45 lines
983 B
Plaintext
45 lines
983 B
Plaintext
|
include::../description.adoc[]
|
||
|
|
|
||
|
|
include::../ask-yourself.adoc[]
|
||
|
|
|
||
|
|
include::../recommended.adoc[]
|
||
|
|
|
||
|
|
== Sensitive Code Example
|
||
|
|
|
||
|
|
----
|
||
|
|
Imports System.Security.Cryptography
|
||
|
|
|
||
|
|
Sub ComputeHash()
|
||
|
|
|
||
|
|
' Review all instantiations of classes that inherit from HashAlgorithm, for example:
|
||
|
|
Dim hashAlgo As HashAlgorithm = HashAlgorithm.Create() ' Sensitive
|
||
|
|
Dim hashAlgo2 As HashAlgorithm = HashAlgorithm.Create("SHA1") ' Sensitive
|
||
|
|
Dim sha As SHA1 = New SHA1CryptoServiceProvider() ' Sensitive
|
||
|
|
Dim md5 As MD5 = New MD5CryptoServiceProvider() ' Sensitive
|
||
|
|
|
||
|
|
' ...
|
||
|
|
End Sub
|
||
|
|
|
||
|
|
Class MyHashAlgorithm
|
||
|
|
Inherits HashAlgorithm ' Sensitive
|
||
|
|
|
||
|
|
' ...
|
||
|
|
End Class
|
||
|
|
----
|
||
|
|
|
||
|
|
== Compliant Solution
|
||
|
|
|
||
|
|
----
|
||
|
|
Imports System.Security.Cryptography
|
||
|
|
|
||
|
|
Sub ComputeHash()
|
||
|
|
Dim sha256 = New SHA256CryptoServiceProvider() ' Compliant
|
||
|
|
Dim sha384 = New SHA384CryptoServiceProvider() ' Compliant
|
||
|
|
Dim sha512 = New SHA512CryptoServiceProvider() ' Compliant
|
||
|
|
|
||
|
|
' ...
|
||
|
|
End Sub
|
||
|
|
----
|
||
|
|
|
||
|
|
include::../see.adoc[]
|