51369b610e
When an include is not surrounded by empty lines, its content is inlined on the same line as the adjacent content. That can lead to broken tags and other display issues. This PR fixes all such includes and introduces a validation step that forbids introducing the same problem again.
82 lines
2.3 KiB
Plaintext
82 lines
2.3 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
Imports System
|
|
Imports System.Security.Cryptography
|
|
|
|
Namespace MyNamespace
|
|
|
|
Public Class Class1
|
|
|
|
Public Sub Main()
|
|
|
|
Dim data As Byte() = {1, 1, 1}
|
|
|
|
Dim myRSA As RSA = RSA.Create()
|
|
Dim padding As RSAEncryptionPadding = RSAEncryptionPadding.CreateOaep(HashAlgorithmName.SHA1)
|
|
|
|
' Review all base RSA class' Encrypt/Decrypt calls
|
|
myRSA.Encrypt(data, padding) ' Sensitive
|
|
myRSA.EncryptValue(data) ' Sensitive
|
|
myRSA.Decrypt(data, padding) ' Sensitive
|
|
myRSA.DecryptValue(data) ' Sensitive
|
|
|
|
Dim myRSAC As RSACryptoServiceProvider = New RSACryptoServiceProvider()
|
|
' Review the use of any TryEncrypt/TryDecrypt And specific Encrypt/Decrypt of RSA subclasses.
|
|
myRSAC.Encrypt(data, False) ' Sensitive
|
|
myRSAC.Decrypt(data, False) ' Sensitive
|
|
|
|
Dim written As Integer
|
|
myRSAC.TryEncrypt(data, Span<byte>.Empty, padding, out written) ' Sensitive
|
|
myRSAC.TryDecrypt(data, Span<byte>.Empty, padding, out written) ' Sensitive
|
|
|
|
Dim rgbKey As Byte() = {1, 2, 3}
|
|
Dim rgbIV As Byte() = {4, 5, 6}
|
|
Dim rijn = SymmetricAlgorithm.Create()
|
|
|
|
' Review the creation of Encryptors from any SymmetricAlgorithm instance.
|
|
rijn.CreateEncryptor() ' Sensitive
|
|
rijn.CreateEncryptor(rgbKey, rgbIV) ' Sensitive
|
|
rijn.CreateDecryptor() ' Sensitive
|
|
rijn.CreateDecryptor(rgbKey, rgbIV) ' Sensitive
|
|
End Sub
|
|
|
|
Public Class MyCrypto
|
|
Inherits System.Security.Cryptography.AsymmetricAlgorithm ' Sensitive
|
|
' ...
|
|
End Class
|
|
|
|
Public Class MyCrypto2
|
|
Inherits System.Security.Cryptography.SymmetricAlgorithm ' Sensitive
|
|
' ...
|
|
End Class
|
|
End Class
|
|
End Namespace
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
include::../highlighting.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|