Improve S2053: Support Rfc2898DeriveBytes.Pbkdf2 method #7572
Labels
Area: C#
C# rules related issues.
Area: CFG/SE
CFG and SE related issues.
Area: Security
Related to Vulnerability and Security Hotspot rules
Area: VB.NET
VB.NET rules related issues.
Type: False Negative
Rule is NOT triggered when it should be.
The current implementation of S2053 supports the following methods:
Rfc2898DeriveBytes
constructorPasswordDeriveBytes
constructorIn .NET 6 the static Rfc2898DeriveBytes.Pbkdf2 method was introduced that also takes a salt value as a parameter.
Add support for validating this method call with the Roslyn implementation of S2053 (for both C# and VB.NET).
Add support for the
Span<Byte>
andReadonlySpan<Byte>
types.The text was updated successfully, but these errors were encountered: