Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity

      Description

      Sensitive Code Example

      Imports System
      Imports System.Security.Cryptography
      
      Namespace MyNamespace
      
          Public Class Class1
      
              Public Sub Main()
      
                  Dim data As Byte() = {1, 1, 1}
      
                  Dim myRSA As RSA = RSA.Create()
                  Dim padding As RSAEncryptionPadding = RSAEncryptionPadding.CreateOaep(HashAlgorithmName.SHA1)
      
                  ' Review all base RSA class' Encrypt/Decrypt calls
                  myRSA.Encrypt(data, padding)  ' Sensitive
                  myRSA.EncryptValue(data)      ' Sensitive
                  myRSA.Decrypt(data, padding)  ' Sensitive
                  myRSA.DecryptValue(data)      ' Sensitive
      
                  Dim myRSAC As RSACryptoServiceProvider = New RSACryptoServiceProvider()
                  ' Review the use of any TryEncrypt/TryDecrypt And specific Encrypt/Decrypt of RSA subclasses.
                  myRSAC.Encrypt(data, False)    ' Sensitive
                  myRSAC.Decrypt(data, False)    ' Sensitive
      
                  Dim written As Integer
                  myRSAC.TryEncrypt(data, Span<byte>.Empty, padding, out written) ' Sensitive
                  myRSAC.TryDecrypt(data, Span<byte>.Empty, padding, out written) ' Sensitive
      
                  Dim rgbKey As Byte() = {1, 2, 3}
                  Dim rgbIV As Byte() = {4, 5, 6}
                  Dim rijn = SymmetricAlgorithm.Create()
      
                  ' Review the creation of Encryptors from any SymmetricAlgorithm instance.
                  rijn.CreateEncryptor()   ' Sensitive
                  rijn.CreateEncryptor(rgbKey, rgbIV)  ' Sensitive
                  rijn.CreateDecryptor()  ' Sensitive
                  rijn.CreateDecryptor(rgbKey, rgbIV)  ' Sensitive
              End Sub
      
              Public Class MyCrypto
                  Inherits System.Security.Cryptography.AsymmetricAlgorithm ' Sensitive
                  ' ...
              End Class
      
              Public Class MyCrypto2
                  Inherits System.Security.Cryptography.SymmetricAlgorithm ' Sensitive 
                  ' ...
              End Class
          End Class
      End Namespace
      
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              duncan.pocklington Duncan Pocklington
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: