ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S5542/csharp/comments-and-links.adoc

13 lines
978 B
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

=== on 22 Oct 2019, 20:22:20 Ann Campbell wrote:
\[~eric.therond] a Compliant Solution should be code. If you have no code to show, then the additional details should be incorporated in the description.
=== on 14 Nov 2019, 17:07:39 Christophe Zurn wrote:
\[~eric.therond] Note that C# has a GCM mode since .NET Core 3.0 (See \https://github.com/dotnet/corefx/pull/31389), but not yet in .NET Framework. It would be nice to have this mentioned as an alternate Compliant Solution.
Also, the rule mentions "RSA encryption algorithm should be used with the recommended padding scheme (OAEP)", but there is no example for such Noncompliant/Compliant code example.
=== on 15 Nov 2019, 09:32:44 Eric Therond wrote:
Thanks [~christophe.zurn] I have added additional examples and updated https://github.com/SonarSource/security-expected-issues/blob/master/dotnet/rules/vulnerabilities/RSPEC-5542/Startup.cs[security-expected-issues repository]
include::../comments-and-links.adoc[]
Reference in New Issue View Git Blame Copy Permalink