981e54d330
## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
53 lines
1.3 KiB
Plaintext
53 lines
1.3 KiB
Plaintext
== How to fix it in .NET
|
|
|
|
=== Code examples
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,csharp,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
using System.IO;
|
|
using System.Security.Cryptography;
|
|
|
|
public void Encrypt(byte[] key, byte[] dataToEncrypt, MemoryStream target)
|
|
{
|
|
var aes = new AesCryptoServiceProvider();
|
|
|
|
byte[] iv = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 };
|
|
var encryptor = aes.CreateEncryptor(key, iv); // Noncompliant
|
|
|
|
var cryptoStream = new CryptoStream(target, encryptor, CryptoStreamMode.Write);
|
|
var swEncrypt = new StreamWriter(cryptoStream);
|
|
|
|
swEncrypt.Write(dataToEncrypt);
|
|
}
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
:implicit_strong: aes.IV
|
|
|
|
include::../../common/fix/implicit-fix.adoc[]
|
|
|
|
[source,csharp,diff-id=1,diff-type=compliant]
|
|
----
|
|
using System.IO;
|
|
using System.Security.Cryptography;
|
|
|
|
public void Encrypt(byte[] key, byte[] dataToEncrypt, MemoryStream target)
|
|
{
|
|
var aes = new AesCryptoServiceProvider();
|
|
|
|
var encryptor = aes.CreateEncryptor(key, aes.IV);
|
|
|
|
var cryptoStream = new CryptoStream(target, encryptor, CryptoStreamMode.Write);
|
|
var swEncrypt = new StreamWriter(cryptoStream);
|
|
|
|
swEncrypt.Write(dataToEncrypt);
|
|
}
|
|
----
|
|
|
|
=== How does this work?
|
|
|
|
include::../../common/fix/fix.adoc[]
|