Duplicated codes #1774
Comments
|
@dotpaul @qinxgit I see we have different implementations for these rules in NetCore.Analyzers and NetFramework.Analyzers, possibly because the same rule works on different set of APIs. Will it be possible to combine the rule implementations into NetCore.Analyzers so both NetCore/NetFramework projects get the analyzer, but the rule implementation can have parts specific to netcore and netframework? |
mavasani
added
Bug
|
@dotpaul I have created a security label to track all issues that you probably care about. Assigning to you to make a call on this issue. |
|
Thanks. I noticed this too, and for cryptography, I don't think it makes sense to have different rules / implementations for .NET Framework vs .NET Core, so I'll combine 'em and put them in CodeQuality.Analyzers. |
|
I'm not sure that this belongs in |
|
@dotpaul Fred is correct. Given the analysis is specific to crypto APIs and their usage, it needs to go into NetCore analyzers. CodeQuality analyzers are not specific to any API usage. |
|
Oh, got it. |
|
Fixed with #1793 |
Hello, while reviewing the rules to use where I work I noticed that there are two duplicated codes (CA5350 and CA5351).
I would expect that rule codes are unique.
Here are the details of this rules:
Analyzer package
Microsoft.CodeAnalysis.FxCopAnalyzers
Package Version
v2.6.1
Diagnostic ID
CA5350: Do not use insecure cryptographic algorithm SHA1.
CA5351: Do not use insecure cryptographic algorithm MD5.
CA5350: Do Not Use Weak Cryptographic Algorithms
CA5351: Do Not Use Broken Cryptographic Algorithms
The text was updated successfully, but these errors were encountered: