include::../common/rationale.adoc[]

== Why is this an issue?

include::../common/description.adoc[]

=== What is the potential impact?

include::../common/impact.adoc[]

include::./how-to-fix/net-core.adoc[]

== Resources

=== Documentation

* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.xml[System.Security.Cryptography.Xml Namespace]
* Microsfot Learn - https://learn.microsoft.com/en-us/dotnet/standard/security/how-to-verify-the-digital-signatures-of-xml-documents[How to: Verify the Digital Signatures of XML Documents]

include::../common/resources/standards.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

Change this code to only accept signatures computed from a trusted party.

=== Highlight

The call to the signature verification function:
* System.Security.Cryptography.Xml.SignedXml.CheckSignature
* System.Security.Cryptography.Xml.SignedXml.CheckSignatureReturningKey

'''
endif::env-github,rspecator-view[]