From 944c808180049ba9822304ef7c8f89d9c8638a3d Mon Sep 17 00:00:00 2001 From: Paul Ming Date: Fri, 24 Aug 2018 11:11:33 -0700 Subject: [PATCH 1/4] WIP Consolidated code for crypto rules; need to update messages --- ...DoNotUseInsecureCryptographicAlgorithms.cs | 50 +- .../Helpers/CompilationSecurityTypes.cs | 18 + .../Security/Helpers/SecurityMemberNames.cs | 9 + .../Core/Security/Helpers/SecurityTypes.cs | 41 + ...UseInsecureCryptographicAlgorithmsTests.cs | 2204 ++++++++++++++++- ...DoNotUseInsecureCyrptographicAlgorithms.cs | 23 - ...DoNotUseInsecureCryptographicAlgorithms.cs | 183 -- .../Core/Helpers/CompilationSecurityTypes.cs | 17 +- .../Core/Helpers/SecurityTypes.cs | 39 - .../Core/SecurityMemberNames.cs | 1 - ...UseInsecureCryptographicAlgorithmsTests.cs | 2173 ---------------- ...DoNotUseInsecureCryptographicAlgorithms.vb | 23 - 12 files changed, 2276 insertions(+), 2505 deletions(-) create mode 100644 src/Microsoft.NetCore.Analyzers/Core/Security/Helpers/SecurityMemberNames.cs delete mode 100644 src/Microsoft.NetFramework.Analyzers/CSharp/CSharpDoNotUseInsecureCyrptographicAlgorithms.cs delete mode 100644 src/Microsoft.NetFramework.Analyzers/Core/DoNotUseInsecureCryptographicAlgorithms.cs delete mode 100644 src/Microsoft.NetFramework.Analyzers/UnitTests/DoNotUseInsecureCryptographicAlgorithmsTests.cs delete mode 100644 src/Microsoft.NetFramework.Analyzers/VisualBasic/BasicDoNotUseInsecureCryptographicAlgorithms.vb diff --git a/src/Microsoft.NetCore.Analyzers/Core/Security/DoNotUseInsecureCryptographicAlgorithms.cs b/src/Microsoft.NetCore.Analyzers/Core/Security/DoNotUseInsecureCryptographicAlgorithms.cs index d609719807..e443151b50 100644 --- a/src/Microsoft.NetCore.Analyzers/Core/Security/DoNotUseInsecureCryptographicAlgorithms.cs +++ b/src/Microsoft.NetCore.Analyzers/Core/Security/DoNotUseInsecureCryptographicAlgorithms.cs @@ -19,17 +19,17 @@ public abstract class DoNotUseInsecureCryptographicAlgorithmsAnalyzer : Diagnost private static readonly LocalizableString s_localizableDoNotUseSHA1Title = new LocalizableResourceString(nameof(SystemSecurityCryptographyResources.DoNotUseSHA1), SystemSecurityCryptographyResources.ResourceManager, typeof(SystemSecurityCryptographyResources)); private static readonly LocalizableString s_localizableDoNotUseSHA1Description = new LocalizableResourceString(nameof(SystemSecurityCryptographyResources.DoNotUseSHA1Description), SystemSecurityCryptographyResources.ResourceManager, typeof(SystemSecurityCryptographyResources)); - internal static DiagnosticDescriptor DoNotUseMD5SpecificRule = CreateDiagnosticDescriptor(DoNotUseBrokenCryptographicRuleId, + internal static DiagnosticDescriptor DoNotUseBrokenCryptographicRule = CreateDiagnosticDescriptor(DoNotUseBrokenCryptographicRuleId, s_localizableDoNotUseMD5Title, s_localizableDoNotUseMD5Description); - internal static DiagnosticDescriptor DoNotUseSHA1SpecificRule = CreateDiagnosticDescriptor(DoNotUseWeakCryptographicRuleId, + internal static DiagnosticDescriptor DoNotUseWeakCryptographicRule = CreateDiagnosticDescriptor(DoNotUseWeakCryptographicRuleId, s_localizableDoNotUseSHA1Title, s_localizableDoNotUseSHA1Description); protected abstract SyntaxNodeAnalyzer GetAnalyzer(CompilationStartAnalysisContext context, CompilationSecurityTypes cryptTypes); - public override ImmutableArray SupportedDiagnostics => ImmutableArray.Create(DoNotUseMD5SpecificRule, DoNotUseSHA1SpecificRule); + public override ImmutableArray SupportedDiagnostics => ImmutableArray.Create(DoNotUseBrokenCryptographicRule, DoNotUseWeakCryptographicRule); private static DiagnosticDescriptor CreateDiagnosticDescriptor(string ruleId, LocalizableString title, LocalizableString description, string uri = null) { @@ -66,7 +66,15 @@ private static bool ReferencesAnyTargetType(CompilationSecurityTypes types) { return types.MD5 != null || types.SHA1 != null - || types.HMACSHA1 != null; + || types.HMACSHA1 != null + || types.DES != null + || types.DSA != null + || types.DSASignatureFormatter != null + || types.HMACMD5 != null + || types.RC2 != null + || types.TripleDES != null + || types.RIPEMD160 != null + || types.HMACRIPEMD160 != null; } protected class SyntaxNodeAnalyzer @@ -95,12 +103,42 @@ public void AnalyzeNode(SyntaxNodeAnalysisContext context) if (type.DerivesFrom(_cryptTypes.MD5)) { - rule = DoNotUseMD5SpecificRule; + rule = DoNotUseBrokenCryptographicRule; } else if (type.DerivesFrom(_cryptTypes.SHA1) || type.DerivesFrom(_cryptTypes.HMACSHA1)) { - rule = DoNotUseSHA1SpecificRule; + rule = DoNotUseWeakCryptographicRule; + } + else if (type.DerivesFrom(_cryptTypes.DES)) + { + rule = DoNotUseBrokenCryptographicRule; + } + else if ((method.ContainingType.DerivesFrom(_cryptTypes.DSA) && method.MetadataName == SecurityMemberNames.CreateSignature) || + (type == _cryptTypes.DSASignatureFormatter && + method.ContainingType.DerivesFrom(_cryptTypes.DSASignatureFormatter) && method.MetadataName == WellKnownMemberNames.InstanceConstructorName)) + { + rule = DoNotUseBrokenCryptographicRule; + } + else if (type.DerivesFrom(_cryptTypes.HMACMD5)) + { + rule = DoNotUseBrokenCryptographicRule; + } + else if (type.DerivesFrom(_cryptTypes.RC2)) + { + rule = DoNotUseBrokenCryptographicRule; + } + else if (type.DerivesFrom(_cryptTypes.TripleDES)) + { + rule = DoNotUseWeakCryptographicRule; + } + else if (type.DerivesFrom(_cryptTypes.RIPEMD160)) + { + rule = DoNotUseWeakCryptographicRule; + } + else if (type.DerivesFrom(_cryptTypes.HMACRIPEMD160)) + { + rule = DoNotUseWeakCryptographicRule; } if (rule != null) diff --git a/src/Microsoft.NetCore.Analyzers/Core/Security/Helpers/CompilationSecurityTypes.cs b/src/Microsoft.NetCore.Analyzers/Core/Security/Helpers/CompilationSecurityTypes.cs index 683b841dfd..62224050a1 100644 --- a/src/Microsoft.NetCore.Analyzers/Core/Security/Helpers/CompilationSecurityTypes.cs +++ b/src/Microsoft.NetCore.Analyzers/Core/Security/Helpers/CompilationSecurityTypes.cs @@ -6,15 +6,33 @@ namespace Microsoft.NetCore.Analyzers.Security.Helpers { public class CompilationSecurityTypes { + // Some of these types may only exist in .NET Framework and not in .NET Core, but that's okay, we'll look anyway. + public INamedTypeSymbol MD5 { get; private set; } public INamedTypeSymbol SHA1 { get; private set; } public INamedTypeSymbol HMACSHA1 { get; private set; } + public INamedTypeSymbol DES { get; private set; } + public INamedTypeSymbol DSA { get; private set; } + public INamedTypeSymbol DSASignatureFormatter { get; private set; } + public INamedTypeSymbol HMACMD5 { get; private set; } + public INamedTypeSymbol RC2 { get; private set; } + public INamedTypeSymbol TripleDES { get; private set; } + public INamedTypeSymbol RIPEMD160 { get; private set; } + public INamedTypeSymbol HMACRIPEMD160 { get; private set; } public CompilationSecurityTypes(Compilation compilation) { MD5 = SecurityTypes.MD5(compilation); SHA1 = SecurityTypes.SHA1(compilation); HMACSHA1 = SecurityTypes.HMACSHA1(compilation); + DES = SecurityTypes.DES(compilation); + DSA = SecurityTypes.DSA(compilation); + DSASignatureFormatter = SecurityTypes.DSASignatureFormatter(compilation); + HMACMD5 = SecurityTypes.HMACMD5(compilation); + RC2 = SecurityTypes.RC2(compilation); + TripleDES = SecurityTypes.TripleDES(compilation); + RIPEMD160 = SecurityTypes.RIPEMD160(compilation); + HMACRIPEMD160 = SecurityTypes.HMACRIPEMD160(compilation); } } } diff --git a/src/Microsoft.NetCore.Analyzers/Core/Security/Helpers/SecurityMemberNames.cs b/src/Microsoft.NetCore.Analyzers/Core/Security/Helpers/SecurityMemberNames.cs new file mode 100644 index 0000000000..2851392253 --- /dev/null +++ b/src/Microsoft.NetCore.Analyzers/Core/Security/Helpers/SecurityMemberNames.cs @@ -0,0 +1,9 @@ +// Copyright (c) Microsoft. All Rights Reserved. Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. + +namespace Microsoft.NetCore.Analyzers.Security.Helpers +{ + internal static class SecurityMemberNames + { + public const string CreateSignature = "CreateSignature"; + } +} diff --git a/src/Microsoft.NetCore.Analyzers/Core/Security/Helpers/SecurityTypes.cs b/src/Microsoft.NetCore.Analyzers/Core/Security/Helpers/SecurityTypes.cs index dc4f717839..867e332125 100644 --- a/src/Microsoft.NetCore.Analyzers/Core/Security/Helpers/SecurityTypes.cs +++ b/src/Microsoft.NetCore.Analyzers/Core/Security/Helpers/SecurityTypes.cs @@ -10,13 +10,54 @@ public static INamedTypeSymbol MD5(Compilation compilation) { return compilation.GetTypeByMetadataName("System.Security.Cryptography.MD5"); } + public static INamedTypeSymbol SHA1(Compilation compilation) { return compilation.GetTypeByMetadataName("System.Security.Cryptography.SHA1"); } + public static INamedTypeSymbol HMACSHA1(Compilation compilation) { return compilation.GetTypeByMetadataName("System.Security.Cryptography.HMACSHA1"); } + public static INamedTypeSymbol DES(Compilation compilation) + { + return compilation.GetTypeByMetadataName("System.Security.Cryptography.DES"); + } + + public static INamedTypeSymbol DSA(Compilation compilation) + { + return compilation.GetTypeByMetadataName("System.Security.Cryptography.DSA"); + } + + public static INamedTypeSymbol DSASignatureFormatter(Compilation compilation) + { + return compilation.GetTypeByMetadataName("System.Security.Cryptography.DSASignatureFormatter"); + } + + public static INamedTypeSymbol HMACMD5(Compilation compilation) + { + return compilation.GetTypeByMetadataName("System.Security.Cryptography.HMACMD5"); + } + + public static INamedTypeSymbol RC2(Compilation compilation) + { + return compilation.GetTypeByMetadataName("System.Security.Cryptography.RC2"); + } + + public static INamedTypeSymbol TripleDES(Compilation compilation) + { + return compilation.GetTypeByMetadataName("System.Security.Cryptography.TripleDES"); + } + + public static INamedTypeSymbol RIPEMD160(Compilation compilation) + { + return compilation.GetTypeByMetadataName("System.Security.Cryptography.RIPEMD160"); + } + + public static INamedTypeSymbol HMACRIPEMD160(Compilation compilation) + { + return compilation.GetTypeByMetadataName("System.Security.Cryptography.HMACRIPEMD160"); + } } } diff --git a/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotUseInsecureCryptographicAlgorithmsTests.cs b/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotUseInsecureCryptographicAlgorithmsTests.cs index f36eec39db..551d4ce813 100644 --- a/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotUseInsecureCryptographicAlgorithmsTests.cs +++ b/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotUseInsecureCryptographicAlgorithmsTests.cs @@ -28,7 +28,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 23, CA5350RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(10, 23, CA5351RuleName, _doNotUseMD5Message)); VerifyBasic(@" Imports System.Security.Cryptography @@ -38,7 +38,7 @@ Sub TestSub() Dim md5alg As MD5 = MD5.Create() End Sub End Module", - GetBasicResultAt(6, 29, CA5350RuleName, _doNotUseMD5Message)); + GetBasicResultAt(6, 29, CA5351RuleName, _doNotUseMD5Message)); } //NO VB [Fact] @@ -53,7 +53,7 @@ class TestClass1 public MD5 GetMD5 => MD5.Create(); } }", - GetCSharpResultAt(7, 30, CA5350RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(7, 30, CA5351RuleName, _doNotUseMD5Message)); } [Fact] @@ -71,7 +71,7 @@ public HashAlgorithm GetAlg } } }", - GetCSharpResultAt(9, 26, CA5350RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(9, 26, CA5351RuleName, _doNotUseMD5Message)); VerifyBasic(@" Imports System.Security.Cryptography @@ -84,7 +84,7 @@ End Get End Property End Class End Namespace", - GetBasicResultAt(7, 12, CA5350RuleName, _doNotUseMD5Message)); + GetBasicResultAt(7, 12, CA5351RuleName, _doNotUseMD5Message)); } [Fact] @@ -99,7 +99,7 @@ class TestClass1 public HashAlgorithm Alg = MD5.Create(); } }", - GetCSharpResultAt(7, 36, CA5350RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(7, 36, CA5351RuleName, _doNotUseMD5Message)); VerifyBasic(@" Imports System.Security.Cryptography @@ -108,7 +108,7 @@ Class TestClass1 Public Alg As HashAlgorithm = MD5.Create() End Class End Namespace", - GetBasicResultAt(5, 33, CA5350RuleName, _doNotUseMD5Message)); + GetBasicResultAt(5, 33, CA5351RuleName, _doNotUseMD5Message)); } [Fact] @@ -127,7 +127,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, CA5350RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(10, 36, CA5351RuleName, _doNotUseMD5Message)); VerifyBasic(@" Imports System.Security.Cryptography @@ -141,7 +141,7 @@ Await Task.Run(Function() End Function End Class End Namespace", - GetBasicResultAt(8, 8, CA5350RuleName, _doNotUseMD5Message)); + GetBasicResultAt(8, 8, CA5351RuleName, _doNotUseMD5Message)); } [Fact] @@ -157,7 +157,7 @@ class TestClass Del d = delegate () { MD5.Create(); }; } }", - GetCSharpResultAt(8, 31, CA5350RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(8, 31, CA5351RuleName, _doNotUseMD5Message)); VerifyBasic(@" Imports System.Security.Cryptography @@ -167,7 +167,7 @@ Private Delegate Sub Del() Private d As Del = Sub() MD5.Create() End Class End Namespace", - GetBasicResultAt(6, 28, CA5350RuleName, _doNotUseMD5Message)); + GetBasicResultAt(6, 28, CA5351RuleName, _doNotUseMD5Message)); } [Fact] @@ -213,7 +213,7 @@ protected override byte[] HashFinal() } } }" }, - GetCSharpResultAt(10, 25, CA5350RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(10, 25, CA5351RuleName, _doNotUseMD5Message)); VerifyBasic(new[] { //Test0 @@ -249,7 +249,7 @@ End Function End Class End Namespace"}, - GetBasicResultAt(7, 16, CA5350RuleName, _doNotUseMD5Message)); + GetBasicResultAt(7, 16, CA5351RuleName, _doNotUseMD5Message)); } #endregion @@ -272,7 +272,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 24, CA5351RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 24, CA5350RuleName, _doNotUseSHA1Message)); VerifyBasic(@" Imports System.Security.Cryptography @@ -282,7 +282,7 @@ Sub TestSub() Dim sha1alg As SHA1 = SHA1.Create() End Sub End Module", - GetBasicResultAt(6, 31, CA5351RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(6, 31, CA5350RuleName, _doNotUseSHA1Message)); } //NO VB [Fact] @@ -297,7 +297,7 @@ class TestClass1 public SHA1 GetSHA1 => SHA1.Create(); } }", - GetCSharpResultAt(7, 32, CA5351RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(7, 32, CA5350RuleName, _doNotUseSHA1Message)); } [Fact] @@ -315,7 +315,7 @@ public HashAlgorithm GetAlg } } }", - GetCSharpResultAt(9, 26, CA5351RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(9, 26, CA5350RuleName, _doNotUseSHA1Message)); VerifyBasic(@" Imports System.Security.Cryptography @@ -328,7 +328,7 @@ End Get End Property End Class End Namespace", - GetBasicResultAt(7, 12, CA5351RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(7, 12, CA5350RuleName, _doNotUseSHA1Message)); } [Fact] @@ -343,7 +343,7 @@ class TestClass1 public HashAlgorithm Alg = SHA1.Create(); } }", - GetCSharpResultAt(7, 36, CA5351RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(7, 36, CA5350RuleName, _doNotUseSHA1Message)); VerifyBasic(@" Imports System.Security.Cryptography @@ -352,7 +352,7 @@ Class TestClass1 Public Alg As HashAlgorithm = SHA1.Create() End Class End Namespace", - GetBasicResultAt(5, 33, CA5351RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(5, 33, CA5350RuleName, _doNotUseSHA1Message)); } [Fact] @@ -371,7 +371,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, CA5351RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 36, CA5350RuleName, _doNotUseSHA1Message)); VerifyBasic(@" Imports System.Security.Cryptography @@ -385,7 +385,7 @@ Await Task.Run(Function() End Function End Class End Namespace", - GetBasicResultAt(8, 8, CA5351RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(8, 8, CA5350RuleName, _doNotUseSHA1Message)); } [Fact] @@ -401,7 +401,7 @@ class TestClass Del d = delegate () { SHA1.Create(); }; } }", - GetCSharpResultAt(8, 31, CA5351RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(8, 31, CA5350RuleName, _doNotUseSHA1Message)); VerifyBasic(@" Imports System.Security.Cryptography @@ -411,7 +411,7 @@ Private Delegate Sub Del() Private d As Del = Sub() SHA1.Create() End Class End Namespace", - GetBasicResultAt(6, 28, CA5351RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(6, 28, CA5350RuleName, _doNotUseSHA1Message)); } [Fact] @@ -457,7 +457,7 @@ protected override byte[] HashFinal() } } }" }, - GetCSharpResultAt(10, 26, CA5351RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 26, CA5350RuleName, _doNotUseSHA1Message)); VerifyBasic(new[] { //Test0 @@ -490,7 +490,7 @@ Throw New System.NotImplementedException() End Function End Class End Namespace" }, - GetBasicResultAt(6, 17, CA5351RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(6, 17, CA5350RuleName, _doNotUseSHA1Message)); } [Fact] @@ -509,7 +509,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 24, CA5351RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 24, CA5350RuleName, _doNotUseSHA1Message)); VerifyBasic(@" Imports System.Security.Cryptography @@ -519,7 +519,7 @@ Sub TestMethod() Dim SHA1alg As New SHA1CryptoServiceProvider End Sub End Module", - GetBasicResultAt(6, 24, CA5351RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(6, 24, CA5350RuleName, _doNotUseSHA1Message)); } [Fact] @@ -538,7 +538,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 28, CA5351RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 28, CA5350RuleName, _doNotUseSHA1Message)); VerifyBasic(@" Imports System.Security.Cryptography @@ -548,7 +548,7 @@ Sub TestSub() Dim hmacsha1 As HMACSHA1 = New HMACSHA1() End Sub End Module", - GetBasicResultAt(6, 36, CA5351RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(6, 36, CA5350RuleName, _doNotUseSHA1Message)); } //No VB [Fact] @@ -563,7 +563,7 @@ class TestClass1 public HMAC GetHMACSHA1 => new HMACSHA1(); } }", - GetCSharpResultAt(7, 36, CA5351RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(7, 36, CA5350RuleName, _doNotUseSHA1Message)); } [Fact] @@ -581,7 +581,7 @@ public HMAC GetAlg } } }", - GetCSharpResultAt(9, 26, CA5351RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(9, 26, CA5350RuleName, _doNotUseSHA1Message)); VerifyBasic(@" Imports System.Security.Cryptography @@ -594,7 +594,7 @@ End Get End Property End Class End Namespace", - GetBasicResultAt(7, 12, CA5351RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(7, 12, CA5350RuleName, _doNotUseSHA1Message)); } [Fact] @@ -609,7 +609,7 @@ class TestClass1 public HMAC Alg = new HMACSHA1(); } }", - GetCSharpResultAt(7, 27, CA5351RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(7, 27, CA5350RuleName, _doNotUseSHA1Message)); VerifyBasic(@" Imports System.Security.Cryptography @@ -618,7 +618,7 @@ Class TestClass1 Public Alg As HMAC = New HMACSHA1() End Class End Namespace", - GetBasicResultAt(5, 24, CA5351RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(5, 24, CA5350RuleName, _doNotUseSHA1Message)); } //No VB [Fact] @@ -637,7 +637,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, CA5351RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 36, CA5350RuleName, _doNotUseSHA1Message)); } //No VB [Fact] @@ -653,7 +653,7 @@ class TestClass Del d = delegate () { new HMACSHA1(); }; } }", - GetCSharpResultAt(8, 31, CA5351RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(8, 31, CA5350RuleName, _doNotUseSHA1Message)); } [Fact] @@ -699,7 +699,7 @@ protected override byte[] HashFinal() } } }" }, - GetCSharpResultAt(10, 30, CA5351RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 30, CA5350RuleName, _doNotUseSHA1Message)); VerifyBasic(new[] { //Test0 @@ -734,10 +734,2132 @@ End Function End Class End Namespace " }, - GetBasicResultAt(7, 21, CA5351RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(7, 21, CA5350RuleName, _doNotUseSHA1Message)); } #endregion + [Fact] + public void CA5350UseHMACMD5CreateInMethodDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; + +namespace TestNamespace +{ + class TestClass + { + private static void TestMethod() + { + var md5 = new HMACMD5(); + } + } +}", + GetCSharpResultAt(10, 23, CA5351RuleName, _doNotUseMD5Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography + +Namespace TestNamespace + Class TestClass + Private Shared Sub TestMethod() + Dim md5 = New HMACMD5() + End Sub + End Class +End Namespace", + GetBasicResultAt(7, 14, CA5351RuleName, _doNotUseMD5Message)); + } + + [Fact] + public void CA5350CreateObjectFromHMACMD5DerivedClass() + { + VerifyCSharp(@" +using System.Security.Cryptography; + +namespace TestNamespace +{ + class MyHMACMD5 : HMACMD5 {} + + class TestClass + { + private static void TestMethod() + { + var md5 = new MyHMACMD5(); + } + } +}", + GetCSharpResultAt(12, 23, CA5351RuleName, _doNotUseMD5Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class MyHMACMD5 + Inherits HMACMD5 + End Class + + Class TestClass + Private Shared Sub TestMethod() + Dim md5 = New MyHMACMD5() + End Sub + End Class +End Namespace", + GetBasicResultAt(10, 14, CA5351RuleName, _doNotUseMD5Message)); + } + + [Fact] + public void CA5350UseHMACMD5CreateInGetDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass1 + { + public HMACMD5 GetHMACMD5 + { + get { return new HMACMD5(); } + } + } +}", + GetCSharpResultAt(9, 26, CA5351RuleName, _doNotUseMD5Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass1 + Public ReadOnly Property GetHMACMD5() As HMACMD5 + Get + Return New HMACMD5() + End Get + End Property + End Class +End Namespace", +GetBasicResultAt(7, 12, CA5351RuleName, _doNotUseMD5Message)); + } + + [Fact] + public void CA5350UseHMACMD5InFieldDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass + { + HMACMD5 privateMd5 = new HMACMD5(); + } +}", + GetCSharpResultAt(7, 30, CA5351RuleName, _doNotUseMD5Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Private privateMd5 As New HMACMD5() + End Class +End Namespace", +GetBasicResultAt(5, 25, CA5351RuleName, _doNotUseMD5Message)); + } + + [Fact] + public void CA5350UseHMACMD5InLambdaExpression() + { + VerifyCSharp(@" +using System.Security.Cryptography; +using System.Threading.Tasks; +namespace TestNamespace +{ + class TestClass + { + private async Task TestMethod() + { + await Task.Run(() => { new HMACMD5(); }); + } + } +}", + GetCSharpResultAt(10, 36, CA5351RuleName, _doNotUseMD5Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Imports System.Threading.Tasks + +Module TestClass + Public Async Sub TestMethod() + Await Task.Run(Function() + Return New HMACMD5() + End Function) + End Sub +End Module", + GetBasicResultAt(8, 35, CA5351RuleName, _doNotUseMD5Message)); + } + + [Fact] + public void CA5350UseHMACMD5InAnonymousMethodExpression() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass + { + delegate void Del(); + Del d = delegate () { new HMACMD5(); }; + } +}", + GetCSharpResultAt(8, 31, CA5351RuleName, _doNotUseMD5Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography + +Module TestClass + Delegate Function Del() As HashAlgorithm + Dim d As Del = Function() New HMACMD5() +End Module", + GetBasicResultAt(6, 31, CA5351RuleName, _doNotUseMD5Message)); + } + + [Fact] + public void CA5351UseDESCreateInMethodDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; + +namespace TestNamespace +{ + class TestClass + { + private static void TestMethod() + { + var aes = DES.Create(); + } + } +}", + GetCSharpResultAt(10, 23, CA5351RuleName, _doNotUseMD5Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography + +Module TestClass + Sub TestMethod() + Dim desalg As DES = DES.Create() + End Sub +End Module", +GetBasicResultAt(6, 29, CA5351RuleName, _doNotUseMD5Message)); + } + + [Fact] + public void CA5351UseDESCreateInGetDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass + { + public DES GetDES + { + get { return DES.Create(); } + } + } +}", + GetCSharpResultAt(9, 26, CA5351RuleName, _doNotUseMD5Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Public ReadOnly Property GetDES() As DES + Get + Return DES.Create() + End Get + End Property + End Class +End Namespace +", +GetBasicResultAt(7, 12, CA5351RuleName, _doNotUseMD5Message)); + } + + [Fact] + public void CA5351UseDESCreateInFieldDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass + { + DES privateDES = DES.Create(); + } +}", + GetCSharpResultAt(7, 26, CA5351RuleName, _doNotUseMD5Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Private privateDES As DES = DES.Create() + End Class +End Namespace", +GetBasicResultAt(5, 31, CA5351RuleName, _doNotUseMD5Message)); + } + + [Fact] + public void CA5351UseDESCreateInLambdaExpression() + { + VerifyCSharp(@" +using System.Security.Cryptography; +using System.Threading.Tasks; +namespace TestNamespace +{ + class TestClass + { + private async Task TestMethod() + { + await Task.Run(() => { DES.Create(); }); + } + } +}", + GetCSharpResultAt(10, 36, CA5351RuleName, _doNotUseMD5Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Imports System.Threading.Tasks +Namespace TestNamespace + Class TestClass + Private Async Function TestMethod() As Task + Await Task.Run(Function() + DES.Create() +End Function) + End Function + End Class +End Namespace", +GetBasicResultAt(8, 4, CA5351RuleName, _doNotUseMD5Message)); + } + + [Fact] + public void CA5351UseDESCreateInAnonymousMethodExpression() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass + { + delegate void Del(); + Del d = delegate () { DES.Create(); }; + } +}", + GetCSharpResultAt(8, 31, CA5351RuleName, _doNotUseMD5Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Private Delegate Sub Del() + Private d As Del = Sub() DES.Create() + End Class +End Namespace", +GetBasicResultAt(6, 28, CA5351RuleName, _doNotUseMD5Message)); + } + + [Fact] + public void CA5351UseDESCryptoServiceProviderCreateInMethodDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; + +namespace TestNamespace +{ + class TestClass + { + private static void TestMethod() + { + DES des = new DESCryptoServiceProvider(); + } + } +}", + GetCSharpResultAt(10, 23, CA5351RuleName, _doNotUseMD5Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Private Shared Sub TestMethod() + Dim des As DES = New DESCryptoServiceProvider() + End Sub + End Class +End Namespace", + GetBasicResultAt(6, 21, CA5351RuleName, _doNotUseMD5Message)); + } + + [Fact] + public void CA5351UseDESCryptoServiceProviderCreateInGetDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass + { + public DESCryptoServiceProvider GetDES + { + get { return new DESCryptoServiceProvider(); } + } + } +}", + GetCSharpResultAt(9, 26, CA5351RuleName, _doNotUseMD5Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Public ReadOnly Property GetDES() As DESCryptoServiceProvider + Get + Return New DESCryptoServiceProvider() + End Get + End Property + End Class +End Namespace", + GetBasicResultAt(7, 12, CA5351RuleName, _doNotUseMD5Message)); + } + + [Fact] + public void CA5351UseDESCryptoServiceProviderCreateInFieldDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass + { + DESCryptoServiceProvider privateDES = new DESCryptoServiceProvider(); + } +}", + GetCSharpResultAt(7, 47, CA5351RuleName, _doNotUseMD5Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Private privateDES As New DESCryptoServiceProvider() + End Class +End Namespace", +GetBasicResultAt(5, 25, CA5351RuleName, _doNotUseMD5Message)); + } + //No VB + [Fact] + public void CA5351UseDESCryptoServiceProviderInLambdaExpression() + { + VerifyCSharp(@" +using System.Security.Cryptography; +using System.Threading.Tasks; +namespace TestNamespace +{ + class TestClass + { + private async Task TestMethod() + { + await Task.Run(() => { new DESCryptoServiceProvider(); }); + } + } +}", + GetCSharpResultAt(10, 36, CA5351RuleName, _doNotUseMD5Message)); + } + //No VB + [Fact] + public void CA5351UseDESCryptoServiceProviderInAnonymousMethodExpression() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass + { + delegate void Del(); + Del d = delegate () { new DESCryptoServiceProvider(); }; + } +}", + GetCSharpResultAt(8, 31, CA5351RuleName, _doNotUseMD5Message)); + } + + [Fact] + public void CA5351CreateObjectFromDESDerivedClass() + { + VerifyCSharp(new[] { +//Test0 + @" +using System.Security.Cryptography; + +namespace TestNamespace +{ + class TestClass + { + private static void TestMethod() + { + MyDES des = new MyDES(); + des.GenerateKey(); + } + } +}", +//Test1 + @" +using System; +using System.Security.Cryptography; + +namespace TestNamespace +{ + class MyDES : DES + { + public override ICryptoTransform CreateDecryptor(byte[] rgbKey, byte[] rgbIV) + { + throw new NotImplementedException(); + } + + public override ICryptoTransform CreateEncryptor(byte[] rgbKey, byte[] rgbIV) + { + throw new NotImplementedException(); + } + + public override void GenerateIV() + { + throw new NotImplementedException(); + } + + public override void GenerateKey() + { + throw new NotImplementedException(); + } + } +}" }, + GetCSharpResultAt(10, 25, CA5351RuleName, _doNotUseMD5Message), + GetCSharpResultAt(11, 13, CA5351RuleName, _doNotUseMD5Message)); + + VerifyBasic(new[] { +//Test0 + @" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Private Shared Sub TestMethod() + Dim des As New MyDES() + des.GenerateKey() + End Sub + End Class +End Namespace", +//Test1 + @" +Imports System +Imports System.Security.Cryptography +Namespace TestNamespace + Class MyDES + Inherits DES + Public Overrides Function CreateDecryptor(rgbKey As Byte(), rgbIV As Byte()) As ICryptoTransform + Throw New NotImplementedException() + End Function + + Public Overrides Function CreateEncryptor(rgbKey As Byte(), rgbIV As Byte()) As ICryptoTransform + Throw New NotImplementedException() + End Function + + Public Overrides Sub GenerateIV() + Throw New NotImplementedException() + End Sub + + Public Overrides Sub GenerateKey() + Throw New NotImplementedException() + End Sub + End Class +End Namespace +" }, + GetBasicResultAt(6, 15, CA5351RuleName, _doNotUseMD5Message), + GetBasicResultAt(7, 4, CA5351RuleName, _doNotUseMD5Message)); + } + + [Fact] + public void CA5352UseRC2CryptoServiceProviderInMethodDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; + +namespace TestNamespace +{ + class TestClass + { + private static void TestMethod() + { + var rc2 = new RC2CryptoServiceProvider(); + } + } +}", + GetCSharpResultAt(10, 23, CA5351RuleName, _doNotUseMD5Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography + +Module TestClass + Sub TestMethod() + Dim rc2alg As New RC2CryptoServiceProvider + End Sub +End Module", +GetBasicResultAt(6, 23, CA5351RuleName, _doNotUseMD5Message)); + } + + [Fact] + public void CA5352UseRC2CryptoServiceProviderInGetDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass + { + public RC2CryptoServiceProvider GetRC2 + { + get { return new RC2CryptoServiceProvider(); } + } + } +}", + GetCSharpResultAt(9, 26, CA5351RuleName, _doNotUseMD5Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Public ReadOnly Property GetRC2() As RC2CryptoServiceProvider + Get + Return New RC2CryptoServiceProvider() + End Get + End Property + End Class +End Namespace", +GetBasicResultAt(7, 12, CA5351RuleName, _doNotUseMD5Message)); + } + + [Fact] + public void CA5352UseRC2CryptoServiceProviderInFieldDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass + { + RC2CryptoServiceProvider privateRC2 = new RC2CryptoServiceProvider(); + } +}", + GetCSharpResultAt(7, 47, CA5351RuleName, _doNotUseMD5Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Private privateRC2 As New RC2CryptoServiceProvider() + End Class +End Namespace +", +GetBasicResultAt(5, 25, CA5351RuleName, _doNotUseMD5Message)); + } + //No VB + [Fact] + public void CA5352UseRC2CryptoServiceProviderInLambdaExpression() + { + VerifyCSharp(@" +using System.Security.Cryptography; +using System.Threading.Tasks; +namespace TestNamespace +{ + class TestClass + { + private async Task TestMethod() + { + await Task.Run(() => { new RC2CryptoServiceProvider(); }); + } + } +}", + GetCSharpResultAt(10, 36, CA5351RuleName, _doNotUseMD5Message)); + } + //No VB + [Fact] + public void CA5352UseRC2CryptoServiceProviderInAnonymousMethodExpression() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass + { + delegate void Del(); + Del d = delegate () { new RC2CryptoServiceProvider(); }; + } +}", + GetCSharpResultAt(8, 31, CA5351RuleName, _doNotUseMD5Message)); + } + + [Fact] + public void CA5352CreateObjectFromRC2DerivedClass() + { + VerifyCSharp(new[] { +//Test0 +@" +using System.Security.Cryptography; + +namespace TestNamespace +{ + class TestClass + { + private static void TestMethod() + { + var rc2 = new MyRC2(); + } + } +}", +//Test1 +@" +using System; +using System.Security.Cryptography; + +namespace TestNamespace +{ + class MyRC2 : RC2 + { + public override ICryptoTransform CreateDecryptor(byte[] rgbKey, byte[] rgbIV) + { + throw new NotImplementedException(); + } + + public override ICryptoTransform CreateEncryptor(byte[] rgbKey, byte[] rgbIV) + { + throw new NotImplementedException(); + } + + public override void GenerateIV() + { + throw new NotImplementedException(); + } + + public override void GenerateKey() + { + throw new NotImplementedException(); + } + } +}" }, + GetCSharpResultAt(10, 23, CA5351RuleName, _doNotUseMD5Message)); + + VerifyBasic(new[] { +//Test0 +@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Private Shared Sub TestMethod() + Dim rc2 = New MyRC2() + End Sub + End Class +End Namespace", +//Test1 +@" +Imports System +Imports System.Security.Cryptography +Namespace TestNamespace + Class MyRC2 + Inherits RC2 + Public Overrides Function CreateDecryptor(rgbKey As Byte(), rgbIV As Byte()) As ICryptoTransform + Throw New NotImplementedException() + End Function + + Public Overrides Function CreateEncryptor(rgbKey As Byte(), rgbIV As Byte()) As ICryptoTransform + Throw New NotImplementedException() + End Function + + Public Overrides Sub GenerateIV() + Throw New NotImplementedException() + End Sub + + Public Overrides Sub GenerateKey() + Throw New NotImplementedException() + End Sub + End Class +End Namespace +" }, + GetBasicResultAt(6, 14, CA5351RuleName, _doNotUseMD5Message)); + } + + [Fact] + public void CA5353TripleDESCreateInMethodDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; + +namespace TestNamespace +{ + class TestClass + { + private static void TestMethod() + { + var tripleDES = TripleDES.Create(""TripleDES""); + } + } +}", + GetCSharpResultAt(10, 29, CA5350RuleName, _doNotUseSHA1Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Private Shared Sub TestMethod() + Dim tripleDES__1 = TripleDES.Create(""TripleDES"") + End Sub + End Class +End Namespace", + GetBasicResultAt(6, 23, CA5350RuleName, _doNotUseSHA1Message)); + } + + [Fact] + public void CA5353TripleDESCreateInGetDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass + { + public TripleDES GetTripleDES + { + get { return TripleDES.Create(""TripleDES""); } + } + } +}", + GetCSharpResultAt(9, 26, CA5350RuleName, _doNotUseSHA1Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Public ReadOnly Property GetTripleDES() As TripleDES + Get + Return TripleDES.Create(""TripleDES"") + End Get + End Property + End Class +End Namespace", + GetBasicResultAt(7, 12, CA5350RuleName, _doNotUseSHA1Message)); + } + + [Fact] + public void CA5353TripleDESCreateInFieldDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass + { + TripleDES privateDES = TripleDES.Create(""TripleDES""); + } +}", + GetCSharpResultAt(7, 32, CA5350RuleName, _doNotUseSHA1Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Private privateDES As TripleDES = TripleDES.Create(""TripleDES"") + End Class +End Namespace", + GetBasicResultAt(5, 37, CA5350RuleName, _doNotUseSHA1Message)); + } + //No VB + [Fact] + public void CA5353TripleDESCreateInLambdaExpression() + { + VerifyCSharp(@" +using System.Security.Cryptography; +using System.Threading.Tasks; +namespace TestNamespace +{ + class TestClass + { + private async Task TestMethod() + { + await Task.Run(() => { TripleDES.Create(""TripleDES""); }); + } + } +}", + GetCSharpResultAt(10, 36, CA5350RuleName, _doNotUseSHA1Message)); + } + + [Fact] + public void CA5353TripleDESCreateInAnonymousMethodExpression() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass + { + delegate void Del(); + Del d = delegate () { TripleDES.Create(""TripleDES""); }; + } +}", + GetCSharpResultAt(8, 31, CA5350RuleName, _doNotUseSHA1Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Private Delegate Sub Del() + Private d As Del = Sub() TripleDES.Create(""TripleDES"") + End Class +End Namespace", +GetBasicResultAt(6, 28, CA5350RuleName, _doNotUseSHA1Message)); + } + + [Fact] + public void CA5353TripleDESCryptoServiceProviderInMethodDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; + +namespace TestNamespace +{ + class TestClass + { + private static void TestMethod() + { + TripleDESCryptoServiceProvider tripleDES = new TripleDESCryptoServiceProvider(); + } + } +}", + GetCSharpResultAt(10, 56, CA5350RuleName, _doNotUseSHA1Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography + +Module TestClass + Sub TestMethod() + Dim tDESalg As New TripleDESCryptoServiceProvider + End Sub +End Module", +GetBasicResultAt(6, 24, CA5350RuleName, _doNotUseSHA1Message)); + } + + [Fact] + public void CA5353TripleDESCryptoServiceProviderInGetDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass + { + public TripleDESCryptoServiceProvider GetDES + { + get { return new TripleDESCryptoServiceProvider(); } + } + } +}", + GetCSharpResultAt(9, 26, CA5350RuleName, _doNotUseSHA1Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Public ReadOnly Property GetDES() As TripleDESCryptoServiceProvider + Get + Return New TripleDESCryptoServiceProvider() + End Get + End Property + End Class +End Namespace", + GetBasicResultAt(7, 12, CA5350RuleName, _doNotUseSHA1Message)); + } + + [Fact] + public void CA5353TripleDESCryptoServiceProviderInFieldDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass + { + TripleDESCryptoServiceProvider privateDES = new TripleDESCryptoServiceProvider(); + } +}", + GetCSharpResultAt(7, 53, CA5350RuleName, _doNotUseSHA1Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Private privateDES As New TripleDESCryptoServiceProvider() + End Class +End Namespace", +GetBasicResultAt(5, 25, CA5350RuleName, _doNotUseSHA1Message)); + } + //No VB + [Fact] + public void CA5353TripleDESCryptoServiceProviderInLambdaExpression() + { + VerifyCSharp(@" +using System.Security.Cryptography; +using System.Threading.Tasks; +namespace TestNamespace +{ + class TestClass + { + private async Task TestMethod() + { + await Task.Run(() => { new TripleDESCryptoServiceProvider(); }); + } + } +}", + GetCSharpResultAt(10, 36, CA5350RuleName, _doNotUseSHA1Message)); + } + //No VB + [Fact] + public void CA5353TripleDESCryptoServiceProviderInAnonymousMethodExpression() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass + { + delegate void Del(); + Del d = delegate () { new TripleDESCryptoServiceProvider(); }; + } +}", + GetCSharpResultAt(8, 31, CA5350RuleName, _doNotUseSHA1Message)); + } + + [Fact] + public void CA5353CreateObjectFromTripleDESDerivedClass() + { + VerifyCSharp(new[] { +//Test0 + @" +using System.Security.Cryptography; + +namespace TestNamespace +{ + class TestClass + { + private static void TestMethod() + { + var my3DES = new My3DES(); + my3DES.GenerateKey(); + } + } +}", +//Test1 + @" +using System; +using System.Security.Cryptography; + +namespace TestNamespace +{ + class My3DES : TripleDES + { + public override ICryptoTransform CreateDecryptor(byte[] rgbKey, byte[] rgbIV) + { + throw new NotImplementedException(); + } + + public override ICryptoTransform CreateEncryptor(byte[] rgbKey, byte[] rgbIV) + { + throw new NotImplementedException(); + } + + public override void GenerateIV() + { + throw new NotImplementedException(); + } + + public override void GenerateKey() + { + throw new NotImplementedException(); + } + } +}" }, + GetCSharpResultAt(10, 26, CA5350RuleName, _doNotUseSHA1Message), + GetCSharpResultAt(11, 13, CA5350RuleName, _doNotUseSHA1Message)); + + VerifyBasic(new[] { +//Test0 + @" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Private Shared Sub TestMethod() + Dim my3DES = New My3DES() + my3DES.GenerateKey() + End Sub + End Class +End Namespace", + +//Test1 + @" +Imports System +Imports System.Security.Cryptography + +Namespace TestNamespace + Class My3DES + Inherits TripleDES + Public Overrides Function CreateDecryptor(rgbKey As Byte(), rgbIV As Byte()) As ICryptoTransform + Throw New NotImplementedException() + End Function + + Public Overrides Function CreateEncryptor(rgbKey As Byte(), rgbIV As Byte()) As ICryptoTransform + Throw New NotImplementedException() + End Function + + Public Overrides Sub GenerateIV() + Throw New NotImplementedException() + End Sub + + Public Overrides Sub GenerateKey() + Throw New NotImplementedException() + End Sub + End Class +End Namespace +" }, + GetBasicResultAt(6, 17, CA5350RuleName, _doNotUseSHA1Message), + GetBasicResultAt(7, 4, CA5350RuleName, _doNotUseSHA1Message)); + } + + [Fact] + public void CA5350RIPEMD160ManagedInMethodDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; + +namespace TestNamespace +{ + class TestClass + { + private static void TestMethod() + { + var md160 = new RIPEMD160Managed(); + } + } +}", + GetCSharpResultAt(10, 25, CA5350RuleName, _doNotUseSHA1Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography + +Module TestClass + Sub TestMethod() + Dim md1601alg As New RIPEMD160Managed + End Sub +End Module", +GetBasicResultAt(6, 26, CA5350RuleName, _doNotUseSHA1Message)); + } + + [Fact] + public void CA5350RIPEMD160ManagedInGetDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass1 + { + public RIPEMD160Managed GetRIPEMD160 + { + get { return new RIPEMD160Managed(); } + } + } +}", + GetCSharpResultAt(9, 26, CA5350RuleName, _doNotUseSHA1Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass1 + Public ReadOnly Property GetRIPEMD160() As RIPEMD160Managed + Get + Return New RIPEMD160Managed() + End Get + End Property + End Class +End Namespace", + GetBasicResultAt(7, 12, CA5350RuleName, _doNotUseSHA1Message)); + } + + [Fact] + public void CA5350RIPEMD160ManagedInFieldDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass + { + RIPEMD160Managed privateRIPEMD160 = new RIPEMD160Managed(); + } +}", + GetCSharpResultAt(7, 45, CA5350RuleName, _doNotUseSHA1Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Private privateRIPEMD160 As New RIPEMD160Managed() + End Class +End Namespace +", + GetBasicResultAt(5, 31, CA5350RuleName, _doNotUseSHA1Message)); + } + //No VB + [Fact] + public void CA5350RIPEMD160ManagedInLambdaExpression() + { + VerifyCSharp(@" +using System.Security.Cryptography; +using System.Threading.Tasks; +namespace TestNamespace +{ + class TestClass + { + private async Task TestMethod() + { + await Task.Run(() => { new RIPEMD160Managed(); }); + } + } +}", + GetCSharpResultAt(10, 36, CA5350RuleName, _doNotUseSHA1Message)); + } + //No VB + [Fact] + public void CA5350RIPEMD160ManagedInAnonymousMethodExpression() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass + { + delegate void Del(); + Del d = delegate () { new RIPEMD160Managed(); }; + } +}", + GetCSharpResultAt(8, 31, CA5350RuleName, _doNotUseSHA1Message)); + } + + [Fact] + public void CA5350RIPEMD160CreateInMethodDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; + +namespace TestNamespace +{ + class TestClass + { + private static void TestMethod() + { + RIPEMD160 md160 = RIPEMD160.Create(); + } + } +}", + GetCSharpResultAt(10, 31, CA5350RuleName, _doNotUseSHA1Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Private Shared Sub TestMethod() + Dim md160 As RIPEMD160 = RIPEMD160.Create() + End Sub + End Class +End Namespace", + GetBasicResultAt(6, 29, CA5350RuleName, _doNotUseSHA1Message)); + } + + [Fact] + public void CA5350RIPEMD160CreateInGetDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass1 + { + public RIPEMD160 GetRIPEMD160 + { + get { return RIPEMD160.Create(); } + } + } +}", + GetCSharpResultAt(9, 26, CA5350RuleName, _doNotUseSHA1Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass1 + Public ReadOnly Property GetRIPEMD160() As RIPEMD160 + Get + Return RIPEMD160.Create() + End Get + End Property + End Class +End Namespace", +GetBasicResultAt(7, 12, CA5350RuleName, _doNotUseSHA1Message)); + } + + [Fact] + public void CA5350RIPEMD160CreateInFieldDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass + { + RIPEMD160 privateRIPEMD160 = RIPEMD160.Create(); + } +}", + GetCSharpResultAt(7, 38, CA5350RuleName, _doNotUseSHA1Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Private privateRIPEMD160 As RIPEMD160 = RIPEMD160.Create() + End Class +End Namespace", + GetBasicResultAt(5, 43, CA5350RuleName, _doNotUseSHA1Message)); + } + //No VB + [Fact] + public void CA5350RIPEMD160CreateInLambdaExpression() + { + VerifyCSharp(@" +using System.Security.Cryptography; +using System.Threading.Tasks; +namespace TestNamespace +{ + class TestClass + { + private async Task TestMethod() + { + await Task.Run(() => { RIPEMD160.Create(); }); + } + } +}", + GetCSharpResultAt(10, 36, CA5350RuleName, _doNotUseSHA1Message)); + } + + [Fact] + public void CA5350RIPEMD160CreateInAnonymousMethodExpression() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass + { + delegate void Del(); + Del d = delegate () { RIPEMD160.Create(); }; + } +}", + GetCSharpResultAt(8, 31, CA5350RuleName, _doNotUseSHA1Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Private Delegate Sub Del() + Private d As Del = Sub() RIPEMD160.Create() + End Class +End Namespace", + GetBasicResultAt(6, 34, CA5350RuleName, _doNotUseSHA1Message)); + } + + [Fact] + public void CA5350HMACRIPEMD160InMethodDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; + +namespace TestNamespace +{ + class TestClass + { + private static void TestMethod() + { + var md160 = new HMACRIPEMD160(); + } + } +}", + GetCSharpResultAt(10, 25, CA5350RuleName, _doNotUseSHA1Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Private Shared Sub TestMethod() + Dim md160 = New HMACRIPEMD160() + End Sub + End Class +End Namespace", + GetBasicResultAt(6, 16, CA5350RuleName, _doNotUseSHA1Message)); + } + + [Fact] + public void CA5350HMACRIPEMD160InGetDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass1 + { + public HMACRIPEMD160 GetHMARIPEMD160 + { + get { return new HMACRIPEMD160(); } + } + } +}", + GetCSharpResultAt(9, 26, CA5350RuleName, _doNotUseSHA1Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass1 + Public ReadOnly Property GetHMARIPEMD160() As HMACRIPEMD160 + Get + Return New HMACRIPEMD160() + End Get + End Property + End Class +End Namespace", + GetBasicResultAt(7, 12, CA5350RuleName, _doNotUseSHA1Message)); + } + + [Fact] + public void CA5350HMACRIPEMD160InFieldDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass + { + HMACRIPEMD160 privateHMARIPEMD160 = new HMACRIPEMD160(); + } +}", + GetCSharpResultAt(7, 45, CA5350RuleName, _doNotUseSHA1Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Private privateHMARIPEMD160 As New HMACRIPEMD160() + End Class +End Namespace", + GetBasicResultAt(5, 34, CA5350RuleName, _doNotUseSHA1Message)); + } + //No VB + [Fact] + public void CA5350HMACRIPEMD160InLambdaExpression() + { + VerifyCSharp(@" +using System.Security.Cryptography; +using System.Threading.Tasks; +namespace TestNamespace +{ + class TestClass + { + private async Task TestMethod() + { + await Task.Run(() => { new HMACRIPEMD160(); }); + } + } +}", + GetCSharpResultAt(10, 36, CA5350RuleName, _doNotUseSHA1Message)); + } + //No VB + [Fact] + public void CA5350HMACRIPEMD160InAnonymousMethodExpression() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass + { + delegate void Del(); + Del d = delegate () { new HMACRIPEMD160(); }; + } +}", + GetCSharpResultAt(8, 31, CA5350RuleName, _doNotUseSHA1Message)); + } + + [Fact] + public void CA5350CreateObjectFromRIPEMD160DerivedClass() + { + VerifyCSharp(new[] { +//Test0 + @" +using System.Security.Cryptography; + +namespace TestNamespace +{ + class TestClass + { + private static void TestMethod(byte[] inBytes) + { + var md160 = new MyRIPEMD160(); + } + } +}", +//Test1 + @" +using System; +using System.Security.Cryptography; + +namespace TestNamespace +{ + class MyRIPEMD160 : RIPEMD160 + { + public override void Initialize() + { + throw new NotImplementedException(); + } + + protected override void HashCore(byte[] array, int ibStart, int cbSize) + { + throw new NotImplementedException(); + } + + protected override byte[] HashFinal() + { + throw new NotImplementedException(); + } + } +}" }, + GetCSharpResultAt(10, 25, CA5350RuleName, _doNotUseSHA1Message)); + + VerifyBasic(new[] { +//Test0 + @" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Private Shared Sub TestMethod(inBytes As Byte()) + Dim md160 = New MyRIPEMD160() + End Sub + End Class +End Namespace", +//Test1 + @" +Imports System +Imports System.Security +Imports System.Security.Cryptography +Namespace TestNamespace + Class MyRIPEMD160 + Inherits RIPEMD160 + Public Overrides Sub Initialize() + Throw New NotImplementedException() + End Sub + + Protected Overrides Sub HashCore(array As Byte(), ibStart As Integer, cbSize As Integer) + Throw New NotImplementedException() + End Sub + + Protected Overrides Function HashFinal() As Byte() + Throw New NotImplementedException() + End Function + End Class +End Namespace" }, + GetBasicResultAt(6, 16, CA5350RuleName, _doNotUseSHA1Message)); + } + + [Fact] + public void CA5350CreateObjectFromRIPEMD160ManagedDerivedClass() + { + VerifyCSharp(new[] { +//Test0 + @" +using System.Security.Cryptography; + +namespace TestNamespace +{ + class TestClass + { + private static void TestMethod(byte[] inBytes) + { + var md160 = new MyRIPEMD160(); + } + } +}", +//Test1 + @" +using System; +using System.Security.Cryptography; + +namespace TestNamespace +{ + class MyRIPEMD160 : RIPEMD160Managed + { + public override void Initialize() + { + throw new NotImplementedException(); + } + + protected override void HashCore(byte[] array, int ibStart, int cbSize) + { + throw new NotImplementedException(); + } + + protected override byte[] HashFinal() + { + throw new NotImplementedException(); + } + } +}" }, + GetCSharpResultAt(10, 25, CA5350RuleName, _doNotUseSHA1Message)); + + VerifyBasic(new[] { +//Test0 + @" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Private Shared Sub TestMethod(inBytes As Byte()) + Dim md160 = New MyRIPEMD160() + End Sub + End Class +End Namespace", +//Test1 + @" +Imports System +Imports System.Security.Cryptography +Namespace TestNamespace + Class MyRIPEMD160 + Inherits RIPEMD160Managed + Public Overrides Sub Initialize() + Throw New NotImplementedException() + End Sub + + Protected Overrides Sub HashCore(array As Byte(), ibStart As Integer, cbSize As Integer) + Throw New NotImplementedException() + End Sub + + Protected Overrides Function HashFinal() As Byte() + Throw New NotImplementedException() + End Function + End Class +End Namespace +" }, + GetBasicResultAt(6, 16, CA5350RuleName, _doNotUseSHA1Message)); + } + + [Fact] + public void CA5350CreateObjectFromHMACRIPEMD160DerivedClass() + { + VerifyCSharp(@" +using System.Security.Cryptography; + +namespace TestNamespace +{ + class MyHMACRIPEMD160 : HMACRIPEMD160 {} + + class TestClass + { + private static void TestMethod() + { + var md160 = new MyHMACRIPEMD160(); + } + } +}", + GetCSharpResultAt(12, 25, CA5350RuleName, _doNotUseSHA1Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class MyHMACRIPEMD160 + Inherits HMACRIPEMD160 + End Class + + Class TestClass + Private Shared Sub TestMethod() + Dim md160 = New MyHMACRIPEMD160() + End Sub + End Class +End Namespace", + GetBasicResultAt(10, 16, CA5350RuleName, _doNotUseSHA1Message)); + } + + [Fact] + public void CA5356DSACreateSignatureInMethodDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; + +namespace TestNamespace +{ + class TestClass + { + private static void TestMethod(DSA dsa, byte[] inBytes) + { + var sig = dsa.CreateSignature(inBytes); + } + } +}", + GetCSharpResultAt(10, 23, CA5351RuleName, _doNotUseMD5Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography + +Module TestClass + Function TestMethod(ByVal bytes As Byte()) + Dim dsa As New DSACryptoServiceProvider + Return dsa.CreateSignature(bytes) + End Function +End Module", +GetBasicResultAt(7, 16, CA5351RuleName, _doNotUseMD5Message)); + } + + [Fact] + public void CA5356UseDSACreateSignatureInGetDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; + +class TestClass +{ + DSA dsa1 = null; + public byte[] MyProperty + { + get + { + byte[] inBytes = null; + return dsa1.CreateSignature(inBytes); + } + } +}", + GetCSharpResultAt(12, 20, CA5351RuleName, _doNotUseMD5Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography + +Class TestClass + Private dsa1 As DSA = Nothing + Public ReadOnly Property MyProperty() As Byte() + Get + Dim inBytes As Byte() = Nothing + Return dsa1.CreateSignature(inBytes) + End Get + End Property +End Class", + GetBasicResultAt(9, 11, CA5351RuleName, _doNotUseMD5Message)); + } + + [Fact] + public void CA5356DSASignatureFormatterInMethodDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; + +namespace TestNamespace +{ + class TestClass + { + private static void TestMethod() + { + var sf1 = new DSASignatureFormatter(); + var sf2 = new DSASignatureFormatter(new DSACryptoServiceProvider()); + } + } +}", + GetCSharpResultAt(10, 23, CA5351RuleName, _doNotUseMD5Message), + GetCSharpResultAt(11, 23, CA5351RuleName, _doNotUseMD5Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography + +Namespace TestNamespace + Class TestClass + Private Shared Sub TestMethod() + Dim sf1 = New DSASignatureFormatter() + Dim sf2 = New DSASignatureFormatter(New DSACryptoServiceProvider()) + End Sub + End Class +End Namespace", + GetBasicResultAt(7, 23, CA5351RuleName, _doNotUseMD5Message), + GetBasicResultAt(8, 23, CA5351RuleName, _doNotUseMD5Message)); + } + + [Fact] + public void CA5356UseDSACreateSignatureFormatterInGetDeclaration() + { + VerifyCSharp(@" +using System.Security.Cryptography; + +class TestClass +{ + DSA dsa1 = null; + public DSASignatureFormatter MyProperty + { + get + { + DSASignatureFormatter inBytes = null; + if (inBytes == null) { return new DSASignatureFormatter(); } + else return new DSASignatureFormatter(new DSACryptoServiceProvider()); + } + } +}", + GetCSharpResultAt(12, 43, CA5351RuleName, _doNotUseMD5Message), + GetCSharpResultAt(13, 25, CA5351RuleName, _doNotUseMD5Message)); + + VerifyBasic(@" +Imports System.Security.Cryptography +Class TestClass + Private dsa1 As DSA = Nothing + Public ReadOnly Property MyProperty() As DSASignatureFormatter + Get + Dim inBytes As DSASignatureFormatter = Nothing + If inBytes Is Nothing Then + Return New DSASignatureFormatter() + Else + Return New DSASignatureFormatter(New DSACryptoServiceProvider()) + End If + End Get + End Property +End Class", + GetBasicResultAt(9, 12, CA5351RuleName, _doNotUseMD5Message), + GetBasicResultAt(11, 12, CA5351RuleName, _doNotUseMD5Message)); + } + + [Fact] + public void CA5356CreateSignatureFromDSADerivedClass() + { + VerifyCSharp(new[] { + //Test0 + @" +using System.Security.Cryptography; + +namespace TestNamespace +{ + class TestClass + { + private static void TestMethod(byte[] inBytes) + { + var myDsa = new MyDsa(); + myDsa.CreateSignature(inBytes); + } + } +}", + //Test1 + @" +using System; +using System.Security.Cryptography; + +namespace TestNamespace +{ + class MyDsa : DSA + { + public override string KeyExchangeAlgorithm + { + get + { + throw new NotImplementedException(); + } + } + + public override string SignatureAlgorithm + { + get + { + throw new NotImplementedException(); + } + } + + public override byte[] CreateSignature(byte[] rgbHash) + { + throw new NotImplementedException(); + } + + public override DSAParameters ExportParameters(bool includePrivateParameters) + { + throw new NotImplementedException(); + } + + public override void ImportParameters(DSAParameters parameters) + { + throw new NotImplementedException(); + } + + public override bool VerifySignature(byte[] rgbHash, byte[] rgbSignature) + { + throw new NotImplementedException(); + } + } +}" }, + GetCSharpResultAt(11, 13, CA5351RuleName, _doNotUseMD5Message)); + + VerifyBasic(new[] { +//Test0 + @" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Private Shared Sub TestMethod(inBytes As Byte()) + Dim myDsa = New MyDsa() + myDsa.CreateSignature(inBytes) + End Sub + End Class +End Namespace", +//Test1 + @" +Imports System +Imports System.Security.Cryptography + +Namespace TestNamespace + Class MyDsa + Inherits DSA + Public Overrides ReadOnly Property KeyExchangeAlgorithm() As String + Get + Throw New NotImplementedException() + End Get + End Property + + Public Overrides ReadOnly Property SignatureAlgorithm() As String + Get + Throw New NotImplementedException() + End Get + End Property + + Public Overrides Function CreateSignature(rgbHash As Byte()) As Byte() + Throw New NotImplementedException() + End Function + + Public Overrides Function ExportParameters(includePrivateParameters As Boolean) As DSAParameters + Throw New NotImplementedException() + End Function + + Public Overrides Sub ImportParameters(parameters As DSAParameters) + Throw New NotImplementedException() + End Sub + + Public Overrides Function VerifySignature(rgbHash As Byte(), rgbSignature As Byte()) As Boolean + Throw New NotImplementedException() + End Function + End Class +End Namespace" }, + GetBasicResultAt(7, 4, CA5351RuleName, _doNotUseMD5Message)); + } + + [Fact] + public void CA5357RijndaelManagedInMethodDeclarationShouldNotGenerateDiagnostics() + { + VerifyCSharp(@" +using System.Security.Cryptography; + +namespace TestNamespace +{ + class TestClass + { + private static void TestMethod() + { + var rc2 = new RijndaelManaged(); + } + } +}" + ); + + VerifyBasic(@" +Imports System.Security.Cryptography + +Module TestClass + Sub TestMethod() + Dim rijndaelalg As New RijndaelManaged + End Sub +End Module" + ); + } + + [Fact] + public void CA5357RijndaelManagedInGetDeclarationShouldNotGenerateDiagnostics() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass1 + { + public RijndaelManaged GetRijndael + { + get { return new RijndaelManaged(); } + } + } +}" + ); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass1 + Public ReadOnly Property GetRijndael() As RijndaelManaged + Get + Return New RijndaelManaged() + End Get + End Property + End Class +End Namespace" + ); + } + + [Fact] + public void CA5357RijndaelManagedInFieldDeclarationShouldNotGenerateDiagnostics() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass + { + RijndaelManaged privateRijndael = new RijndaelManaged(); + } +}" + ); + + VerifyBasic(@" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Private privateRijndael As New RijndaelManaged() + End Class +End Namespace" + ); + } + //No VB + [Fact] + public void CA5357RijndaelManagedInLambdaExpressionShouldNotGenerateDiagnostics() + { + VerifyCSharp(@" +using System.Security.Cryptography; +using System.Threading.Tasks; +namespace TestNamespace +{ + class TestClass + { + private async Task TestMethod() + { + await Task.Run(() => { new RijndaelManaged(); }); + } + } +}" + ); + } + //No VB + [Fact] + public void CA5357RijndaelManagedInAnonymousMethodExpressionShouldNotGenerateDiagnostics() + { + VerifyCSharp(@" +using System.Security.Cryptography; +namespace TestNamespace +{ + class TestClass + { + delegate void Del(); + Del d = delegate () { new RijndaelManaged(); }; + } +}" + ); + } + + [Fact] + public void CA5357CreateObjectFromRijndaelDerivedClassShouldNotGenerateDiagnostics() + { + VerifyCSharp(new[] { +//Test0 + @" +using System.Security.Cryptography; + +namespace TestNamespace +{ + class TestClass + { + private static void TestMethod() + { + var rc2 = new MyRijndael(); + } + } +}", +//Test1 + @" +using System; +using System.Security.Cryptography; + +namespace TestNamespace +{ + class MyRijndael : Rijndael + { + public override ICryptoTransform CreateDecryptor(byte[] rgbKey, byte[] rgbIV) + { + throw new NotImplementedException(); + } + + public override ICryptoTransform CreateEncryptor(byte[] rgbKey, byte[] rgbIV) + { + throw new NotImplementedException(); + } + + public override void GenerateIV() + { + throw new NotImplementedException(); + } + + public override void GenerateKey() + { + throw new NotImplementedException(); + } + } +}" } + ); + + VerifyBasic(new[] { +//Test0 + @" +Imports System.Security.Cryptography +Namespace TestNamespace + Class TestClass + Private Shared Sub TestMethod() + Dim rc2 = New MyRijndael() + End Sub + End Class +End Namespace", +//Test1 + @" +Imports System +Imports System.Security.Cryptography +Namespace TestNamespace + Class MyRijndael + Inherits Rijndael + Public Overrides Function CreateDecryptor(rgbKey As Byte(), rgbIV As Byte()) As ICryptoTransform + Throw New NotImplementedException() + End Function + + Public Overrides Function CreateEncryptor(rgbKey As Byte(), rgbIV As Byte()) As ICryptoTransform + Throw New NotImplementedException() + End Function + + Public Overrides Sub GenerateIV() + Throw New NotImplementedException() + End Sub + + Public Overrides Sub GenerateKey() + Throw New NotImplementedException() + End Sub + End Class +End Namespace" } + ); + } + protected override DiagnosticAnalyzer GetBasicDiagnosticAnalyzer() { return new BasicDoNotUseInsecureCryptographicAlgorithmsAnalyzer(); @@ -748,8 +2870,8 @@ protected override DiagnosticAnalyzer GetCSharpDiagnosticAnalyzer() return new CSharpDoNotUseInsecureCryptographicAlgorithmsAnalyzer(); } - private const string CA5350RuleName = DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographicRuleId; - private const string CA5351RuleName = DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographicRuleId; + private const string CA5351RuleName = DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographicRuleId; + private const string CA5350RuleName = DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographicRuleId; private readonly string _doNotUseMD5Message = SystemSecurityCryptographyResources.DoNotUseMD5; private readonly string _doNotUseSHA1Message = SystemSecurityCryptographyResources.DoNotUseSHA1; diff --git a/src/Microsoft.NetFramework.Analyzers/CSharp/CSharpDoNotUseInsecureCyrptographicAlgorithms.cs b/src/Microsoft.NetFramework.Analyzers/CSharp/CSharpDoNotUseInsecureCyrptographicAlgorithms.cs deleted file mode 100644 index 723c1a231a..0000000000 --- a/src/Microsoft.NetFramework.Analyzers/CSharp/CSharpDoNotUseInsecureCyrptographicAlgorithms.cs +++ /dev/null @@ -1,23 +0,0 @@ -// Copyright (c) Microsoft. All Rights Reserved. Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. - -using Microsoft.NetFramework.Analyzers; -using Microsoft.NetFramework.Analyzers.Helpers; -using Microsoft.CodeAnalysis; -using Microsoft.CodeAnalysis.CSharp; -using Microsoft.CodeAnalysis.Diagnostics; - -namespace Microsoft.NetFramework.CSharp.Analyzers -{ - [DiagnosticAnalyzer(LanguageNames.CSharp)] - public class CSharpDoNotUseInsecureCryptographicAlgorithmsAnalyzer : DoNotUseInsecureCryptographicAlgorithmsAnalyzer - { - protected override SyntaxNodeAnalyzer GetAnalyzer(CompilationStartAnalysisContext context, CompilationSecurityTypes cryptTypes) - { - SyntaxNodeAnalyzer analyzer = new SyntaxNodeAnalyzer(cryptTypes); - context.RegisterSyntaxNodeAction(analyzer.AnalyzeNode, - SyntaxKind.InvocationExpression, - SyntaxKind.ObjectCreationExpression); - return analyzer; - } - } -} diff --git a/src/Microsoft.NetFramework.Analyzers/Core/DoNotUseInsecureCryptographicAlgorithms.cs b/src/Microsoft.NetFramework.Analyzers/Core/DoNotUseInsecureCryptographicAlgorithms.cs deleted file mode 100644 index 96b78eafcd..0000000000 --- a/src/Microsoft.NetFramework.Analyzers/Core/DoNotUseInsecureCryptographicAlgorithms.cs +++ /dev/null @@ -1,183 +0,0 @@ -// Copyright (c) Microsoft. All Rights Reserved. Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. - -using System.Collections.Immutable; -using Analyzer.Utilities; -using Analyzer.Utilities.Extensions; -using Microsoft.NetFramework.Analyzers.Helpers; -using Microsoft.CodeAnalysis; -using Microsoft.CodeAnalysis.Diagnostics; - -namespace Microsoft.NetFramework.Analyzers -{ - public abstract class DoNotUseInsecureCryptographicAlgorithmsAnalyzer : DiagnosticAnalyzer - { - internal const string DoNotUseWeakCryptographicRuleId = "CA5350"; - internal const string DoNotUseBrokenCryptographicRuleId = "CA5351"; - internal const string CA5350HelpLink = "http://aka.ms/CA5350"; - internal const string CA5351HelpLink = "http://aka.ms/CA5351"; - - private static readonly LocalizableString s_localizableDoNotUseWeakAlgorithmsTitle = new LocalizableResourceString(nameof(MicrosoftNetFrameworkAnalyzersResources.DoNotUseWeakCryptographicAlgorithms), MicrosoftNetFrameworkAnalyzersResources.ResourceManager, typeof(MicrosoftNetFrameworkAnalyzersResources)); - private static readonly LocalizableString s_localizableDoNotUseWeakAlgorithmsMessage = new LocalizableResourceString(nameof(MicrosoftNetFrameworkAnalyzersResources.DoNotUseWeakCryptographicAlgorithmsMessage), MicrosoftNetFrameworkAnalyzersResources.ResourceManager, typeof(MicrosoftNetFrameworkAnalyzersResources)); - private static readonly LocalizableString s_localizableDoNotUseWeakAlgorithmsDescription = new LocalizableResourceString(nameof(MicrosoftNetFrameworkAnalyzersResources.DoNotUseWeakCryptographicAlgorithmsDescription), MicrosoftNetFrameworkAnalyzersResources.ResourceManager, typeof(MicrosoftNetFrameworkAnalyzersResources)); - private static readonly LocalizableString s_localizableDoNotUseBrokenAlgorithmsTitle = new LocalizableResourceString(nameof(MicrosoftNetFrameworkAnalyzersResources.DoNotUseBrokenCryptographicAlgorithms), MicrosoftNetFrameworkAnalyzersResources.ResourceManager, typeof(MicrosoftNetFrameworkAnalyzersResources)); - private static readonly LocalizableString s_localizableDoNotUseBrokenAlgorithmsMessage = new LocalizableResourceString(nameof(MicrosoftNetFrameworkAnalyzersResources.DoNotUseBrokenCryptographicAlgorithmsMessage), MicrosoftNetFrameworkAnalyzersResources.ResourceManager, typeof(MicrosoftNetFrameworkAnalyzersResources)); - private static readonly LocalizableString s_localizableDoNotUseBrokenAlgorithmsDescription = new LocalizableResourceString(nameof(MicrosoftNetFrameworkAnalyzersResources.DoNotUseBrokenCryptographicAlgorithmsDescription), MicrosoftNetFrameworkAnalyzersResources.ResourceManager, typeof(MicrosoftNetFrameworkAnalyzersResources)); - - internal static DiagnosticDescriptor DoNotUseBrokenCryptographicRule = CreateDiagnosticDescriptor(DoNotUseBrokenCryptographicRuleId, - s_localizableDoNotUseBrokenAlgorithmsTitle, - s_localizableDoNotUseBrokenAlgorithmsMessage, - s_localizableDoNotUseBrokenAlgorithmsDescription, - CA5351HelpLink); - - internal static DiagnosticDescriptor DoNotUseWeakCryptographicRule = CreateDiagnosticDescriptor(DoNotUseWeakCryptographicRuleId, - s_localizableDoNotUseWeakAlgorithmsTitle, - s_localizableDoNotUseWeakAlgorithmsMessage, - s_localizableDoNotUseWeakAlgorithmsDescription, - CA5350HelpLink); - protected abstract SyntaxNodeAnalyzer GetAnalyzer(CompilationStartAnalysisContext context, CompilationSecurityTypes cryptTypes); - - private static readonly ImmutableArray s_supportedDiagnostics = ImmutableArray.Create(DoNotUseWeakCryptographicRule, - DoNotUseBrokenCryptographicRule); - - public override ImmutableArray SupportedDiagnostics - => s_supportedDiagnostics; - - private static DiagnosticDescriptor CreateDiagnosticDescriptor(string ruleId, LocalizableString title, LocalizableString message, LocalizableString description, string uri = null) - { - return new DiagnosticDescriptor(ruleId, - title, - message, - DiagnosticCategory.Security, - DiagnosticHelpers.DefaultDiagnosticSeverity, - isEnabledByDefault: DiagnosticHelpers.EnabledByDefaultIfNotBuildingVSIX, - description: description, - helpLinkUri: uri, - customTags: WellKnownDiagnosticTags.Telemetry); - } - - public override void Initialize(AnalysisContext analysisContext) - { - analysisContext.EnableConcurrentExecution(); - - // Security analyzer - analyze and report diagnostics in generated code. - analysisContext.ConfigureGeneratedCodeAnalysis(GeneratedCodeAnalysisFlags.Analyze | GeneratedCodeAnalysisFlags.ReportDiagnostics); - - analysisContext.RegisterCompilationStartAction( - (context) => - { - var cryptTypes = new CompilationSecurityTypes(context.Compilation); - if (ReferencesAnyTargetType(cryptTypes)) - { - GetAnalyzer(context, cryptTypes); - } - }); - } - - private static bool ReferencesAnyTargetType(CompilationSecurityTypes types) - { - return types.DES != null - || types.DSA != null - || types.DSASignatureFormatter != null - || types.HMACMD5 != null - || types.RC2 != null - || types.TripleDES != null - || types.RIPEMD160 != null - || types.HMACRIPEMD160 != null; - } - - protected class SyntaxNodeAnalyzer - { - private readonly CompilationSecurityTypes _cryptTypes; - - public SyntaxNodeAnalyzer(CompilationSecurityTypes cryptTypes) - { - _cryptTypes = cryptTypes; - } - - public void AnalyzeNode(SyntaxNodeAnalysisContext context) - { - SyntaxNode node = context.Node; - SemanticModel model = context.SemanticModel; - ISymbol symbol = node.GetDeclaredOrReferencedSymbol(model); - IMethodSymbol method = symbol as IMethodSymbol; - - if (method == null) - { - return; - } - - INamedTypeSymbol type = method.ContainingType; - DiagnosticDescriptor rule = null; - string[] messageArgs = new string[2]; - string owningParentName = string.Empty; - SyntaxNode cur = node; - - while (cur.Parent != null) - { - SyntaxNode pNode = cur.Parent; - ISymbol sym = pNode.GetDeclaredOrReferencedSymbol(model); - - if (sym != null && - !string.IsNullOrEmpty(sym.Name) - && ( - sym.Kind == SymbolKind.Method || - sym.Kind == SymbolKind.NamedType - ) - ) - { - owningParentName = sym.Name; - break; - } - - cur = pNode; - } - - messageArgs[0] = owningParentName; - - if (type.DerivesFrom(_cryptTypes.DES)) - { - rule = DoNotUseBrokenCryptographicRule; - messageArgs[1] = _cryptTypes.DES.Name; - } - else if ((method.ContainingType.DerivesFrom(_cryptTypes.DSA) && method.MetadataName == SecurityMemberNames.CreateSignature) || - (type == _cryptTypes.DSASignatureFormatter && - method.ContainingType.DerivesFrom(_cryptTypes.DSASignatureFormatter) && method.MetadataName == WellKnownMemberNames.InstanceConstructorName)) - { - rule = DoNotUseBrokenCryptographicRule; - messageArgs[1] = _cryptTypes.DSA.Name; - } - else if (type.DerivesFrom(_cryptTypes.HMACMD5)) - { - rule = DoNotUseBrokenCryptographicRule; - messageArgs[1] = _cryptTypes.HMACMD5.Name; - } - else if (type.DerivesFrom(_cryptTypes.RC2)) - { - rule = DoNotUseBrokenCryptographicRule; - messageArgs[1] = _cryptTypes.RC2.Name; - } - else if (type.DerivesFrom(_cryptTypes.TripleDES)) - { - rule = DoNotUseWeakCryptographicRule; - messageArgs[1] = _cryptTypes.TripleDES.Name; - } - else if (type.DerivesFrom(_cryptTypes.RIPEMD160)) - { - rule = DoNotUseWeakCryptographicRule; - messageArgs[1] = _cryptTypes.RIPEMD160.Name; - } - else if (type.DerivesFrom(_cryptTypes.HMACRIPEMD160)) - { - rule = DoNotUseWeakCryptographicRule; - messageArgs[1] = _cryptTypes.HMACRIPEMD160.Name; - } - - if (rule != null) - { - context.ReportDiagnostic(Diagnostic.Create(rule, node.GetLocation(), messageArgs)); - } - } - } - } -} - diff --git a/src/Microsoft.NetFramework.Analyzers/Core/Helpers/CompilationSecurityTypes.cs b/src/Microsoft.NetFramework.Analyzers/Core/Helpers/CompilationSecurityTypes.cs index 5070e744cb..73409f2cd2 100644 --- a/src/Microsoft.NetFramework.Analyzers/Core/Helpers/CompilationSecurityTypes.cs +++ b/src/Microsoft.NetFramework.Analyzers/Core/Helpers/CompilationSecurityTypes.cs @@ -26,14 +26,7 @@ public class CompilationSecurityTypes public INamedTypeSymbol XmlResolver { get; private set; } public INamedTypeSymbol XmlSecureResolver { get; private set; } public INamedTypeSymbol XsltSettings { get; private set; } - public INamedTypeSymbol DES { get; private set; } - public INamedTypeSymbol DSA { get; private set; } - public INamedTypeSymbol DSASignatureFormatter { get; private set; } - public INamedTypeSymbol HMACMD5 { get; private set; } - public INamedTypeSymbol RC2 { get; private set; } - public INamedTypeSymbol TripleDES { get; private set; } - public INamedTypeSymbol RIPEMD160 { get; private set; } - public INamedTypeSymbol HMACRIPEMD160 { get; private set; } + public CompilationSecurityTypes(Compilation compilation) { @@ -42,14 +35,6 @@ public CompilationSecurityTypes(Compilation compilation) SystemObject = SecurityTypes.SystemObject(compilation); SystemException = SecurityTypes.SystemException(compilation); SystemSystemException = SecurityTypes.SystemSystemException(compilation); - DES = SecurityTypes.DES(compilation); - DSA = SecurityTypes.DSA(compilation); - DSASignatureFormatter = SecurityTypes.DSASignatureFormatter(compilation); - HMACMD5 = SecurityTypes.HMACMD5(compilation); - RC2 = SecurityTypes.RC2(compilation); - TripleDES = SecurityTypes.TripleDES(compilation); - RIPEMD160 = SecurityTypes.RIPEMD160(compilation); - HMACRIPEMD160 = SecurityTypes.HMACRIPEMD160(compilation); XmlDocument = SecurityTypes.XmlDocument(compilation); XPathDocument = SecurityTypes.XPathDocument(compilation); XmlSchema = SecurityTypes.XmlSchema(compilation); diff --git a/src/Microsoft.NetFramework.Analyzers/Core/Helpers/SecurityTypes.cs b/src/Microsoft.NetFramework.Analyzers/Core/Helpers/SecurityTypes.cs index 90fc119c1e..48c537b565 100644 --- a/src/Microsoft.NetFramework.Analyzers/Core/Helpers/SecurityTypes.cs +++ b/src/Microsoft.NetFramework.Analyzers/Core/Helpers/SecurityTypes.cs @@ -106,44 +106,5 @@ public static INamedTypeSymbol XsltSettings(Compilation compilation) { return compilation.GetTypeByMetadataName("System.Xml.Xsl.XsltSettings"); } - public static INamedTypeSymbol DES(Compilation compilation) - { - return compilation.GetTypeByMetadataName("System.Security.Cryptography.DES"); - } - - public static INamedTypeSymbol DSA(Compilation compilation) - { - return compilation.GetTypeByMetadataName("System.Security.Cryptography.DSA"); - } - - public static INamedTypeSymbol DSASignatureFormatter(Compilation compilation) - { - return compilation.GetTypeByMetadataName("System.Security.Cryptography.DSASignatureFormatter"); - } - - public static INamedTypeSymbol HMACMD5(Compilation compilation) - { - return compilation.GetTypeByMetadataName("System.Security.Cryptography.HMACMD5"); - } - - public static INamedTypeSymbol RC2(Compilation compilation) - { - return compilation.GetTypeByMetadataName("System.Security.Cryptography.RC2"); - } - - public static INamedTypeSymbol TripleDES(Compilation compilation) - { - return compilation.GetTypeByMetadataName("System.Security.Cryptography.TripleDES"); - } - - public static INamedTypeSymbol RIPEMD160(Compilation compilation) - { - return compilation.GetTypeByMetadataName("System.Security.Cryptography.RIPEMD160"); - } - - public static INamedTypeSymbol HMACRIPEMD160(Compilation compilation) - { - return compilation.GetTypeByMetadataName("System.Security.Cryptography.HMACRIPEMD160"); - } } } diff --git a/src/Microsoft.NetFramework.Analyzers/Core/SecurityMemberNames.cs b/src/Microsoft.NetFramework.Analyzers/Core/SecurityMemberNames.cs index 691fb1fbd7..92cafac5c3 100644 --- a/src/Microsoft.NetFramework.Analyzers/Core/SecurityMemberNames.cs +++ b/src/Microsoft.NetFramework.Analyzers/Core/SecurityMemberNames.cs @@ -24,6 +24,5 @@ public static class SecurityMemberNames public const string EnableDocumentFunction = "EnableDocumentFunction"; public const string EnableScript = "EnableScript"; public const string MaxCharactersFromEntities = "MaxCharactersFromEntities"; - public const string CreateSignature = "CreateSignature"; } } \ No newline at end of file diff --git a/src/Microsoft.NetFramework.Analyzers/UnitTests/DoNotUseInsecureCryptographicAlgorithmsTests.cs b/src/Microsoft.NetFramework.Analyzers/UnitTests/DoNotUseInsecureCryptographicAlgorithmsTests.cs deleted file mode 100644 index 5581ed6fa6..0000000000 --- a/src/Microsoft.NetFramework.Analyzers/UnitTests/DoNotUseInsecureCryptographicAlgorithmsTests.cs +++ /dev/null @@ -1,2173 +0,0 @@ -// Copyright (c) Microsoft. All Rights Reserved. Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. - -using Microsoft.CodeAnalysis; -using Microsoft.CodeAnalysis.Diagnostics; -using Analyzer.Utilities; -using Microsoft.NetFramework.CSharp.Analyzers; -using Microsoft.NetFramework.VisualBasic.Analyzers; -using Test.Utilities; -using Xunit; - -namespace Microsoft.NetFramework.Analyzers.UnitTests -{ - public class DoNotUseInsecureCryptographicAlgorithmsTests : DiagnosticAnalyzerTestBase - { - [Fact] - public void CA5350UseHMACMD5CreateInMethodDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; - -namespace TestNamespace -{ - class TestClass - { - private static void TestMethod() - { - var md5 = new HMACMD5(); - } - } -}", - GetCSharpResultAt(10, 23, s_CA5351Rule, "TestMethod", "HMACMD5")); - - VerifyBasic(@" -Imports System.Security.Cryptography - -Namespace TestNamespace - Class TestClass - Private Shared Sub TestMethod() - Dim md5 = New HMACMD5() - End Sub - End Class -End Namespace", - GetBasicResultAt(7, 14, s_CA5351Rule, "TestMethod", "HMACMD5")); - } - - [Fact] - public void CA5350CreateObjectFromHMACMD5DerivedClass() - { - VerifyCSharp(@" -using System.Security.Cryptography; - -namespace TestNamespace -{ - class MyHMACMD5 : HMACMD5 {} - - class TestClass - { - private static void TestMethod() - { - var md5 = new MyHMACMD5(); - } - } -}", - GetCSharpResultAt(12, 23, s_CA5351Rule, "TestMethod", "HMACMD5")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class MyHMACMD5 - Inherits HMACMD5 - End Class - - Class TestClass - Private Shared Sub TestMethod() - Dim md5 = New MyHMACMD5() - End Sub - End Class -End Namespace", - GetBasicResultAt(10, 14, s_CA5351Rule, "TestMethod", "HMACMD5")); - } - - [Fact] - public void CA5350UseHMACMD5CreateInGetDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass1 - { - public HMACMD5 GetHMACMD5 - { - get { return new HMACMD5(); } - } - } -}", - GetCSharpResultAt(9, 26, s_CA5351Rule, "get_GetHMACMD5", "HMACMD5")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass1 - Public ReadOnly Property GetHMACMD5() As HMACMD5 - Get - Return New HMACMD5() - End Get - End Property - End Class -End Namespace", -GetBasicResultAt(7, 12, s_CA5351Rule, "get_GetHMACMD5", "HMACMD5")); - } - - [Fact] - public void CA5350UseHMACMD5InFieldDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass - { - HMACMD5 privateMd5 = new HMACMD5(); - } -}", - GetCSharpResultAt(7, 30, s_CA5351Rule, "TestClass", "HMACMD5")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Private privateMd5 As New HMACMD5() - End Class -End Namespace", -GetBasicResultAt(5, 25, s_CA5351Rule, "TestClass", "HMACMD5")); - } - - [Fact] - public void CA5350UseHMACMD5InLambdaExpression() - { - VerifyCSharp(@" -using System.Security.Cryptography; -using System.Threading.Tasks; -namespace TestNamespace -{ - class TestClass - { - private async Task TestMethod() - { - await Task.Run(() => { new HMACMD5(); }); - } - } -}", - GetCSharpResultAt(10, 36, s_CA5351Rule, "Run", "HMACMD5")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Imports System.Threading.Tasks - -Module TestClass - Public Async Sub TestMethod() - Await Task.Run(Function() - Return New HMACMD5() - End Function) - End Sub -End Module", - GetBasicResultAt(8, 35, s_CA5351Rule, "Run", "HMACMD5")); - } - - [Fact] - public void CA5350UseHMACMD5InAnonymousMethodExpression() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass - { - delegate void Del(); - Del d = delegate () { new HMACMD5(); }; - } -}", - GetCSharpResultAt(8, 31, s_CA5351Rule, "TestClass", "HMACMD5")); - - VerifyBasic(@" -Imports System.Security.Cryptography - -Module TestClass - Delegate Function Del() As HashAlgorithm - Dim d As Del = Function() New HMACMD5() -End Module", - GetBasicResultAt(6, 31, s_CA5351Rule, "TestClass", "HMACMD5")); - } - - [Fact] - public void CA5351UseDESCreateInMethodDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; - -namespace TestNamespace -{ - class TestClass - { - private static void TestMethod() - { - var aes = DES.Create(); - } - } -}", - GetCSharpResultAt(10, 23, s_CA5351Rule, "TestMethod", "DES")); - - VerifyBasic(@" -Imports System.Security.Cryptography - -Module TestClass - Sub TestMethod() - Dim desalg As DES = DES.Create() - End Sub -End Module", -GetBasicResultAt(6, 29, s_CA5351Rule, "TestMethod", "DES")); - } - - [Fact] - public void CA5351UseDESCreateInGetDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass - { - public DES GetDES - { - get { return DES.Create(); } - } - } -}", - GetCSharpResultAt(9, 26, s_CA5351Rule, "get_GetDES", "DES")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Public ReadOnly Property GetDES() As DES - Get - Return DES.Create() - End Get - End Property - End Class -End Namespace -", -GetBasicResultAt(7, 12, s_CA5351Rule, "get_GetDES", "DES")); - } - - [Fact] - public void CA5351UseDESCreateInFieldDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass - { - DES privateDES = DES.Create(); - } -}", - GetCSharpResultAt(7, 26, s_CA5351Rule, "TestClass", "DES")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Private privateDES As DES = DES.Create() - End Class -End Namespace", -GetBasicResultAt(5, 31, s_CA5351Rule, "TestClass", "DES")); - } - - [Fact] - public void CA5351UseDESCreateInLambdaExpression() - { - VerifyCSharp(@" -using System.Security.Cryptography; -using System.Threading.Tasks; -namespace TestNamespace -{ - class TestClass - { - private async Task TestMethod() - { - await Task.Run(() => { DES.Create(); }); - } - } -}", - GetCSharpResultAt(10, 36, s_CA5351Rule, "Run", "DES")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Imports System.Threading.Tasks -Namespace TestNamespace - Class TestClass - Private Async Function TestMethod() As Task - Await Task.Run(Function() - DES.Create() -End Function) - End Function - End Class -End Namespace", -GetBasicResultAt(8, 4, s_CA5351Rule, "Run", "DES")); - } - - [Fact] - public void CA5351UseDESCreateInAnonymousMethodExpression() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass - { - delegate void Del(); - Del d = delegate () { DES.Create(); }; - } -}", - GetCSharpResultAt(8, 31, s_CA5351Rule, "TestClass", "DES")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Private Delegate Sub Del() - Private d As Del = Sub() DES.Create() - End Class -End Namespace", -GetBasicResultAt(6, 28, s_CA5351Rule, "TestClass", "DES")); - } - - [Fact] - public void CA5351UseDESCryptoServiceProviderCreateInMethodDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; - -namespace TestNamespace -{ - class TestClass - { - private static void TestMethod() - { - DES des = new DESCryptoServiceProvider(); - } - } -}", - GetCSharpResultAt(10, 23, s_CA5351Rule, "TestMethod", "DES")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Private Shared Sub TestMethod() - Dim des As DES = New DESCryptoServiceProvider() - End Sub - End Class -End Namespace", - GetBasicResultAt(6, 21, s_CA5351Rule, "TestMethod", "DES")); - } - - [Fact] - public void CA5351UseDESCryptoServiceProviderCreateInGetDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass - { - public DESCryptoServiceProvider GetDES - { - get { return new DESCryptoServiceProvider(); } - } - } -}", - GetCSharpResultAt(9, 26, s_CA5351Rule, "get_GetDES", "DES")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Public ReadOnly Property GetDES() As DESCryptoServiceProvider - Get - Return New DESCryptoServiceProvider() - End Get - End Property - End Class -End Namespace", - GetBasicResultAt(7, 12, s_CA5351Rule, "get_GetDES", "DES")); - } - - [Fact] - public void CA5351UseDESCryptoServiceProviderCreateInFieldDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass - { - DESCryptoServiceProvider privateDES = new DESCryptoServiceProvider(); - } -}", - GetCSharpResultAt(7, 47, s_CA5351Rule, "TestClass", "DES")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Private privateDES As New DESCryptoServiceProvider() - End Class -End Namespace", -GetBasicResultAt(5, 25, s_CA5351Rule, "TestClass", "DES")); - } - //No VB - [Fact] - public void CA5351UseDESCryptoServiceProviderInLambdaExpression() - { - VerifyCSharp(@" -using System.Security.Cryptography; -using System.Threading.Tasks; -namespace TestNamespace -{ - class TestClass - { - private async Task TestMethod() - { - await Task.Run(() => { new DESCryptoServiceProvider(); }); - } - } -}", - GetCSharpResultAt(10, 36, s_CA5351Rule, "Run", "DES")); - } - //No VB - [Fact] - public void CA5351UseDESCryptoServiceProviderInAnonymousMethodExpression() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass - { - delegate void Del(); - Del d = delegate () { new DESCryptoServiceProvider(); }; - } -}", - GetCSharpResultAt(8, 31, s_CA5351Rule, "TestClass", "DES")); - } - - [Fact] - public void CA5351CreateObjectFromDESDerivedClass() - { - VerifyCSharp(new[] { -//Test0 - @" -using System.Security.Cryptography; - -namespace TestNamespace -{ - class TestClass - { - private static void TestMethod() - { - MyDES des = new MyDES(); - des.GenerateKey(); - } - } -}", -//Test1 - @" -using System; -using System.Security.Cryptography; - -namespace TestNamespace -{ - class MyDES : DES - { - public override ICryptoTransform CreateDecryptor(byte[] rgbKey, byte[] rgbIV) - { - throw new NotImplementedException(); - } - - public override ICryptoTransform CreateEncryptor(byte[] rgbKey, byte[] rgbIV) - { - throw new NotImplementedException(); - } - - public override void GenerateIV() - { - throw new NotImplementedException(); - } - - public override void GenerateKey() - { - throw new NotImplementedException(); - } - } -}" }, - GetCSharpResultAt(10, 25, s_CA5351Rule, "TestMethod", "DES"), - GetCSharpResultAt(11, 13, s_CA5351Rule, "TestMethod", "DES")); - - VerifyBasic(new[] { -//Test0 - @" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Private Shared Sub TestMethod() - Dim des As New MyDES() - des.GenerateKey() - End Sub - End Class -End Namespace", -//Test1 - @" -Imports System -Imports System.Security.Cryptography -Namespace TestNamespace - Class MyDES - Inherits DES - Public Overrides Function CreateDecryptor(rgbKey As Byte(), rgbIV As Byte()) As ICryptoTransform - Throw New NotImplementedException() - End Function - - Public Overrides Function CreateEncryptor(rgbKey As Byte(), rgbIV As Byte()) As ICryptoTransform - Throw New NotImplementedException() - End Function - - Public Overrides Sub GenerateIV() - Throw New NotImplementedException() - End Sub - - Public Overrides Sub GenerateKey() - Throw New NotImplementedException() - End Sub - End Class -End Namespace -" }, - GetBasicResultAt(6, 15, s_CA5351Rule, "TestMethod", "DES"), - GetBasicResultAt(7, 4, s_CA5351Rule, "TestMethod", "DES")); - } - - [Fact] - public void CA5352UseRC2CryptoServiceProviderInMethodDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; - -namespace TestNamespace -{ - class TestClass - { - private static void TestMethod() - { - var rc2 = new RC2CryptoServiceProvider(); - } - } -}", - GetCSharpResultAt(10, 23, s_CA5351Rule, "TestMethod", "RC2")); - - VerifyBasic(@" -Imports System.Security.Cryptography - -Module TestClass - Sub TestMethod() - Dim rc2alg As New RC2CryptoServiceProvider - End Sub -End Module", -GetBasicResultAt(6, 23, s_CA5351Rule, "TestMethod", "RC2")); - } - - [Fact] - public void CA5352UseRC2CryptoServiceProviderInGetDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass - { - public RC2CryptoServiceProvider GetRC2 - { - get { return new RC2CryptoServiceProvider(); } - } - } -}", - GetCSharpResultAt(9, 26, s_CA5351Rule, "get_GetRC2", "RC2")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Public ReadOnly Property GetRC2() As RC2CryptoServiceProvider - Get - Return New RC2CryptoServiceProvider() - End Get - End Property - End Class -End Namespace", -GetBasicResultAt(7, 12, s_CA5351Rule, "get_GetRC2", "RC2")); - } - - [Fact] - public void CA5352UseRC2CryptoServiceProviderInFieldDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass - { - RC2CryptoServiceProvider privateRC2 = new RC2CryptoServiceProvider(); - } -}", - GetCSharpResultAt(7, 47, s_CA5351Rule, "TestClass", "RC2")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Private privateRC2 As New RC2CryptoServiceProvider() - End Class -End Namespace -", -GetBasicResultAt(5, 25, s_CA5351Rule, "TestClass", "RC2")); - } - //No VB - [Fact] - public void CA5352UseRC2CryptoServiceProviderInLambdaExpression() - { - VerifyCSharp(@" -using System.Security.Cryptography; -using System.Threading.Tasks; -namespace TestNamespace -{ - class TestClass - { - private async Task TestMethod() - { - await Task.Run(() => { new RC2CryptoServiceProvider(); }); - } - } -}", - GetCSharpResultAt(10, 36, s_CA5351Rule, "Run", "RC2")); - } - //No VB - [Fact] - public void CA5352UseRC2CryptoServiceProviderInAnonymousMethodExpression() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass - { - delegate void Del(); - Del d = delegate () { new RC2CryptoServiceProvider(); }; - } -}", - GetCSharpResultAt(8, 31, s_CA5351Rule, "TestClass", "RC2")); - } - - [Fact] - public void CA5352CreateObjectFromRC2DerivedClass() - { - VerifyCSharp(new[] { -//Test0 -@" -using System.Security.Cryptography; - -namespace TestNamespace -{ - class TestClass - { - private static void TestMethod() - { - var rc2 = new MyRC2(); - } - } -}", -//Test1 -@" -using System; -using System.Security.Cryptography; - -namespace TestNamespace -{ - class MyRC2 : RC2 - { - public override ICryptoTransform CreateDecryptor(byte[] rgbKey, byte[] rgbIV) - { - throw new NotImplementedException(); - } - - public override ICryptoTransform CreateEncryptor(byte[] rgbKey, byte[] rgbIV) - { - throw new NotImplementedException(); - } - - public override void GenerateIV() - { - throw new NotImplementedException(); - } - - public override void GenerateKey() - { - throw new NotImplementedException(); - } - } -}" }, - GetCSharpResultAt(10, 23, s_CA5351Rule, "TestMethod", "RC2")); - - VerifyBasic(new[] { -//Test0 -@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Private Shared Sub TestMethod() - Dim rc2 = New MyRC2() - End Sub - End Class -End Namespace", -//Test1 -@" -Imports System -Imports System.Security.Cryptography -Namespace TestNamespace - Class MyRC2 - Inherits RC2 - Public Overrides Function CreateDecryptor(rgbKey As Byte(), rgbIV As Byte()) As ICryptoTransform - Throw New NotImplementedException() - End Function - - Public Overrides Function CreateEncryptor(rgbKey As Byte(), rgbIV As Byte()) As ICryptoTransform - Throw New NotImplementedException() - End Function - - Public Overrides Sub GenerateIV() - Throw New NotImplementedException() - End Sub - - Public Overrides Sub GenerateKey() - Throw New NotImplementedException() - End Sub - End Class -End Namespace -" }, - GetBasicResultAt(6, 14, s_CA5351Rule, "TestMethod", "RC2")); - } - - [Fact] - public void CA5353TripleDESCreateInMethodDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; - -namespace TestNamespace -{ - class TestClass - { - private static void TestMethod() - { - var tripleDES = TripleDES.Create(""TripleDES""); - } - } -}", - GetCSharpResultAt(10, 29, s_CA5350Rule, "TestMethod", "TripleDES")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Private Shared Sub TestMethod() - Dim tripleDES__1 = TripleDES.Create(""TripleDES"") - End Sub - End Class -End Namespace", - GetBasicResultAt(6, 23, s_CA5350Rule, "TestMethod", "TripleDES")); - } - - [Fact] - public void CA5353TripleDESCreateInGetDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass - { - public TripleDES GetTripleDES - { - get { return TripleDES.Create(""TripleDES""); } - } - } -}", - GetCSharpResultAt(9, 26, s_CA5350Rule, "get_GetTripleDES", "TripleDES")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Public ReadOnly Property GetTripleDES() As TripleDES - Get - Return TripleDES.Create(""TripleDES"") - End Get - End Property - End Class -End Namespace", - GetBasicResultAt(7, 12, s_CA5350Rule, "get_GetTripleDES", "TripleDES")); - } - - [Fact] - public void CA5353TripleDESCreateInFieldDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass - { - TripleDES privateDES = TripleDES.Create(""TripleDES""); - } -}", - GetCSharpResultAt(7, 32, s_CA5350Rule, "TestClass", "TripleDES")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Private privateDES As TripleDES = TripleDES.Create(""TripleDES"") - End Class -End Namespace", - GetBasicResultAt(5, 37, s_CA5350Rule, "TestClass", "TripleDES")); - } - //No VB - [Fact] - public void CA5353TripleDESCreateInLambdaExpression() - { - VerifyCSharp(@" -using System.Security.Cryptography; -using System.Threading.Tasks; -namespace TestNamespace -{ - class TestClass - { - private async Task TestMethod() - { - await Task.Run(() => { TripleDES.Create(""TripleDES""); }); - } - } -}", - GetCSharpResultAt(10, 36, s_CA5350Rule, "Run", "TripleDES")); - } - - [Fact] - public void CA5353TripleDESCreateInAnonymousMethodExpression() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass - { - delegate void Del(); - Del d = delegate () { TripleDES.Create(""TripleDES""); }; - } -}", - GetCSharpResultAt(8, 31, s_CA5350Rule, "TestClass", "TripleDES")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Private Delegate Sub Del() - Private d As Del = Sub() TripleDES.Create(""TripleDES"") - End Class -End Namespace", -GetBasicResultAt(6, 28, s_CA5350Rule, "TestClass", "TripleDES")); - } - - [Fact] - public void CA5353TripleDESCryptoServiceProviderInMethodDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; - -namespace TestNamespace -{ - class TestClass - { - private static void TestMethod() - { - TripleDESCryptoServiceProvider tripleDES = new TripleDESCryptoServiceProvider(); - } - } -}", - GetCSharpResultAt(10, 56, s_CA5350Rule, "TestMethod", "TripleDES")); - - VerifyBasic(@" -Imports System.Security.Cryptography - -Module TestClass - Sub TestMethod() - Dim tDESalg As New TripleDESCryptoServiceProvider - End Sub -End Module", -GetBasicResultAt(6, 24, s_CA5350Rule, "TestMethod", "TripleDES")); - } - - [Fact] - public void CA5353TripleDESCryptoServiceProviderInGetDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass - { - public TripleDESCryptoServiceProvider GetDES - { - get { return new TripleDESCryptoServiceProvider(); } - } - } -}", - GetCSharpResultAt(9, 26, s_CA5350Rule, "get_GetDES", "TripleDES")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Public ReadOnly Property GetDES() As TripleDESCryptoServiceProvider - Get - Return New TripleDESCryptoServiceProvider() - End Get - End Property - End Class -End Namespace", - GetBasicResultAt(7, 12, s_CA5350Rule, "get_GetDES", "TripleDES")); - } - - [Fact] - public void CA5353TripleDESCryptoServiceProviderInFieldDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass - { - TripleDESCryptoServiceProvider privateDES = new TripleDESCryptoServiceProvider(); - } -}", - GetCSharpResultAt(7, 53, s_CA5350Rule, "TestClass", "TripleDES")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Private privateDES As New TripleDESCryptoServiceProvider() - End Class -End Namespace", -GetBasicResultAt(5, 25, s_CA5350Rule, "TestClass", "TripleDES")); - } - //No VB - [Fact] - public void CA5353TripleDESCryptoServiceProviderInLambdaExpression() - { - VerifyCSharp(@" -using System.Security.Cryptography; -using System.Threading.Tasks; -namespace TestNamespace -{ - class TestClass - { - private async Task TestMethod() - { - await Task.Run(() => { new TripleDESCryptoServiceProvider(); }); - } - } -}", - GetCSharpResultAt(10, 36, s_CA5350Rule, "Run", "TripleDES")); - } - //No VB - [Fact] - public void CA5353TripleDESCryptoServiceProviderInAnonymousMethodExpression() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass - { - delegate void Del(); - Del d = delegate () { new TripleDESCryptoServiceProvider(); }; - } -}", - GetCSharpResultAt(8, 31, s_CA5350Rule, "TestClass", "TripleDES")); - } - - [Fact] - public void CA5353CreateObjectFromTripleDESDerivedClass() - { - VerifyCSharp(new[] { -//Test0 - @" -using System.Security.Cryptography; - -namespace TestNamespace -{ - class TestClass - { - private static void TestMethod() - { - var my3DES = new My3DES(); - my3DES.GenerateKey(); - } - } -}", -//Test1 - @" -using System; -using System.Security.Cryptography; - -namespace TestNamespace -{ - class My3DES : TripleDES - { - public override ICryptoTransform CreateDecryptor(byte[] rgbKey, byte[] rgbIV) - { - throw new NotImplementedException(); - } - - public override ICryptoTransform CreateEncryptor(byte[] rgbKey, byte[] rgbIV) - { - throw new NotImplementedException(); - } - - public override void GenerateIV() - { - throw new NotImplementedException(); - } - - public override void GenerateKey() - { - throw new NotImplementedException(); - } - } -}" }, - GetCSharpResultAt(10, 26, s_CA5350Rule, "TestMethod", "TripleDES"), - GetCSharpResultAt(11, 13, s_CA5350Rule, "TestMethod", "TripleDES")); - - VerifyBasic(new[] { -//Test0 - @" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Private Shared Sub TestMethod() - Dim my3DES = New My3DES() - my3DES.GenerateKey() - End Sub - End Class -End Namespace", - -//Test1 - @" -Imports System -Imports System.Security.Cryptography - -Namespace TestNamespace - Class My3DES - Inherits TripleDES - Public Overrides Function CreateDecryptor(rgbKey As Byte(), rgbIV As Byte()) As ICryptoTransform - Throw New NotImplementedException() - End Function - - Public Overrides Function CreateEncryptor(rgbKey As Byte(), rgbIV As Byte()) As ICryptoTransform - Throw New NotImplementedException() - End Function - - Public Overrides Sub GenerateIV() - Throw New NotImplementedException() - End Sub - - Public Overrides Sub GenerateKey() - Throw New NotImplementedException() - End Sub - End Class -End Namespace -" }, - GetBasicResultAt(6, 17, s_CA5350Rule, "TestMethod", "TripleDES"), - GetBasicResultAt(7, 4, s_CA5350Rule, "TestMethod", "TripleDES")); - } - - [Fact] - public void CA5350RIPEMD160ManagedInMethodDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; - -namespace TestNamespace -{ - class TestClass - { - private static void TestMethod() - { - var md160 = new RIPEMD160Managed(); - } - } -}", - GetCSharpResultAt(10, 25, s_CA5350Rule, "TestMethod", "RIPEMD160")); - - VerifyBasic(@" -Imports System.Security.Cryptography - -Module TestClass - Sub TestMethod() - Dim md1601alg As New RIPEMD160Managed - End Sub -End Module", -GetBasicResultAt(6, 26, s_CA5350Rule, "TestMethod", "RIPEMD160")); - } - - [Fact] - public void CA5350RIPEMD160ManagedInGetDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass1 - { - public RIPEMD160Managed GetRIPEMD160 - { - get { return new RIPEMD160Managed(); } - } - } -}", - GetCSharpResultAt(9, 26, s_CA5350Rule, "get_GetRIPEMD160", "RIPEMD160")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass1 - Public ReadOnly Property GetRIPEMD160() As RIPEMD160Managed - Get - Return New RIPEMD160Managed() - End Get - End Property - End Class -End Namespace", - GetBasicResultAt(7, 12, s_CA5350Rule, "get_GetRIPEMD160", "RIPEMD160")); - } - - [Fact] - public void CA5350RIPEMD160ManagedInFieldDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass - { - RIPEMD160Managed privateRIPEMD160 = new RIPEMD160Managed(); - } -}", - GetCSharpResultAt(7, 45, s_CA5350Rule, "TestClass", "RIPEMD160")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Private privateRIPEMD160 As New RIPEMD160Managed() - End Class -End Namespace -", - GetBasicResultAt(5, 31, s_CA5350Rule, "TestClass", "RIPEMD160")); - } - //No VB - [Fact] - public void CA5350RIPEMD160ManagedInLambdaExpression() - { - VerifyCSharp(@" -using System.Security.Cryptography; -using System.Threading.Tasks; -namespace TestNamespace -{ - class TestClass - { - private async Task TestMethod() - { - await Task.Run(() => { new RIPEMD160Managed(); }); - } - } -}", - GetCSharpResultAt(10, 36, s_CA5350Rule, "Run", "RIPEMD160")); - } - //No VB - [Fact] - public void CA5350RIPEMD160ManagedInAnonymousMethodExpression() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass - { - delegate void Del(); - Del d = delegate () { new RIPEMD160Managed(); }; - } -}", - GetCSharpResultAt(8, 31, s_CA5350Rule, "TestClass", "RIPEMD160")); - } - - [Fact] - public void CA5350RIPEMD160CreateInMethodDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; - -namespace TestNamespace -{ - class TestClass - { - private static void TestMethod() - { - RIPEMD160 md160 = RIPEMD160.Create(); - } - } -}", - GetCSharpResultAt(10, 31, s_CA5350Rule, "TestMethod", "RIPEMD160")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Private Shared Sub TestMethod() - Dim md160 As RIPEMD160 = RIPEMD160.Create() - End Sub - End Class -End Namespace", - GetBasicResultAt(6, 29, s_CA5350Rule, "TestMethod", "RIPEMD160")); - } - - [Fact] - public void CA5350RIPEMD160CreateInGetDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass1 - { - public RIPEMD160 GetRIPEMD160 - { - get { return RIPEMD160.Create(); } - } - } -}", - GetCSharpResultAt(9, 26, s_CA5350Rule, "get_GetRIPEMD160", "RIPEMD160")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass1 - Public ReadOnly Property GetRIPEMD160() As RIPEMD160 - Get - Return RIPEMD160.Create() - End Get - End Property - End Class -End Namespace", -GetBasicResultAt(7, 12, s_CA5350Rule, "get_GetRIPEMD160", "RIPEMD160")); - } - - [Fact] - public void CA5350RIPEMD160CreateInFieldDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass - { - RIPEMD160 privateRIPEMD160 = RIPEMD160.Create(); - } -}", - GetCSharpResultAt(7, 38, s_CA5350Rule, "TestClass", "RIPEMD160")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Private privateRIPEMD160 As RIPEMD160 = RIPEMD160.Create() - End Class -End Namespace", - GetBasicResultAt(5, 43, s_CA5350Rule, "TestClass", "RIPEMD160")); - } - //No VB - [Fact] - public void CA5350RIPEMD160CreateInLambdaExpression() - { - VerifyCSharp(@" -using System.Security.Cryptography; -using System.Threading.Tasks; -namespace TestNamespace -{ - class TestClass - { - private async Task TestMethod() - { - await Task.Run(() => { RIPEMD160.Create(); }); - } - } -}", - GetCSharpResultAt(10, 36, s_CA5350Rule, "Run", "RIPEMD160")); - } - - [Fact] - public void CA5350RIPEMD160CreateInAnonymousMethodExpression() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass - { - delegate void Del(); - Del d = delegate () { RIPEMD160.Create(); }; - } -}", - GetCSharpResultAt(8, 31, s_CA5350Rule, "TestClass", "RIPEMD160")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Private Delegate Sub Del() - Private d As Del = Sub() RIPEMD160.Create() - End Class -End Namespace", - GetBasicResultAt(6, 34, s_CA5350Rule, "TestClass", "RIPEMD160")); - } - - [Fact] - public void CA5350HMACRIPEMD160InMethodDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; - -namespace TestNamespace -{ - class TestClass - { - private static void TestMethod() - { - var md160 = new HMACRIPEMD160(); - } - } -}", - GetCSharpResultAt(10, 25, s_CA5350Rule, "TestMethod", "HMACRIPEMD160")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Private Shared Sub TestMethod() - Dim md160 = New HMACRIPEMD160() - End Sub - End Class -End Namespace", - GetBasicResultAt(6, 16, s_CA5350Rule, "TestMethod", "HMACRIPEMD160")); - } - - [Fact] - public void CA5350HMACRIPEMD160InGetDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass1 - { - public HMACRIPEMD160 GetHMARIPEMD160 - { - get { return new HMACRIPEMD160(); } - } - } -}", - GetCSharpResultAt(9, 26, s_CA5350Rule, "get_GetHMARIPEMD160", "HMACRIPEMD160")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass1 - Public ReadOnly Property GetHMARIPEMD160() As HMACRIPEMD160 - Get - Return New HMACRIPEMD160() - End Get - End Property - End Class -End Namespace", - GetBasicResultAt(7, 12, s_CA5350Rule, "get_GetHMARIPEMD160", "HMACRIPEMD160")); - } - - [Fact] - public void CA5350HMACRIPEMD160InFieldDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass - { - HMACRIPEMD160 privateHMARIPEMD160 = new HMACRIPEMD160(); - } -}", - GetCSharpResultAt(7, 45, s_CA5350Rule, "TestClass", "HMACRIPEMD160")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Private privateHMARIPEMD160 As New HMACRIPEMD160() - End Class -End Namespace", - GetBasicResultAt(5, 34, s_CA5350Rule, "TestClass", "HMACRIPEMD160")); - } - //No VB - [Fact] - public void CA5350HMACRIPEMD160InLambdaExpression() - { - VerifyCSharp(@" -using System.Security.Cryptography; -using System.Threading.Tasks; -namespace TestNamespace -{ - class TestClass - { - private async Task TestMethod() - { - await Task.Run(() => { new HMACRIPEMD160(); }); - } - } -}", - GetCSharpResultAt(10, 36, s_CA5350Rule, "Run", "HMACRIPEMD160")); - } - //No VB - [Fact] - public void CA5350HMACRIPEMD160InAnonymousMethodExpression() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass - { - delegate void Del(); - Del d = delegate () { new HMACRIPEMD160(); }; - } -}", - GetCSharpResultAt(8, 31, s_CA5350Rule, "TestClass", "HMACRIPEMD160")); - } - - [Fact] - public void CA5350CreateObjectFromRIPEMD160DerivedClass() - { - VerifyCSharp(new[] { -//Test0 - @" -using System.Security.Cryptography; - -namespace TestNamespace -{ - class TestClass - { - private static void TestMethod(byte[] inBytes) - { - var md160 = new MyRIPEMD160(); - } - } -}", -//Test1 - @" -using System; -using System.Security.Cryptography; - -namespace TestNamespace -{ - class MyRIPEMD160 : RIPEMD160 - { - public override void Initialize() - { - throw new NotImplementedException(); - } - - protected override void HashCore(byte[] array, int ibStart, int cbSize) - { - throw new NotImplementedException(); - } - - protected override byte[] HashFinal() - { - throw new NotImplementedException(); - } - } -}" }, - GetCSharpResultAt(10, 25, s_CA5350Rule, "TestMethod", "RIPEMD160")); - - VerifyBasic(new[] { -//Test0 - @" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Private Shared Sub TestMethod(inBytes As Byte()) - Dim md160 = New MyRIPEMD160() - End Sub - End Class -End Namespace", -//Test1 - @" -Imports System -Imports System.Security -Imports System.Security.Cryptography -Namespace TestNamespace - Class MyRIPEMD160 - Inherits RIPEMD160 - Public Overrides Sub Initialize() - Throw New NotImplementedException() - End Sub - - Protected Overrides Sub HashCore(array As Byte(), ibStart As Integer, cbSize As Integer) - Throw New NotImplementedException() - End Sub - - Protected Overrides Function HashFinal() As Byte() - Throw New NotImplementedException() - End Function - End Class -End Namespace" }, - GetBasicResultAt(6, 16, s_CA5350Rule, "TestMethod", "RIPEMD160")); - } - - [Fact] - public void CA5350CreateObjectFromRIPEMD160ManagedDerivedClass() - { - VerifyCSharp(new[] { -//Test0 - @" -using System.Security.Cryptography; - -namespace TestNamespace -{ - class TestClass - { - private static void TestMethod(byte[] inBytes) - { - var md160 = new MyRIPEMD160(); - } - } -}", -//Test1 - @" -using System; -using System.Security.Cryptography; - -namespace TestNamespace -{ - class MyRIPEMD160 : RIPEMD160Managed - { - public override void Initialize() - { - throw new NotImplementedException(); - } - - protected override void HashCore(byte[] array, int ibStart, int cbSize) - { - throw new NotImplementedException(); - } - - protected override byte[] HashFinal() - { - throw new NotImplementedException(); - } - } -}" }, - GetCSharpResultAt(10, 25, s_CA5350Rule, "TestMethod", "RIPEMD160")); - - VerifyBasic(new[] { -//Test0 - @" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Private Shared Sub TestMethod(inBytes As Byte()) - Dim md160 = New MyRIPEMD160() - End Sub - End Class -End Namespace", -//Test1 - @" -Imports System -Imports System.Security.Cryptography -Namespace TestNamespace - Class MyRIPEMD160 - Inherits RIPEMD160Managed - Public Overrides Sub Initialize() - Throw New NotImplementedException() - End Sub - - Protected Overrides Sub HashCore(array As Byte(), ibStart As Integer, cbSize As Integer) - Throw New NotImplementedException() - End Sub - - Protected Overrides Function HashFinal() As Byte() - Throw New NotImplementedException() - End Function - End Class -End Namespace -" }, - GetBasicResultAt(6, 16, s_CA5350Rule, "TestMethod", "RIPEMD160")); - } - - [Fact] - public void CA5350CreateObjectFromHMACRIPEMD160DerivedClass() - { - VerifyCSharp(@" -using System.Security.Cryptography; - -namespace TestNamespace -{ - class MyHMACRIPEMD160 : HMACRIPEMD160 {} - - class TestClass - { - private static void TestMethod() - { - var md160 = new MyHMACRIPEMD160(); - } - } -}", - GetCSharpResultAt(12, 25, s_CA5350Rule, "TestMethod", "HMACRIPEMD160")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class MyHMACRIPEMD160 - Inherits HMACRIPEMD160 - End Class - - Class TestClass - Private Shared Sub TestMethod() - Dim md160 = New MyHMACRIPEMD160() - End Sub - End Class -End Namespace", - GetBasicResultAt(10, 16, s_CA5350Rule, "TestMethod", "HMACRIPEMD160")); - } - - [Fact] - public void CA5356DSACreateSignatureInMethodDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; - -namespace TestNamespace -{ - class TestClass - { - private static void TestMethod(DSA dsa, byte[] inBytes) - { - var sig = dsa.CreateSignature(inBytes); - } - } -}", - GetCSharpResultAt(10, 23, s_CA5351Rule, "TestMethod", "DSA")); - - VerifyBasic(@" -Imports System.Security.Cryptography - -Module TestClass - Function TestMethod(ByVal bytes As Byte()) - Dim dsa As New DSACryptoServiceProvider - Return dsa.CreateSignature(bytes) - End Function -End Module", -GetBasicResultAt(7, 16, s_CA5351Rule, "TestMethod", "DSA")); - } - - [Fact] - public void CA5356UseDSACreateSignatureInGetDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; - -class TestClass -{ - DSA dsa1 = null; - public byte[] MyProperty - { - get - { - byte[] inBytes = null; - return dsa1.CreateSignature(inBytes); - } - } -}", - GetCSharpResultAt(12, 20, s_CA5351Rule, "get_MyProperty", "DSA")); - - VerifyBasic(@" -Imports System.Security.Cryptography - -Class TestClass - Private dsa1 As DSA = Nothing - Public ReadOnly Property MyProperty() As Byte() - Get - Dim inBytes As Byte() = Nothing - Return dsa1.CreateSignature(inBytes) - End Get - End Property -End Class", - GetBasicResultAt(9, 11, s_CA5351Rule, "get_MyProperty", "DSA")); - } - - [Fact] - public void CA5356DSASignatureFormatterInMethodDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; - -namespace TestNamespace -{ - class TestClass - { - private static void TestMethod() - { - var sf1 = new DSASignatureFormatter(); - var sf2 = new DSASignatureFormatter(new DSACryptoServiceProvider()); - } - } -}", - GetCSharpResultAt(10, 23, s_CA5351Rule, "TestMethod", "DSA"), - GetCSharpResultAt(11, 23, s_CA5351Rule, "TestMethod", "DSA")); - - VerifyBasic(@" -Imports System.Security.Cryptography - -Namespace TestNamespace - Class TestClass - Private Shared Sub TestMethod() - Dim sf1 = New DSASignatureFormatter() - Dim sf2 = New DSASignatureFormatter(New DSACryptoServiceProvider()) - End Sub - End Class -End Namespace", - GetBasicResultAt(7, 23, s_CA5351Rule, "TestMethod", "DSA"), - GetBasicResultAt(8, 23, s_CA5351Rule, "TestMethod", "DSA")); - } - - [Fact] - public void CA5356UseDSACreateSignatureFormatterInGetDeclaration() - { - VerifyCSharp(@" -using System.Security.Cryptography; - -class TestClass -{ - DSA dsa1 = null; - public DSASignatureFormatter MyProperty - { - get - { - DSASignatureFormatter inBytes = null; - if (inBytes == null) { return new DSASignatureFormatter(); } - else return new DSASignatureFormatter(new DSACryptoServiceProvider()); - } - } -}", - GetCSharpResultAt(12, 43, s_CA5351Rule, "get_MyProperty", "DSA"), - GetCSharpResultAt(13, 25, s_CA5351Rule, "get_MyProperty", "DSA")); - - VerifyBasic(@" -Imports System.Security.Cryptography -Class TestClass - Private dsa1 As DSA = Nothing - Public ReadOnly Property MyProperty() As DSASignatureFormatter - Get - Dim inBytes As DSASignatureFormatter = Nothing - If inBytes Is Nothing Then - Return New DSASignatureFormatter() - Else - Return New DSASignatureFormatter(New DSACryptoServiceProvider()) - End If - End Get - End Property -End Class", - GetBasicResultAt(9, 12, s_CA5351Rule, "get_MyProperty", "DSA"), - GetBasicResultAt(11, 12, s_CA5351Rule, "get_MyProperty", "DSA")); - } - - [Fact] - public void CA5356CreateSignatureFromDSADerivedClass() - { - VerifyCSharp(new[] { - //Test0 - @" -using System.Security.Cryptography; - -namespace TestNamespace -{ - class TestClass - { - private static void TestMethod(byte[] inBytes) - { - var myDsa = new MyDsa(); - myDsa.CreateSignature(inBytes); - } - } -}", - //Test1 - @" -using System; -using System.Security.Cryptography; - -namespace TestNamespace -{ - class MyDsa : DSA - { - public override string KeyExchangeAlgorithm - { - get - { - throw new NotImplementedException(); - } - } - - public override string SignatureAlgorithm - { - get - { - throw new NotImplementedException(); - } - } - - public override byte[] CreateSignature(byte[] rgbHash) - { - throw new NotImplementedException(); - } - - public override DSAParameters ExportParameters(bool includePrivateParameters) - { - throw new NotImplementedException(); - } - - public override void ImportParameters(DSAParameters parameters) - { - throw new NotImplementedException(); - } - - public override bool VerifySignature(byte[] rgbHash, byte[] rgbSignature) - { - throw new NotImplementedException(); - } - } -}" }, - GetCSharpResultAt(11, 13, s_CA5351Rule, "TestMethod", "DSA")); - - VerifyBasic(new[] { -//Test0 - @" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Private Shared Sub TestMethod(inBytes As Byte()) - Dim myDsa = New MyDsa() - myDsa.CreateSignature(inBytes) - End Sub - End Class -End Namespace", -//Test1 - @" -Imports System -Imports System.Security.Cryptography - -Namespace TestNamespace - Class MyDsa - Inherits DSA - Public Overrides ReadOnly Property KeyExchangeAlgorithm() As String - Get - Throw New NotImplementedException() - End Get - End Property - - Public Overrides ReadOnly Property SignatureAlgorithm() As String - Get - Throw New NotImplementedException() - End Get - End Property - - Public Overrides Function CreateSignature(rgbHash As Byte()) As Byte() - Throw New NotImplementedException() - End Function - - Public Overrides Function ExportParameters(includePrivateParameters As Boolean) As DSAParameters - Throw New NotImplementedException() - End Function - - Public Overrides Sub ImportParameters(parameters As DSAParameters) - Throw New NotImplementedException() - End Sub - - Public Overrides Function VerifySignature(rgbHash As Byte(), rgbSignature As Byte()) As Boolean - Throw New NotImplementedException() - End Function - End Class -End Namespace" }, - GetBasicResultAt(7, 4, s_CA5351Rule, "TestMethod", "DSA")); - } - - [Fact] - public void CA5357RijndaelManagedInMethodDeclarationShouldNotGenerateDiagnostics() - { - VerifyCSharp(@" -using System.Security.Cryptography; - -namespace TestNamespace -{ - class TestClass - { - private static void TestMethod() - { - var rc2 = new RijndaelManaged(); - } - } -}" - ); - - VerifyBasic(@" -Imports System.Security.Cryptography - -Module TestClass - Sub TestMethod() - Dim rijndaelalg As New RijndaelManaged - End Sub -End Module" - ); - } - - [Fact] - public void CA5357RijndaelManagedInGetDeclarationShouldNotGenerateDiagnostics() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass1 - { - public RijndaelManaged GetRijndael - { - get { return new RijndaelManaged(); } - } - } -}" - ); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass1 - Public ReadOnly Property GetRijndael() As RijndaelManaged - Get - Return New RijndaelManaged() - End Get - End Property - End Class -End Namespace" - ); - } - - [Fact] - public void CA5357RijndaelManagedInFieldDeclarationShouldNotGenerateDiagnostics() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass - { - RijndaelManaged privateRijndael = new RijndaelManaged(); - } -}" - ); - - VerifyBasic(@" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Private privateRijndael As New RijndaelManaged() - End Class -End Namespace" - ); - } - //No VB - [Fact] - public void CA5357RijndaelManagedInLambdaExpressionShouldNotGenerateDiagnostics() - { - VerifyCSharp(@" -using System.Security.Cryptography; -using System.Threading.Tasks; -namespace TestNamespace -{ - class TestClass - { - private async Task TestMethod() - { - await Task.Run(() => { new RijndaelManaged(); }); - } - } -}" - ); - } - //No VB - [Fact] - public void CA5357RijndaelManagedInAnonymousMethodExpressionShouldNotGenerateDiagnostics() - { - VerifyCSharp(@" -using System.Security.Cryptography; -namespace TestNamespace -{ - class TestClass - { - delegate void Del(); - Del d = delegate () { new RijndaelManaged(); }; - } -}" - ); - } - - [Fact] - public void CA5357CreateObjectFromRijndaelDerivedClassShouldNotGenerateDiagnostics() - { - VerifyCSharp(new[] { -//Test0 - @" -using System.Security.Cryptography; - -namespace TestNamespace -{ - class TestClass - { - private static void TestMethod() - { - var rc2 = new MyRijndael(); - } - } -}", -//Test1 - @" -using System; -using System.Security.Cryptography; - -namespace TestNamespace -{ - class MyRijndael : Rijndael - { - public override ICryptoTransform CreateDecryptor(byte[] rgbKey, byte[] rgbIV) - { - throw new NotImplementedException(); - } - - public override ICryptoTransform CreateEncryptor(byte[] rgbKey, byte[] rgbIV) - { - throw new NotImplementedException(); - } - - public override void GenerateIV() - { - throw new NotImplementedException(); - } - - public override void GenerateKey() - { - throw new NotImplementedException(); - } - } -}" } - ); - - VerifyBasic(new[] { -//Test0 - @" -Imports System.Security.Cryptography -Namespace TestNamespace - Class TestClass - Private Shared Sub TestMethod() - Dim rc2 = New MyRijndael() - End Sub - End Class -End Namespace", -//Test1 - @" -Imports System -Imports System.Security.Cryptography -Namespace TestNamespace - Class MyRijndael - Inherits Rijndael - Public Overrides Function CreateDecryptor(rgbKey As Byte(), rgbIV As Byte()) As ICryptoTransform - Throw New NotImplementedException() - End Function - - Public Overrides Function CreateEncryptor(rgbKey As Byte(), rgbIV As Byte()) As ICryptoTransform - Throw New NotImplementedException() - End Function - - Public Overrides Sub GenerateIV() - Throw New NotImplementedException() - End Sub - - Public Overrides Sub GenerateKey() - Throw New NotImplementedException() - End Sub - End Class -End Namespace" } - ); - } - - protected override DiagnosticAnalyzer GetBasicDiagnosticAnalyzer() - { - return new BasicDoNotUseInsecureCryptographicAlgorithmsAnalyzer(); - } - - protected override DiagnosticAnalyzer GetCSharpDiagnosticAnalyzer() - { - return new CSharpDoNotUseInsecureCryptographicAlgorithmsAnalyzer(); - } - - private const string CA5350RuleName = DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographicRuleId; - private const string CA5351RuleName = DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographicRuleId; - private static readonly string s_CA5350RuleTitle = MicrosoftNetFrameworkAnalyzersResources.DoNotUseWeakCryptographicAlgorithms; - private static readonly string s_CA5351RuleTitle = MicrosoftNetFrameworkAnalyzersResources.DoNotUseBrokenCryptographicAlgorithms; - - private static readonly string s_CA5350RuleMessage = MicrosoftNetFrameworkAnalyzersResources.DoNotUseWeakCryptographicAlgorithmsMessage; - private static readonly string s_CA5351RuleMessage = MicrosoftNetFrameworkAnalyzersResources.DoNotUseBrokenCryptographicAlgorithmsMessage; - - private static readonly DiagnosticDescriptor s_CA5350Rule = - new DiagnosticDescriptor(CA5350RuleName, - s_CA5350RuleTitle, - s_CA5350RuleMessage, - DiagnosticCategory.Security, - DiagnosticHelpers.DefaultDiagnosticSeverity, - true - ); - - private static readonly DiagnosticDescriptor s_CA5351Rule = - new DiagnosticDescriptor(CA5351RuleName, - s_CA5351RuleTitle, - s_CA5351RuleMessage, - DiagnosticCategory.Security, - DiagnosticHelpers.DefaultDiagnosticSeverity, - true - ); - } -} diff --git a/src/Microsoft.NetFramework.Analyzers/VisualBasic/BasicDoNotUseInsecureCryptographicAlgorithms.vb b/src/Microsoft.NetFramework.Analyzers/VisualBasic/BasicDoNotUseInsecureCryptographicAlgorithms.vb deleted file mode 100644 index 358e5279d1..0000000000 --- a/src/Microsoft.NetFramework.Analyzers/VisualBasic/BasicDoNotUseInsecureCryptographicAlgorithms.vb +++ /dev/null @@ -1,23 +0,0 @@ -' Copyright (c) Microsoft. All Rights Reserved. Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. - -Imports Microsoft.NetFramework.Analyzers -Imports Microsoft.NetFramework.Analyzers.Helpers -Imports Microsoft.CodeAnalysis -Imports Microsoft.CodeAnalysis.Diagnostics -Imports Microsoft.CodeAnalysis.VisualBasic - -Namespace Microsoft.NetFramework.VisualBasic.Analyzers - - - Public Class BasicDoNotUseInsecureCryptographicAlgorithmsAnalyzer - Inherits DoNotUseInsecureCryptographicAlgorithmsAnalyzer - - Protected Overrides Function GetAnalyzer(context As CompilationStartAnalysisContext, cryptTypes As CompilationSecurityTypes) As SyntaxNodeAnalyzer - Dim analyzer As SyntaxNodeAnalyzer = New SyntaxNodeAnalyzer(cryptTypes) - context.RegisterSyntaxNodeAction(AddressOf analyzer.AnalyzeNode, - SyntaxKind.InvocationExpression, - SyntaxKind.ObjectCreationExpression) - Return analyzer - End Function - End Class -End Namespace From 116ae29690abdf14e9910d9d46c1e3411c5714db Mon Sep 17 00:00:00 2001 From: Paul Ming Date: Fri, 24 Aug 2018 11:13:56 -0700 Subject: [PATCH 2/4] WIP Make unit test variable names make slightly more sense --- .../Security/DoNotUseInsecureCryptographicAlgorithmsTests.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotUseInsecureCryptographicAlgorithmsTests.cs b/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotUseInsecureCryptographicAlgorithmsTests.cs index 551d4ce813..8d4f6e11c4 100644 --- a/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotUseInsecureCryptographicAlgorithmsTests.cs +++ b/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotUseInsecureCryptographicAlgorithmsTests.cs @@ -2870,8 +2870,8 @@ protected override DiagnosticAnalyzer GetCSharpDiagnosticAnalyzer() return new CSharpDoNotUseInsecureCryptographicAlgorithmsAnalyzer(); } - private const string CA5351RuleName = DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographicRuleId; private const string CA5350RuleName = DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographicRuleId; + private const string CA5351RuleName = DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographicRuleId; private readonly string _doNotUseMD5Message = SystemSecurityCryptographyResources.DoNotUseMD5; private readonly string _doNotUseSHA1Message = SystemSecurityCryptographyResources.DoNotUseSHA1; From 02001cf63692317e9a486b77aeee9dba4fc058d6 Mon Sep 17 00:00:00 2001 From: Paul Ming Date: Fri, 24 Aug 2018 17:03:10 -0700 Subject: [PATCH 3/4] Messages for crypto rules --- ...DoNotUseInsecureCryptographicAlgorithms.cs | 152 +++++--- .../SystemSecurityCryptographyResources.resx | 18 + ...SystemSecurityCryptographyResources.cs.xlf | 30 ++ ...SystemSecurityCryptographyResources.de.xlf | 30 ++ ...SystemSecurityCryptographyResources.es.xlf | 30 ++ ...SystemSecurityCryptographyResources.fr.xlf | 30 ++ ...SystemSecurityCryptographyResources.it.xlf | 30 ++ ...SystemSecurityCryptographyResources.ja.xlf | 30 ++ ...SystemSecurityCryptographyResources.ko.xlf | 30 ++ ...SystemSecurityCryptographyResources.pl.xlf | 30 ++ ...temSecurityCryptographyResources.pt-BR.xlf | 30 ++ ...SystemSecurityCryptographyResources.ru.xlf | 30 ++ ...SystemSecurityCryptographyResources.tr.xlf | 30 ++ ...mSecurityCryptographyResources.zh-Hans.xlf | 30 ++ ...mSecurityCryptographyResources.zh-Hant.xlf | 30 ++ ...UseInsecureCryptographicAlgorithmsTests.cs | 333 ++++++++++-------- ...crosoftNetFrameworkAnalyzersResources.resx | 18 - ...osoftNetFrameworkAnalyzersResources.cs.xlf | 30 -- ...osoftNetFrameworkAnalyzersResources.de.xlf | 30 -- ...osoftNetFrameworkAnalyzersResources.es.xlf | 30 -- ...osoftNetFrameworkAnalyzersResources.fr.xlf | 30 -- ...osoftNetFrameworkAnalyzersResources.it.xlf | 30 -- ...osoftNetFrameworkAnalyzersResources.ja.xlf | 30 -- ...osoftNetFrameworkAnalyzersResources.ko.xlf | 30 -- ...osoftNetFrameworkAnalyzersResources.pl.xlf | 30 -- ...ftNetFrameworkAnalyzersResources.pt-BR.xlf | 30 -- ...osoftNetFrameworkAnalyzersResources.ru.xlf | 30 -- ...osoftNetFrameworkAnalyzersResources.tr.xlf | 30 -- ...NetFrameworkAnalyzersResources.zh-Hans.xlf | 30 -- ...NetFrameworkAnalyzersResources.zh-Hant.xlf | 30 -- 30 files changed, 696 insertions(+), 605 deletions(-) diff --git a/src/Microsoft.NetCore.Analyzers/Core/Security/DoNotUseInsecureCryptographicAlgorithms.cs b/src/Microsoft.NetCore.Analyzers/Core/Security/DoNotUseInsecureCryptographicAlgorithms.cs index e443151b50..e71e6a0891 100644 --- a/src/Microsoft.NetCore.Analyzers/Core/Security/DoNotUseInsecureCryptographicAlgorithms.cs +++ b/src/Microsoft.NetCore.Analyzers/Core/Security/DoNotUseInsecureCryptographicAlgorithms.cs @@ -11,37 +11,65 @@ namespace Microsoft.NetCore.Analyzers.Security { public abstract class DoNotUseInsecureCryptographicAlgorithmsAnalyzer : DiagnosticAnalyzer { - internal const string DoNotUseWeakCryptographicRuleId = "CA5350"; - internal const string DoNotUseBrokenCryptographicRuleId = "CA5351"; - - private static readonly LocalizableString s_localizableDoNotUseMD5Title = new LocalizableResourceString(nameof(SystemSecurityCryptographyResources.DoNotUseMD5), SystemSecurityCryptographyResources.ResourceManager, typeof(SystemSecurityCryptographyResources)); - private static readonly LocalizableString s_localizableDoNotUseMD5Description = new LocalizableResourceString(nameof(SystemSecurityCryptographyResources.DoNotUseMD5Description), SystemSecurityCryptographyResources.ResourceManager, typeof(SystemSecurityCryptographyResources)); - private static readonly LocalizableString s_localizableDoNotUseSHA1Title = new LocalizableResourceString(nameof(SystemSecurityCryptographyResources.DoNotUseSHA1), SystemSecurityCryptographyResources.ResourceManager, typeof(SystemSecurityCryptographyResources)); - private static readonly LocalizableString s_localizableDoNotUseSHA1Description = new LocalizableResourceString(nameof(SystemSecurityCryptographyResources.DoNotUseSHA1Description), SystemSecurityCryptographyResources.ResourceManager, typeof(SystemSecurityCryptographyResources)); - - internal static DiagnosticDescriptor DoNotUseBrokenCryptographicRule = CreateDiagnosticDescriptor(DoNotUseBrokenCryptographicRuleId, - s_localizableDoNotUseMD5Title, - s_localizableDoNotUseMD5Description); - - internal static DiagnosticDescriptor DoNotUseWeakCryptographicRule = CreateDiagnosticDescriptor(DoNotUseWeakCryptographicRuleId, - s_localizableDoNotUseSHA1Title, - s_localizableDoNotUseSHA1Description); + internal const string DoNotUseWeakCryptographyRuleId = "CA5350"; + internal const string DoNotUseBrokenCryptographyRuleId = "CA5351"; + + internal const string CA5350HelpLink = "https://aka.ms/CA5350"; + internal const string CA5351HelpLink = "https://aka.ms/CA5351"; + + private static readonly LocalizableString s_localizableDoNotUseWeakAlgorithmsTitle = new LocalizableResourceString( + nameof(SystemSecurityCryptographyResources.DoNotUseWeakCryptographicAlgorithms), + SystemSecurityCryptographyResources.ResourceManager, + typeof(SystemSecurityCryptographyResources)); + private static readonly LocalizableString s_localizableDoNotUseWeakAlgorithmsMessage = new LocalizableResourceString( + nameof(SystemSecurityCryptographyResources.DoNotUseWeakCryptographicAlgorithmsMessage), + SystemSecurityCryptographyResources.ResourceManager, + typeof(SystemSecurityCryptographyResources)); + private static readonly LocalizableString s_localizableDoNotUseWeakAlgorithmsDescription = new LocalizableResourceString( + nameof(SystemSecurityCryptographyResources.DoNotUseWeakCryptographicAlgorithmsDescription), + SystemSecurityCryptographyResources.ResourceManager, + typeof(SystemSecurityCryptographyResources)); + private static readonly LocalizableString s_localizableDoNotUseBrokenAlgorithmsTitle = new LocalizableResourceString( + nameof(SystemSecurityCryptographyResources.DoNotUseBrokenCryptographicAlgorithms), + SystemSecurityCryptographyResources.ResourceManager, + typeof(SystemSecurityCryptographyResources)); + private static readonly LocalizableString s_localizableDoNotUseBrokenAlgorithmsMessage = new LocalizableResourceString( + nameof(SystemSecurityCryptographyResources.DoNotUseBrokenCryptographicAlgorithmsMessage), + SystemSecurityCryptographyResources.ResourceManager, + typeof(SystemSecurityCryptographyResources)); + private static readonly LocalizableString s_localizableDoNotUseBrokenAlgorithmsDescription = new LocalizableResourceString( + nameof(SystemSecurityCryptographyResources.DoNotUseBrokenCryptographicAlgorithmsDescription), + SystemSecurityCryptographyResources.ResourceManager, + typeof(SystemSecurityCryptographyResources)); + + internal static DiagnosticDescriptor DoNotUseBrokenCryptographyRule = CreateDiagnosticDescriptor(DoNotUseBrokenCryptographyRuleId, + s_localizableDoNotUseBrokenAlgorithmsTitle, + s_localizableDoNotUseBrokenAlgorithmsMessage, + s_localizableDoNotUseBrokenAlgorithmsDescription, + CA5351HelpLink); + + internal static DiagnosticDescriptor DoNotUseWeakCryptographyRule = CreateDiagnosticDescriptor(DoNotUseWeakCryptographyRuleId, + s_localizableDoNotUseWeakAlgorithmsTitle, + s_localizableDoNotUseWeakAlgorithmsMessage, + s_localizableDoNotUseWeakAlgorithmsDescription, + CA5350HelpLink); protected abstract SyntaxNodeAnalyzer GetAnalyzer(CompilationStartAnalysisContext context, CompilationSecurityTypes cryptTypes); - public override ImmutableArray SupportedDiagnostics => ImmutableArray.Create(DoNotUseBrokenCryptographicRule, DoNotUseWeakCryptographicRule); + public override ImmutableArray SupportedDiagnostics => ImmutableArray.Create(DoNotUseBrokenCryptographyRule, DoNotUseWeakCryptographyRule); - private static DiagnosticDescriptor CreateDiagnosticDescriptor(string ruleId, LocalizableString title, LocalizableString description, string uri = null) + private static DiagnosticDescriptor CreateDiagnosticDescriptor(string ruleId, LocalizableString title, LocalizableString message, LocalizableString description, string uri = null) { - return new DiagnosticDescriptor(ruleId, - title, - title, - DiagnosticCategory.Security, - DiagnosticHelpers.DefaultDiagnosticSeverity, - isEnabledByDefault: DiagnosticHelpers.EnabledByDefaultIfNotBuildingVSIX, - description: description, - helpLinkUri: uri, - customTags: WellKnownDiagnosticTags.Telemetry); + return new DiagnosticDescriptor( + ruleId, + title, + message, + DiagnosticCategory.Security, + DiagnosticHelpers.DefaultDiagnosticSeverity, + isEnabledByDefault: DiagnosticHelpers.EnabledByDefaultIfNotBuildingVSIX, + description: description, + helpLinkUri: uri, + customTags: WellKnownDiagnosticTags.Telemetry); } public override void Initialize(AnalysisContext analysisContext) @@ -90,9 +118,9 @@ public void AnalyzeNode(SyntaxNodeAnalysisContext context) { SyntaxNode node = context.Node; SemanticModel model = context.SemanticModel; - ISymbol symbol = node.GetDeclaredOrReferencedSymbol(model); IMethodSymbol method = symbol as IMethodSymbol; + if (method == null) { return; @@ -100,50 +128,90 @@ public void AnalyzeNode(SyntaxNodeAnalysisContext context) INamedTypeSymbol type = method.ContainingType; DiagnosticDescriptor rule = null; + string[] messageArgs = new string[2]; + string owningParentName = string.Empty; + SyntaxNode cur = node; + + while (cur.Parent != null) + { + SyntaxNode pNode = cur.Parent; + ISymbol sym = pNode.GetDeclaredOrReferencedSymbol(model); + + if (sym != null && + !string.IsNullOrEmpty(sym.Name) + && ( + sym.Kind == SymbolKind.Method || + sym.Kind == SymbolKind.NamedType + ) + ) + { + owningParentName = sym.Name; + break; + } + + cur = pNode; + } + + messageArgs[0] = owningParentName; if (type.DerivesFrom(_cryptTypes.MD5)) { - rule = DoNotUseBrokenCryptographicRule; + rule = DoNotUseBrokenCryptographyRule; + messageArgs[1] = _cryptTypes.MD5.Name; + } + else if (type.DerivesFrom(_cryptTypes.SHA1)) + { + rule = DoNotUseWeakCryptographyRule; + messageArgs[1] = _cryptTypes.SHA1.Name; } - else if (type.DerivesFrom(_cryptTypes.SHA1) || - type.DerivesFrom(_cryptTypes.HMACSHA1)) + else if (type.DerivesFrom(_cryptTypes.HMACSHA1)) { - rule = DoNotUseWeakCryptographicRule; + rule = DoNotUseWeakCryptographyRule; + messageArgs[1] = _cryptTypes.HMACSHA1.Name; } else if (type.DerivesFrom(_cryptTypes.DES)) { - rule = DoNotUseBrokenCryptographicRule; + rule = DoNotUseBrokenCryptographyRule; + messageArgs[1] = _cryptTypes.DES.Name; } - else if ((method.ContainingType.DerivesFrom(_cryptTypes.DSA) && method.MetadataName == SecurityMemberNames.CreateSignature) || - (type == _cryptTypes.DSASignatureFormatter && - method.ContainingType.DerivesFrom(_cryptTypes.DSASignatureFormatter) && method.MetadataName == WellKnownMemberNames.InstanceConstructorName)) + else if ((method.ContainingType.DerivesFrom(_cryptTypes.DSA) + && method.MetadataName == SecurityMemberNames.CreateSignature) + || (type == _cryptTypes.DSASignatureFormatter + && method.ContainingType.DerivesFrom(_cryptTypes.DSASignatureFormatter) + && method.MetadataName == WellKnownMemberNames.InstanceConstructorName)) { - rule = DoNotUseBrokenCryptographicRule; + rule = DoNotUseBrokenCryptographyRule; + messageArgs[1] = _cryptTypes.DSA.Name; } else if (type.DerivesFrom(_cryptTypes.HMACMD5)) { - rule = DoNotUseBrokenCryptographicRule; + rule = DoNotUseBrokenCryptographyRule; + messageArgs[1] = _cryptTypes.HMACMD5.Name; } else if (type.DerivesFrom(_cryptTypes.RC2)) { - rule = DoNotUseBrokenCryptographicRule; + rule = DoNotUseBrokenCryptographyRule; + messageArgs[1] = _cryptTypes.RC2.Name; } else if (type.DerivesFrom(_cryptTypes.TripleDES)) { - rule = DoNotUseWeakCryptographicRule; + rule = DoNotUseWeakCryptographyRule; + messageArgs[1] = _cryptTypes.TripleDES.Name; } else if (type.DerivesFrom(_cryptTypes.RIPEMD160)) { - rule = DoNotUseWeakCryptographicRule; + rule = DoNotUseWeakCryptographyRule; + messageArgs[1] = _cryptTypes.RIPEMD160.Name; } else if (type.DerivesFrom(_cryptTypes.HMACRIPEMD160)) { - rule = DoNotUseWeakCryptographicRule; + rule = DoNotUseWeakCryptographyRule; + messageArgs[1] = _cryptTypes.HMACRIPEMD160.Name; } if (rule != null) { - context.ReportDiagnostic(Diagnostic.Create(rule, node.GetLocation())); + context.ReportDiagnostic(Diagnostic.Create(rule, node.GetLocation(), messageArgs)); } } } diff --git a/src/Microsoft.NetCore.Analyzers/Core/Security/SystemSecurityCryptographyResources.resx b/src/Microsoft.NetCore.Analyzers/Core/Security/SystemSecurityCryptographyResources.resx index ac01fb987b..df8422ef30 100644 --- a/src/Microsoft.NetCore.Analyzers/Core/Security/SystemSecurityCryptographyResources.resx +++ b/src/Microsoft.NetCore.Analyzers/Core/Security/SystemSecurityCryptographyResources.resx @@ -117,6 +117,15 @@ System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 + + Do Not Use Broken Cryptographic Algorithms + + + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + + + {0} uses a broken cryptographic algorithm {1} + Do not use insecure cryptographic algorithm MD5. @@ -129,4 +138,13 @@ This type implements SHA1, a cryptographically insecure hashing function. Hash collisions are computationally feasible for the SHA-1 and SHA-0 algorithms. Replace this usage with a SHA-2 family hash algorithm (SHA512, SHA384, SHA256). + + Do Not Use Weak Cryptographic Algorithms + + + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + + + {0} uses a weak cryptographic algorithm {1} + \ No newline at end of file diff --git a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.cs.xlf b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.cs.xlf index 490adb1164..66ce02af0d 100644 --- a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.cs.xlf +++ b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.cs.xlf @@ -2,6 +2,21 @@ + + Do Not Use Broken Cryptographic Algorithms + Do Not Use Broken Cryptographic Algorithms + + + + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + + + + {0} uses a broken cryptographic algorithm {1} + {0} uses a broken cryptographic algorithm {1} + + Do not use insecure cryptographic algorithm MD5. Nepoužívejte nezabezpečený kryptografický algoritmus MD5 @@ -22,6 +37,21 @@ Tento typ implementuje SHA1, což je kryptograficky nezabezpečená hashovací funkce. Kolize hashovací funkce jsou výpočetně schůdné u algoritmů SHA-1 a SHA-0. Nahraďte toto použití hashovacím algoritmem z řady SHA-2 (SHA512, SHA384, SHA256). + + Do Not Use Weak Cryptographic Algorithms + Do Not Use Weak Cryptographic Algorithms + + + + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + + + + {0} uses a weak cryptographic algorithm {1} + {0} uses a weak cryptographic algorithm {1} + + \ No newline at end of file diff --git a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.de.xlf b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.de.xlf index c279b855e8..449f76e7c8 100644 --- a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.de.xlf +++ b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.de.xlf @@ -2,6 +2,21 @@ + + Do Not Use Broken Cryptographic Algorithms + Do Not Use Broken Cryptographic Algorithms + + + + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + + + + {0} uses a broken cryptographic algorithm {1} + {0} uses a broken cryptographic algorithm {1} + + Do not use insecure cryptographic algorithm MD5. Verwenden Sie nicht den unsicheren kryptografischen Algorithmus MD5. @@ -22,6 +37,21 @@ Dieser Typ implementiert SHA1, eine kryptografisch unsichere Hashfunktion. Hashkollisionen sind für die Algorithmen SHA-1 und SHA-0 rechnerisch möglich. Ersetzen Sie diese Verwendung durch einen Hashalgorithmus der SHA-2-Familie (SHA512, SHA384, SHA256). + + Do Not Use Weak Cryptographic Algorithms + Do Not Use Weak Cryptographic Algorithms + + + + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + + + + {0} uses a weak cryptographic algorithm {1} + {0} uses a weak cryptographic algorithm {1} + + \ No newline at end of file diff --git a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.es.xlf b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.es.xlf index b8c0eabada..1938d9b61a 100644 --- a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.es.xlf +++ b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.es.xlf @@ -2,6 +2,21 @@ + + Do Not Use Broken Cryptographic Algorithms + Do Not Use Broken Cryptographic Algorithms + + + + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + + + + {0} uses a broken cryptographic algorithm {1} + {0} uses a broken cryptographic algorithm {1} + + Do not use insecure cryptographic algorithm MD5. No use el algoritmo criptográfico no seguro MD5. @@ -22,6 +37,21 @@ Este tipo implementa SHA1, una función hash no segura criptográficamente. Las colisiones de hash son computacionalmente factibles para los algoritmos SHA-1 y SHA-0. Reemplace este uso por un algoritmo de hash de la familia SHA-2 (SHA512, SHA384, SHA256). + + Do Not Use Weak Cryptographic Algorithms + Do Not Use Weak Cryptographic Algorithms + + + + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + + + + {0} uses a weak cryptographic algorithm {1} + {0} uses a weak cryptographic algorithm {1} + + \ No newline at end of file diff --git a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.fr.xlf b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.fr.xlf index 7336443826..8176b9aafa 100644 --- a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.fr.xlf +++ b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.fr.xlf @@ -2,6 +2,21 @@ + + Do Not Use Broken Cryptographic Algorithms + Do Not Use Broken Cryptographic Algorithms + + + + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + + + + {0} uses a broken cryptographic algorithm {1} + {0} uses a broken cryptographic algorithm {1} + + Do not use insecure cryptographic algorithm MD5. N'utilisez pas d'algorithme de chiffrement MD5 non sécurisé. @@ -22,6 +37,21 @@ Ce type implémente SHA1, une fonction de hachage par chiffrement non sécurisée. Les collisions de hachage peuvent être calculées pour les algorithmes SHA-1 et SHA-0. Remplacez cette utilisation par un algorithme de hachage de la famille SHA-2 (SHA512, SHA384, SHA256). + + Do Not Use Weak Cryptographic Algorithms + Do Not Use Weak Cryptographic Algorithms + + + + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + + + + {0} uses a weak cryptographic algorithm {1} + {0} uses a weak cryptographic algorithm {1} + + \ No newline at end of file diff --git a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.it.xlf b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.it.xlf index fac65ddc09..5b76643174 100644 --- a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.it.xlf +++ b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.it.xlf @@ -2,6 +2,21 @@ + + Do Not Use Broken Cryptographic Algorithms + Do Not Use Broken Cryptographic Algorithms + + + + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + + + + {0} uses a broken cryptographic algorithm {1} + {0} uses a broken cryptographic algorithm {1} + + Do not use insecure cryptographic algorithm MD5. Non usare l'algoritmo di crittografia non sicuro MD5. @@ -22,6 +37,21 @@ Questo tipo implementa SHA1, una funzione hash crittograficamente non sicura. Da un punto di vista computazionale, le collisioni di hash sono possibili per gli algoritmi SHA-1 e SHA-0. Sostituire questo algoritmo con uno hash della famiglia SHA-2 (SHA512, SHA384, SHA256). + + Do Not Use Weak Cryptographic Algorithms + Do Not Use Weak Cryptographic Algorithms + + + + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + + + + {0} uses a weak cryptographic algorithm {1} + {0} uses a weak cryptographic algorithm {1} + + \ No newline at end of file diff --git a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.ja.xlf b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.ja.xlf index 84d1e20ef4..1613038d54 100644 --- a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.ja.xlf +++ b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.ja.xlf @@ -2,6 +2,21 @@ + + Do Not Use Broken Cryptographic Algorithms + Do Not Use Broken Cryptographic Algorithms + + + + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + + + + {0} uses a broken cryptographic algorithm {1} + {0} uses a broken cryptographic algorithm {1} + + Do not use insecure cryptographic algorithm MD5. 安全でない暗号アルゴリズム MD5 を使用しない。 @@ -22,6 +37,21 @@ この型は、暗号として安全でないハッシュ関数である SHA1 を実装しています。SHA-1 と SHA-0 アルゴリズムでは、計算上、ハッシュの競合が起こる可能性があります。この使用を SHA-2 ファミリのハッシュ アルゴリズム (SHA512、SHA384、SHA256) に置き換えてください。 + + Do Not Use Weak Cryptographic Algorithms + Do Not Use Weak Cryptographic Algorithms + + + + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + + + + {0} uses a weak cryptographic algorithm {1} + {0} uses a weak cryptographic algorithm {1} + + \ No newline at end of file diff --git a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.ko.xlf b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.ko.xlf index 098fe717ae..a9ebe06135 100644 --- a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.ko.xlf +++ b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.ko.xlf @@ -2,6 +2,21 @@ + + Do Not Use Broken Cryptographic Algorithms + Do Not Use Broken Cryptographic Algorithms + + + + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + + + + {0} uses a broken cryptographic algorithm {1} + {0} uses a broken cryptographic algorithm {1} + + Do not use insecure cryptographic algorithm MD5. 안전하지 않은 암호화 알고리즘 MD5를 사용하지 마세요. @@ -22,6 +37,21 @@ 이 형식은 안전하지 않게 암호화된 해시 알고리즘인 SHA1을 구현합니다. SHA-1 및 SHA-0 알고리즘에서 계산상 해시 충돌이 발생할 수 있습니다. 이 사용법을 SHA-2 패밀리 해시 알고리즘(SHA512, SHA384, SHA256)으로 바꾸세요. + + Do Not Use Weak Cryptographic Algorithms + Do Not Use Weak Cryptographic Algorithms + + + + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + + + + {0} uses a weak cryptographic algorithm {1} + {0} uses a weak cryptographic algorithm {1} + + \ No newline at end of file diff --git a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.pl.xlf b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.pl.xlf index 87a3853b2c..1621ff04fe 100644 --- a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.pl.xlf +++ b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.pl.xlf @@ -2,6 +2,21 @@ + + Do Not Use Broken Cryptographic Algorithms + Do Not Use Broken Cryptographic Algorithms + + + + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + + + + {0} uses a broken cryptographic algorithm {1} + {0} uses a broken cryptographic algorithm {1} + + Do not use insecure cryptographic algorithm MD5. Nie używaj niezabezpieczonego algorytmu kryptograficznego MD5. @@ -22,6 +37,21 @@ Ten typ implementuje niezabezpieczoną kryptograficznie funkcję skrótu SHA1. Istnieje możliwość wystąpienia kolizji skrótów w przypadku algorytmów SHA-1 i SHA-0. Zastąp to użycie algorytmem wartości skrótu z rodziny SHA-2 (SHA512, SHA384, SHA256). + + Do Not Use Weak Cryptographic Algorithms + Do Not Use Weak Cryptographic Algorithms + + + + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + + + + {0} uses a weak cryptographic algorithm {1} + {0} uses a weak cryptographic algorithm {1} + + \ No newline at end of file diff --git a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.pt-BR.xlf b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.pt-BR.xlf index bd427221a8..4cbf6d11bd 100644 --- a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.pt-BR.xlf +++ b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.pt-BR.xlf @@ -2,6 +2,21 @@ + + Do Not Use Broken Cryptographic Algorithms + Do Not Use Broken Cryptographic Algorithms + + + + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + + + + {0} uses a broken cryptographic algorithm {1} + {0} uses a broken cryptographic algorithm {1} + + Do not use insecure cryptographic algorithm MD5. Não use o algoritmo de criptografia não seguro MD5. @@ -22,6 +37,21 @@ Esse tipo implementa SHA1, uma função de hash criptograficamente não segura. As colisões de hash são computacionalmente viáveis para os algoritmos SHA-1 e SHA-0. Substitua esse uso por um algoritmo hash da família SHA-2 (SHA512, SHA384, SHA256). + + Do Not Use Weak Cryptographic Algorithms + Do Not Use Weak Cryptographic Algorithms + + + + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + + + + {0} uses a weak cryptographic algorithm {1} + {0} uses a weak cryptographic algorithm {1} + + \ No newline at end of file diff --git a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.ru.xlf b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.ru.xlf index fc6d591342..2621f02338 100644 --- a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.ru.xlf +++ b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.ru.xlf @@ -2,6 +2,21 @@ + + Do Not Use Broken Cryptographic Algorithms + Do Not Use Broken Cryptographic Algorithms + + + + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + + + + {0} uses a broken cryptographic algorithm {1} + {0} uses a broken cryptographic algorithm {1} + + Do not use insecure cryptographic algorithm MD5. Не используйте небезопасный алгоритм шифрования MD5. @@ -22,6 +37,21 @@ Этот тип реализует криптографически небезопасную хэш-функцию SHA1. С точки зрения вычислений для алгоритмов SHA-1 и SHA-0 возможны хэш-конфликты. Замените на хэш-алгоритм из семейства SHA-2 (SHA512, SHA384, SHA256). + + Do Not Use Weak Cryptographic Algorithms + Do Not Use Weak Cryptographic Algorithms + + + + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + + + + {0} uses a weak cryptographic algorithm {1} + {0} uses a weak cryptographic algorithm {1} + + \ No newline at end of file diff --git a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.tr.xlf b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.tr.xlf index 3c1d6f5e1e..ca21e9c37d 100644 --- a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.tr.xlf +++ b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.tr.xlf @@ -2,6 +2,21 @@ + + Do Not Use Broken Cryptographic Algorithms + Do Not Use Broken Cryptographic Algorithms + + + + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + + + + {0} uses a broken cryptographic algorithm {1} + {0} uses a broken cryptographic algorithm {1} + + Do not use insecure cryptographic algorithm MD5. Güvenli olmayan MD5 kriptografik algoritmasını kullanmayın. @@ -22,6 +37,21 @@ Bu tür, kriptografik olarak güvenli olmayan bir karma işlevi olan SHA1 uygular. SHA-1 ve SHA-0 algoritmaları için karma çakışmaları işlemsel olarak uygundur. Bu kullanımı bir SHA-2 aile karma algoritmasıyla (SHA512, SHA384, SHA256) değiştirin. + + Do Not Use Weak Cryptographic Algorithms + Do Not Use Weak Cryptographic Algorithms + + + + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + + + + {0} uses a weak cryptographic algorithm {1} + {0} uses a weak cryptographic algorithm {1} + + \ No newline at end of file diff --git a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.zh-Hans.xlf b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.zh-Hans.xlf index 9d7bb5334c..92d297d17a 100644 --- a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.zh-Hans.xlf +++ b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.zh-Hans.xlf @@ -2,6 +2,21 @@ + + Do Not Use Broken Cryptographic Algorithms + Do Not Use Broken Cryptographic Algorithms + + + + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + + + + {0} uses a broken cryptographic algorithm {1} + {0} uses a broken cryptographic algorithm {1} + + Do not use insecure cryptographic algorithm MD5. 不要使用不安全的加密算法 MD5。 @@ -22,6 +37,21 @@ 此类型实现 SHA1,它是一种不安全的加密哈希函数。在计算方面,SHA-1 和 SHA-0 算法可能出现哈希冲突。请将此使用项替换为 SHA-2 系列哈希算法(SHA512、SHA384、SHA256)。 + + Do Not Use Weak Cryptographic Algorithms + Do Not Use Weak Cryptographic Algorithms + + + + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + + + + {0} uses a weak cryptographic algorithm {1} + {0} uses a weak cryptographic algorithm {1} + + \ No newline at end of file diff --git a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.zh-Hant.xlf b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.zh-Hant.xlf index a72586cf3e..394aa9cce1 100644 --- a/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.zh-Hant.xlf +++ b/src/Microsoft.NetCore.Analyzers/Core/Security/xlf/SystemSecurityCryptographyResources.zh-Hant.xlf @@ -2,6 +2,21 @@ + + Do Not Use Broken Cryptographic Algorithms + Do Not Use Broken Cryptographic Algorithms + + + + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. + + + + {0} uses a broken cryptographic algorithm {1} + {0} uses a broken cryptographic algorithm {1} + + Do not use insecure cryptographic algorithm MD5. 請勿使用不安全的密碼編譯演算法 MD5。 @@ -22,6 +37,21 @@ 此類型會實作 SHA1,此雜湊函數在密碼編譯方面有安全性疑慮。SHA-1 與 SHA-0 演算法在運算方面可能會發生雜湊衝突。請以 SHA-2 系列雜湊演算法 (SHA512、SHA384、SHA256) 取代此用法。 + + Do Not Use Weak Cryptographic Algorithms + Do Not Use Weak Cryptographic Algorithms + + + + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. + + + + {0} uses a weak cryptographic algorithm {1} + {0} uses a weak cryptographic algorithm {1} + + \ No newline at end of file diff --git a/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotUseInsecureCryptographicAlgorithmsTests.cs b/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotUseInsecureCryptographicAlgorithmsTests.cs index 8d4f6e11c4..484110492b 100644 --- a/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotUseInsecureCryptographicAlgorithmsTests.cs +++ b/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotUseInsecureCryptographicAlgorithmsTests.cs @@ -5,6 +5,8 @@ using Microsoft.CodeAnalysis.Diagnostics; using Test.Utilities; using Xunit; +using Microsoft.CodeAnalysis; +using Analyzer.Utilities; namespace Microsoft.NetCore.Analyzers.Security.UnitTests { @@ -28,7 +30,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 23, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(10, 23, s_CA5351Rule, "TestMethod", "MD5")); VerifyBasic(@" Imports System.Security.Cryptography @@ -38,7 +40,7 @@ Sub TestSub() Dim md5alg As MD5 = MD5.Create() End Sub End Module", - GetBasicResultAt(6, 29, CA5351RuleName, _doNotUseMD5Message)); + GetBasicResultAt(6, 29, s_CA5351Rule, "TestSub", "MD5")); } //NO VB [Fact] @@ -53,7 +55,7 @@ class TestClass1 public MD5 GetMD5 => MD5.Create(); } }", - GetCSharpResultAt(7, 30, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(7, 30, s_CA5351Rule, "TestClass1", "MD5")); } [Fact] @@ -71,7 +73,7 @@ public HashAlgorithm GetAlg } } }", - GetCSharpResultAt(9, 26, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(9, 26, s_CA5351Rule, "get_GetAlg", "MD5")); VerifyBasic(@" Imports System.Security.Cryptography @@ -84,7 +86,7 @@ End Get End Property End Class End Namespace", - GetBasicResultAt(7, 12, CA5351RuleName, _doNotUseMD5Message)); + GetBasicResultAt(7, 12, s_CA5351Rule, "get_GetAlg", "MD5")); } [Fact] @@ -99,7 +101,7 @@ class TestClass1 public HashAlgorithm Alg = MD5.Create(); } }", - GetCSharpResultAt(7, 36, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(7, 36, s_CA5351Rule, "TestClass1", "MD5")); VerifyBasic(@" Imports System.Security.Cryptography @@ -108,7 +110,7 @@ Class TestClass1 Public Alg As HashAlgorithm = MD5.Create() End Class End Namespace", - GetBasicResultAt(5, 33, CA5351RuleName, _doNotUseMD5Message)); + GetBasicResultAt(5, 33, s_CA5351Rule, "TestClass1", "MD5")); } [Fact] @@ -127,7 +129,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(10, 36, s_CA5351Rule, "Run", "MD5")); VerifyBasic(@" Imports System.Security.Cryptography @@ -141,7 +143,7 @@ Await Task.Run(Function() End Function End Class End Namespace", - GetBasicResultAt(8, 8, CA5351RuleName, _doNotUseMD5Message)); + GetBasicResultAt(8, 8, s_CA5351Rule, "Run", "MD5")); } [Fact] @@ -157,7 +159,7 @@ class TestClass Del d = delegate () { MD5.Create(); }; } }", - GetCSharpResultAt(8, 31, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(8, 31, s_CA5351Rule, "TestClass", "MD5")); VerifyBasic(@" Imports System.Security.Cryptography @@ -167,7 +169,7 @@ Private Delegate Sub Del() Private d As Del = Sub() MD5.Create() End Class End Namespace", - GetBasicResultAt(6, 28, CA5351RuleName, _doNotUseMD5Message)); + GetBasicResultAt(6, 28, s_CA5351Rule, "TestClass", "MD5")); } [Fact] @@ -213,7 +215,7 @@ protected override byte[] HashFinal() } } }" }, - GetCSharpResultAt(10, 25, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(10, 25, s_CA5351Rule, "TestMethod", "MD5")); VerifyBasic(new[] { //Test0 @@ -249,7 +251,7 @@ End Function End Class End Namespace"}, - GetBasicResultAt(7, 16, CA5351RuleName, _doNotUseMD5Message)); + GetBasicResultAt(7, 16, s_CA5351Rule, "TestMethod", "MD5")); } #endregion @@ -272,7 +274,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 24, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 24, s_CA5350Rule, "TestMethod", "SHA1")); VerifyBasic(@" Imports System.Security.Cryptography @@ -282,7 +284,7 @@ Sub TestSub() Dim sha1alg As SHA1 = SHA1.Create() End Sub End Module", - GetBasicResultAt(6, 31, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(6, 31, s_CA5350Rule, "TestSub", "SHA1")); } //NO VB [Fact] @@ -297,7 +299,7 @@ class TestClass1 public SHA1 GetSHA1 => SHA1.Create(); } }", - GetCSharpResultAt(7, 32, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(7, 32, s_CA5350Rule, "TestClass1", "SHA1")); } [Fact] @@ -315,7 +317,7 @@ public HashAlgorithm GetAlg } } }", - GetCSharpResultAt(9, 26, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(9, 26, s_CA5350Rule, "get_GetAlg", "SHA1")); VerifyBasic(@" Imports System.Security.Cryptography @@ -328,7 +330,7 @@ End Get End Property End Class End Namespace", - GetBasicResultAt(7, 12, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(7, 12, s_CA5350Rule, "get_GetAlg", "SHA1")); } [Fact] @@ -343,7 +345,7 @@ class TestClass1 public HashAlgorithm Alg = SHA1.Create(); } }", - GetCSharpResultAt(7, 36, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(7, 36, s_CA5350Rule, "TestClass1", "SHA1")); VerifyBasic(@" Imports System.Security.Cryptography @@ -352,7 +354,7 @@ Class TestClass1 Public Alg As HashAlgorithm = SHA1.Create() End Class End Namespace", - GetBasicResultAt(5, 33, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(5, 33, s_CA5350Rule, "TestClass1", "SHA1")); } [Fact] @@ -371,7 +373,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 36, s_CA5350Rule, "Run", "SHA1")); VerifyBasic(@" Imports System.Security.Cryptography @@ -385,7 +387,7 @@ Await Task.Run(Function() End Function End Class End Namespace", - GetBasicResultAt(8, 8, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(8, 8, s_CA5350Rule, "Run", "SHA1")); } [Fact] @@ -401,7 +403,7 @@ class TestClass Del d = delegate () { SHA1.Create(); }; } }", - GetCSharpResultAt(8, 31, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(8, 31, s_CA5350Rule, "TestClass", "SHA1")); VerifyBasic(@" Imports System.Security.Cryptography @@ -411,7 +413,7 @@ Private Delegate Sub Del() Private d As Del = Sub() SHA1.Create() End Class End Namespace", - GetBasicResultAt(6, 28, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(6, 28, s_CA5350Rule, "TestClass", "SHA1")); } [Fact] @@ -457,7 +459,7 @@ protected override byte[] HashFinal() } } }" }, - GetCSharpResultAt(10, 26, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 26, s_CA5350Rule, "TestMethod", "SHA1")); VerifyBasic(new[] { //Test0 @@ -490,7 +492,7 @@ Throw New System.NotImplementedException() End Function End Class End Namespace" }, - GetBasicResultAt(6, 17, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(6, 17, s_CA5350Rule, "TestMethod", "SHA1")); } [Fact] @@ -509,7 +511,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 24, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 24, s_CA5350Rule, "TestMethod", "SHA1")); VerifyBasic(@" Imports System.Security.Cryptography @@ -519,7 +521,7 @@ Sub TestMethod() Dim SHA1alg As New SHA1CryptoServiceProvider End Sub End Module", - GetBasicResultAt(6, 24, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(6, 24, s_CA5350Rule, "TestMethod", "SHA1")); } [Fact] @@ -538,7 +540,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 28, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 28, s_CA5350Rule, "TestMethod", "HMACSHA1")); VerifyBasic(@" Imports System.Security.Cryptography @@ -548,7 +550,7 @@ Sub TestSub() Dim hmacsha1 As HMACSHA1 = New HMACSHA1() End Sub End Module", - GetBasicResultAt(6, 36, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(6, 36, s_CA5350Rule, "TestSub", "HMACSHA1")); } //No VB [Fact] @@ -563,7 +565,7 @@ class TestClass1 public HMAC GetHMACSHA1 => new HMACSHA1(); } }", - GetCSharpResultAt(7, 36, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(7, 36, s_CA5350Rule, "TestClass1", "HMACSHA1")); } [Fact] @@ -581,7 +583,7 @@ public HMAC GetAlg } } }", - GetCSharpResultAt(9, 26, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(9, 26, s_CA5350Rule, "get_GetAlg", "HMACSHA1")); VerifyBasic(@" Imports System.Security.Cryptography @@ -594,7 +596,7 @@ End Get End Property End Class End Namespace", - GetBasicResultAt(7, 12, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(7, 12, s_CA5350Rule, "get_GetAlg", "HMACSHA1")); } [Fact] @@ -609,7 +611,7 @@ class TestClass1 public HMAC Alg = new HMACSHA1(); } }", - GetCSharpResultAt(7, 27, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(7, 27, s_CA5350Rule, "TestClass1", "HMACSHA1")); VerifyBasic(@" Imports System.Security.Cryptography @@ -618,7 +620,7 @@ Class TestClass1 Public Alg As HMAC = New HMACSHA1() End Class End Namespace", - GetBasicResultAt(5, 24, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(5, 24, s_CA5350Rule, "TestClass1", "HMACSHA1")); } //No VB [Fact] @@ -637,7 +639,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 36, s_CA5350Rule, "Run", "HMACSHA1")); } //No VB [Fact] @@ -653,7 +655,7 @@ class TestClass Del d = delegate () { new HMACSHA1(); }; } }", - GetCSharpResultAt(8, 31, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(8, 31, s_CA5350Rule, "TestClass", "HMACSHA1")); } [Fact] @@ -699,7 +701,7 @@ protected override byte[] HashFinal() } } }" }, - GetCSharpResultAt(10, 30, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 30, s_CA5350Rule, "TestMethod", "HMACSHA1")); VerifyBasic(new[] { //Test0 @@ -734,11 +736,11 @@ End Function End Class End Namespace " }, - GetBasicResultAt(7, 21, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(7, 21, s_CA5350Rule, "TestMethod", "HMACSHA1")); } #endregion - [Fact] + [Fact] public void CA5350UseHMACMD5CreateInMethodDeclaration() { VerifyCSharp(@" @@ -754,7 +756,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 23, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(10, 23, s_CA5351Rule, "TestMethod", "HMACMD5")); VerifyBasic(@" Imports System.Security.Cryptography @@ -766,7 +768,7 @@ Private Shared Sub TestMethod() End Sub End Class End Namespace", - GetBasicResultAt(7, 14, CA5351RuleName, _doNotUseMD5Message)); + GetBasicResultAt(7, 14, s_CA5351Rule, "TestMethod", "HMACMD5")); } [Fact] @@ -787,7 +789,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(12, 23, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(12, 23, s_CA5351Rule, "TestMethod", "HMACMD5")); VerifyBasic(@" Imports System.Security.Cryptography @@ -802,7 +804,7 @@ Private Shared Sub TestMethod() End Sub End Class End Namespace", - GetBasicResultAt(10, 14, CA5351RuleName, _doNotUseMD5Message)); + GetBasicResultAt(10, 14, s_CA5351Rule, "TestMethod", "HMACMD5")); } [Fact] @@ -820,7 +822,7 @@ public HMACMD5 GetHMACMD5 } } }", - GetCSharpResultAt(9, 26, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(9, 26, s_CA5351Rule, "get_GetHMACMD5", "HMACMD5")); VerifyBasic(@" Imports System.Security.Cryptography @@ -833,7 +835,7 @@ End Get End Property End Class End Namespace", -GetBasicResultAt(7, 12, CA5351RuleName, _doNotUseMD5Message)); +GetBasicResultAt(7, 12, s_CA5351Rule, "get_GetHMACMD5", "HMACMD5")); } [Fact] @@ -848,7 +850,7 @@ class TestClass HMACMD5 privateMd5 = new HMACMD5(); } }", - GetCSharpResultAt(7, 30, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(7, 30, s_CA5351Rule, "TestClass", "HMACMD5")); VerifyBasic(@" Imports System.Security.Cryptography @@ -857,7 +859,7 @@ Class TestClass Private privateMd5 As New HMACMD5() End Class End Namespace", -GetBasicResultAt(5, 25, CA5351RuleName, _doNotUseMD5Message)); +GetBasicResultAt(5, 25, s_CA5351Rule, "TestClass", "HMACMD5")); } [Fact] @@ -876,7 +878,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(10, 36, s_CA5351Rule, "Run", "HMACMD5")); VerifyBasic(@" Imports System.Security.Cryptography @@ -889,7 +891,7 @@ Return New HMACMD5() End Function) End Sub End Module", - GetBasicResultAt(8, 35, CA5351RuleName, _doNotUseMD5Message)); + GetBasicResultAt(8, 35, s_CA5351Rule, "Run", "HMACMD5")); } [Fact] @@ -905,7 +907,7 @@ class TestClass Del d = delegate () { new HMACMD5(); }; } }", - GetCSharpResultAt(8, 31, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(8, 31, s_CA5351Rule, "TestClass", "HMACMD5")); VerifyBasic(@" Imports System.Security.Cryptography @@ -914,7 +916,7 @@ Module TestClass Delegate Function Del() As HashAlgorithm Dim d As Del = Function() New HMACMD5() End Module", - GetBasicResultAt(6, 31, CA5351RuleName, _doNotUseMD5Message)); + GetBasicResultAt(6, 31, s_CA5351Rule, "TestClass", "HMACMD5")); } [Fact] @@ -933,7 +935,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 23, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(10, 23, s_CA5351Rule, "TestMethod", "DES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -943,7 +945,7 @@ Sub TestMethod() Dim desalg As DES = DES.Create() End Sub End Module", -GetBasicResultAt(6, 29, CA5351RuleName, _doNotUseMD5Message)); +GetBasicResultAt(6, 29, s_CA5351Rule, "TestMethod", "DES")); } [Fact] @@ -961,7 +963,7 @@ public DES GetDES } } }", - GetCSharpResultAt(9, 26, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(9, 26, s_CA5351Rule, "get_GetDES", "DES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -975,7 +977,7 @@ End Property End Class End Namespace ", -GetBasicResultAt(7, 12, CA5351RuleName, _doNotUseMD5Message)); +GetBasicResultAt(7, 12, s_CA5351Rule, "get_GetDES", "DES")); } [Fact] @@ -990,7 +992,7 @@ class TestClass DES privateDES = DES.Create(); } }", - GetCSharpResultAt(7, 26, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(7, 26, s_CA5351Rule, "TestClass", "DES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -999,7 +1001,7 @@ Class TestClass Private privateDES As DES = DES.Create() End Class End Namespace", -GetBasicResultAt(5, 31, CA5351RuleName, _doNotUseMD5Message)); +GetBasicResultAt(5, 31, s_CA5351Rule, "TestClass", "DES")); } [Fact] @@ -1018,7 +1020,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(10, 36, s_CA5351Rule, "Run", "DES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1032,7 +1034,7 @@ Await Task.Run(Function() End Function End Class End Namespace", -GetBasicResultAt(8, 4, CA5351RuleName, _doNotUseMD5Message)); +GetBasicResultAt(8, 4, s_CA5351Rule, "Run", "DES")); } [Fact] @@ -1048,7 +1050,7 @@ class TestClass Del d = delegate () { DES.Create(); }; } }", - GetCSharpResultAt(8, 31, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(8, 31, s_CA5351Rule, "TestClass", "DES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1058,7 +1060,7 @@ Private Delegate Sub Del() Private d As Del = Sub() DES.Create() End Class End Namespace", -GetBasicResultAt(6, 28, CA5351RuleName, _doNotUseMD5Message)); +GetBasicResultAt(6, 28, s_CA5351Rule, "TestClass", "DES")); } [Fact] @@ -1077,7 +1079,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 23, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(10, 23, s_CA5351Rule, "TestMethod", "DES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1088,7 +1090,7 @@ Private Shared Sub TestMethod() End Sub End Class End Namespace", - GetBasicResultAt(6, 21, CA5351RuleName, _doNotUseMD5Message)); + GetBasicResultAt(6, 21, s_CA5351Rule, "TestMethod", "DES")); } [Fact] @@ -1106,7 +1108,7 @@ public DESCryptoServiceProvider GetDES } } }", - GetCSharpResultAt(9, 26, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(9, 26, s_CA5351Rule, "get_GetDES", "DES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1119,7 +1121,7 @@ End Get End Property End Class End Namespace", - GetBasicResultAt(7, 12, CA5351RuleName, _doNotUseMD5Message)); + GetBasicResultAt(7, 12, s_CA5351Rule, "get_GetDES", "DES")); } [Fact] @@ -1134,7 +1136,7 @@ class TestClass DESCryptoServiceProvider privateDES = new DESCryptoServiceProvider(); } }", - GetCSharpResultAt(7, 47, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(7, 47, s_CA5351Rule, "TestClass", "DES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1143,7 +1145,7 @@ Class TestClass Private privateDES As New DESCryptoServiceProvider() End Class End Namespace", -GetBasicResultAt(5, 25, CA5351RuleName, _doNotUseMD5Message)); +GetBasicResultAt(5, 25, s_CA5351Rule, "TestClass", "DES")); } //No VB [Fact] @@ -1162,7 +1164,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(10, 36, s_CA5351Rule, "Run", "DES")); } //No VB [Fact] @@ -1178,7 +1180,7 @@ class TestClass Del d = delegate () { new DESCryptoServiceProvider(); }; } }", - GetCSharpResultAt(8, 31, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(8, 31, s_CA5351Rule, "TestClass", "DES")); } [Fact] @@ -1230,8 +1232,8 @@ public override void GenerateKey() } } }" }, - GetCSharpResultAt(10, 25, CA5351RuleName, _doNotUseMD5Message), - GetCSharpResultAt(11, 13, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(10, 25, s_CA5351Rule, "TestMethod", "DES"), + GetCSharpResultAt(11, 13, s_CA5351Rule, "TestMethod", "DES")); VerifyBasic(new[] { //Test0 @@ -1270,8 +1272,8 @@ End Sub End Class End Namespace " }, - GetBasicResultAt(6, 15, CA5351RuleName, _doNotUseMD5Message), - GetBasicResultAt(7, 4, CA5351RuleName, _doNotUseMD5Message)); + GetBasicResultAt(6, 15, s_CA5351Rule, "TestMethod", "DES"), + GetBasicResultAt(7, 4, s_CA5351Rule, "TestMethod", "DES")); } [Fact] @@ -1290,7 +1292,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 23, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(10, 23, s_CA5351Rule, "TestMethod", "RC2")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1300,7 +1302,7 @@ Sub TestMethod() Dim rc2alg As New RC2CryptoServiceProvider End Sub End Module", -GetBasicResultAt(6, 23, CA5351RuleName, _doNotUseMD5Message)); +GetBasicResultAt(6, 23, s_CA5351Rule, "TestMethod", "RC2")); } [Fact] @@ -1318,7 +1320,7 @@ public RC2CryptoServiceProvider GetRC2 } } }", - GetCSharpResultAt(9, 26, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(9, 26, s_CA5351Rule, "get_GetRC2", "RC2")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1331,7 +1333,7 @@ End Get End Property End Class End Namespace", -GetBasicResultAt(7, 12, CA5351RuleName, _doNotUseMD5Message)); +GetBasicResultAt(7, 12, s_CA5351Rule, "get_GetRC2", "RC2")); } [Fact] @@ -1346,7 +1348,7 @@ class TestClass RC2CryptoServiceProvider privateRC2 = new RC2CryptoServiceProvider(); } }", - GetCSharpResultAt(7, 47, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(7, 47, s_CA5351Rule, "TestClass", "RC2")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1356,7 +1358,7 @@ Private privateRC2 As New RC2CryptoServiceProvider() End Class End Namespace ", -GetBasicResultAt(5, 25, CA5351RuleName, _doNotUseMD5Message)); +GetBasicResultAt(5, 25, s_CA5351Rule, "TestClass", "RC2")); } //No VB [Fact] @@ -1375,7 +1377,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(10, 36, s_CA5351Rule, "Run", "RC2")); } //No VB [Fact] @@ -1391,7 +1393,7 @@ class TestClass Del d = delegate () { new RC2CryptoServiceProvider(); }; } }", - GetCSharpResultAt(8, 31, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(8, 31, s_CA5351Rule, "TestClass", "RC2")); } [Fact] @@ -1442,7 +1444,7 @@ public override void GenerateKey() } } }" }, - GetCSharpResultAt(10, 23, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(10, 23, s_CA5351Rule, "TestMethod", "RC2")); VerifyBasic(new[] { //Test0 @@ -1480,7 +1482,7 @@ End Sub End Class End Namespace " }, - GetBasicResultAt(6, 14, CA5351RuleName, _doNotUseMD5Message)); + GetBasicResultAt(6, 14, s_CA5351Rule, "TestMethod", "RC2")); } [Fact] @@ -1499,7 +1501,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 29, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 29, s_CA5350Rule, "TestMethod", "TripleDES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1510,7 +1512,7 @@ Private Shared Sub TestMethod() End Sub End Class End Namespace", - GetBasicResultAt(6, 23, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(6, 23, s_CA5350Rule, "TestMethod", "TripleDES")); } [Fact] @@ -1528,7 +1530,7 @@ public TripleDES GetTripleDES } } }", - GetCSharpResultAt(9, 26, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(9, 26, s_CA5350Rule, "get_GetTripleDES", "TripleDES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1541,7 +1543,7 @@ End Get End Property End Class End Namespace", - GetBasicResultAt(7, 12, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(7, 12, s_CA5350Rule, "get_GetTripleDES", "TripleDES")); } [Fact] @@ -1556,7 +1558,7 @@ class TestClass TripleDES privateDES = TripleDES.Create(""TripleDES""); } }", - GetCSharpResultAt(7, 32, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(7, 32, s_CA5350Rule, "TestClass", "TripleDES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1565,7 +1567,7 @@ Class TestClass Private privateDES As TripleDES = TripleDES.Create(""TripleDES"") End Class End Namespace", - GetBasicResultAt(5, 37, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(5, 37, s_CA5350Rule, "TestClass", "TripleDES")); } //No VB [Fact] @@ -1584,7 +1586,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 36, s_CA5350Rule, "Run", "TripleDES")); } [Fact] @@ -1600,7 +1602,7 @@ class TestClass Del d = delegate () { TripleDES.Create(""TripleDES""); }; } }", - GetCSharpResultAt(8, 31, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(8, 31, s_CA5350Rule, "TestClass", "TripleDES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1610,7 +1612,7 @@ Private Delegate Sub Del() Private d As Del = Sub() TripleDES.Create(""TripleDES"") End Class End Namespace", -GetBasicResultAt(6, 28, CA5350RuleName, _doNotUseSHA1Message)); +GetBasicResultAt(6, 28, s_CA5350Rule, "TestClass", "TripleDES")); } [Fact] @@ -1629,7 +1631,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 56, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 56, s_CA5350Rule, "TestMethod", "TripleDES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1639,7 +1641,7 @@ Sub TestMethod() Dim tDESalg As New TripleDESCryptoServiceProvider End Sub End Module", -GetBasicResultAt(6, 24, CA5350RuleName, _doNotUseSHA1Message)); +GetBasicResultAt(6, 24, s_CA5350Rule, "TestMethod", "TripleDES")); } [Fact] @@ -1657,7 +1659,7 @@ public TripleDESCryptoServiceProvider GetDES } } }", - GetCSharpResultAt(9, 26, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(9, 26, s_CA5350Rule, "get_GetDES", "TripleDES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1670,7 +1672,7 @@ End Get End Property End Class End Namespace", - GetBasicResultAt(7, 12, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(7, 12, s_CA5350Rule, "get_GetDES", "TripleDES")); } [Fact] @@ -1685,7 +1687,7 @@ class TestClass TripleDESCryptoServiceProvider privateDES = new TripleDESCryptoServiceProvider(); } }", - GetCSharpResultAt(7, 53, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(7, 53, s_CA5350Rule, "TestClass", "TripleDES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1694,7 +1696,7 @@ Class TestClass Private privateDES As New TripleDESCryptoServiceProvider() End Class End Namespace", -GetBasicResultAt(5, 25, CA5350RuleName, _doNotUseSHA1Message)); +GetBasicResultAt(5, 25, s_CA5350Rule, "TestClass", "TripleDES")); } //No VB [Fact] @@ -1713,7 +1715,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 36, s_CA5350Rule, "Run", "TripleDES")); } //No VB [Fact] @@ -1729,7 +1731,7 @@ class TestClass Del d = delegate () { new TripleDESCryptoServiceProvider(); }; } }", - GetCSharpResultAt(8, 31, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(8, 31, s_CA5350Rule, "TestClass", "TripleDES")); } [Fact] @@ -1781,8 +1783,8 @@ public override void GenerateKey() } } }" }, - GetCSharpResultAt(10, 26, CA5350RuleName, _doNotUseSHA1Message), - GetCSharpResultAt(11, 13, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 26, s_CA5350Rule, "TestMethod", "TripleDES"), + GetCSharpResultAt(11, 13, s_CA5350Rule, "TestMethod", "TripleDES")); VerifyBasic(new[] { //Test0 @@ -1823,8 +1825,8 @@ End Sub End Class End Namespace " }, - GetBasicResultAt(6, 17, CA5350RuleName, _doNotUseSHA1Message), - GetBasicResultAt(7, 4, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(6, 17, s_CA5350Rule, "TestMethod", "TripleDES"), + GetBasicResultAt(7, 4, s_CA5350Rule, "TestMethod", "TripleDES")); } [Fact] @@ -1843,7 +1845,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 25, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 25, s_CA5350Rule, "TestMethod", "RIPEMD160")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1853,7 +1855,7 @@ Sub TestMethod() Dim md1601alg As New RIPEMD160Managed End Sub End Module", -GetBasicResultAt(6, 26, CA5350RuleName, _doNotUseSHA1Message)); +GetBasicResultAt(6, 26, s_CA5350Rule, "TestMethod", "RIPEMD160")); } [Fact] @@ -1871,7 +1873,7 @@ public RIPEMD160Managed GetRIPEMD160 } } }", - GetCSharpResultAt(9, 26, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(9, 26, s_CA5350Rule, "get_GetRIPEMD160", "RIPEMD160")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1884,7 +1886,7 @@ End Get End Property End Class End Namespace", - GetBasicResultAt(7, 12, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(7, 12, s_CA5350Rule, "get_GetRIPEMD160", "RIPEMD160")); } [Fact] @@ -1899,7 +1901,7 @@ class TestClass RIPEMD160Managed privateRIPEMD160 = new RIPEMD160Managed(); } }", - GetCSharpResultAt(7, 45, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(7, 45, s_CA5350Rule, "TestClass", "RIPEMD160")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1909,7 +1911,7 @@ Private privateRIPEMD160 As New RIPEMD160Managed() End Class End Namespace ", - GetBasicResultAt(5, 31, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(5, 31, s_CA5350Rule, "TestClass", "RIPEMD160")); } //No VB [Fact] @@ -1928,7 +1930,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 36, s_CA5350Rule, "Run", "RIPEMD160")); } //No VB [Fact] @@ -1944,7 +1946,7 @@ class TestClass Del d = delegate () { new RIPEMD160Managed(); }; } }", - GetCSharpResultAt(8, 31, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(8, 31, s_CA5350Rule, "TestClass", "RIPEMD160")); } [Fact] @@ -1963,7 +1965,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 31, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 31, s_CA5350Rule, "TestMethod", "RIPEMD160")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1974,7 +1976,7 @@ Private Shared Sub TestMethod() End Sub End Class End Namespace", - GetBasicResultAt(6, 29, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(6, 29, s_CA5350Rule, "TestMethod", "RIPEMD160")); } [Fact] @@ -1992,7 +1994,7 @@ public RIPEMD160 GetRIPEMD160 } } }", - GetCSharpResultAt(9, 26, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(9, 26, s_CA5350Rule, "get_GetRIPEMD160", "RIPEMD160")); VerifyBasic(@" Imports System.Security.Cryptography @@ -2005,7 +2007,7 @@ End Get End Property End Class End Namespace", -GetBasicResultAt(7, 12, CA5350RuleName, _doNotUseSHA1Message)); +GetBasicResultAt(7, 12, s_CA5350Rule, "get_GetRIPEMD160", "RIPEMD160")); } [Fact] @@ -2020,7 +2022,7 @@ class TestClass RIPEMD160 privateRIPEMD160 = RIPEMD160.Create(); } }", - GetCSharpResultAt(7, 38, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(7, 38, s_CA5350Rule, "TestClass", "RIPEMD160")); VerifyBasic(@" Imports System.Security.Cryptography @@ -2029,7 +2031,7 @@ Class TestClass Private privateRIPEMD160 As RIPEMD160 = RIPEMD160.Create() End Class End Namespace", - GetBasicResultAt(5, 43, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(5, 43, s_CA5350Rule, "TestClass", "RIPEMD160")); } //No VB [Fact] @@ -2048,7 +2050,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 36, s_CA5350Rule, "Run", "RIPEMD160")); } [Fact] @@ -2064,7 +2066,7 @@ class TestClass Del d = delegate () { RIPEMD160.Create(); }; } }", - GetCSharpResultAt(8, 31, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(8, 31, s_CA5350Rule, "TestClass", "RIPEMD160")); VerifyBasic(@" Imports System.Security.Cryptography @@ -2074,7 +2076,7 @@ Private Delegate Sub Del() Private d As Del = Sub() RIPEMD160.Create() End Class End Namespace", - GetBasicResultAt(6, 34, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(6, 34, s_CA5350Rule, "TestClass", "RIPEMD160")); } [Fact] @@ -2093,7 +2095,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 25, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 25, s_CA5350Rule, "TestMethod", "HMACRIPEMD160")); VerifyBasic(@" Imports System.Security.Cryptography @@ -2104,7 +2106,7 @@ Private Shared Sub TestMethod() End Sub End Class End Namespace", - GetBasicResultAt(6, 16, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(6, 16, s_CA5350Rule, "TestMethod", "HMACRIPEMD160")); } [Fact] @@ -2122,7 +2124,7 @@ public HMACRIPEMD160 GetHMARIPEMD160 } } }", - GetCSharpResultAt(9, 26, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(9, 26, s_CA5350Rule, "get_GetHMARIPEMD160", "HMACRIPEMD160")); VerifyBasic(@" Imports System.Security.Cryptography @@ -2135,7 +2137,7 @@ End Get End Property End Class End Namespace", - GetBasicResultAt(7, 12, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(7, 12, s_CA5350Rule, "get_GetHMARIPEMD160", "HMACRIPEMD160")); } [Fact] @@ -2150,7 +2152,7 @@ class TestClass HMACRIPEMD160 privateHMARIPEMD160 = new HMACRIPEMD160(); } }", - GetCSharpResultAt(7, 45, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(7, 45, s_CA5350Rule, "TestClass", "HMACRIPEMD160")); VerifyBasic(@" Imports System.Security.Cryptography @@ -2159,7 +2161,7 @@ Class TestClass Private privateHMARIPEMD160 As New HMACRIPEMD160() End Class End Namespace", - GetBasicResultAt(5, 34, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(5, 34, s_CA5350Rule, "TestClass", "HMACRIPEMD160")); } //No VB [Fact] @@ -2178,7 +2180,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 36, s_CA5350Rule, "Run", "HMACRIPEMD160")); } //No VB [Fact] @@ -2194,7 +2196,7 @@ class TestClass Del d = delegate () { new HMACRIPEMD160(); }; } }", - GetCSharpResultAt(8, 31, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(8, 31, s_CA5350Rule, "TestClass", "HMACRIPEMD160")); } [Fact] @@ -2240,7 +2242,7 @@ protected override byte[] HashFinal() } } }" }, - GetCSharpResultAt(10, 25, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 25, s_CA5350Rule, "TestMethod", "RIPEMD160")); VerifyBasic(new[] { //Test0 @@ -2274,7 +2276,7 @@ Throw New NotImplementedException() End Function End Class End Namespace" }, - GetBasicResultAt(6, 16, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(6, 16, s_CA5350Rule, "TestMethod", "RIPEMD160")); } [Fact] @@ -2320,7 +2322,7 @@ protected override byte[] HashFinal() } } }" }, - GetCSharpResultAt(10, 25, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(10, 25, s_CA5350Rule, "TestMethod", "RIPEMD160")); VerifyBasic(new[] { //Test0 @@ -2354,7 +2356,7 @@ End Function End Class End Namespace " }, - GetBasicResultAt(6, 16, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(6, 16, s_CA5350Rule, "TestMethod", "RIPEMD160")); } [Fact] @@ -2375,7 +2377,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(12, 25, CA5350RuleName, _doNotUseSHA1Message)); + GetCSharpResultAt(12, 25, s_CA5350Rule, "TestMethod", "HMACRIPEMD160")); VerifyBasic(@" Imports System.Security.Cryptography @@ -2390,7 +2392,7 @@ Private Shared Sub TestMethod() End Sub End Class End Namespace", - GetBasicResultAt(10, 16, CA5350RuleName, _doNotUseSHA1Message)); + GetBasicResultAt(10, 16, s_CA5350Rule, "TestMethod", "HMACRIPEMD160")); } [Fact] @@ -2409,7 +2411,7 @@ private static void TestMethod(DSA dsa, byte[] inBytes) } } }", - GetCSharpResultAt(10, 23, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(10, 23, s_CA5351Rule, "TestMethod", "DSA")); VerifyBasic(@" Imports System.Security.Cryptography @@ -2420,7 +2422,7 @@ Dim dsa As New DSACryptoServiceProvider Return dsa.CreateSignature(bytes) End Function End Module", -GetBasicResultAt(7, 16, CA5351RuleName, _doNotUseMD5Message)); +GetBasicResultAt(7, 16, s_CA5351Rule, "TestMethod", "DSA")); } [Fact] @@ -2441,7 +2443,7 @@ public byte[] MyProperty } } }", - GetCSharpResultAt(12, 20, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(12, 20, s_CA5351Rule, "get_MyProperty", "DSA")); VerifyBasic(@" Imports System.Security.Cryptography @@ -2455,7 +2457,7 @@ Return dsa1.CreateSignature(inBytes) End Get End Property End Class", - GetBasicResultAt(9, 11, CA5351RuleName, _doNotUseMD5Message)); + GetBasicResultAt(9, 11, s_CA5351Rule, "get_MyProperty", "DSA")); } [Fact] @@ -2475,8 +2477,8 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 23, CA5351RuleName, _doNotUseMD5Message), - GetCSharpResultAt(11, 23, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(10, 23, s_CA5351Rule, "TestMethod", "DSA"), + GetCSharpResultAt(11, 23, s_CA5351Rule, "TestMethod", "DSA")); VerifyBasic(@" Imports System.Security.Cryptography @@ -2489,8 +2491,8 @@ Private Shared Sub TestMethod() End Sub End Class End Namespace", - GetBasicResultAt(7, 23, CA5351RuleName, _doNotUseMD5Message), - GetBasicResultAt(8, 23, CA5351RuleName, _doNotUseMD5Message)); + GetBasicResultAt(7, 23, s_CA5351Rule, "TestMethod", "DSA"), + GetBasicResultAt(8, 23, s_CA5351Rule, "TestMethod", "DSA")); } [Fact] @@ -2512,8 +2514,8 @@ public DSASignatureFormatter MyProperty } } }", - GetCSharpResultAt(12, 43, CA5351RuleName, _doNotUseMD5Message), - GetCSharpResultAt(13, 25, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(12, 43, s_CA5351Rule, "get_MyProperty", "DSA"), + GetCSharpResultAt(13, 25, s_CA5351Rule, "get_MyProperty", "DSA")); VerifyBasic(@" Imports System.Security.Cryptography @@ -2530,8 +2532,8 @@ End If End Get End Property End Class", - GetBasicResultAt(9, 12, CA5351RuleName, _doNotUseMD5Message), - GetBasicResultAt(11, 12, CA5351RuleName, _doNotUseMD5Message)); + GetBasicResultAt(9, 12, s_CA5351Rule, "get_MyProperty", "DSA"), + GetBasicResultAt(11, 12, s_CA5351Rule, "get_MyProperty", "DSA")); } [Fact] @@ -2599,7 +2601,7 @@ public override bool VerifySignature(byte[] rgbHash, byte[] rgbSignature) } } }" }, - GetCSharpResultAt(11, 13, CA5351RuleName, _doNotUseMD5Message)); + GetCSharpResultAt(11, 13, s_CA5351Rule, "TestMethod", "DSA")); VerifyBasic(new[] { //Test0 @@ -2650,7 +2652,7 @@ Throw New NotImplementedException() End Function End Class End Namespace" }, - GetBasicResultAt(7, 4, CA5351RuleName, _doNotUseMD5Message)); + GetBasicResultAt(7, 4, s_CA5351Rule, "TestMethod", "DSA")); } [Fact] @@ -2870,10 +2872,31 @@ protected override DiagnosticAnalyzer GetCSharpDiagnosticAnalyzer() return new CSharpDoNotUseInsecureCryptographicAlgorithmsAnalyzer(); } - private const string CA5350RuleName = DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographicRuleId; - private const string CA5351RuleName = DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographicRuleId; - - private readonly string _doNotUseMD5Message = SystemSecurityCryptographyResources.DoNotUseMD5; - private readonly string _doNotUseSHA1Message = SystemSecurityCryptographyResources.DoNotUseSHA1; + private const string CA5350RuleName = DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRuleId; + private const string CA5351RuleName = DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRuleId; + + private static readonly string s_CA5350RuleTitle = SystemSecurityCryptographyResources.DoNotUseWeakCryptographicAlgorithms; + private static readonly string s_CA5351RuleTitle = SystemSecurityCryptographyResources.DoNotUseBrokenCryptographicAlgorithms; + + private static readonly string s_CA5350RuleMessage = SystemSecurityCryptographyResources.DoNotUseWeakCryptographicAlgorithmsMessage; + private static readonly string s_CA5351RuleMessage = SystemSecurityCryptographyResources.DoNotUseBrokenCryptographicAlgorithmsMessage; + + private static readonly DiagnosticDescriptor s_CA5350Rule = + new DiagnosticDescriptor(CA5350RuleName, + s_CA5350RuleTitle, + s_CA5350RuleMessage, + DiagnosticCategory.Security, + DiagnosticHelpers.DefaultDiagnosticSeverity, + true + ); + + private static readonly DiagnosticDescriptor s_CA5351Rule = + new DiagnosticDescriptor(CA5351RuleName, + s_CA5351RuleTitle, + s_CA5351RuleMessage, + DiagnosticCategory.Security, + DiagnosticHelpers.DefaultDiagnosticSeverity, + true + ); } } diff --git a/src/Microsoft.NetFramework.Analyzers/Core/MicrosoftNetFrameworkAnalyzersResources.resx b/src/Microsoft.NetFramework.Analyzers/Core/MicrosoftNetFrameworkAnalyzersResources.resx index 5ab1d6e8ee..cd89ad6d87 100644 --- a/src/Microsoft.NetFramework.Analyzers/Core/MicrosoftNetFrameworkAnalyzersResources.resx +++ b/src/Microsoft.NetFramework.Analyzers/Core/MicrosoftNetFrameworkAnalyzersResources.resx @@ -315,24 +315,6 @@ {0} is catching corrupted state exception. - - Do Not Use Broken Cryptographic Algorithms - - - An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. - - - {0} uses a broken cryptographic algorithm {1} - - - Do Not Use Weak Cryptographic Algorithms - - - Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. - - - {0} uses a weak cryptographic algorithm {1} - Types should not extend certain base types diff --git a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.cs.xlf b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.cs.xlf index 41c9d3cae4..5826fec769 100644 --- a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.cs.xlf +++ b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.cs.xlf @@ -332,36 +332,6 @@ {0} zachytává výjimku poškozující stav procesu. - - Do Not Use Broken Cryptographic Algorithms - Nepoužívejte prolomené kryptografické algoritmy - - - - An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. - Existuje útok, který je výpočetně dostatečně výkonný na to, aby prolomil tento algoritmus. Díky tomu můžou útočníci překonat kryptografické zabezpečení, které má algoritmus poskytovat. Podle typu aplikace a kryptografického algoritmu to může útočníkovi umožnit číst šifrované zprávy, upravovat je, falšovat digitální podpisy, upravovat hodnotu hash obsahu nebo jinak útočit na kryptografický systém založený na tomto algoritmu. Nahraďte místa, kde se používá šifrování, algoritmem AES (přípustné jsou varianty AES-256, AES-192 a AES-128) s délkou klíče alespoň 128 bitů. Nahraďte místa, kde se používá algoritmus hash, hashovací funkcí řady SHA-2, třeba SHA512, SHA384 nebo SHA256. Nahraďte místa, kde se používá digitální podpis, šifrováním RSA s délkou klíče alespoň 2048 bitů nebo algoritmem ECDSA s délkou klíče alespoň 256 bitů. - - - - {0} uses a broken cryptographic algorithm {1} - {0} používá prolomený kryptografický algoritmus {1}. - - - - Do Not Use Weak Cryptographic Algorithms - Nepoužívejte slabé kryptografické algoritmy - - - - Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. - Výkonnost kryptografických algoritmů časem klesá, protože útoky se stávají stále sofistikovanější a útočníci získávají přístup k vyššímu výpočetnímu výkonu. Podle typu aplikace a kryptografického algoritmu může další snižování jeho kryptografické síly umožnit útočníkovi číst šifrované zprávy, upravovat je, falšovat digitální podpisy, upravovat hodnotu hash obsahu nebo jinak útočit na kryptografický systém založený na tomto algoritmu. Nahraďte místa, kde se používá šifrování, algoritmem AES (přípustné jsou varianty AES-256, AES-192 a AES-128) s délkou klíče alespoň 128 bitů. Nahraďte místa, kde se používá algoritmus hash, hashovací funkcí řady SHA-2, třeba SHA-2 512, SHA-2 384 nebo SHA-2 256. - - - - {0} uses a weak cryptographic algorithm {1} - {0} používá slabý kryptografický algoritmus {1}. - - Types should not extend certain base types Typy by neměly rozšiřovat určité základní typy diff --git a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.de.xlf b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.de.xlf index 692666bf81..2d8855ea2a 100644 --- a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.de.xlf +++ b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.de.xlf @@ -332,36 +332,6 @@ "{0}" fängt eine Corrupted State Exception ab. - - Do Not Use Broken Cryptographic Algorithms - Keine beschädigten kryptografischen Algorithmen verwenden - - - - An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. - Es ist ein Angriff vorhanden, der es rechnerisch möglich macht, diesen Algorithmus zu zerstören. So können Angreifer die kryptografischen Garantien durchbrechen, für deren Bereitstellung er entwickelt wurde. Je nach Typ und Anwendung dieses kryptografischen Algorithmus können Angreifer verschlüsselte Nachrichten lesen, verschlüsselte Nachrichten manipulieren, digitale Signaturen fälschen, Hashinhalte manipulieren oder jedes auf diesem Algorithmus basierende Verschlüsselungssystem in anderer Hinsicht kompromittieren. Ersetzen Sie die Verwendung von Verschlüsselungen durch den AES-Algorithmus (AES-256, AES-192 und AES-128 sind zulässig) mit einer Schlüssellänge von mindestens 128 Bit. Ersetzen Sie die Verwendung von Hashing durch eine Hashfunktion in der SHA-2-Familie, beispielsweise SHA512, SHA384 oder SHA256. Ersetzen Sie die Verwendung digitaler Signaturen durch RSA mit einer Schlüssellänge von mindestens 2048 Bit oder durch ECDSA mit einer Schlüssellänge von mindestens 256 Bit. - - - - {0} uses a broken cryptographic algorithm {1} - "{0}" verwendet einen beschädigten kryptografischen Algorithmus: {1} - - - - Do Not Use Weak Cryptographic Algorithms - Keine schwachen kryptografischen Algorithmen verwenden - - - - Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. - Kryptografische Algorithmen verlieren mit der Zeit ihre Wirkung, weil Angreifer ihre Methoden verbessern und Zugang zu umfangreicheren Berechnungsalgorithmen erhalten. Je nach Typ und Anwendung dieses kryptografischen Algorithmus können Angreifer durch eine weitere Herabsetzung der kryptografischen Stärke verschlüsselte Nachrichten lesen, verschlüsselte Nachrichten manipulieren, digitale Signaturen fälschen, Hashinhalte manipulieren oder jedes auf diesem Algorithmus basierende Verschlüsselungssystem in anderer Hinsicht kompromittieren. Ersetzen Sie die Verwendung von Verschlüsselungen durch den AES-Algorithmus (AES-256, AES-192 und AES-128 sind zulässig) mit einer Schlüssellänge von mindestens 128 Bit. Ersetzen Sie die Verwendung von Hashing durch eine Hashfunktion in der SHA-2-Familie, beispielsweise SHA-2 512, SHA-2 384 oder SHA-2 256. - - - - {0} uses a weak cryptographic algorithm {1} - "{0}" verwendet einen schwachen kryptografischen Algorithmus: {1} - - Types should not extend certain base types Typen dürfen bestimmte Basistypen nicht erweitern diff --git a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.es.xlf b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.es.xlf index 787217ca94..210f19cd95 100644 --- a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.es.xlf +++ b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.es.xlf @@ -332,36 +332,6 @@ {0} está tomando una excepción de estado dañado. - - Do Not Use Broken Cryptographic Algorithms - No usar algoritmos criptográficos dañados - - - - An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. - Existe un ataque que hace factible a nivel computacional romper este algoritmo. Esto permite a los atacantes romper la garantía criptográfica que debe proporcionar. En función del tipo y la aplicación de este algoritmo criptográfico, esto podría permitir a los atacantes leer mensajes cifrados, alterar con mensajes cifrados, forzar firmas digitales, alterar con contenido con hash o poner en riesgo de otro modo cualquier sistema criptográfico basado en este algoritmo. Reemplace los usos del cifrado por el algoritmo AES (se aceptan AES-256, AES-192 y AES-128) con una longitud de clave igual o superior a 128 bits. Reemplace los usos del hash por una función hash de la familia de SHA-2, como SHA512, SHA384 o SHA256. Reemplace los usos de la firma digital por RSA con una longitud de clave igual o superior a 2048 bits, o ECDSA con una longitud de clave igual o superior a 256 bits. - - - - {0} uses a broken cryptographic algorithm {1} - {0} usa un algoritmo criptográfico dañado {1}. - - - - Do Not Use Weak Cryptographic Algorithms - No usar algoritmos criptográficos poco seguros - - - - Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. - Los algoritmos criptográficos se degradan con el tiempo a medida que los ataques evolucionan y permiten al atacante obtener mayor cantidad de computación. En función del tipo y la aplicación de este algoritmo criptográfico, una mayor degradación de la solidez criptográfica podría permitir a los atacantes leer mensajes cifrados, alterar con mensajes cifrados, forzar firmas digitales, alterar con contenido con hash o poner en riesgo de otro modo cualquier sistema criptográfico basado en este algoritmo. Reemplace los usos del cifrado por el algoritmo AES (se aceptan AES-256, AES-192 y AES-128) con una longitud de clave igual o superior a 128 bits. Reemplace los usos del hash por una función hash de la familia de SHA-2, como SHA-2 512, SHA-2 384 o SHA-2 256. - - - - {0} uses a weak cryptographic algorithm {1} - {0} usa un algoritmo criptográfico poco seguro {1}. - - Types should not extend certain base types Los tipos no deben extender ciertos tipos base diff --git a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.fr.xlf b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.fr.xlf index 2573cb8d1b..eb12b2652a 100644 --- a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.fr.xlf +++ b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.fr.xlf @@ -332,36 +332,6 @@ {0} intercepte l'exception état altéré. - - Do Not Use Broken Cryptographic Algorithms - Ne pas utiliser d'algorithmes de chiffrement cassés - - - - An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. - Avec la puissance de calcul appropriée, il est possible de casser cet algorithme. Cela permet aux pirates de réduire à néant les garanties de chiffrement censées être offertes. En fonction du type et de l'application de cet algorithme de chiffrement, les pirates peuvent lire des messages chiffrés, falsifier des messages chiffrés, falsifier des signatures numériques, falsifier du contenu basé sur un code de hachage ou compromettre d'une façon ou d'une autre tout système de chiffrement reposant sur cet algorithme. Remplacez la clé de chiffrement de l'algorithme AES (les algorithmes AES-256, AES-192 et AES-128 sont acceptables) par une clé de longueur supérieure ou égale à 128 bits. Remplacez l'utilisation des codes de hachage par une fonction de hachage de la famille SHA-2, par exemple SHA512, SHA384 ou SHA256. Remplacez l'utilisation des signatures numériques par un chiffrement RSA dont la longueur de clé est supérieure ou égale à 2 048 bits, ou par un algorithme ECDSA dont la longueur de clé est supérieure ou égale à 256 bits. - - - - {0} uses a broken cryptographic algorithm {1} - {0} utilise un algorithme de chiffrement cassé {1} - - - - Do Not Use Weak Cryptographic Algorithms - Ne pas utiliser d'algorithmes de chiffrement faibles - - - - Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. - Les algorithmes de chiffrement se dégradent au fil du temps, car les pirates accèdent à une puissance de calcul toujours plus importante. En fonction du type et de l'application de cet algorithme de chiffrement, plus sa force de chiffrement se dégrade, plus les pirates peuvent lire des messages chiffrés, falsifier des messages chiffrés, falsifier des signatures numériques, falsifier du contenu basé sur un code de hachage ou compromettre d'une façon ou d'une autre tout système de chiffrement reposant sur cet algorithme. Remplacez la clé de chiffrement de l'algorithme AES (les algorithmes AES-256, AES-192 et AES-128 sont acceptables) par une clé de longueur supérieure ou égale à 128 bits. Remplacez l'utilisation des codes de hachage par une fonction de hachage de la famille SHA-2, par exemple SHA-2 512, SHA-2 384 ou SHA-2 256. - - - - {0} uses a weak cryptographic algorithm {1} - {0} utilise un algorithme de chiffrement faible {1} - - Types should not extend certain base types Les types ne doivent pas étendre certains types de base diff --git a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.it.xlf b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.it.xlf index 3ec9a4eadc..cf78e08e5d 100644 --- a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.it.xlf +++ b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.it.xlf @@ -332,36 +332,6 @@ {0} sta rilevando l'eccezione stato danneggiato. - - Do Not Use Broken Cryptographic Algorithms - Non usare algoritmi di crittografia violati - - - - An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. - È stato individuato un attacco in grado di violare questo algoritmo dal punto di vista del calcolo. Gli utenti malintenzionati potrebbero violare le garanzie crittografiche che l'algoritmo dovrebbe offrire. A seconda del tipo e dell'applicazione di questo algoritmo di crittografia, questo potrebbe consentire agli utenti malintenzionati di leggere messaggi crittografati, manomettere messaggi crittografati, falsare firme digitali, manomettere contenuto con hash o compromettere in altro modo eventuali sistemi di crittografia basati su questo algoritmo. Sostituire la crittografia usata con l'algoritmo AES (sono accettabili AES-256, AES-192 e AES-128) con una lunghezza di chiave maggiore o uguale a 128 bit. Sostituire gli hash usati con una funzione hash della famiglia SHA-2, ad esempio SHA512, SHA384 o SHA256. Sostituire le firme digitali usate con RSA con una lunghezza di chiave maggiore o uguale a 2048 bit oppure con ECDSA con una lunghezza di chiave maggiore o uguale a 256 bit. - - - - {0} uses a broken cryptographic algorithm {1} - {0} usa un algoritmo di crittografia violato {1} - - - - Do Not Use Weak Cryptographic Algorithms - Non usare algoritmi di crittografia vulnerabili - - - - Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. - Gli algoritmi di crittografia degradano col passare del tempo quando gli attacchi si fanno più sofisticati consentendo a utenti malintenzionati di accedere a un maggior numero di dati di calcolo. A seconda del tipo e dell'applicazione di questo algoritmo di crittografia, nonché della riduzione dell'efficacia crittografica, questo potrebbe consentire agli utenti malintenzionati di leggere messaggi crittografati, manomettere messaggi crittografati, falsare firme digitali, manomettere contenuto con hash o compromettere in altro modo eventuali sistemi di crittografia basati su questo algoritmo. Sostituire la crittografia usata con l'algoritmo AES (sono accettabili AES-256, AES-192 e AES-128) con una lunghezza di chiave maggiore o uguale a 128 bit. Sostituire gli hash usati con una funzione hash della famiglia SHA-2, ad esempio SHA-2 512, SHA-2 384, or SHA-2 256. - - - - {0} uses a weak cryptographic algorithm {1} - {0} usa un algoritmo di crittografia vulnerabile {1} - - Types should not extend certain base types I tipi non devono estendere determinati tipi di base diff --git a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.ja.xlf b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.ja.xlf index 062d9aa5e5..981ba0e6ef 100644 --- a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.ja.xlf +++ b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.ja.xlf @@ -332,36 +332,6 @@ {0} が破損状態例外をキャッチしています。 - - Do Not Use Broken Cryptographic Algorithms - 破られた暗号アルゴリズムを使用しない - - - - An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. - このアルゴリズムを破ることをコンピューター的に実現する攻撃が存在します。これによって攻撃者は、提供されるはずの暗号化による保証を破ることが可能になります。この暗号アルゴリズムの種類とアプリケーションによっては、攻撃者は、暗号化されたメッセージの読み取り、暗号化されたメッセージの改ざん、デジタル署名の偽造、ハッシュされたコンテンツの改ざん、またはこのアルゴリズムに基づく暗号システムの侵害を実行できるようになる可能性があります。暗号化の使用を、キーの長さが 128 ビット以上の AES アルゴリズム (AES-256、AES-192、および AES-128 が使用可能) に置き換えます。ハッシュの使用を、SHA512、SHA384、SHA256 などの SHA-2 ファミリのハッシュ関数に置き換えます。デジタル署名の使用を、キーの長さが 2048 ビット以上の RSA か、キーの長さが 256 ビット以上の ECDSA に置き換えます。 - - - - {0} uses a broken cryptographic algorithm {1} - {0} が、破られた暗号アルゴリズム {1} を使用します - - - - Do Not Use Weak Cryptographic Algorithms - 脆弱な暗号アルゴリズムを使用しない - - - - Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. - 攻撃が進化し、攻撃者がアクセスできる計算が増えるにつれ、暗号アルゴリズムは徐々に弱まっていきます。この暗号アルゴリズムの種類とアプリケーションによっては、暗号の強度がさらに弱くなると、攻撃者は、暗号化されたメッセージの読み取り、暗号化されたメッセージの改ざん、デジタル署名の偽造、ハッシュされたコンテンツの改ざん、またはこのアルゴリズムに基づく暗号システムの侵害を実行できるようになる可能性があります。暗号化の使用を、キーの長さが 128 ビット以上の AES アルゴリズム (AES-256、AES-192、および AES-128 が使用可能) に置き換えます。ハッシュの使用を、SHA-2 512、SHA-2 384、SHA-2 256 などの SHA-2 ファミリのハッシュ関数に置き換えます。 - - - - {0} uses a weak cryptographic algorithm {1} - {0} が、脆弱な暗号アルゴリズム {1} を使用します - - Types should not extend certain base types 型は、一定の基本型を拡張することはできません diff --git a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.ko.xlf b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.ko.xlf index 5e478f6bbe..fa14fee4ad 100644 --- a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.ko.xlf +++ b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.ko.xlf @@ -332,36 +332,6 @@ {0}이(가) 손상된 상태 예외를 catch하고 있습니다. - - Do Not Use Broken Cryptographic Algorithms - 손상된 암호화 알고리즘을 사용하지 마세요. - - - - An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. - 계산상 이 알고리즘을 손상시킬 수 있는 공격이 있습니다. 이를 통해, 제공되어야 하는 암호화 보장이 공격자에 의해 손상될 수 있습니다. 암호화 알고리즘의 형식과 응용 프로그램에 따라 공격자가 암호화된 메시지를 읽고, 암호화된 메시지를 변조하고, 디지털 서명을 위조하고, 해시된 콘텐츠를 변조하거나 이 알고리즘 기반의 암호화 시스템을 손상시킬 수 있습니다. 암호화를 키 길이가 128비트보다 크거나 같은 AES 알고리즘(AES-256, AES-192 및 AES-128 사용 가능)으로 바꾸세요. 해시를 SHA512, SHA384 또는 SHA256과 같은 SHA-2 패밀리의 해시 알고리즘으로 바꾸세요. 디지털 서명을 키 길이가 2048비트보다 크거나 같은 RSA 또는 키 길이가 256비트보다 크거나 같은 ECDSA로 바꾸세요. - - - - {0} uses a broken cryptographic algorithm {1} - {0}이(가) 손상된 암호화 알고리즘 {1}을(를) 사용합니다. - - - - Do Not Use Weak Cryptographic Algorithms - 취약한 암호화 알고리즘을 사용하지 마세요. - - - - Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. - 암호화 알고리즘의 성능이 점점 저하되어 공격자가 더 많은 계산에 액세스할 수 있도록 공격이 진화합니다. 암호화 알고리즘의 형식과 응용 프로그램 및 계속 저하되는 암호화 기능에 따라 공격자가 암호화된 메시지를 읽고, 암호화된 메시지를 변조하고, 디지털 서명을 위조하고, 해시된 콘텐츠를 변조하거나 이 알고리즘 기반의 암호화 시스템을 손상시킬 수 있습니다. 암호화를 키 길이가 128비트보다 크거나 같은 AES 알고리즘(AES-256, AES-192 및 AES-128 사용 가능)으로 바꾸세요. 해시를 SHA-2 512, SHA-2 384 또는 SHA-2 256과 같은 SHA-2 패밀리의 해시 알고리즘으로 바꾸세요. - - - - {0} uses a weak cryptographic algorithm {1} - {0}이(가) 취약한 암호화 알고리즘 {1}을(를) 사용합니다. - - Types should not extend certain base types 형식은 특정 기본 형식을 확장할 수 없습니다. diff --git a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.pl.xlf b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.pl.xlf index 5ba221dcdc..1fd5a69b24 100644 --- a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.pl.xlf +++ b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.pl.xlf @@ -332,36 +332,6 @@ Element {0} przechwytuje wyjątek stanu uszkodzenia. - - Do Not Use Broken Cryptographic Algorithms - Nie używaj złamanych algorytmów kryptograficznych - - - - An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. - Możliwe jest przeprowadzenie ataku umożliwiającego obliczeniowe złamanie tego algorytmu. Pozwala to atakującym na złamanie kryptograficznych gwarancji, jakie powinien zapewniać. W zależności od typu i zastosowania tego algorytmu kryptograficznego może to umożliwić atakującemu odczytanie zaszyfrowanych wiadomości, ingerowanie w zaszyfrowane wiadomości, fałszowanie podpisów cyfrowych, ingerowanie w mieszaną zawartość lub inne naruszenie systemu kryptograficznego opartego na tym algorytmie. Zastąp użycia szyfrowane algorytmem AES (akceptowane są algorytmy AES-256, AES-192 i AES-128) z kluczem o długości równej lub większej niż 128 bitów. Zastąp użycia mieszane funkcją skrótu z rodziny SHA-2, taką jak SHA512, SHA384 lub SHA256. Zastąp użycia podpisu cyfrowego certyfikatem RSA z kluczem o długości równej lub większej niż 2048 bitów lub certyfikatem ECDSA z kluczem o długości równej lub większej niż 256 bitów. - - - - {0} uses a broken cryptographic algorithm {1} - Element {0} używa złamanych algorytmów kryptograficznych {1} - - - - Do Not Use Weak Cryptographic Algorithms - Nie używaj słabych algorytmów kryptograficznych - - - - Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. - Algorytmy kryptograficzne pogarszają się z upływem czasu, ponieważ ataki stają się coraz bardziej zaawansowane, a atakujący zyskują dostęp do większej ilości zasobów obliczeniowych. W zależności od typu i zastosowania tego algorytmu kryptograficznego dalsze osłabianie siły kryptograficznej algorytmu może umożliwić atakującemu odczytanie zaszyfrowanych wiadomości, ingerowanie w zaszyfrowane wiadomości, fałszowanie podpisów cyfrowych, ingerowanie w mieszaną zawartość lub inne naruszenie systemu kryptograficznego opartego na tym algorytmie. Zastąp użycia szyfrowane algorytmem AES (akceptowane są algorytmy AES-256, AES-192 i AES-128) z kluczem o długości równej lub większej niż 128 bitów. Zastąp użycia mieszane funkcją skrótu z rodziny SHA-2, taką jak SHA-2 512, SHA-2 384 lub SHA-2 256. - - - - {0} uses a weak cryptographic algorithm {1} - Element {0} używa słabych algorytmów kryptograficznych {1} - - Types should not extend certain base types Typy nie powinny rozszerzać niektórych typów podstawowych diff --git a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.pt-BR.xlf b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.pt-BR.xlf index f3a5ed13a6..8ee395862e 100644 --- a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.pt-BR.xlf +++ b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.pt-BR.xlf @@ -332,36 +332,6 @@ {0} está capturando uma exceção de estado corrompido. - - Do Not Use Broken Cryptographic Algorithms - Não usar algoritmos de criptografia desfeitos - - - - An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. - Existe um ataque que torna computacionalmente viável desfazer este algoritmo. Isso permite que os invasores desfaçam as garantias criptográficas que ele foi criado para fornecer. Dependendo do tipo e da aplicação desse algoritmo de criptografia, isso pode permitir que os invasores leiam e adulterem mensagens cifradas, forjem assinaturas digitais, adulterem conteúdo com hash ou, de outra forma, comprometam qualquer sistema de criptografia baseado nesse algoritmo. Substitua os usos de criptografia com o algoritmo AES (AES-256, AES-192 e AES-128 são aceitáveis) por um comprimento de chave maior ou igual a 128 bits. Substitua os usos de hash por uma função de hash na família SHA-2, tal como SHA512, SHA384 ou SHA256. A assinatura digital de substituição usa o RSA com um comprimento de chave maior ou igual a 2.048 bits ou o ECDSA com um comprimento de chave maior ou igual a 256 bits. - - - - {0} uses a broken cryptographic algorithm {1} - {0} usa um algoritmo de criptografia desfeito {1} - - - - Do Not Use Weak Cryptographic Algorithms - Não usar algoritmos de criptografia fracos - - - - Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. - Os algoritmos de criptografia são afetados com o tempo à medida que os ataques avançam para que o invasor obtenha acesso a mais computação. Dependendo do tipo e da aplicação desse algoritmo de criptografia, uma degradação maior da força criptográfica dele pode permitir que os invasores leiam e adulterem mensagens cifradas, forjem assinaturas digitais, adulterem conteúdo com hash ou, de outra forma, comprometam qualquer sistema de criptografia baseado nesse algoritmo. Substitua os usos de criptografia com o algoritmo AES (AES-256, AES-192 e AES-128 são aceitáveis) por um comprimento de chave maior ou igual a 128 bits. Substitua os usos de hash por uma função de hash na família SHA-2, como SHA-2 512, SHA-2 384 ou SHA-2 256. - - - - {0} uses a weak cryptographic algorithm {1} - {0} usa um algoritmo de criptografia fraco {1} - - Types should not extend certain base types Tipos não devem estender certos tipos base diff --git a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.ru.xlf b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.ru.xlf index 8a739cdde1..cdcbd8b16a 100644 --- a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.ru.xlf +++ b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.ru.xlf @@ -332,36 +332,6 @@ {0} перехватывает исключение поврежденного состояния. - - Do Not Use Broken Cryptographic Algorithms - Не используйте взломанные алгоритмы шифрования - - - - An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. - С точки зрения вычислений существует атака, позволяющая взломать данный алгоритм. Это позволяет злоумышленникам нарушить предоставляемые им гарантии шифрования. В зависимости от типа и способа применения алгоритма шифрования злоумышленники могут считать или незаконно изменить зашифрованные сообщения, подделать цифровые подписи, незаконно изменить хэшированное содержимое, а также скомпрометировать любую систему шифрования, основанную на этом алгоритме. Замените средства шифрования на алгоритм AES (допустимы AES-256, AES-192 и AES-128) с длиной ключа не меньше 128 бит. Замените средства хэширования на хэш-функцию из семейства SHA-2, например SHA512, SHA384 или SHA256. Замените средства цифровой подписи на RSA с длиной ключа не меньше 2048 бит или ECDSA с длиной ключа не меньше 256 бит. - - - - {0} uses a broken cryptographic algorithm {1} - {0} использует взломанный алгоритм шифрования {1} - - - - Do Not Use Weak Cryptographic Algorithms - Не используйте слабые алгоритмы шифрования - - - - Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. - Алгоритмы шифрования постепенно устаревают, так как злоумышленники получают в свое распоряжение все большие вычислительные мощности, а их атаки становятся все изощреннее. В зависимости от типа и способа применения алгоритма шифрования снижение его криптографической стойкости может позволить злоумышленникам считать или незаконно изменить зашифрованные сообщения, подделать цифровые подписи, незаконно изменить хэшированное содержимое, а также скомпрометировать любую систему шифрования, основанную на этом алгоритме. Замените средства шифрования на алгоритм AES (допустимы AES-256, AES-192 и AES-128) с длиной ключа не меньше 128 бит. Замените средства хэширования на хэш-функцию из семейства SHA-2, например SHA-2 512, SHA-2 384 или SHA-2 256. - - - - {0} uses a weak cryptographic algorithm {1} - {0} использует слабый алгоритм шифрования {1} - - Types should not extend certain base types Типы не должны расширять определенные базовые типы diff --git a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.tr.xlf b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.tr.xlf index 16a020ec26..496f6eafb8 100644 --- a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.tr.xlf +++ b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.tr.xlf @@ -332,36 +332,6 @@ {0} bozuk durum özel durumlarını yakalıyor. - - Do Not Use Broken Cryptographic Algorithms - Bozuk Kriptografik Algoritmalar Kullanma - - - - An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. - Bu algoritmayı bozmayı işlemsel olarak uygun hale getiren bir saldırı var. Bu, saldırganların sağlamak için tasarlanan kriptografik garantileri aşmasına olanak sağlar. Bu kriptografik algoritmanın türü ve uygulamasına bağlı olarak, bu saldırganların şifrelenmiş iletileri okumasına, şifrelenmiş iletilen üzerinde oynamasına, dijital imza sahteciliği yapmasına, karma içerik üzerinde oynamasına veya bu algoritmayı temel alan herhangi bir kriptosistemin güvenliğini bozmasına neden olabilir. AES algoritması (AES-256, AES-192 ve AES-128 kabul edilebilir) ile şifreleme kullanımlarını 128 bit veya daha büyük bir anahtar uzunluğuyla değiştirin. Karma kullanımlarını SHA512, SHA384 veya SHA256 gibi SHA-2 ailesindeki bir karma işleviyle değiştirin. RSA ile dijital imza kullanımlarını 2048 bit veya daha büyük bir anahtar uzunluğuyla veya ECDSA’yı 256 bit veya daha büyük bir anahtar uzunluğuyla değiştirin. - - - - {0} uses a broken cryptographic algorithm {1} - {0} bozuk {1} kriptografik algoritmasını kullanıyor - - - - Do Not Use Weak Cryptographic Algorithms - Zayıf Kriptografik Algoritmalar Kullanma - - - - Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. - Saldırgan daha fazla işlem erişimi elde ettikçe kriptografik algoritmalar zaman içinde zayıflar. Bu kriptografik algoritmanın türü ve uygulamasına bağlı olarak, kriptografik gücün daha da zayıflatılması saldırganların şifrelenmiş iletileri okumasına, şifrelenmiş iletilen üzerinde oynamasına, dijital imza sahteciliği yapmasına, karma içerik üzerinde oynamasına veya bu algoritmayı temel alan herhangi bir kriptosistemin güvenliğini bozmasına neden olabilir. AES algoritması (AES-256, AES-192 ve AES-128 kabul edilebilir) ile şifreleme kullanımlarını 128 bit veya daha büyük bir anahtar uzunluğuyla değiştirin. Karma kullanımlarını SHA-2 512, SHA-2 384 veya SHA-2 256 gibi SHA-2 ailesindeki bir karma işleviyle değiştirin. - - - - {0} uses a weak cryptographic algorithm {1} - {0} zayıf {1} kriptografik algoritmasını kullanıyor - - Types should not extend certain base types Türler belirli temel türleri genişletmemelidir diff --git a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.zh-Hans.xlf b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.zh-Hans.xlf index eb91f110bf..55b0162e7f 100644 --- a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.zh-Hans.xlf +++ b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.zh-Hans.xlf @@ -332,36 +332,6 @@ {0} 正在捕获损坏状态异常。 - - Do Not Use Broken Cryptographic Algorithms - 不要使用损坏的加密算法 - - - - An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. - 存在可能在计算方面破坏此算法的攻击。这使得攻击者可以破坏它本应提供的加密保证。根据此加密算法的类型和应用情况,可能会使攻击者读取加密消息、篡改加密消息、伪造数字签名、篡改哈希内容,或以其他方式危害任何基于该算法的加密系统。将加密用法替换为密钥长度大于或等于 128 位的 AES 算法(AES-256、AES-192 和 AES-128 均可)。将哈希用法替换为 SHA-2 系列中的哈希函数,例如 SHA512、SHA384 或 SHA256。将数字签名用法替换为密钥长度大于等于 2048 位的 RSA,或者密钥长度大于等于 256 位的 ECDSA。 - - - - {0} uses a broken cryptographic algorithm {1} - {0} 使用损坏的加密算法 {1} - - - - Do Not Use Weak Cryptographic Algorithms - 不要使用弱加密算法 - - - - Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. - 加密算法随时间的推移而变弱,因为攻击成为攻击者获取更多计算的推动因素。根据此加密算法的类型和应用情况,其加密强度逐渐降低可能会使攻击者读取加密消息、篡改加密消息、伪造数字签名、篡改哈希内容,或以其他方式危害任何基于该算法的加密系统。将加密用法替换为密钥长度大于或等于 128 位的 AES 算法(AES-256、AES-192 和 AES-128 均可)。将哈希用法替换为 SHA-2 系列中的哈希函数,例如 SHA-2 512、SHA-2 384 或 SHA-2 256。 - - - - {0} uses a weak cryptographic algorithm {1} - {0} 使用弱加密算法 {1} - - Types should not extend certain base types 类型不应扩展某些基类型 diff --git a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.zh-Hant.xlf b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.zh-Hant.xlf index 75ecc4e748..e458284e87 100644 --- a/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.zh-Hant.xlf +++ b/src/Microsoft.NetFramework.Analyzers/Core/xlf/MicrosoftNetFrameworkAnalyzersResources.zh-Hant.xlf @@ -332,36 +332,6 @@ {0} 正在擷取損毀狀態例外狀況。 - - Do Not Use Broken Cryptographic Algorithms - 請勿使用損壞的密碼編譯演算法 - - - - An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits. - 目前出現可用運算方式中斷此演算法的攻擊。如此會讓攻擊者能破壞原設計保證提供的密碼編譯。視此密碼編譯演算法的類型及應用方式之不同,會讓攻擊者能讀取加密的訊息、竄改加密的訊息、偽造數位簽章、竄改雜湊內容,或危害任何以此演算法為基礎的密碼系統。以長度大於或等於 128 位元的金鑰,取代搭配 AES (可接受 AES-256、AES-192 和 AES-128) 演算法的加密。以 SHA512、SHA384 或 SHA256 等 SHA-2 系列中的雜湊函數,取代雜湊用法。以長度大於或等於 2048 位元的金鑰,或金鑰長度大於或等於 256 位元的 ECDSA,取代搭配 RSA 的數位簽章。 - - - - {0} uses a broken cryptographic algorithm {1} - {0} 使用損壞的密碼編譯演算法 {1} - - - - Do Not Use Weak Cryptographic Algorithms - 請勿使用弱式密碼編譯演算法 - - - - Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered  messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256. - 因為攻擊者取得更多的運算存取,讓攻擊升級,以致密碼編譯演算法隨著時間減弱。視此密碼編譯演算法的類型及應用方式之不同,密碼編譯強度日益減弱,會讓攻擊者能讀取加密的訊息、竄改加密的訊息、偽造數位簽章、竄改雜湊內容,或危害任何以此演算法為基礎的密碼系統。以長度大於或等於 128 位元的金鑰,取代搭配 AES (可接受 AES-256、AES-192 和 AES-128) 演算法的加密。以 SHA-2 512、SHA-2 384 或 SHA-2 256 等 SHA-2 系列中的雜湊函數,取代雜湊用途。 - - - - {0} uses a weak cryptographic algorithm {1} - {0} 使用弱式密碼編譯演算法 {1} - - Types should not extend certain base types 類型不應擴充特定的基底類型 From 405cde4267f3b64ac711404631812a31aed4fd7f Mon Sep 17 00:00:00 2001 From: Paul Ming Date: Wed, 29 Aug 2018 16:12:04 -0700 Subject: [PATCH 4/4] Addressing review feedback --- .../Security/Helpers/SecurityMemberNames.cs | 5 +- ...UseInsecureCryptographicAlgorithmsTests.cs | 332 ++++++++---------- 2 files changed, 158 insertions(+), 179 deletions(-) diff --git a/src/Microsoft.NetCore.Analyzers/Core/Security/Helpers/SecurityMemberNames.cs b/src/Microsoft.NetCore.Analyzers/Core/Security/Helpers/SecurityMemberNames.cs index 2851392253..cba5bd30fe 100644 --- a/src/Microsoft.NetCore.Analyzers/Core/Security/Helpers/SecurityMemberNames.cs +++ b/src/Microsoft.NetCore.Analyzers/Core/Security/Helpers/SecurityMemberNames.cs @@ -2,8 +2,11 @@ namespace Microsoft.NetCore.Analyzers.Security.Helpers { + using System.Security.Cryptography; + internal static class SecurityMemberNames { - public const string CreateSignature = "CreateSignature"; + // This is nameof(System.Security.Cryptography.DSA.CreateSignature), but DSA doesn't exist in .NET Standard 1.3. + public const string CreateSignature = nameof(CreateSignature); } } diff --git a/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotUseInsecureCryptographicAlgorithmsTests.cs b/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotUseInsecureCryptographicAlgorithmsTests.cs index 484110492b..15cb8077d6 100644 --- a/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotUseInsecureCryptographicAlgorithmsTests.cs +++ b/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotUseInsecureCryptographicAlgorithmsTests.cs @@ -1,12 +1,12 @@ // Copyright (c) Microsoft. All Rights Reserved. Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. +using Analyzer.Utilities; +using Microsoft.CodeAnalysis; +using Microsoft.CodeAnalysis.Diagnostics; using Microsoft.NetCore.CSharp.Analyzers.Security; using Microsoft.NetCore.VisualBasic.Analyzers.Security; -using Microsoft.CodeAnalysis.Diagnostics; using Test.Utilities; using Xunit; -using Microsoft.CodeAnalysis; -using Analyzer.Utilities; namespace Microsoft.NetCore.Analyzers.Security.UnitTests { @@ -30,7 +30,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 23, s_CA5351Rule, "TestMethod", "MD5")); + GetCSharpResultAt(10, 23, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "MD5")); VerifyBasic(@" Imports System.Security.Cryptography @@ -40,7 +40,7 @@ Sub TestSub() Dim md5alg As MD5 = MD5.Create() End Sub End Module", - GetBasicResultAt(6, 29, s_CA5351Rule, "TestSub", "MD5")); + GetBasicResultAt(6, 29, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestSub", "MD5")); } //NO VB [Fact] @@ -55,7 +55,7 @@ class TestClass1 public MD5 GetMD5 => MD5.Create(); } }", - GetCSharpResultAt(7, 30, s_CA5351Rule, "TestClass1", "MD5")); + GetCSharpResultAt(7, 30, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestClass1", "MD5")); } [Fact] @@ -73,7 +73,7 @@ public HashAlgorithm GetAlg } } }", - GetCSharpResultAt(9, 26, s_CA5351Rule, "get_GetAlg", "MD5")); + GetCSharpResultAt(9, 26, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "get_GetAlg", "MD5")); VerifyBasic(@" Imports System.Security.Cryptography @@ -86,7 +86,7 @@ End Get End Property End Class End Namespace", - GetBasicResultAt(7, 12, s_CA5351Rule, "get_GetAlg", "MD5")); + GetBasicResultAt(7, 12, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "get_GetAlg", "MD5")); } [Fact] @@ -101,7 +101,7 @@ class TestClass1 public HashAlgorithm Alg = MD5.Create(); } }", - GetCSharpResultAt(7, 36, s_CA5351Rule, "TestClass1", "MD5")); + GetCSharpResultAt(7, 36, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestClass1", "MD5")); VerifyBasic(@" Imports System.Security.Cryptography @@ -110,7 +110,7 @@ Class TestClass1 Public Alg As HashAlgorithm = MD5.Create() End Class End Namespace", - GetBasicResultAt(5, 33, s_CA5351Rule, "TestClass1", "MD5")); + GetBasicResultAt(5, 33, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestClass1", "MD5")); } [Fact] @@ -129,7 +129,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, s_CA5351Rule, "Run", "MD5")); + GetCSharpResultAt(10, 36, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "Run", "MD5")); VerifyBasic(@" Imports System.Security.Cryptography @@ -143,7 +143,7 @@ Await Task.Run(Function() End Function End Class End Namespace", - GetBasicResultAt(8, 8, s_CA5351Rule, "Run", "MD5")); + GetBasicResultAt(8, 8, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "Run", "MD5")); } [Fact] @@ -159,7 +159,7 @@ class TestClass Del d = delegate () { MD5.Create(); }; } }", - GetCSharpResultAt(8, 31, s_CA5351Rule, "TestClass", "MD5")); + GetCSharpResultAt(8, 31, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestClass", "MD5")); VerifyBasic(@" Imports System.Security.Cryptography @@ -169,7 +169,7 @@ Private Delegate Sub Del() Private d As Del = Sub() MD5.Create() End Class End Namespace", - GetBasicResultAt(6, 28, s_CA5351Rule, "TestClass", "MD5")); + GetBasicResultAt(6, 28, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestClass", "MD5")); } [Fact] @@ -215,7 +215,7 @@ protected override byte[] HashFinal() } } }" }, - GetCSharpResultAt(10, 25, s_CA5351Rule, "TestMethod", "MD5")); + GetCSharpResultAt(10, 25, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "MD5")); VerifyBasic(new[] { //Test0 @@ -251,7 +251,7 @@ End Function End Class End Namespace"}, - GetBasicResultAt(7, 16, s_CA5351Rule, "TestMethod", "MD5")); + GetBasicResultAt(7, 16, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "MD5")); } #endregion @@ -274,7 +274,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 24, s_CA5350Rule, "TestMethod", "SHA1")); + GetCSharpResultAt(10, 24, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "SHA1")); VerifyBasic(@" Imports System.Security.Cryptography @@ -284,7 +284,7 @@ Sub TestSub() Dim sha1alg As SHA1 = SHA1.Create() End Sub End Module", - GetBasicResultAt(6, 31, s_CA5350Rule, "TestSub", "SHA1")); + GetBasicResultAt(6, 31, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestSub", "SHA1")); } //NO VB [Fact] @@ -299,7 +299,7 @@ class TestClass1 public SHA1 GetSHA1 => SHA1.Create(); } }", - GetCSharpResultAt(7, 32, s_CA5350Rule, "TestClass1", "SHA1")); + GetCSharpResultAt(7, 32, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass1", "SHA1")); } [Fact] @@ -317,7 +317,7 @@ public HashAlgorithm GetAlg } } }", - GetCSharpResultAt(9, 26, s_CA5350Rule, "get_GetAlg", "SHA1")); + GetCSharpResultAt(9, 26, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "get_GetAlg", "SHA1")); VerifyBasic(@" Imports System.Security.Cryptography @@ -330,7 +330,7 @@ End Get End Property End Class End Namespace", - GetBasicResultAt(7, 12, s_CA5350Rule, "get_GetAlg", "SHA1")); + GetBasicResultAt(7, 12, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "get_GetAlg", "SHA1")); } [Fact] @@ -345,7 +345,7 @@ class TestClass1 public HashAlgorithm Alg = SHA1.Create(); } }", - GetCSharpResultAt(7, 36, s_CA5350Rule, "TestClass1", "SHA1")); + GetCSharpResultAt(7, 36, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass1", "SHA1")); VerifyBasic(@" Imports System.Security.Cryptography @@ -354,7 +354,7 @@ Class TestClass1 Public Alg As HashAlgorithm = SHA1.Create() End Class End Namespace", - GetBasicResultAt(5, 33, s_CA5350Rule, "TestClass1", "SHA1")); + GetBasicResultAt(5, 33, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass1", "SHA1")); } [Fact] @@ -373,7 +373,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, s_CA5350Rule, "Run", "SHA1")); + GetCSharpResultAt(10, 36, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "Run", "SHA1")); VerifyBasic(@" Imports System.Security.Cryptography @@ -387,7 +387,7 @@ Await Task.Run(Function() End Function End Class End Namespace", - GetBasicResultAt(8, 8, s_CA5350Rule, "Run", "SHA1")); + GetBasicResultAt(8, 8, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "Run", "SHA1")); } [Fact] @@ -403,7 +403,7 @@ class TestClass Del d = delegate () { SHA1.Create(); }; } }", - GetCSharpResultAt(8, 31, s_CA5350Rule, "TestClass", "SHA1")); + GetCSharpResultAt(8, 31, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass", "SHA1")); VerifyBasic(@" Imports System.Security.Cryptography @@ -413,7 +413,7 @@ Private Delegate Sub Del() Private d As Del = Sub() SHA1.Create() End Class End Namespace", - GetBasicResultAt(6, 28, s_CA5350Rule, "TestClass", "SHA1")); + GetBasicResultAt(6, 28, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass", "SHA1")); } [Fact] @@ -459,7 +459,7 @@ protected override byte[] HashFinal() } } }" }, - GetCSharpResultAt(10, 26, s_CA5350Rule, "TestMethod", "SHA1")); + GetCSharpResultAt(10, 26, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "SHA1")); VerifyBasic(new[] { //Test0 @@ -492,7 +492,7 @@ Throw New System.NotImplementedException() End Function End Class End Namespace" }, - GetBasicResultAt(6, 17, s_CA5350Rule, "TestMethod", "SHA1")); + GetBasicResultAt(6, 17, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "SHA1")); } [Fact] @@ -511,7 +511,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 24, s_CA5350Rule, "TestMethod", "SHA1")); + GetCSharpResultAt(10, 24, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "SHA1")); VerifyBasic(@" Imports System.Security.Cryptography @@ -521,7 +521,7 @@ Sub TestMethod() Dim SHA1alg As New SHA1CryptoServiceProvider End Sub End Module", - GetBasicResultAt(6, 24, s_CA5350Rule, "TestMethod", "SHA1")); + GetBasicResultAt(6, 24, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "SHA1")); } [Fact] @@ -540,7 +540,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 28, s_CA5350Rule, "TestMethod", "HMACSHA1")); + GetCSharpResultAt(10, 28, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "HMACSHA1")); VerifyBasic(@" Imports System.Security.Cryptography @@ -550,7 +550,7 @@ Sub TestSub() Dim hmacsha1 As HMACSHA1 = New HMACSHA1() End Sub End Module", - GetBasicResultAt(6, 36, s_CA5350Rule, "TestSub", "HMACSHA1")); + GetBasicResultAt(6, 36, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestSub", "HMACSHA1")); } //No VB [Fact] @@ -565,7 +565,7 @@ class TestClass1 public HMAC GetHMACSHA1 => new HMACSHA1(); } }", - GetCSharpResultAt(7, 36, s_CA5350Rule, "TestClass1", "HMACSHA1")); + GetCSharpResultAt(7, 36, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass1", "HMACSHA1")); } [Fact] @@ -583,7 +583,7 @@ public HMAC GetAlg } } }", - GetCSharpResultAt(9, 26, s_CA5350Rule, "get_GetAlg", "HMACSHA1")); + GetCSharpResultAt(9, 26, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "get_GetAlg", "HMACSHA1")); VerifyBasic(@" Imports System.Security.Cryptography @@ -596,7 +596,7 @@ End Get End Property End Class End Namespace", - GetBasicResultAt(7, 12, s_CA5350Rule, "get_GetAlg", "HMACSHA1")); + GetBasicResultAt(7, 12, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "get_GetAlg", "HMACSHA1")); } [Fact] @@ -611,7 +611,7 @@ class TestClass1 public HMAC Alg = new HMACSHA1(); } }", - GetCSharpResultAt(7, 27, s_CA5350Rule, "TestClass1", "HMACSHA1")); + GetCSharpResultAt(7, 27, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass1", "HMACSHA1")); VerifyBasic(@" Imports System.Security.Cryptography @@ -620,7 +620,7 @@ Class TestClass1 Public Alg As HMAC = New HMACSHA1() End Class End Namespace", - GetBasicResultAt(5, 24, s_CA5350Rule, "TestClass1", "HMACSHA1")); + GetBasicResultAt(5, 24, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass1", "HMACSHA1")); } //No VB [Fact] @@ -639,7 +639,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, s_CA5350Rule, "Run", "HMACSHA1")); + GetCSharpResultAt(10, 36, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "Run", "HMACSHA1")); } //No VB [Fact] @@ -655,7 +655,7 @@ class TestClass Del d = delegate () { new HMACSHA1(); }; } }", - GetCSharpResultAt(8, 31, s_CA5350Rule, "TestClass", "HMACSHA1")); + GetCSharpResultAt(8, 31, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass", "HMACSHA1")); } [Fact] @@ -701,7 +701,7 @@ protected override byte[] HashFinal() } } }" }, - GetCSharpResultAt(10, 30, s_CA5350Rule, "TestMethod", "HMACSHA1")); + GetCSharpResultAt(10, 30, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "HMACSHA1")); VerifyBasic(new[] { //Test0 @@ -736,7 +736,7 @@ End Function End Class End Namespace " }, - GetBasicResultAt(7, 21, s_CA5350Rule, "TestMethod", "HMACSHA1")); + GetBasicResultAt(7, 21, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "HMACSHA1")); } #endregion @@ -756,7 +756,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 23, s_CA5351Rule, "TestMethod", "HMACMD5")); + GetCSharpResultAt(10, 23, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "HMACMD5")); VerifyBasic(@" Imports System.Security.Cryptography @@ -768,7 +768,7 @@ Private Shared Sub TestMethod() End Sub End Class End Namespace", - GetBasicResultAt(7, 14, s_CA5351Rule, "TestMethod", "HMACMD5")); + GetBasicResultAt(7, 14, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "HMACMD5")); } [Fact] @@ -789,7 +789,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(12, 23, s_CA5351Rule, "TestMethod", "HMACMD5")); + GetCSharpResultAt(12, 23, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "HMACMD5")); VerifyBasic(@" Imports System.Security.Cryptography @@ -804,7 +804,7 @@ Private Shared Sub TestMethod() End Sub End Class End Namespace", - GetBasicResultAt(10, 14, s_CA5351Rule, "TestMethod", "HMACMD5")); + GetBasicResultAt(10, 14, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "HMACMD5")); } [Fact] @@ -822,7 +822,7 @@ public HMACMD5 GetHMACMD5 } } }", - GetCSharpResultAt(9, 26, s_CA5351Rule, "get_GetHMACMD5", "HMACMD5")); + GetCSharpResultAt(9, 26, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "get_GetHMACMD5", "HMACMD5")); VerifyBasic(@" Imports System.Security.Cryptography @@ -835,7 +835,7 @@ End Get End Property End Class End Namespace", -GetBasicResultAt(7, 12, s_CA5351Rule, "get_GetHMACMD5", "HMACMD5")); +GetBasicResultAt(7, 12, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "get_GetHMACMD5", "HMACMD5")); } [Fact] @@ -850,7 +850,7 @@ class TestClass HMACMD5 privateMd5 = new HMACMD5(); } }", - GetCSharpResultAt(7, 30, s_CA5351Rule, "TestClass", "HMACMD5")); + GetCSharpResultAt(7, 30, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestClass", "HMACMD5")); VerifyBasic(@" Imports System.Security.Cryptography @@ -859,7 +859,7 @@ Class TestClass Private privateMd5 As New HMACMD5() End Class End Namespace", -GetBasicResultAt(5, 25, s_CA5351Rule, "TestClass", "HMACMD5")); +GetBasicResultAt(5, 25, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestClass", "HMACMD5")); } [Fact] @@ -878,7 +878,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, s_CA5351Rule, "Run", "HMACMD5")); + GetCSharpResultAt(10, 36, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "Run", "HMACMD5")); VerifyBasic(@" Imports System.Security.Cryptography @@ -891,7 +891,7 @@ Return New HMACMD5() End Function) End Sub End Module", - GetBasicResultAt(8, 35, s_CA5351Rule, "Run", "HMACMD5")); + GetBasicResultAt(8, 35, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "Run", "HMACMD5")); } [Fact] @@ -907,7 +907,7 @@ class TestClass Del d = delegate () { new HMACMD5(); }; } }", - GetCSharpResultAt(8, 31, s_CA5351Rule, "TestClass", "HMACMD5")); + GetCSharpResultAt(8, 31, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestClass", "HMACMD5")); VerifyBasic(@" Imports System.Security.Cryptography @@ -916,7 +916,7 @@ Module TestClass Delegate Function Del() As HashAlgorithm Dim d As Del = Function() New HMACMD5() End Module", - GetBasicResultAt(6, 31, s_CA5351Rule, "TestClass", "HMACMD5")); + GetBasicResultAt(6, 31, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestClass", "HMACMD5")); } [Fact] @@ -935,7 +935,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 23, s_CA5351Rule, "TestMethod", "DES")); + GetCSharpResultAt(10, 23, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "DES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -945,7 +945,7 @@ Sub TestMethod() Dim desalg As DES = DES.Create() End Sub End Module", -GetBasicResultAt(6, 29, s_CA5351Rule, "TestMethod", "DES")); +GetBasicResultAt(6, 29, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "DES")); } [Fact] @@ -963,7 +963,7 @@ public DES GetDES } } }", - GetCSharpResultAt(9, 26, s_CA5351Rule, "get_GetDES", "DES")); + GetCSharpResultAt(9, 26, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "get_GetDES", "DES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -977,7 +977,7 @@ End Property End Class End Namespace ", -GetBasicResultAt(7, 12, s_CA5351Rule, "get_GetDES", "DES")); +GetBasicResultAt(7, 12, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "get_GetDES", "DES")); } [Fact] @@ -992,7 +992,7 @@ class TestClass DES privateDES = DES.Create(); } }", - GetCSharpResultAt(7, 26, s_CA5351Rule, "TestClass", "DES")); + GetCSharpResultAt(7, 26, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestClass", "DES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1001,7 +1001,7 @@ Class TestClass Private privateDES As DES = DES.Create() End Class End Namespace", -GetBasicResultAt(5, 31, s_CA5351Rule, "TestClass", "DES")); +GetBasicResultAt(5, 31, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestClass", "DES")); } [Fact] @@ -1020,7 +1020,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, s_CA5351Rule, "Run", "DES")); + GetCSharpResultAt(10, 36, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "Run", "DES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1034,7 +1034,7 @@ Await Task.Run(Function() End Function End Class End Namespace", -GetBasicResultAt(8, 4, s_CA5351Rule, "Run", "DES")); +GetBasicResultAt(8, 4, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "Run", "DES")); } [Fact] @@ -1050,7 +1050,7 @@ class TestClass Del d = delegate () { DES.Create(); }; } }", - GetCSharpResultAt(8, 31, s_CA5351Rule, "TestClass", "DES")); + GetCSharpResultAt(8, 31, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestClass", "DES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1060,7 +1060,7 @@ Private Delegate Sub Del() Private d As Del = Sub() DES.Create() End Class End Namespace", -GetBasicResultAt(6, 28, s_CA5351Rule, "TestClass", "DES")); +GetBasicResultAt(6, 28, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestClass", "DES")); } [Fact] @@ -1079,7 +1079,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 23, s_CA5351Rule, "TestMethod", "DES")); + GetCSharpResultAt(10, 23, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "DES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1090,7 +1090,7 @@ Private Shared Sub TestMethod() End Sub End Class End Namespace", - GetBasicResultAt(6, 21, s_CA5351Rule, "TestMethod", "DES")); + GetBasicResultAt(6, 21, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "DES")); } [Fact] @@ -1108,7 +1108,7 @@ public DESCryptoServiceProvider GetDES } } }", - GetCSharpResultAt(9, 26, s_CA5351Rule, "get_GetDES", "DES")); + GetCSharpResultAt(9, 26, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "get_GetDES", "DES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1121,7 +1121,7 @@ End Get End Property End Class End Namespace", - GetBasicResultAt(7, 12, s_CA5351Rule, "get_GetDES", "DES")); + GetBasicResultAt(7, 12, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "get_GetDES", "DES")); } [Fact] @@ -1136,7 +1136,7 @@ class TestClass DESCryptoServiceProvider privateDES = new DESCryptoServiceProvider(); } }", - GetCSharpResultAt(7, 47, s_CA5351Rule, "TestClass", "DES")); + GetCSharpResultAt(7, 47, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestClass", "DES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1145,7 +1145,7 @@ Class TestClass Private privateDES As New DESCryptoServiceProvider() End Class End Namespace", -GetBasicResultAt(5, 25, s_CA5351Rule, "TestClass", "DES")); +GetBasicResultAt(5, 25, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestClass", "DES")); } //No VB [Fact] @@ -1164,7 +1164,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, s_CA5351Rule, "Run", "DES")); + GetCSharpResultAt(10, 36, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "Run", "DES")); } //No VB [Fact] @@ -1180,7 +1180,7 @@ class TestClass Del d = delegate () { new DESCryptoServiceProvider(); }; } }", - GetCSharpResultAt(8, 31, s_CA5351Rule, "TestClass", "DES")); + GetCSharpResultAt(8, 31, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestClass", "DES")); } [Fact] @@ -1232,8 +1232,8 @@ public override void GenerateKey() } } }" }, - GetCSharpResultAt(10, 25, s_CA5351Rule, "TestMethod", "DES"), - GetCSharpResultAt(11, 13, s_CA5351Rule, "TestMethod", "DES")); + GetCSharpResultAt(10, 25, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "DES"), + GetCSharpResultAt(11, 13, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "DES")); VerifyBasic(new[] { //Test0 @@ -1272,8 +1272,8 @@ End Sub End Class End Namespace " }, - GetBasicResultAt(6, 15, s_CA5351Rule, "TestMethod", "DES"), - GetBasicResultAt(7, 4, s_CA5351Rule, "TestMethod", "DES")); + GetBasicResultAt(6, 15, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "DES"), + GetBasicResultAt(7, 4, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "DES")); } [Fact] @@ -1292,7 +1292,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 23, s_CA5351Rule, "TestMethod", "RC2")); + GetCSharpResultAt(10, 23, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "RC2")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1302,7 +1302,7 @@ Sub TestMethod() Dim rc2alg As New RC2CryptoServiceProvider End Sub End Module", -GetBasicResultAt(6, 23, s_CA5351Rule, "TestMethod", "RC2")); +GetBasicResultAt(6, 23, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "RC2")); } [Fact] @@ -1320,7 +1320,7 @@ public RC2CryptoServiceProvider GetRC2 } } }", - GetCSharpResultAt(9, 26, s_CA5351Rule, "get_GetRC2", "RC2")); + GetCSharpResultAt(9, 26, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "get_GetRC2", "RC2")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1333,7 +1333,7 @@ End Get End Property End Class End Namespace", -GetBasicResultAt(7, 12, s_CA5351Rule, "get_GetRC2", "RC2")); +GetBasicResultAt(7, 12, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "get_GetRC2", "RC2")); } [Fact] @@ -1348,7 +1348,7 @@ class TestClass RC2CryptoServiceProvider privateRC2 = new RC2CryptoServiceProvider(); } }", - GetCSharpResultAt(7, 47, s_CA5351Rule, "TestClass", "RC2")); + GetCSharpResultAt(7, 47, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestClass", "RC2")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1358,7 +1358,7 @@ Private privateRC2 As New RC2CryptoServiceProvider() End Class End Namespace ", -GetBasicResultAt(5, 25, s_CA5351Rule, "TestClass", "RC2")); +GetBasicResultAt(5, 25, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestClass", "RC2")); } //No VB [Fact] @@ -1377,7 +1377,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, s_CA5351Rule, "Run", "RC2")); + GetCSharpResultAt(10, 36, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "Run", "RC2")); } //No VB [Fact] @@ -1393,7 +1393,7 @@ class TestClass Del d = delegate () { new RC2CryptoServiceProvider(); }; } }", - GetCSharpResultAt(8, 31, s_CA5351Rule, "TestClass", "RC2")); + GetCSharpResultAt(8, 31, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestClass", "RC2")); } [Fact] @@ -1444,7 +1444,7 @@ public override void GenerateKey() } } }" }, - GetCSharpResultAt(10, 23, s_CA5351Rule, "TestMethod", "RC2")); + GetCSharpResultAt(10, 23, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "RC2")); VerifyBasic(new[] { //Test0 @@ -1482,7 +1482,7 @@ End Sub End Class End Namespace " }, - GetBasicResultAt(6, 14, s_CA5351Rule, "TestMethod", "RC2")); + GetBasicResultAt(6, 14, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "RC2")); } [Fact] @@ -1501,7 +1501,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 29, s_CA5350Rule, "TestMethod", "TripleDES")); + GetCSharpResultAt(10, 29, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "TripleDES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1512,7 +1512,7 @@ Private Shared Sub TestMethod() End Sub End Class End Namespace", - GetBasicResultAt(6, 23, s_CA5350Rule, "TestMethod", "TripleDES")); + GetBasicResultAt(6, 23, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "TripleDES")); } [Fact] @@ -1530,7 +1530,7 @@ public TripleDES GetTripleDES } } }", - GetCSharpResultAt(9, 26, s_CA5350Rule, "get_GetTripleDES", "TripleDES")); + GetCSharpResultAt(9, 26, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "get_GetTripleDES", "TripleDES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1543,7 +1543,7 @@ End Get End Property End Class End Namespace", - GetBasicResultAt(7, 12, s_CA5350Rule, "get_GetTripleDES", "TripleDES")); + GetBasicResultAt(7, 12, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "get_GetTripleDES", "TripleDES")); } [Fact] @@ -1558,7 +1558,7 @@ class TestClass TripleDES privateDES = TripleDES.Create(""TripleDES""); } }", - GetCSharpResultAt(7, 32, s_CA5350Rule, "TestClass", "TripleDES")); + GetCSharpResultAt(7, 32, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass", "TripleDES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1567,7 +1567,7 @@ Class TestClass Private privateDES As TripleDES = TripleDES.Create(""TripleDES"") End Class End Namespace", - GetBasicResultAt(5, 37, s_CA5350Rule, "TestClass", "TripleDES")); + GetBasicResultAt(5, 37, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass", "TripleDES")); } //No VB [Fact] @@ -1586,7 +1586,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, s_CA5350Rule, "Run", "TripleDES")); + GetCSharpResultAt(10, 36, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "Run", "TripleDES")); } [Fact] @@ -1602,7 +1602,7 @@ class TestClass Del d = delegate () { TripleDES.Create(""TripleDES""); }; } }", - GetCSharpResultAt(8, 31, s_CA5350Rule, "TestClass", "TripleDES")); + GetCSharpResultAt(8, 31, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass", "TripleDES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1612,7 +1612,7 @@ Private Delegate Sub Del() Private d As Del = Sub() TripleDES.Create(""TripleDES"") End Class End Namespace", -GetBasicResultAt(6, 28, s_CA5350Rule, "TestClass", "TripleDES")); +GetBasicResultAt(6, 28, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass", "TripleDES")); } [Fact] @@ -1631,7 +1631,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 56, s_CA5350Rule, "TestMethod", "TripleDES")); + GetCSharpResultAt(10, 56, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "TripleDES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1641,7 +1641,7 @@ Sub TestMethod() Dim tDESalg As New TripleDESCryptoServiceProvider End Sub End Module", -GetBasicResultAt(6, 24, s_CA5350Rule, "TestMethod", "TripleDES")); +GetBasicResultAt(6, 24, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "TripleDES")); } [Fact] @@ -1659,7 +1659,7 @@ public TripleDESCryptoServiceProvider GetDES } } }", - GetCSharpResultAt(9, 26, s_CA5350Rule, "get_GetDES", "TripleDES")); + GetCSharpResultAt(9, 26, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "get_GetDES", "TripleDES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1672,7 +1672,7 @@ End Get End Property End Class End Namespace", - GetBasicResultAt(7, 12, s_CA5350Rule, "get_GetDES", "TripleDES")); + GetBasicResultAt(7, 12, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "get_GetDES", "TripleDES")); } [Fact] @@ -1687,7 +1687,7 @@ class TestClass TripleDESCryptoServiceProvider privateDES = new TripleDESCryptoServiceProvider(); } }", - GetCSharpResultAt(7, 53, s_CA5350Rule, "TestClass", "TripleDES")); + GetCSharpResultAt(7, 53, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass", "TripleDES")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1696,7 +1696,7 @@ Class TestClass Private privateDES As New TripleDESCryptoServiceProvider() End Class End Namespace", -GetBasicResultAt(5, 25, s_CA5350Rule, "TestClass", "TripleDES")); +GetBasicResultAt(5, 25, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass", "TripleDES")); } //No VB [Fact] @@ -1715,7 +1715,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, s_CA5350Rule, "Run", "TripleDES")); + GetCSharpResultAt(10, 36, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "Run", "TripleDES")); } //No VB [Fact] @@ -1731,7 +1731,7 @@ class TestClass Del d = delegate () { new TripleDESCryptoServiceProvider(); }; } }", - GetCSharpResultAt(8, 31, s_CA5350Rule, "TestClass", "TripleDES")); + GetCSharpResultAt(8, 31, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass", "TripleDES")); } [Fact] @@ -1783,8 +1783,8 @@ public override void GenerateKey() } } }" }, - GetCSharpResultAt(10, 26, s_CA5350Rule, "TestMethod", "TripleDES"), - GetCSharpResultAt(11, 13, s_CA5350Rule, "TestMethod", "TripleDES")); + GetCSharpResultAt(10, 26, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "TripleDES"), + GetCSharpResultAt(11, 13, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "TripleDES")); VerifyBasic(new[] { //Test0 @@ -1825,8 +1825,8 @@ End Sub End Class End Namespace " }, - GetBasicResultAt(6, 17, s_CA5350Rule, "TestMethod", "TripleDES"), - GetBasicResultAt(7, 4, s_CA5350Rule, "TestMethod", "TripleDES")); + GetBasicResultAt(6, 17, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "TripleDES"), + GetBasicResultAt(7, 4, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "TripleDES")); } [Fact] @@ -1845,7 +1845,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 25, s_CA5350Rule, "TestMethod", "RIPEMD160")); + GetCSharpResultAt(10, 25, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "RIPEMD160")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1855,7 +1855,7 @@ Sub TestMethod() Dim md1601alg As New RIPEMD160Managed End Sub End Module", -GetBasicResultAt(6, 26, s_CA5350Rule, "TestMethod", "RIPEMD160")); +GetBasicResultAt(6, 26, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "RIPEMD160")); } [Fact] @@ -1873,7 +1873,7 @@ public RIPEMD160Managed GetRIPEMD160 } } }", - GetCSharpResultAt(9, 26, s_CA5350Rule, "get_GetRIPEMD160", "RIPEMD160")); + GetCSharpResultAt(9, 26, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "get_GetRIPEMD160", "RIPEMD160")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1886,7 +1886,7 @@ End Get End Property End Class End Namespace", - GetBasicResultAt(7, 12, s_CA5350Rule, "get_GetRIPEMD160", "RIPEMD160")); + GetBasicResultAt(7, 12, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "get_GetRIPEMD160", "RIPEMD160")); } [Fact] @@ -1901,7 +1901,7 @@ class TestClass RIPEMD160Managed privateRIPEMD160 = new RIPEMD160Managed(); } }", - GetCSharpResultAt(7, 45, s_CA5350Rule, "TestClass", "RIPEMD160")); + GetCSharpResultAt(7, 45, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass", "RIPEMD160")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1911,7 +1911,7 @@ Private privateRIPEMD160 As New RIPEMD160Managed() End Class End Namespace ", - GetBasicResultAt(5, 31, s_CA5350Rule, "TestClass", "RIPEMD160")); + GetBasicResultAt(5, 31, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass", "RIPEMD160")); } //No VB [Fact] @@ -1930,7 +1930,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, s_CA5350Rule, "Run", "RIPEMD160")); + GetCSharpResultAt(10, 36, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "Run", "RIPEMD160")); } //No VB [Fact] @@ -1946,7 +1946,7 @@ class TestClass Del d = delegate () { new RIPEMD160Managed(); }; } }", - GetCSharpResultAt(8, 31, s_CA5350Rule, "TestClass", "RIPEMD160")); + GetCSharpResultAt(8, 31, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass", "RIPEMD160")); } [Fact] @@ -1965,7 +1965,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 31, s_CA5350Rule, "TestMethod", "RIPEMD160")); + GetCSharpResultAt(10, 31, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "RIPEMD160")); VerifyBasic(@" Imports System.Security.Cryptography @@ -1976,7 +1976,7 @@ Private Shared Sub TestMethod() End Sub End Class End Namespace", - GetBasicResultAt(6, 29, s_CA5350Rule, "TestMethod", "RIPEMD160")); + GetBasicResultAt(6, 29, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "RIPEMD160")); } [Fact] @@ -1994,7 +1994,7 @@ public RIPEMD160 GetRIPEMD160 } } }", - GetCSharpResultAt(9, 26, s_CA5350Rule, "get_GetRIPEMD160", "RIPEMD160")); + GetCSharpResultAt(9, 26, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "get_GetRIPEMD160", "RIPEMD160")); VerifyBasic(@" Imports System.Security.Cryptography @@ -2007,7 +2007,7 @@ End Get End Property End Class End Namespace", -GetBasicResultAt(7, 12, s_CA5350Rule, "get_GetRIPEMD160", "RIPEMD160")); +GetBasicResultAt(7, 12, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "get_GetRIPEMD160", "RIPEMD160")); } [Fact] @@ -2022,7 +2022,7 @@ class TestClass RIPEMD160 privateRIPEMD160 = RIPEMD160.Create(); } }", - GetCSharpResultAt(7, 38, s_CA5350Rule, "TestClass", "RIPEMD160")); + GetCSharpResultAt(7, 38, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass", "RIPEMD160")); VerifyBasic(@" Imports System.Security.Cryptography @@ -2031,7 +2031,7 @@ Class TestClass Private privateRIPEMD160 As RIPEMD160 = RIPEMD160.Create() End Class End Namespace", - GetBasicResultAt(5, 43, s_CA5350Rule, "TestClass", "RIPEMD160")); + GetBasicResultAt(5, 43, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass", "RIPEMD160")); } //No VB [Fact] @@ -2050,7 +2050,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, s_CA5350Rule, "Run", "RIPEMD160")); + GetCSharpResultAt(10, 36, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "Run", "RIPEMD160")); } [Fact] @@ -2066,7 +2066,7 @@ class TestClass Del d = delegate () { RIPEMD160.Create(); }; } }", - GetCSharpResultAt(8, 31, s_CA5350Rule, "TestClass", "RIPEMD160")); + GetCSharpResultAt(8, 31, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass", "RIPEMD160")); VerifyBasic(@" Imports System.Security.Cryptography @@ -2076,7 +2076,7 @@ Private Delegate Sub Del() Private d As Del = Sub() RIPEMD160.Create() End Class End Namespace", - GetBasicResultAt(6, 34, s_CA5350Rule, "TestClass", "RIPEMD160")); + GetBasicResultAt(6, 34, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass", "RIPEMD160")); } [Fact] @@ -2095,7 +2095,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 25, s_CA5350Rule, "TestMethod", "HMACRIPEMD160")); + GetCSharpResultAt(10, 25, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "HMACRIPEMD160")); VerifyBasic(@" Imports System.Security.Cryptography @@ -2106,7 +2106,7 @@ Private Shared Sub TestMethod() End Sub End Class End Namespace", - GetBasicResultAt(6, 16, s_CA5350Rule, "TestMethod", "HMACRIPEMD160")); + GetBasicResultAt(6, 16, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "HMACRIPEMD160")); } [Fact] @@ -2124,7 +2124,7 @@ public HMACRIPEMD160 GetHMARIPEMD160 } } }", - GetCSharpResultAt(9, 26, s_CA5350Rule, "get_GetHMARIPEMD160", "HMACRIPEMD160")); + GetCSharpResultAt(9, 26, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "get_GetHMARIPEMD160", "HMACRIPEMD160")); VerifyBasic(@" Imports System.Security.Cryptography @@ -2137,7 +2137,7 @@ End Get End Property End Class End Namespace", - GetBasicResultAt(7, 12, s_CA5350Rule, "get_GetHMARIPEMD160", "HMACRIPEMD160")); + GetBasicResultAt(7, 12, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "get_GetHMARIPEMD160", "HMACRIPEMD160")); } [Fact] @@ -2152,7 +2152,7 @@ class TestClass HMACRIPEMD160 privateHMARIPEMD160 = new HMACRIPEMD160(); } }", - GetCSharpResultAt(7, 45, s_CA5350Rule, "TestClass", "HMACRIPEMD160")); + GetCSharpResultAt(7, 45, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass", "HMACRIPEMD160")); VerifyBasic(@" Imports System.Security.Cryptography @@ -2161,7 +2161,7 @@ Class TestClass Private privateHMARIPEMD160 As New HMACRIPEMD160() End Class End Namespace", - GetBasicResultAt(5, 34, s_CA5350Rule, "TestClass", "HMACRIPEMD160")); + GetBasicResultAt(5, 34, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass", "HMACRIPEMD160")); } //No VB [Fact] @@ -2180,7 +2180,7 @@ private async Task TestMethod() } } }", - GetCSharpResultAt(10, 36, s_CA5350Rule, "Run", "HMACRIPEMD160")); + GetCSharpResultAt(10, 36, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "Run", "HMACRIPEMD160")); } //No VB [Fact] @@ -2196,7 +2196,7 @@ class TestClass Del d = delegate () { new HMACRIPEMD160(); }; } }", - GetCSharpResultAt(8, 31, s_CA5350Rule, "TestClass", "HMACRIPEMD160")); + GetCSharpResultAt(8, 31, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestClass", "HMACRIPEMD160")); } [Fact] @@ -2242,7 +2242,7 @@ protected override byte[] HashFinal() } } }" }, - GetCSharpResultAt(10, 25, s_CA5350Rule, "TestMethod", "RIPEMD160")); + GetCSharpResultAt(10, 25, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "RIPEMD160")); VerifyBasic(new[] { //Test0 @@ -2276,7 +2276,7 @@ Throw New NotImplementedException() End Function End Class End Namespace" }, - GetBasicResultAt(6, 16, s_CA5350Rule, "TestMethod", "RIPEMD160")); + GetBasicResultAt(6, 16, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "RIPEMD160")); } [Fact] @@ -2322,7 +2322,7 @@ protected override byte[] HashFinal() } } }" }, - GetCSharpResultAt(10, 25, s_CA5350Rule, "TestMethod", "RIPEMD160")); + GetCSharpResultAt(10, 25, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "RIPEMD160")); VerifyBasic(new[] { //Test0 @@ -2356,7 +2356,7 @@ End Function End Class End Namespace " }, - GetBasicResultAt(6, 16, s_CA5350Rule, "TestMethod", "RIPEMD160")); + GetBasicResultAt(6, 16, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "RIPEMD160")); } [Fact] @@ -2377,7 +2377,7 @@ private static void TestMethod() } } }", - GetCSharpResultAt(12, 25, s_CA5350Rule, "TestMethod", "HMACRIPEMD160")); + GetCSharpResultAt(12, 25, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "HMACRIPEMD160")); VerifyBasic(@" Imports System.Security.Cryptography @@ -2392,7 +2392,7 @@ Private Shared Sub TestMethod() End Sub End Class End Namespace", - GetBasicResultAt(10, 16, s_CA5350Rule, "TestMethod", "HMACRIPEMD160")); + GetBasicResultAt(10, 16, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule, "TestMethod", "HMACRIPEMD160")); } [Fact] @@ -2411,7 +2411,7 @@ private static void TestMethod(DSA dsa, byte[] inBytes) } } }", - GetCSharpResultAt(10, 23, s_CA5351Rule, "TestMethod", "DSA")); + GetCSharpResultAt(10, 23, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "DSA")); VerifyBasic(@" Imports System.Security.Cryptography @@ -2422,7 +2422,7 @@ Dim dsa As New DSACryptoServiceProvider Return dsa.CreateSignature(bytes) End Function End Module", -GetBasicResultAt(7, 16, s_CA5351Rule, "TestMethod", "DSA")); +GetBasicResultAt(7, 16, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "DSA")); } [Fact] @@ -2443,7 +2443,7 @@ public byte[] MyProperty } } }", - GetCSharpResultAt(12, 20, s_CA5351Rule, "get_MyProperty", "DSA")); + GetCSharpResultAt(12, 20, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "get_MyProperty", "DSA")); VerifyBasic(@" Imports System.Security.Cryptography @@ -2457,7 +2457,7 @@ Return dsa1.CreateSignature(inBytes) End Get End Property End Class", - GetBasicResultAt(9, 11, s_CA5351Rule, "get_MyProperty", "DSA")); + GetBasicResultAt(9, 11, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "get_MyProperty", "DSA")); } [Fact] @@ -2477,8 +2477,8 @@ private static void TestMethod() } } }", - GetCSharpResultAt(10, 23, s_CA5351Rule, "TestMethod", "DSA"), - GetCSharpResultAt(11, 23, s_CA5351Rule, "TestMethod", "DSA")); + GetCSharpResultAt(10, 23, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "DSA"), + GetCSharpResultAt(11, 23, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "DSA")); VerifyBasic(@" Imports System.Security.Cryptography @@ -2491,8 +2491,8 @@ Private Shared Sub TestMethod() End Sub End Class End Namespace", - GetBasicResultAt(7, 23, s_CA5351Rule, "TestMethod", "DSA"), - GetBasicResultAt(8, 23, s_CA5351Rule, "TestMethod", "DSA")); + GetBasicResultAt(7, 23, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "DSA"), + GetBasicResultAt(8, 23, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "DSA")); } [Fact] @@ -2514,8 +2514,8 @@ public DSASignatureFormatter MyProperty } } }", - GetCSharpResultAt(12, 43, s_CA5351Rule, "get_MyProperty", "DSA"), - GetCSharpResultAt(13, 25, s_CA5351Rule, "get_MyProperty", "DSA")); + GetCSharpResultAt(12, 43, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "get_MyProperty", "DSA"), + GetCSharpResultAt(13, 25, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "get_MyProperty", "DSA")); VerifyBasic(@" Imports System.Security.Cryptography @@ -2532,8 +2532,8 @@ End If End Get End Property End Class", - GetBasicResultAt(9, 12, s_CA5351Rule, "get_MyProperty", "DSA"), - GetBasicResultAt(11, 12, s_CA5351Rule, "get_MyProperty", "DSA")); + GetBasicResultAt(9, 12, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "get_MyProperty", "DSA"), + GetBasicResultAt(11, 12, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "get_MyProperty", "DSA")); } [Fact] @@ -2601,7 +2601,7 @@ public override bool VerifySignature(byte[] rgbHash, byte[] rgbSignature) } } }" }, - GetCSharpResultAt(11, 13, s_CA5351Rule, "TestMethod", "DSA")); + GetCSharpResultAt(11, 13, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "DSA")); VerifyBasic(new[] { //Test0 @@ -2652,7 +2652,7 @@ Throw New NotImplementedException() End Function End Class End Namespace" }, - GetBasicResultAt(7, 4, s_CA5351Rule, "TestMethod", "DSA")); + GetBasicResultAt(7, 4, DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule, "TestMethod", "DSA")); } [Fact] @@ -2872,31 +2872,7 @@ protected override DiagnosticAnalyzer GetCSharpDiagnosticAnalyzer() return new CSharpDoNotUseInsecureCryptographicAlgorithmsAnalyzer(); } - private const string CA5350RuleName = DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRuleId; - private const string CA5351RuleName = DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRuleId; - - private static readonly string s_CA5350RuleTitle = SystemSecurityCryptographyResources.DoNotUseWeakCryptographicAlgorithms; - private static readonly string s_CA5351RuleTitle = SystemSecurityCryptographyResources.DoNotUseBrokenCryptographicAlgorithms; - - private static readonly string s_CA5350RuleMessage = SystemSecurityCryptographyResources.DoNotUseWeakCryptographicAlgorithmsMessage; - private static readonly string s_CA5351RuleMessage = SystemSecurityCryptographyResources.DoNotUseBrokenCryptographicAlgorithmsMessage; - - private static readonly DiagnosticDescriptor s_CA5350Rule = - new DiagnosticDescriptor(CA5350RuleName, - s_CA5350RuleTitle, - s_CA5350RuleMessage, - DiagnosticCategory.Security, - DiagnosticHelpers.DefaultDiagnosticSeverity, - true - ); - - private static readonly DiagnosticDescriptor s_CA5351Rule = - new DiagnosticDescriptor(CA5351RuleName, - s_CA5351RuleTitle, - s_CA5351RuleMessage, - DiagnosticCategory.Security, - DiagnosticHelpers.DefaultDiagnosticSeverity, - true - ); + ////private static readonly DiagnosticDescriptor DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule = DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographyRule; + ////private static readonly DiagnosticDescriptor DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule = DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographyRule; } }