All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.sonar.plugins.csharp.S2257.html Maven / Gradle / Ivy

There is a newer version: 10.2.0.105762
Show newest version

The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Standard algorithms like AES, RSA, SHA, …​ should be used instead.

This rule tracks custom implementation of these types from System.Security.Cryptography namespace:

  • AsymmetricAlgorithm
  • AsymmetricKeyExchangeDeformatter
  • AsymmetricKeyExchangeFormatter
  • AsymmetricSignatureDeformatter
  • AsymmetricSignatureFormatter
  • DeriveBytes
  • HashAlgorithm
  • ICryptoTransform
  • SymmetricAlgorithm

Recommended Secure Coding Practices

  • Use a standard algorithm instead of creating a custom one.

Sensitive Code Example

public class CustomHash : HashAlgorithm // Noncompliant
{
    private byte[] result;

    public override void Initialize() => result = null;
    protected override byte[] HashFinal() => result;

    protected override void HashCore(byte[] array, int ibStart, int cbSize) =>
        result ??= array.Take(8).ToArray();
}

Compliant Solution

SHA256 mySHA256 = SHA256.Create()

See





© 2015 - 2024 Weber Informatics LLC | Privacy Policy