51369b610e
When an include is not surrounded by empty lines, its content is inlined on the same line as the adjacent content. That can lead to broken tags and other display issues. This PR fixes all such includes and introduces a validation step that forbids introducing the same problem again.
51 lines
1.3 KiB
Plaintext
51 lines
1.3 KiB
Plaintext
The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Standard algorithms like ``++AES++``, ``++RSA++``, ``++SHA++``, ... should be used instead.
|
|
|
|
|
|
This rule tracks custom implementation of these types from ``++System.Security.Cryptography++`` namespace:
|
|
|
|
* ``++AsymmetricAlgorithm++``
|
|
* ``++AsymmetricKeyExchangeDeformatter++``
|
|
* ``++AsymmetricKeyExchangeFormatter++``
|
|
* ``++AsymmetricSignatureDeformatter++``
|
|
* ``++AsymmetricSignatureFormatter++``
|
|
* ``++DeriveBytes++``
|
|
* ``++HashAlgorithm++``
|
|
* ``++ICryptoTransform++``
|
|
* ``++SymmetricAlgorithm++``
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
public class CustomHash : HashAlgorithm // Noncompliant
|
|
{
|
|
private byte[] result;
|
|
|
|
public override void Initialize() => result = null;
|
|
protected override byte[] HashFinal() => result;
|
|
|
|
protected override void HashCore(byte[] array, int ibStart, int cbSize) =>
|
|
result ??= array.Take(8).ToArray();
|
|
}
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
[source,csharp]
|
|
----
|
|
SHA256 mySHA256 = SHA256.Create()
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|