51 lines
1.2 KiB
Plaintext
51 lines
1.2 KiB
Plaintext
== How to fix it in .NET
|
|
|
|
=== Code examples
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,vbnet,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
Imports System.IO
|
|
Imports System.Security.Cryptography
|
|
|
|
Public Sub Encrypt(key As Byte(), dataToEncrypt As Byte(), target As MemoryStream)
|
|
Dim aes = New AesCryptoServiceProvider()
|
|
|
|
Dim iv = New Byte() {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}
|
|
Dim encryptor = aes.CreateEncryptor(key, iv) ' Noncompliant
|
|
|
|
Dim cryptoStream = New CryptoStream(target, encryptor, CryptoStreamMode.Write)
|
|
Dim swEncrypt = New StreamWriter(cryptoStream)
|
|
|
|
swEncrypt.Write(dataToEncrypt)
|
|
End Sub
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
:implicit_strong: aes.IV
|
|
|
|
include::../../common/fix/implicit-fix.adoc[]
|
|
|
|
[source,vbnet,diff-id=1,diff-type=compliant]
|
|
----
|
|
Imports System.IO
|
|
Imports System.Security.Cryptography
|
|
|
|
Public Sub Encrypt(key As Byte(), dataToEncrypt As Byte(), target As MemoryStream)
|
|
Dim aes = New AesCryptoServiceProvider()
|
|
|
|
Dim encryptor = aes.CreateEncryptor(key, aes.IV)
|
|
|
|
Dim cryptoStream = New CryptoStream(target, encryptor, CryptoStreamMode.Write)
|
|
Dim swEncrypt = New StreamWriter(cryptoStream)
|
|
|
|
swEncrypt.Write(dataToEncrypt)
|
|
End Sub
|
|
----
|
|
|
|
=== How does this work?
|
|
|
|
include::../../common/fix/fix.adoc[]
|