Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity

      Description

      Sensitive Code Example

      using System;
      using System.Security.Cryptography;
      
      namespace MyNamespace
      {
          public class MyClass
          {
              public void Main()
              {
                  Byte[] data = {1,1,1};
      
                  RSA myRSA = RSA.Create();
                  RSAEncryptionPadding padding = RSAEncryptionPadding.CreateOaep(HashAlgorithmName.SHA1);
                  // Review all base RSA class' Encrypt/Decrypt calls
                  myRSA.Encrypt(data, padding); // Sensitive
                  myRSA.EncryptValue(data); // Sensitive
                  myRSA.Decrypt(data, padding); // Sensitive
                  myRSA.DecryptValue(data); // Sensitive
      
                  RSACryptoServiceProvider myRSAC = new RSACryptoServiceProvider();
                  // Review the use of any TryEncrypt/TryDecrypt and specific Encrypt/Decrypt of RSA subclasses.
                  myRSAC.Encrypt(data, false); // Sensitive
                  myRSAC.Decrypt(data, false); // Sensitive
                  int written;
                  myRSAC.TryEncrypt(data, Span<byte>.Empty, padding, out written); // Sensitive
                  myRSAC.TryDecrypt(data, Span<byte>.Empty, padding, out written); // Sensitive
      
                  byte[] rgbKey = {1,2,3};
                  byte[] rgbIV = {4,5,6};
                  SymmetricAlgorithm rijn = SymmetricAlgorithm.Create();
                  // Review the creation of Encryptors from any SymmetricAlgorithm instance.
                  rijn.CreateEncryptor(); // Sensitive
                  rijn.CreateEncryptor(rgbKey, rgbIV); // Sensitive
                  rijn.CreateDecryptor(); // Sensitive
                  rijn.CreateDecryptor(rgbKey, rgbIV); // Sensitive
              }
      
              public class MyCrypto : System.Security.Cryptography.AsymmetricAlgorithm // Sensitive
              { 
                  // ...
              }
      
              public class MyCrypto2 : System.Security.Cryptography.SymmetricAlgorithm // Sensitive 
              {
                  // ...
              }
          }
      }
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              nicolas.harraudeau Nicolas Harraudeau
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: