-04-03 14:28:20 +02:00			When Rfc2898DeriveBytes is instantiated without a `hashAlgorithm` parameter highlight the whole constructor call.

			`==== BouncyCastle`

			For `Org.BouncyCastle.Crypto.Generators.OpenBsdBCrypt`, or `Org.BouncyCastle.Crypto.Generators.BCrypt`:
			When `Generate` is called with cost < 12, highlight the cost parameter.

			For `Org.BouncyCastle.Crypto.PbeParametersGenerator`:
Minor cleanup/refactoring on S5344 for C# and Python (#3936) * Fix S5344 numbers 100 000 -> 100,000 * Refactor the message for SCrypt.Generate on C# * Review 1 * Review 1 2024-05-16 16:03:24 +02:00			When `Init` is called with `iterationCount` < 100,000, highlight the iteration count parameter.
Modify rule S5344: Set 100k as PBKDF reco & update highlights (APPSEC-1631) (#3843) 2024-04-03 14:28:20 +02:00
			For `Org.BouncyCastle.Crypto.Generators.SCrypt`:
			When `Generate` is called with N < 2^12, r < 8, or dklen < 32, highlight the weak parameter.