-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Analyzer suggestion: flag calls to RandomNumberGenerator.GetNonZeroBytes #42763
Comments
Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq, @jeffhandley |
See also: dotnet/wcf#4378 and dotnet/wcf#4377. Here are some other [potentially incorrect] usages of this across MSFT-owned code bases: |
The only legitimate case for it that I know if in .NET Framework was the surprising managed implementation of RSA PKCS#1 v1.5 encryption padding (since it's a random non-zero buffer with a 0x00 terminator)... which is probably why the method was created in the first place. In Core we only had it because of API Compatibility. But warning "this is probably not the method you want" seems good to me. |
Before going ahead with something here, I'd like to have a better sense for whether the few found use cases should actually be replaced (e.g. the cited https://github.com/Azure/azure-iot-sdk-csharp/blob/master/iothub/service/src/Common/Security/CryptoKeyGenerator.cs example is on RNGCryptoServiceProvider rather than RandomNumberGenerator). If we expect there are legitimate use cases for it, and we only find a few uses of it, it could very well be that they're valid uses, in which case such an analyzer would just introduce noise. Or if we expect that there are basically no valid uses of it and all found uses should be replaced, then shouldn't we just [Obsolete(...)] it? Doing so has the same user impact as an analyzer that always warns on the use of a particular method, can similarly have its own diagnostic ID, etc. |
@stephentoub The call site you mentioned should be replaced with simply I'm still not generally sold on the idea of using |
It already is GetBytes, that's my point. The call sites you cited in that file are on RNGCryptoServiceProvider, not RandomNumberGenerator, and this issue is about RandomNumberGenerator.
And if we raise a warning indiscriminately every time a particular method is used, I don't understand how that's not saying "this should not be used". |
namespace System.Security.Cryptography
{
public abstract class RandomNumberGenerator
{
public abstract void GetNonZeroBytes(byte[] data);
public abstract void GetNonZeroBytes(Span<byte> data);
}
} |
Is the plan to remove these APIs in a future release? Or are they just marked with a label saying "caution, this is likely not what you want but it might be OK"? |
@GSPP The latter. |
I've started discussions with some folks knowledgeable about CodeQL to see if that's a better place to put this analyzer. Will loop back here as discussions progress. |
The method
RandomNumberGenerator.GetNonZeroBytes
is very rarely the correct method to call to generate random data. The only scenarios for calling this method are for protocols which cannot handle embedded nulls within a random buffer. (And with few exceptions, most protocols that behave in such a manner aren't following hygienic practice.)To generate random data, the application should instead call
RandomNumberGenerator.GetBytes
. This helps ensure no loss of entropy in the buffer returned to the caller.When to suppress this rule: only when implementing a protocol that specifies that buffers populated with random data should exclude
0x00
bytes.The text was updated successfully, but these errors were encountered: