51369b610e
When an include is not surrounded by empty lines, its content is inlined on the same line as the adjacent content. That can lead to broken tags and other display issues. This PR fixes all such includes and introduces a validation step that forbids introducing the same problem again.
59 lines
1.4 KiB
Plaintext
59 lines
1.4 KiB
Plaintext
The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Standard algorithms like ``++AES++``, ``++RSA++``, ``++SHA++``, ... should be used instead.
|
|
|
|
|
|
This rule tracks custom implementation of these types from ``++System.Security.Cryptography++`` namespace:
|
|
|
|
* ``++AsymmetricAlgorithm++``
|
|
* ``++AsymmetricKeyExchangeDeformatter++``
|
|
* ``++AsymmetricKeyExchangeFormatter++``
|
|
* ``++AsymmetricSignatureDeformatter++``
|
|
* ``++AsymmetricSignatureFormatter++``
|
|
* ``++DeriveBytes++``
|
|
* ``++HashAlgorithm++``
|
|
* ``++ICryptoTransform++``
|
|
* ``++SymmetricAlgorithm++``
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
Public Class CustomHash ' Noncompliant
|
|
Inherits HashAlgorithm
|
|
|
|
Private fResult() As Byte
|
|
|
|
Public Overrides Sub Initialize()
|
|
fResult = Nothing
|
|
End Sub
|
|
|
|
Protected Overrides Function HashFinal() As Byte()
|
|
Return fResult
|
|
End Function
|
|
|
|
Protected Overrides Sub HashCore(array() As Byte, ibStart As Integer, cbSize As Integer)
|
|
fResult = If(fResult, array.Take(8).ToArray)
|
|
End Sub
|
|
|
|
End Class
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
[source,vbnet]
|
|
----
|
|
Dim mySHA256 As SHA256 = SHA256.Create()
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|