-
Notifications
You must be signed in to change notification settings - Fork 0
/
CA5379.yaml
29 lines (29 loc) · 978 Bytes
/
CA5379.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
rules:
- id: CA5379
languages:
- csharp
message: |
Ensure key derivation function algorithm is sufficiently strong
metadata:
cwe: "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
references:
- https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca5379
patterns:
- pattern-inside: |
using System.Security.Cryptography;
...
- pattern-either:
- pattern: |
new $CLASS(..., HashAlgorithmName.MD5);
- pattern: |
new $CLASS(..., HashAlgorithmName.SHA1);
- pattern: |
class $CLASS : Rfc2898DeriveBytes{
...
$CLASS(..., HashAlgorithmName $H) : base(...,$H){...}
...
HashAlgorithmName HashAlgorithm { get; set;}
}
- pattern: |
$VAR.HashAlgorithm = HashAlgorithmName.$Y;
severity: WARNING