ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S4426/csharp/rule.adoc
Fred Tingaud 16f6c0aecf
Inline adoc when include has no additional value (#1940) 
Inline adoc files when they are included exactly once.

Also fix language tags because this inlining gives us better information
on what language the code is written in.
2023-05-25 14:18:12 +02:00

83 lines
2.5 KiB
Plaintext
Raw Blame History

== Why is this an issue?
include::../description.adoc[]
=== Noncompliant code example
[source,csharp]
----
using System;
using System.Security.Cryptography;
namespace MyLibrary
{
public class MyCryptoClass
{
static void Main()
{
var dsa1 = new DSACryptoServiceProvider(); // Noncompliant - default key size is 1024
dsa1.KeySize = 2048; // Noncompliant - the setter does not update the underlying key size for the DSACryptoServiceProvider class
var dsa2 = new DSACryptoServiceProvider(2048); // Noncompliant - cannot create DSACryptoServiceProvider with a key size bigger than 1024
var rsa1 = new RSACryptoServiceProvider(); // Noncompliant - default key size is 1024
rsa1.KeySize = 2048; // Noncompliant - the setter does not update the underlying key size for the RSACryptoServiceProvider class
var rsa2 = new RSACng(1024); // Noncompliant
// ...
}
}
}
----
KeySize property of DSACryptoServiceProvider and RSACryptoServiceProvider does not change the value of underlying KeySize for the algorithm. Property setter is ignored without error and KeySize can be changed only by using constructor overload. See:
* https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.dsacryptoserviceprovider.keysize[DSACryptoServiceProvider.KeySize Property]
* https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.rsacryptoserviceprovider.keysize[RSACryptoServiceProvider.KeySize Property]
=== Compliant solution
[source,csharp]
----
using System;
using System.Security.Cryptography;
namespace MyLibrary
{
public class MyCryptoClass
{
static void Main()
{
var dsa1 = new DSACng(); // Compliant - default key size is 2048
var dsa2 = new DSACng(2048); // Compliant
var rsa1 = new RSACryptoServiceProvider(2048); // Compliant
var rsa2 = new RSACng(); // Compliant - default key size is 2048
// ...
}
}
}
----
include::../see.adoc[]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::../message.adoc[]
'''
== Comments And Links
(visible only on this page)
=== on 3 Apr 2018, 12:29:44 Alexandre Gigleux wrote:
``++Blowfish++`` case is not covered by SonarC# because there is no .NET API to use Blowfish. See: \http://www.bouncycastle.org/csharp/
include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink