rspec/rules/S4787/vbnet/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

----
Imports System
Imports System.Security.Cryptography

Namespace MyNamespace

    Public Class Class1

        Public Sub Main()

            Dim data As Byte() = {1, 1, 1}

            Dim myRSA As RSA = RSA.Create()
            Dim padding As RSAEncryptionPadding = RSAEncryptionPadding.CreateOaep(HashAlgorithmName.SHA1)

            ' Review all base RSA class' Encrypt/Decrypt calls
            myRSA.Encrypt(data, padding)  ' Sensitive
            myRSA.EncryptValue(data)      ' Sensitive
            myRSA.Decrypt(data, padding)  ' Sensitive
            myRSA.DecryptValue(data)      ' Sensitive

            Dim myRSAC As RSACryptoServiceProvider = New RSACryptoServiceProvider()
            ' Review the use of any TryEncrypt/TryDecrypt And specific Encrypt/Decrypt of RSA subclasses.
            myRSAC.Encrypt(data, False)    ' Sensitive
            myRSAC.Decrypt(data, False)    ' Sensitive

            Dim written As Integer
            myRSAC.TryEncrypt(data, Span<byte>.Empty, padding, out written) ' Sensitive
            myRSAC.TryDecrypt(data, Span<byte>.Empty, padding, out written) ' Sensitive

            Dim rgbKey As Byte() = {1, 2, 3}
            Dim rgbIV As Byte() = {4, 5, 6}
            Dim rijn = SymmetricAlgorithm.Create()

            ' Review the creation of Encryptors from any SymmetricAlgorithm instance.
            rijn.CreateEncryptor()   ' Sensitive
            rijn.CreateEncryptor(rgbKey, rgbIV)  ' Sensitive
            rijn.CreateDecryptor()  ' Sensitive
            rijn.CreateDecryptor(rgbKey, rgbIV)  ' Sensitive
        End Sub

        Public Class MyCrypto
            Inherits System.Security.Cryptography.AsymmetricAlgorithm ' Sensitive
            ' ...
        End Class

        Public Class MyCrypto2
            Inherits System.Security.Cryptography.SymmetricAlgorithm ' Sensitive 
            ' ...
        End Class
    End Class
End Namespace
----

include::../see.adoc[]
Add rules 4000-4999 2020-06-30 12:49:37 +02:00			`include::../description.adoc[]`

			`include::../ask-yourself.adoc[]`

			`include::../recommended.adoc[]`

			`== Sensitive Code Example`

			`----`
			`Imports System`
			`Imports System.Security.Cryptography`

			`Namespace MyNamespace`

			`Public Class Class1`

			`Public Sub Main()`

			`Dim data As Byte() = {1, 1, 1}`

			`Dim myRSA As RSA = RSA.Create()`
			`Dim padding As RSAEncryptionPadding = RSAEncryptionPadding.CreateOaep(HashAlgorithmName.SHA1)`

			`' Review all base RSA class' Encrypt/Decrypt calls`
			`myRSA.Encrypt(data, padding) ' Sensitive`
			`myRSA.EncryptValue(data) ' Sensitive`
			`myRSA.Decrypt(data, padding) ' Sensitive`
			`myRSA.DecryptValue(data) ' Sensitive`

			`Dim myRSAC As RSACryptoServiceProvider = New RSACryptoServiceProvider()`
			`' Review the use of any TryEncrypt/TryDecrypt And specific Encrypt/Decrypt of RSA subclasses.`
			`myRSAC.Encrypt(data, False) ' Sensitive`
			`myRSAC.Decrypt(data, False) ' Sensitive`

			`Dim written As Integer`
			`myRSAC.TryEncrypt(data, Span<byte>.Empty, padding, out written) ' Sensitive`
			`myRSAC.TryDecrypt(data, Span<byte>.Empty, padding, out written) ' Sensitive`

			`Dim rgbKey As Byte() = {1, 2, 3}`
			`Dim rgbIV As Byte() = {4, 5, 6}`
			`Dim rijn = SymmetricAlgorithm.Create()`

			`' Review the creation of Encryptors from any SymmetricAlgorithm instance.`
			`rijn.CreateEncryptor() ' Sensitive`
			`rijn.CreateEncryptor(rgbKey, rgbIV) ' Sensitive`
			`rijn.CreateDecryptor() ' Sensitive`
			`rijn.CreateDecryptor(rgbKey, rgbIV) ' Sensitive`
			`End Sub`

			`Public Class MyCrypto`
			`Inherits System.Security.Cryptography.AsymmetricAlgorithm ' Sensitive`
			`' ...`
			`End Class`

			`Public Class MyCrypto2`
			`Inherits System.Security.Cryptography.SymmetricAlgorithm ' Sensitive`
			`' ...`
			`End Class`
			`End Class`
			`End Namespace`
			`----`

			`include::../see.adoc[]`