diff --git a/src/FxCop/Desktop.Analyzers/Core/DesktopAnalyzersResources.Designer.cs b/src/FxCop/Desktop.Analyzers/Core/DesktopAnalyzersResources.Designer.cs
index b5eb0cb2a0..dcfbd5fc59 100644
--- a/src/FxCop/Desktop.Analyzers/Core/DesktopAnalyzersResources.Designer.cs
+++ b/src/FxCop/Desktop.Analyzers/Core/DesktopAnalyzersResources.Designer.cs
@@ -62,7 +62,7 @@ internal DesktopAnalyzersResources() {
}
///
- /// Looks up a localized string similar to Do not catch corrupted state exceptions in general handlers..
+ /// Looks up a localized string similar to Do Not Catch Corrupted State Exceptions.
///
internal static string DoNotCatchCorruptedStateExceptions {
get {
@@ -71,7 +71,7 @@ internal static string DoNotCatchCorruptedStateExceptions {
}
///
- /// Looks up a localized string similar to Do not author general catch handlers in code that receives corrupted state exceptions. Code that receives and intends to handle corrupted state exceptions should author distinct handlers for each exception type..
+ /// Looks up a localized string similar to Catching corrupted state exceptions could mask errors (such as access violations), resulting in inconsistent state of execution or making it easier for attackers to compromise system. Instead, catch and handle a more specific set of exception type(s) or re-throw the exception.
///
internal static string DoNotCatchCorruptedStateExceptionsDescription {
get {
@@ -80,7 +80,7 @@ internal static string DoNotCatchCorruptedStateExceptionsDescription {
}
///
- /// Looks up a localized string similar to Modify {0} to catch and handle a more specific set of exception type(s) than {1} or rethrow the exception. .
+ /// Looks up a localized string similar to {0} is catching corrupted state exception..
///
internal static string DoNotCatchCorruptedStateExceptionsMessage {
get {
@@ -89,110 +89,56 @@ internal static string DoNotCatchCorruptedStateExceptionsMessage {
}
///
- /// Looks up a localized string similar to Do not use insecure cryptographic algorithm DES..
+ /// Looks up a localized string similar to Do Not Use Broken Cryptographic Algorithms.
///
- internal static string DoNotUseDES {
+ internal static string DoNotUseBrokenCryptographicAlgorithms {
get {
- return ResourceManager.GetString("DoNotUseDES", resourceCulture);
+ return ResourceManager.GetString("DoNotUseBrokenCryptographicAlgorithms", resourceCulture);
}
}
///
- /// Looks up a localized string similar to This type implements DES, a cryptographically insecure encryption algorithm. Replace this usage with an AES encryption algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits..
+ /// Looks up a localized string similar to An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and [rest of string was truncated]";.
///
- internal static string DoNotUseDESDescription {
+ internal static string DoNotUseBrokenCryptographicAlgorithmsDescription {
get {
- return ResourceManager.GetString("DoNotUseDESDescription", resourceCulture);
+ return ResourceManager.GetString("DoNotUseBrokenCryptographicAlgorithmsDescription", resourceCulture);
}
}
///
- /// Looks up a localized string similar to Do not use insecure cryptographic algorithm DSA..
+ /// Looks up a localized string similar to {0} uses a broken cryptographic algorithm {1}.
///
- internal static string DoNotUseDSA {
+ internal static string DoNotUseBrokenCryptographicAlgorithmsMessage {
get {
- return ResourceManager.GetString("DoNotUseDSA", resourceCulture);
+ return ResourceManager.GetString("DoNotUseBrokenCryptographicAlgorithmsMessage", resourceCulture);
}
}
///
- /// Looks up a localized string similar to This type implements DSA, a cryptographically insecure signature-creation mechanism. Replace this usage with RSA or Diffie-Hellman with a key length greater than or equal to 2048-bits, or ECDSA or ECDH with a key length greater than or equal 256 bits..
+ /// Looks up a localized string similar to Do Not Use Weak Cryptographic Algorithms.
///
- internal static string DoNotUseDSADescription {
+ internal static string DoNotUseWeakCryptographicAlgorithms {
get {
- return ResourceManager.GetString("DoNotUseDSADescription", resourceCulture);
+ return ResourceManager.GetString("DoNotUseWeakCryptographicAlgorithms", resourceCulture);
}
}
///
- /// Looks up a localized string similar to Do not use insecure cryptographic algorithm MD5..
+ /// Looks up a localized string similar to Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 [rest of string was truncated]";.
///
- internal static string DoNotUseMD5 {
+ internal static string DoNotUseWeakCryptographicAlgorithmsDescription {
get {
- return ResourceManager.GetString("DoNotUseMD5", resourceCulture);
+ return ResourceManager.GetString("DoNotUseWeakCryptographicAlgorithmsDescription", resourceCulture);
}
}
///
- /// Looks up a localized string similar to This type implements MD5, a cryptographically insecure hashing function. Hash collisions are computationally feasible for the MD5 and HMACMD5 algorithms. Replace this usage with a SHA-2 family hash algorithm (SHA512, SHA384, SHA256)..
+ /// Looks up a localized string similar to {0} uses a weak cryptographic algorithm {1}.
///
- internal static string DoNotUseMD5Description {
+ internal static string DoNotUseWeakCryptographicAlgorithmsMessage {
get {
- return ResourceManager.GetString("DoNotUseMD5Description", resourceCulture);
- }
- }
-
- ///
- /// Looks up a localized string similar to Do not use insecure cryptographic algorithm RC2..
- ///
- internal static string DoNotUseRC2 {
- get {
- return ResourceManager.GetString("DoNotUseRC2", resourceCulture);
- }
- }
-
- ///
- /// Looks up a localized string similar to This type implements RC2, a cryptographically insecure encryption algorithm. Replace this usage with an AES encryption algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits..
- ///
- internal static string DoNotUseRC2Description {
- get {
- return ResourceManager.GetString("DoNotUseRC2Description", resourceCulture);
- }
- }
-
- ///
- /// Looks up a localized string similar to Do not use insecure cryptographic algorithm RIPEMD160..
- ///
- internal static string DoNotUseRIPEMD160 {
- get {
- return ResourceManager.GetString("DoNotUseRIPEMD160", resourceCulture);
- }
- }
-
- ///
- /// Looks up a localized string similar to This type implements RIPEMD160, a cryptographically insecure hashing function. Hash collisions are computationally feasible for the RIPEMD hash algorithms. Replace this usage with a SHA-2 family hash algorithm (SHA512, SHA384, SHA256)..
- ///
- internal static string DoNotUseRIPEMD160Description {
- get {
- return ResourceManager.GetString("DoNotUseRIPEMD160Description", resourceCulture);
- }
- }
-
- ///
- /// Looks up a localized string similar to Do not use insecure cryptographic algorithm TripleDES..
- ///
- internal static string DoNotUseTripleDES {
- get {
- return ResourceManager.GetString("DoNotUseTripleDES", resourceCulture);
- }
- }
-
- ///
- /// Looks up a localized string similar to This type implements TripleDES, a cryptographically insecure encryption algorithm. Replace this usage with an AES encryption algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits..
- ///
- internal static string DoNotUseTripleDESDescription {
- get {
- return ResourceManager.GetString("DoNotUseTripleDESDescription", resourceCulture);
+ return ResourceManager.GetString("DoNotUseWeakCryptographicAlgorithmsMessage", resourceCulture);
}
}
}
diff --git a/src/FxCop/Desktop.Analyzers/Core/DesktopAnalyzersResources.resx b/src/FxCop/Desktop.Analyzers/Core/DesktopAnalyzersResources.resx
index 08ac7b91ff..c35f743393 100644
--- a/src/FxCop/Desktop.Analyzers/Core/DesktopAnalyzersResources.resx
+++ b/src/FxCop/Desktop.Analyzers/Core/DesktopAnalyzersResources.resx
@@ -118,48 +118,30 @@
System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
- Do not catch corrupted state exceptions in general handlers.
+ Do Not Catch Corrupted State Exceptions
- Do not author general catch handlers in code that receives corrupted state exceptions. Code that receives and intends to handle corrupted state exceptions should author distinct handlers for each exception type.
+ Catching corrupted state exceptions could mask errors (such as access violations), resulting in inconsistent state of execution or making it easier for attackers to compromise system. Instead, catch and handle a more specific set of exception type(s) or re-throw the exception
- Modify {0} to catch and handle a more specific set of exception type(s) than {1} or rethrow the exception.
+ {0} is catching corrupted state exception.
-
- Do not use insecure cryptographic algorithm DES.
+
+ {0} uses a broken cryptographic algorithm {1}
-
- This type implements DES, a cryptographically insecure encryption algorithm. Replace this usage with an AES encryption algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits.
+
+ Do Not Use Broken Cryptographic Algorithms
-
- Do not use insecure cryptographic algorithm MD5.
+
+ An attack making it computationally feasible to break this algorithm exists. This allows attackers to break the cryptographic guarantees it is designed to provide. Depending on the type and application of this cryptographic algorithm, this may allow attackers to read enciphered messages, tamper with enciphered messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA512, SHA384, or SHA256. Replace digital signature uses with RSA with a key length greater than or equal to 2048-bits, or ECDSA with a key length greater than or equal to 256 bits.
-
- This type implements MD5, a cryptographically insecure hashing function. Hash collisions are computationally feasible for the MD5 and HMACMD5 algorithms. Replace this usage with a SHA-2 family hash algorithm (SHA512, SHA384, SHA256).
+
+ Do Not Use Weak Cryptographic Algorithms
-
- Do not use insecure cryptographic algorithm RC2.
+
+ Cryptographic algorithms degrade over time as attacks become for advances to attacker get access to more computation. Depending on the type and application of this cryptographic algorithm, further degradation of the cryptographic strength of it may allow attackers to read enciphered messages, tamper with enciphered messages, forge digital signatures, tamper with hashed content, or otherwise compromise any cryptosystem based on this algorithm. Replace encryption uses with the AES algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits. Replace hashing uses with a hashing function in the SHA-2 family, such as SHA-2 512, SHA-2 384, or SHA-2 256.
-
- This type implements RC2, a cryptographically insecure encryption algorithm. Replace this usage with an AES encryption algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits.
-
-
- Do not use insecure cryptographic algorithm RIPEMD160.
-
-
- This type implements RIPEMD160, a cryptographically insecure hashing function. Hash collisions are computationally feasible for the RIPEMD hash algorithms. Replace this usage with a SHA-2 family hash algorithm (SHA512, SHA384, SHA256).
-
-
- Do not use insecure cryptographic algorithm DSA.
-
-
- This type implements DSA, a cryptographically insecure signature-creation mechanism. Replace this usage with RSA or Diffie-Hellman with a key length greater than or equal to 2048-bits, or ECDSA or ECDH with a key length greater than or equal 256 bits.
-
-
- Do not use insecure cryptographic algorithm TripleDES.
-
-
- This type implements TripleDES, a cryptographically insecure encryption algorithm. Replace this usage with an AES encryption algorithm (AES-256, AES-192 and AES-128 are acceptable) with a key length greater than or equal to 128 bits.
+
+ {0} uses a weak cryptographic algorithm {1}
\ No newline at end of file
diff --git a/src/FxCop/Desktop.Analyzers/Core/Security/DoNotCatchCorruptedStateExceptionsAnalyzer.cs b/src/FxCop/Desktop.Analyzers/Core/Security/DoNotCatchCorruptedStateExceptionsAnalyzer.cs
index 45b527e016..fd6242d8b2 100644
--- a/src/FxCop/Desktop.Analyzers/Core/Security/DoNotCatchCorruptedStateExceptionsAnalyzer.cs
+++ b/src/FxCop/Desktop.Analyzers/Core/Security/DoNotCatchCorruptedStateExceptionsAnalyzer.cs
@@ -28,7 +28,7 @@ public abstract class DoNotCatchCorruptedStateExceptionsAnalyzer s_supportedDiagnostics = ImmutableArray.Create(DoNotUseMD5SpecificRule,
- DoNotUseDESSpecificRule,
- DoNotUseRC2SpecificRule,
- DoNotUseTripleDESSpecificRule,
- DoNotUseRIPEMD160SpecificRule,
- DoNotUseDSASpecificRule);
+ private static readonly ImmutableArray s_supportedDiagnostics = ImmutableArray.Create(DoNotUseWeakCryptographicRule,
+ DoNotUseBrokenCryptographicRule);
public override ImmutableArray SupportedDiagnostics
=> s_supportedDiagnostics;
- private static DiagnosticDescriptor CreateDiagnosticDescriptor(string ruleId, LocalizableString title, LocalizableString description, string uri = null)
+ private static DiagnosticDescriptor CreateDiagnosticDescriptor(string ruleId, LocalizableString title, LocalizableString message, LocalizableString description, string uri = null)
{
return new DiagnosticDescriptor(ruleId,
title,
- title,
+ message,
DiagnosticCategory.Security,
DiagnosticSeverity.Warning,
isEnabledByDefault: true,
@@ -78,7 +55,7 @@ private static DiagnosticDescriptor CreateDiagnosticDescriptor(string ruleId, Lo
helpLinkUri: uri,
customTags: WellKnownDiagnosticTags.Telemetry);
}
-
+
public override void Initialize(AnalysisContext analysisContext)
{
analysisContext.RegisterCompilationStartAction(
@@ -117,9 +94,9 @@ public void AnalyzeNode(SyntaxNodeAnalysisContext context)
{
SyntaxNode node = context.Node;
SemanticModel model = context.SemanticModel;
-
ISymbol symbol = SyntaxNodeHelper.GetSymbol(node, model);
IMethodSymbol method = symbol as IMethodSymbol;
+
if (method == null)
{
return;
@@ -127,38 +104,73 @@ public void AnalyzeNode(SyntaxNodeAnalysisContext context)
INamedTypeSymbol type = method.ContainingType;
DiagnosticDescriptor rule = null;
+ string[] messageArgs = new string[2];
+ string owningParentName = string.Empty;
+ SyntaxNode cur = node;
+
+ while(cur.Parent != null)
+ {
+ var pNode = cur.Parent;
+ ISymbol sym = SyntaxNodeHelper.GetSymbol(pNode, model);
+
+ if(sym != null &&
+ !string.IsNullOrEmpty(sym.Name)
+ && (
+ sym.Kind == SymbolKind.Method ||
+ sym.Kind == SymbolKind.NamedType
+ )
+ )
+ {
+ owningParentName = sym.Name;
+ break;
+ }
+
+ cur = pNode;
+ }
+
+ messageArgs[0] = owningParentName;
if (type.IsDerivedFrom(this._cryptTypes.DES, baseTypesOnly: true))
{
- rule = DoNotUseDESSpecificRule;
+ rule = DoNotUseBrokenCryptographicRule;
+ messageArgs[1] = _cryptTypes.DES.Name;
}
else if (method.MatchMethodDerived(_cryptTypes.DSA, SecurityMemberNames.CreateSignature) ||
(type == _cryptTypes.DSASignatureFormatter &&
method.MatchMethodDerived(_cryptTypes.DSASignatureFormatter, WellKnownMemberNames.InstanceConstructorName)))
{
- rule = DoNotUseDSASpecificRule;
+ rule = DoNotUseBrokenCryptographicRule;
+ messageArgs[1] = _cryptTypes.DSA.Name;
}
else if (type.IsDerivedFrom(_cryptTypes.HMACMD5, baseTypesOnly: true))
{
- rule = DoNotUseMD5SpecificRule;
+ rule = DoNotUseBrokenCryptographicRule;
+ messageArgs[1] = _cryptTypes.HMACMD5.Name;
}
else if (type.IsDerivedFrom(_cryptTypes.RC2, baseTypesOnly: true))
{
- rule = DoNotUseRC2SpecificRule;
+ rule = DoNotUseBrokenCryptographicRule;
+ messageArgs[1] = _cryptTypes.RC2.Name;
}
else if (type.IsDerivedFrom(_cryptTypes.TripleDES, baseTypesOnly: true))
{
- rule = DoNotUseTripleDESSpecificRule;
+ rule = DoNotUseWeakCryptographicRule;
+ messageArgs[1] = _cryptTypes.TripleDES.Name;
+ }
+ else if (type.IsDerivedFrom(_cryptTypes.RIPEMD160, baseTypesOnly: true))
+ {
+ rule = DoNotUseWeakCryptographicRule;
+ messageArgs[1] = _cryptTypes.RIPEMD160.Name;
}
- else if (type.IsDerivedFrom(_cryptTypes.RIPEMD160, baseTypesOnly: true) ||
- type.IsDerivedFrom(_cryptTypes.HMACRIPEMD160, baseTypesOnly: true))
+ else if (type.IsDerivedFrom(_cryptTypes.HMACRIPEMD160, baseTypesOnly: true))
{
- rule = DoNotUseRIPEMD160SpecificRule;
+ rule = DoNotUseWeakCryptographicRule;
+ messageArgs[1] = _cryptTypes.HMACRIPEMD160.Name;
}
if (rule != null)
{
- context.ReportDiagnostic(Diagnostic.Create(rule, node.GetLocation()));
+ context.ReportDiagnostic(Diagnostic.Create(rule, node.GetLocation(), messageArgs));
}
}
}
diff --git a/src/FxCop/Desktop.Analyzers/Core/Shared/DiagnosticHelpers.cs b/src/FxCop/Desktop.Analyzers/Core/Shared/DiagnosticHelpers.cs
index dcd94f6e0f..5c1e5b1c0f 100644
--- a/src/FxCop/Desktop.Analyzers/Core/Shared/DiagnosticHelpers.cs
+++ b/src/FxCop/Desktop.Analyzers/Core/Shared/DiagnosticHelpers.cs
@@ -122,6 +122,11 @@ public static LocalizableResourceString GetLocalizableResourceString(string reso
return new LocalizableResourceString(resourceName, DesktopAnalyzersResources.ResourceManager, typeof(DesktopAnalyzersResources));
}
+ public static LocalizableResourceString GetLocalizableResourceString(string resourceName, params string[] formatArguments)
+ {
+ return new LocalizableResourceString(resourceName, DesktopAnalyzersResources.ResourceManager, typeof(DesktopAnalyzersResources), formatArguments);
+ }
+
private static bool IsInvisibleOutsideAssemblyAtSymbolLevel(ISymbol symbol)
{
return SymbolIsPrivateOrInternal(symbol)
diff --git a/src/FxCop/Desktop.Analyzers/Test/Security/DoNotUseInsecureCryptographicAlgorithmsTests.cs b/src/FxCop/Desktop.Analyzers/Test/Security/DoNotUseInsecureCryptographicAlgorithmsTests.cs
index 67e3381a4d..02cfe28fa2 100644
--- a/src/FxCop/Desktop.Analyzers/Test/Security/DoNotUseInsecureCryptographicAlgorithmsTests.cs
+++ b/src/FxCop/Desktop.Analyzers/Test/Security/DoNotUseInsecureCryptographicAlgorithmsTests.cs
@@ -1,5 +1,6 @@
// Copyright (c) Microsoft. All Rights Reserved. Licensed under the Apache License, Version 2.0. See License.txt in the projecVerifyCSharp(t root for license information.
+using Microsoft.CodeAnalysis;
using Microsoft.CodeAnalysis.Diagnostics;
using Microsoft.CodeAnalysis.UnitTests;
using Xunit;
@@ -24,7 +25,7 @@ private static void TestMethod()
}
}
}",
- GetCSharpResultAt(10, 23, CA5351RuleName, DoNotUseMD5Message));
+ GetCSharpResultAt(10, 23, CA5351Rule, "TestMethod", "HMACMD5"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -36,7 +37,7 @@ Private Shared Sub TestMethod()
End Sub
End Class
End Namespace",
- GetBasicResultAt(7, 14, CA5351RuleName, DoNotUseMD5Message));
+ GetBasicResultAt(7, 14, CA5351Rule, "TestMethod", "HMACMD5"));
}
[Fact]
@@ -57,7 +58,7 @@ private static void TestMethod()
}
}
}",
- GetCSharpResultAt(12, 23, CA5351RuleName, DoNotUseMD5Message));
+ GetCSharpResultAt(12, 23, CA5351Rule, "TestMethod", "HMACMD5"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -72,7 +73,7 @@ Private Shared Sub TestMethod()
End Sub
End Class
End Namespace",
- GetBasicResultAt(10, 14, CA5351RuleName, DoNotUseMD5Message));
+ GetBasicResultAt(10, 14, CA5351Rule, "TestMethod", "HMACMD5"));
}
[Fact]
@@ -90,7 +91,7 @@ public HMACMD5 GetHMACMD5
}
}
}",
- GetCSharpResultAt(9, 26, CA5351RuleName, DoNotUseMD5Message));
+ GetCSharpResultAt(9, 26, CA5351Rule, "get_GetHMACMD5", "HMACMD5"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -103,7 +104,7 @@ End Get
End Property
End Class
End Namespace",
-GetBasicResultAt(7, 12, CA5351RuleName, DoNotUseMD5Message));
+GetBasicResultAt(7, 12, CA5351Rule, "get_GetHMACMD5", "HMACMD5"));
}
[Fact]
@@ -118,7 +119,7 @@ class TestClass
HMACMD5 privateMd5 = new HMACMD5();
}
}",
- GetCSharpResultAt(7, 30, CA5351RuleName, DoNotUseMD5Message));
+ GetCSharpResultAt(7, 30, CA5351Rule, "TestClass", "HMACMD5"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -127,7 +128,7 @@ Class TestClass
Private privateMd5 As New HMACMD5()
End Class
End Namespace",
-GetBasicResultAt(5, 25, CA5351RuleName, DoNotUseMD5Message));
+GetBasicResultAt(5, 25, CA5351Rule, "TestClass", "HMACMD5"));
}
[Fact]
@@ -146,7 +147,7 @@ private async Task TestMethod()
}
}
}",
- GetCSharpResultAt(10, 36, CA5351RuleName, DoNotUseMD5Message));
+ GetCSharpResultAt(10, 36, CA5351Rule, "Run", "HMACMD5"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -158,7 +159,7 @@ Return New HMACMD5()
End Function)
End Sub
End Module",
- GetBasicResultAt(7, 35, CA5351RuleName, DoNotUseMD5Message));
+ GetBasicResultAt(7, 35, CA5351Rule, "TestMethod", "HMACMD5"));
}
[Fact]
@@ -174,7 +175,7 @@ class TestClass
Del d = delegate () { new HMACMD5(); };
}
}",
- GetCSharpResultAt(8, 31, CA5351RuleName, DoNotUseMD5Message));
+ GetCSharpResultAt(8, 31, CA5351Rule, "TestClass", "HMACMD5"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -183,7 +184,7 @@ Module TestClass
Delegate Function Del() As HashAlgorithm
Dim d As Del = Function() New HMACMD5()
End Module",
- GetBasicResultAt(6, 31, CA5351RuleName, DoNotUseMD5Message));
+ GetBasicResultAt(6, 31, CA5351Rule, "TestClass", "HMACMD5"));
}
[Fact]
@@ -202,7 +203,7 @@ private static void TestMethod()
}
}
}",
- GetCSharpResultAt(10, 23, CA5351RuleName, DoNotUseDESMessage));
+ GetCSharpResultAt(10, 23, CA5351Rule, "TestMethod", "DES"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -212,7 +213,7 @@ Sub TestMethod()
Dim desalg As DES = DES.Create()
End Sub
End Module",
-GetBasicResultAt(6, 29, CA5351RuleName, DoNotUseDESMessage));
+GetBasicResultAt(6, 29, CA5351Rule, "TestMethod", "DES"));
}
[Fact]
@@ -230,7 +231,7 @@ public DES GetDES
}
}
}",
- GetCSharpResultAt(9, 26, CA5351RuleName, DoNotUseDESMessage));
+ GetCSharpResultAt(9, 26, CA5351Rule, "get_GetDES", "DES"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -244,7 +245,7 @@ End Property
End Class
End Namespace
",
-GetBasicResultAt(7, 12, CA5351RuleName, DoNotUseDESMessage));
+GetBasicResultAt(7, 12, CA5351Rule, "get_GetDES", "DES"));
}
[Fact]
@@ -259,7 +260,7 @@ class TestClass
DES privateDES = DES.Create();
}
}",
- GetCSharpResultAt(7, 26, CA5351RuleName, DoNotUseDESMessage));
+ GetCSharpResultAt(7, 26, CA5351Rule, "TestClass", "DES"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -268,7 +269,7 @@ Class TestClass
Private privateDES As DES = DES.Create()
End Class
End Namespace",
-GetBasicResultAt(5, 31, CA5351RuleName, DoNotUseDESMessage));
+GetBasicResultAt(5, 31, CA5351Rule, "TestClass", "DES"));
}
[Fact]
@@ -287,7 +288,7 @@ private async Task TestMethod()
}
}
}",
- GetCSharpResultAt(10, 36, CA5351RuleName, DoNotUseDESMessage));
+ GetCSharpResultAt(10, 36, CA5351Rule, "Run", "DES"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -301,7 +302,7 @@ Await Task.Run(Function()
End Function
End Class
End Namespace",
-GetBasicResultAt(8, 4, CA5351RuleName, DoNotUseDESMessage));
+GetBasicResultAt(8, 4, CA5351Rule, "Run", "DES"));
}
[Fact]
@@ -317,7 +318,7 @@ class TestClass
Del d = delegate () { DES.Create(); };
}
}",
- GetCSharpResultAt(8, 31, CA5351RuleName, DoNotUseDESMessage));
+ GetCSharpResultAt(8, 31, CA5351Rule, "TestClass", "DES"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -327,7 +328,7 @@ Private Delegate Sub Del()
Private d As Del = Sub() DES.Create()
End Class
End Namespace",
-GetBasicResultAt(6, 28, CA5351RuleName, DoNotUseDESMessage));
+GetBasicResultAt(6, 28, CA5351Rule, "TestClass", "DES"));
}
[Fact]
@@ -346,7 +347,7 @@ private static void TestMethod()
}
}
}",
- GetCSharpResultAt(10, 23, CA5351RuleName, DoNotUseDESMessage));
+ GetCSharpResultAt(10, 23, CA5351Rule, "TestMethod", "DES"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -357,7 +358,7 @@ Private Shared Sub TestMethod()
End Sub
End Class
End Namespace",
- GetBasicResultAt(6, 21, CA5351RuleName, DoNotUseDESMessage));
+ GetBasicResultAt(6, 21, CA5351Rule, "TestMethod", "DES"));
}
[Fact]
@@ -375,7 +376,7 @@ public DESCryptoServiceProvider GetDES
}
}
}",
- GetCSharpResultAt(9, 26, CA5351RuleName, DoNotUseDESMessage));
+ GetCSharpResultAt(9, 26, CA5351Rule, "get_GetDES", "DES"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -388,7 +389,7 @@ End Get
End Property
End Class
End Namespace",
- GetBasicResultAt(7, 12, CA5351RuleName, DoNotUseDESMessage));
+ GetBasicResultAt(7, 12, CA5351Rule, "get_GetDES", "DES"));
}
[Fact]
@@ -403,7 +404,7 @@ class TestClass
DESCryptoServiceProvider privateDES = new DESCryptoServiceProvider();
}
}",
- GetCSharpResultAt(7, 47, CA5351RuleName, DoNotUseDESMessage));
+ GetCSharpResultAt(7, 47, CA5351Rule, "TestClass", "DES"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -412,7 +413,7 @@ Class TestClass
Private privateDES As New DESCryptoServiceProvider()
End Class
End Namespace",
-GetBasicResultAt(5, 25, CA5351RuleName, DoNotUseDESMessage));
+GetBasicResultAt(5, 25, CA5351Rule, "TestClass", "DES"));
}
//No VB
[Fact]
@@ -431,7 +432,7 @@ private async Task TestMethod()
}
}
}",
- GetCSharpResultAt(10, 36, CA5351RuleName, DoNotUseDESMessage));
+ GetCSharpResultAt(10, 36, CA5351Rule, "Run", "DES"));
}
//No VB
[Fact]
@@ -447,7 +448,7 @@ class TestClass
Del d = delegate () { new DESCryptoServiceProvider(); };
}
}",
- GetCSharpResultAt(8, 31, CA5351RuleName, DoNotUseDESMessage));
+ GetCSharpResultAt(8, 31, CA5351Rule, "TestClass", "DES"));
}
[Fact]
@@ -499,8 +500,8 @@ public override void GenerateKey()
}
}
}" },
- GetCSharpResultAt(10, 25, CA5351RuleName, DoNotUseDESMessage),
- GetCSharpResultAt(11, 13, CA5351RuleName, DoNotUseDESMessage));
+ GetCSharpResultAt(10, 25, CA5351Rule, "TestMethod", "DES"),
+ GetCSharpResultAt(11, 13, CA5351Rule, "TestMethod", "DES"));
VerifyBasic(new[] {
//Test0
@@ -538,8 +539,8 @@ End Sub
End Class
End Namespace
" },
- GetBasicResultAt(6, 15, CA5351RuleName, DoNotUseDESMessage),
- GetBasicResultAt(7, 4, CA5351RuleName, DoNotUseDESMessage));
+ GetBasicResultAt(6, 15, CA5351Rule, "TestMethod", "DES"),
+ GetBasicResultAt(7, 4, CA5351Rule, "TestMethod", "DES"));
}
[Fact]
@@ -558,7 +559,7 @@ private static void TestMethod()
}
}
}",
- GetCSharpResultAt(10, 23, CA5351RuleName, DoNotUseRC2Message));
+ GetCSharpResultAt(10, 23, CA5351Rule, "TestMethod", "RC2"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -568,7 +569,7 @@ Sub TestMethod()
Dim rc2alg As New RC2CryptoServiceProvider
End Sub
End Module",
-GetBasicResultAt(6, 23, CA5351RuleName, DoNotUseRC2Message));
+GetBasicResultAt(6, 23, CA5351Rule, "TestMethod", "RC2"));
}
[Fact]
@@ -586,7 +587,7 @@ public RC2CryptoServiceProvider GetRC2
}
}
}",
- GetCSharpResultAt(9, 26, CA5351RuleName, DoNotUseRC2Message));
+ GetCSharpResultAt(9, 26, CA5351Rule, "get_GetRC2", "RC2"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -599,7 +600,7 @@ End Get
End Property
End Class
End Namespace",
-GetBasicResultAt(7, 12, CA5351RuleName, DoNotUseRC2Message));
+GetBasicResultAt(7, 12, CA5351Rule, "get_GetRC2", "RC2"));
}
[Fact]
@@ -614,7 +615,7 @@ class TestClass
RC2CryptoServiceProvider privateRC2 = new RC2CryptoServiceProvider();
}
}",
- GetCSharpResultAt(7, 47, CA5351RuleName, DoNotUseRC2Message));
+ GetCSharpResultAt(7, 47, CA5351Rule, "TestClass", "RC2"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -624,7 +625,7 @@ Private privateRC2 As New RC2CryptoServiceProvider()
End Class
End Namespace
",
-GetBasicResultAt(5, 25, CA5351RuleName, DoNotUseRC2Message));
+GetBasicResultAt(5, 25, CA5351Rule, "TestClass", "RC2"));
}
//No VB
[Fact]
@@ -643,7 +644,7 @@ private async Task TestMethod()
}
}
}",
- GetCSharpResultAt(10, 36, CA5351RuleName, DoNotUseRC2Message));
+ GetCSharpResultAt(10, 36, CA5351Rule, "Run", "RC2"));
}
//No VB
[Fact]
@@ -659,7 +660,7 @@ class TestClass
Del d = delegate () { new RC2CryptoServiceProvider(); };
}
}",
- GetCSharpResultAt(8, 31, CA5351RuleName, DoNotUseRC2Message));
+ GetCSharpResultAt(8, 31, CA5351Rule, "TestClass", "RC2"));
}
[Fact]
@@ -710,7 +711,7 @@ public override void GenerateKey()
}
}
}" },
- GetCSharpResultAt(10, 23, CA5351RuleName, DoNotUseRC2Message));
+ GetCSharpResultAt(10, 23, CA5351Rule, "TestMethod", "RC2"));
VerifyBasic(new[] {
//Test0
@@ -747,7 +748,7 @@ End Sub
End Class
End Namespace
" },
- GetBasicResultAt(6, 14, CA5351RuleName, DoNotUseRC2Message));
+ GetBasicResultAt(6, 14, CA5351Rule, "TestMethod", "RC2"));
}
[Fact]
@@ -766,7 +767,7 @@ private static void TestMethod()
}
}
}",
- GetCSharpResultAt(10, 29, CA5350RuleName, DoNotUseTripleDESMessage));
+ GetCSharpResultAt(10, 29, CA5350Rule, "TestMethod", "TripleDES"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -777,7 +778,7 @@ Private Shared Sub TestMethod()
End Sub
End Class
End Namespace",
- GetBasicResultAt(6, 23, CA5350RuleName, DoNotUseTripleDESMessage));
+ GetBasicResultAt(6, 23, CA5350Rule, "TestMethod", "TripleDES"));
}
[Fact]
@@ -795,7 +796,7 @@ public TripleDES GetTripleDES
}
}
}",
- GetCSharpResultAt(9, 26, CA5350RuleName, DoNotUseTripleDESMessage));
+ GetCSharpResultAt(9, 26, CA5350Rule, "get_GetTripleDES", "TripleDES"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -808,7 +809,7 @@ End Get
End Property
End Class
End Namespace",
- GetBasicResultAt(7, 12, CA5350RuleName, DoNotUseTripleDESMessage));
+ GetBasicResultAt(7, 12, CA5350Rule, "get_GetTripleDES", "TripleDES"));
}
[Fact]
@@ -823,7 +824,7 @@ class TestClass
TripleDES privateDES = TripleDES.Create(""TripleDES"");
}
}",
- GetCSharpResultAt(7, 32, CA5350RuleName, DoNotUseTripleDESMessage));
+ GetCSharpResultAt(7, 32, CA5350Rule, "TestClass", "TripleDES"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -832,7 +833,7 @@ Class TestClass
Private privateDES As TripleDES = TripleDES.Create(""TripleDES"")
End Class
End Namespace",
- GetBasicResultAt(5, 37, CA5350RuleName, DoNotUseTripleDESMessage));
+ GetBasicResultAt(5, 37, CA5350Rule, "TestClass", "TripleDES"));
}
//No VB
[Fact]
@@ -851,7 +852,7 @@ private async Task TestMethod()
}
}
}",
- GetCSharpResultAt(10, 36, CA5350RuleName, DoNotUseTripleDESMessage));
+ GetCSharpResultAt(10, 36, CA5350Rule, "Run", "TripleDES"));
}
[Fact]
@@ -867,7 +868,7 @@ class TestClass
Del d = delegate () { TripleDES.Create(""TripleDES""); };
}
}",
- GetCSharpResultAt(8, 31, CA5350RuleName, DoNotUseTripleDESMessage));
+ GetCSharpResultAt(8, 31, CA5350Rule, "TestClass", "TripleDES"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -877,7 +878,7 @@ Private Delegate Sub Del()
Private d As Del = Sub() TripleDES.Create(""TripleDES"")
End Class
End Namespace",
-GetBasicResultAt(6, 28, CA5350RuleName, DoNotUseTripleDESMessage));
+GetBasicResultAt(6, 28, CA5350Rule, "TestClass", "TripleDES"));
}
[Fact]
@@ -896,7 +897,7 @@ private static void TestMethod()
}
}
}",
- GetCSharpResultAt(10, 56, CA5350RuleName, DoNotUseTripleDESMessage));
+ GetCSharpResultAt(10, 56, CA5350Rule, "TestMethod", "TripleDES"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -906,7 +907,7 @@ Sub TestMethod()
Dim tDESalg As New TripleDESCryptoServiceProvider
End Sub
End Module",
-GetBasicResultAt(6, 24, CA5350RuleName, DoNotUseTripleDESMessage));
+GetBasicResultAt(6, 24, CA5350Rule, "TestMethod", "TripleDES"));
}
[Fact]
@@ -924,7 +925,7 @@ public TripleDESCryptoServiceProvider GetDES
}
}
}",
- GetCSharpResultAt(9, 26, CA5350RuleName, DoNotUseTripleDESMessage));
+ GetCSharpResultAt(9, 26, CA5350Rule, "get_GetDES", "TripleDES"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -937,7 +938,7 @@ End Get
End Property
End Class
End Namespace",
- GetBasicResultAt(7, 12, CA5350RuleName, DoNotUseTripleDESMessage));
+ GetBasicResultAt(7, 12, CA5350Rule, "get_GetDES", "TripleDES"));
}
[Fact]
@@ -952,7 +953,7 @@ class TestClass
TripleDESCryptoServiceProvider privateDES = new TripleDESCryptoServiceProvider();
}
}",
- GetCSharpResultAt(7, 53, CA5350RuleName, DoNotUseTripleDESMessage));
+ GetCSharpResultAt(7, 53, CA5350Rule, "TestClass", "TripleDES"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -961,7 +962,7 @@ Class TestClass
Private privateDES As New TripleDESCryptoServiceProvider()
End Class
End Namespace",
-GetBasicResultAt(5, 25, CA5350RuleName, DoNotUseTripleDESMessage));
+GetBasicResultAt(5, 25, CA5350Rule, "TestClass", "TripleDES"));
}
//No VB
[Fact]
@@ -980,7 +981,7 @@ private async Task TestMethod()
}
}
}",
- GetCSharpResultAt(10, 36, CA5350RuleName, DoNotUseTripleDESMessage));
+ GetCSharpResultAt(10, 36, CA5350Rule, "Run", "TripleDES"));
}
//No VB
[Fact]
@@ -996,7 +997,7 @@ class TestClass
Del d = delegate () { new TripleDESCryptoServiceProvider(); };
}
}",
- GetCSharpResultAt(8, 31, CA5350RuleName, DoNotUseTripleDESMessage));
+ GetCSharpResultAt(8, 31, CA5350Rule, "TestClass", "TripleDES"));
}
[Fact]
@@ -1048,8 +1049,8 @@ public override void GenerateKey()
}
}
}" },
- GetCSharpResultAt(10, 26, CA5350RuleName, DoNotUseTripleDESMessage),
- GetCSharpResultAt(11, 13, CA5350RuleName, DoNotUseTripleDESMessage));
+ GetCSharpResultAt(10, 26, CA5350Rule, "TestMethod", "TripleDES"),
+ GetCSharpResultAt(11, 13, CA5350Rule, "TestMethod", "TripleDES"));
VerifyBasic(new[] {
//Test0
@@ -1089,13 +1090,13 @@ End Sub
End Class
End Namespace
" },
- GetBasicResultAt(6, 17, CA5350RuleName, DoNotUseTripleDESMessage),
- GetBasicResultAt(7, 4, CA5350RuleName, DoNotUseTripleDESMessage));
+ GetBasicResultAt(6, 17, CA5350Rule, "TestMethod", "TripleDES"),
+ GetBasicResultAt(7, 4, CA5350Rule, "TestMethod", "TripleDES"));
}
[Fact]
- public void CA5355RIPEMD160ManagedInMethodDeclaration()
+ public void CA5350RIPEMD160ManagedInMethodDeclaration()
{
VerifyCSharp(@"
using System.Security.Cryptography;
@@ -1110,7 +1111,7 @@ private static void TestMethod()
}
}
}",
- GetCSharpResultAt(10, 25, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetCSharpResultAt(10, 25, CA5350Rule, "TestMethod", "RIPEMD160"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -1120,11 +1121,11 @@ Sub TestMethod()
Dim md1601alg As New RIPEMD160Managed
End Sub
End Module",
-GetBasicResultAt(6, 26, CA5350RuleName, DoNotUseRIPEMD160Message));
+GetBasicResultAt(6, 26, CA5350Rule, "TestMethod", "RIPEMD160"));
}
[Fact]
- public void CA5355RIPEMD160ManagedInGetDeclaration()
+ public void CA5350RIPEMD160ManagedInGetDeclaration()
{
VerifyCSharp(@"
using System.Security.Cryptography;
@@ -1138,7 +1139,7 @@ public RIPEMD160Managed GetRIPEMD160
}
}
}",
- GetCSharpResultAt(9, 26, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetCSharpResultAt(9, 26, CA5350Rule, "get_GetRIPEMD160", "RIPEMD160"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -1151,11 +1152,11 @@ End Get
End Property
End Class
End Namespace",
- GetBasicResultAt(7, 12, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetBasicResultAt(7, 12, CA5350Rule, "get_GetRIPEMD160", "RIPEMD160"));
}
[Fact]
- public void CA5355RIPEMD160ManagedInFieldDeclaration()
+ public void CA5350RIPEMD160ManagedInFieldDeclaration()
{
VerifyCSharp(@"
using System.Security.Cryptography;
@@ -1166,7 +1167,7 @@ class TestClass
RIPEMD160Managed privateRIPEMD160 = new RIPEMD160Managed();
}
}",
- GetCSharpResultAt(7, 45, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetCSharpResultAt(7, 45, CA5350Rule, "TestClass", "RIPEMD160"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -1176,11 +1177,11 @@ Private privateRIPEMD160 As New RIPEMD160Managed()
End Class
End Namespace
",
- GetBasicResultAt(5, 31, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetBasicResultAt(5, 31, CA5350Rule, "TestClass", "RIPEMD160"));
}
//No VB
[Fact]
- public void CA5355RIPEMD160ManagedInLambdaExpression()
+ public void CA5350RIPEMD160ManagedInLambdaExpression()
{
VerifyCSharp(@"
using System.Security.Cryptography;
@@ -1195,11 +1196,11 @@ private async Task TestMethod()
}
}
}",
- GetCSharpResultAt(10, 36, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetCSharpResultAt(10, 36, CA5350Rule, "Run", "RIPEMD160"));
}
//No VB
[Fact]
- public void CA5355RIPEMD160ManagedInAnonymousMethodExpression()
+ public void CA5350RIPEMD160ManagedInAnonymousMethodExpression()
{
VerifyCSharp(@"
using System.Security.Cryptography;
@@ -1211,11 +1212,11 @@ class TestClass
Del d = delegate () { new RIPEMD160Managed(); };
}
}",
- GetCSharpResultAt(8, 31, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetCSharpResultAt(8, 31, CA5350Rule, "TestClass", "RIPEMD160"));
}
[Fact]
- public void CA5355RIPEMD160CreateInMethodDeclaration()
+ public void CA5350RIPEMD160CreateInMethodDeclaration()
{
VerifyCSharp(@"
using System.Security.Cryptography;
@@ -1230,7 +1231,7 @@ private static void TestMethod()
}
}
}",
- GetCSharpResultAt(10, 31, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetCSharpResultAt(10, 31, CA5350Rule, "TestMethod", "RIPEMD160"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -1241,11 +1242,11 @@ Private Shared Sub TestMethod()
End Sub
End Class
End Namespace",
- GetBasicResultAt(6, 29, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetBasicResultAt(6, 29, CA5350Rule, "TestMethod", "RIPEMD160"));
}
[Fact]
- public void CA5355RIPEMD160CreateInGetDeclaration()
+ public void CA5350RIPEMD160CreateInGetDeclaration()
{
VerifyCSharp(@"
using System.Security.Cryptography;
@@ -1259,7 +1260,7 @@ public RIPEMD160 GetRIPEMD160
}
}
}",
- GetCSharpResultAt(9, 26, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetCSharpResultAt(9, 26, CA5350Rule, "get_GetRIPEMD160", "RIPEMD160"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -1272,11 +1273,11 @@ End Get
End Property
End Class
End Namespace",
-GetBasicResultAt(7, 12, CA5350RuleName, DoNotUseRIPEMD160Message));
+GetBasicResultAt(7, 12, CA5350Rule, "get_GetRIPEMD160", "RIPEMD160"));
}
[Fact]
- public void CA5355RIPEMD160CreateInFieldDeclaration()
+ public void CA5350RIPEMD160CreateInFieldDeclaration()
{
VerifyCSharp(@"
using System.Security.Cryptography;
@@ -1287,7 +1288,7 @@ class TestClass
RIPEMD160 privateRIPEMD160 = RIPEMD160.Create();
}
}",
- GetCSharpResultAt(7, 38, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetCSharpResultAt(7, 38, CA5350Rule, "TestClass", "RIPEMD160"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -1296,11 +1297,11 @@ Class TestClass
Private privateRIPEMD160 As RIPEMD160 = RIPEMD160.Create()
End Class
End Namespace",
- GetBasicResultAt(5, 43, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetBasicResultAt(5, 43, CA5350Rule, "TestClass", "RIPEMD160"));
}
//No VB
[Fact]
- public void CA5355RIPEMD160CreateInLambdaExpression()
+ public void CA5350RIPEMD160CreateInLambdaExpression()
{
VerifyCSharp(@"
using System.Security.Cryptography;
@@ -1315,11 +1316,11 @@ private async Task TestMethod()
}
}
}",
- GetCSharpResultAt(10, 36, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetCSharpResultAt(10, 36, CA5350Rule, "Run", "RIPEMD160"));
}
[Fact]
- public void CA5355RIPEMD160CreateInAnonymousMethodExpression()
+ public void CA5350RIPEMD160CreateInAnonymousMethodExpression()
{
VerifyCSharp(@"
using System.Security.Cryptography;
@@ -1331,7 +1332,7 @@ class TestClass
Del d = delegate () { RIPEMD160.Create(); };
}
}",
- GetCSharpResultAt(8, 31, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetCSharpResultAt(8, 31, CA5350Rule, "TestClass", "RIPEMD160"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -1341,11 +1342,11 @@ Private Delegate Sub Del()
Private d As Del = Sub() RIPEMD160.Create()
End Class
End Namespace",
- GetBasicResultAt(6, 34, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetBasicResultAt(6, 34, CA5350Rule, "TestClass", "RIPEMD160"));
}
[Fact]
- public void CA5355HMACRIPEMD160InMethodDeclaration()
+ public void CA5350HMACRIPEMD160InMethodDeclaration()
{
VerifyCSharp(@"
using System.Security.Cryptography;
@@ -1360,7 +1361,7 @@ private static void TestMethod()
}
}
}",
- GetCSharpResultAt(10, 25, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetCSharpResultAt(10, 25, CA5350Rule, "TestMethod", "HMACRIPEMD160"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -1371,11 +1372,11 @@ Private Shared Sub TestMethod()
End Sub
End Class
End Namespace",
- GetBasicResultAt(6, 16, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetBasicResultAt(6, 16, CA5350Rule, "TestMethod", "HMACRIPEMD160"));
}
[Fact]
- public void CA5355HMACRIPEMD160InGetDeclaration()
+ public void CA5350HMACRIPEMD160InGetDeclaration()
{
VerifyCSharp(@"
using System.Security.Cryptography;
@@ -1389,7 +1390,7 @@ public HMACRIPEMD160 GetHMARIPEMD160
}
}
}",
- GetCSharpResultAt(9, 26, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetCSharpResultAt(9, 26, CA5350Rule, "get_GetHMARIPEMD160", "HMACRIPEMD160"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -1402,11 +1403,11 @@ End Get
End Property
End Class
End Namespace",
- GetBasicResultAt(7, 12, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetBasicResultAt(7, 12, CA5350Rule, "get_GetHMARIPEMD160", "HMACRIPEMD160"));
}
[Fact]
- public void CA5355HMACRIPEMD160InFieldDeclaration()
+ public void CA5350HMACRIPEMD160InFieldDeclaration()
{
VerifyCSharp(@"
using System.Security.Cryptography;
@@ -1417,7 +1418,7 @@ class TestClass
HMACRIPEMD160 privateHMARIPEMD160 = new HMACRIPEMD160();
}
}",
- GetCSharpResultAt(7, 45, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetCSharpResultAt(7, 45, CA5350Rule, "TestClass", "HMACRIPEMD160"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -1426,11 +1427,11 @@ Class TestClass
Private privateHMARIPEMD160 As New HMACRIPEMD160()
End Class
End Namespace",
- GetBasicResultAt(5, 34, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetBasicResultAt(5, 34, CA5350Rule, "TestClass", "HMACRIPEMD160"));
}
//No VB
[Fact]
- public void CA5355HMACRIPEMD160InLambdaExpression()
+ public void CA5350HMACRIPEMD160InLambdaExpression()
{
VerifyCSharp(@"
using System.Security.Cryptography;
@@ -1445,11 +1446,11 @@ private async Task TestMethod()
}
}
}",
- GetCSharpResultAt(10, 36, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetCSharpResultAt(10, 36, CA5350Rule, "Run", "HMACRIPEMD160"));
}
//No VB
[Fact]
- public void CA5355HMACRIPEMD160InAnonymousMethodExpression()
+ public void CA5350HMACRIPEMD160InAnonymousMethodExpression()
{
VerifyCSharp(@"
using System.Security.Cryptography;
@@ -1461,11 +1462,11 @@ class TestClass
Del d = delegate () { new HMACRIPEMD160(); };
}
}",
- GetCSharpResultAt(8, 31, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetCSharpResultAt(8, 31, CA5350Rule, "TestClass", "HMACRIPEMD160"));
}
[Fact]
- public void CA5355CreateObjectFromRIPEMD160DerivedClass()
+ public void CA5350CreateObjectFromRIPEMD160DerivedClass()
{
VerifyCSharp( new[] {
//Test0
@@ -1507,7 +1508,7 @@ protected override byte[] HashFinal()
}
}
}" },
- GetCSharpResultAt(10, 25, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetCSharpResultAt(10, 25, CA5350Rule, "TestMethod", "RIPEMD160"));
VerifyBasic(new[] {
//Test0
@@ -1539,11 +1540,11 @@ Throw New NotImplementedException()
End Function
End Class
End Namespace" },
- GetBasicResultAt(6, 16, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetBasicResultAt(6, 16, CA5350Rule, "TestMethod", "RIPEMD160"));
}
[Fact]
- public void CA5355CreateObjectFromRIPEMD160ManagedDerivedClass()
+ public void CA5350CreateObjectFromRIPEMD160ManagedDerivedClass()
{
VerifyCSharp( new[] {
//Test0
@@ -1585,7 +1586,7 @@ protected override byte[] HashFinal()
}
}
}" },
- GetCSharpResultAt(10, 25, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetCSharpResultAt(10, 25, CA5350Rule, "TestMethod", "RIPEMD160"));
VerifyBasic(new[] {
//Test0
@@ -1618,11 +1619,11 @@ End Function
End Class
End Namespace
" },
- GetBasicResultAt(6, 16, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetBasicResultAt(6, 16, CA5350Rule, "TestMethod", "RIPEMD160"));
}
[Fact]
- public void CA5355CreateObjectFromHMACRIPEMD160DerivedClass()
+ public void CA5350CreateObjectFromHMACRIPEMD160DerivedClass()
{
VerifyCSharp(@"
using System.Security.Cryptography;
@@ -1639,7 +1640,7 @@ private static void TestMethod()
}
}
}",
- GetCSharpResultAt(12, 25, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetCSharpResultAt(12, 25, CA5350Rule, "TestMethod", "HMACRIPEMD160"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -1654,7 +1655,7 @@ Private Shared Sub TestMethod()
End Sub
End Class
End Namespace",
- GetBasicResultAt(10, 16, CA5350RuleName, DoNotUseRIPEMD160Message));
+ GetBasicResultAt(10, 16, CA5350Rule, "TestMethod", "HMACRIPEMD160"));
}
[Fact]
@@ -1673,7 +1674,7 @@ private static void TestMethod(DSA dsa, byte[] inBytes)
}
}
}",
- GetCSharpResultAt(10, 23, CA5351RuleName, DoNotUseDSAMessage));
+ GetCSharpResultAt(10, 23, CA5351Rule, "TestMethod", "DSA"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -1684,7 +1685,7 @@ Dim dsa As New DSACryptoServiceProvider
Return dsa.CreateSignature(bytes)
End Function
End Module",
-GetBasicResultAt(7, 16, CA5351RuleName, DoNotUseDSAMessage));
+GetBasicResultAt(7, 16, CA5351Rule, "TestMethod", "DSA"));
}
[Fact]
@@ -1705,7 +1706,7 @@ public byte[] MyProperty
}
}
}",
- GetCSharpResultAt(12, 20, CA5351RuleName, DoNotUseDSAMessage));
+ GetCSharpResultAt(12, 20, CA5351Rule, "get_MyProperty", "DSA"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -1719,7 +1720,7 @@ Return dsa1.CreateSignature(inBytes)
End Get
End Property
End Class",
- GetBasicResultAt(9, 11, CA5351RuleName, DoNotUseDSAMessage));
+ GetBasicResultAt(9, 11, CA5351Rule, "get_MyProperty", "DSA"));
}
[Fact]
@@ -1739,8 +1740,8 @@ private static void TestMethod()
}
}
}",
- GetCSharpResultAt(10, 23, CA5351RuleName, DoNotUseDSAMessage),
- GetCSharpResultAt(11, 23, CA5351RuleName, DoNotUseDSAMessage));
+ GetCSharpResultAt(10, 23, CA5351Rule, "TestMethod", "DSA"),
+ GetCSharpResultAt(11, 23, CA5351Rule, "TestMethod", "DSA"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -1753,8 +1754,8 @@ Private Shared Sub TestMethod()
End Sub
End Class
End Namespace",
- GetBasicResultAt(7, 23, CA5351RuleName, DoNotUseDSAMessage),
- GetBasicResultAt(8, 23, CA5351RuleName, DoNotUseDSAMessage));
+ GetBasicResultAt(7, 23, CA5351Rule, "TestMethod", "DSA"),
+ GetBasicResultAt(8, 23, CA5351Rule, "TestMethod", "DSA"));
}
[Fact]
@@ -1776,8 +1777,8 @@ public DSASignatureFormatter MyProperty
}
}
}",
- GetCSharpResultAt(12, 43, CA5351RuleName, DoNotUseDSAMessage),
- GetCSharpResultAt(13, 25, CA5351RuleName, DoNotUseDSAMessage));
+ GetCSharpResultAt(12, 43, CA5351Rule, "get_MyProperty", "DSA"),
+ GetCSharpResultAt(13, 25, CA5351Rule, "get_MyProperty", "DSA"));
VerifyBasic(@"
Imports System.Security.Cryptography
@@ -1794,8 +1795,8 @@ End If
End Get
End Property
End Class",
- GetBasicResultAt(9, 12, CA5351RuleName, DoNotUseDSAMessage),
- GetBasicResultAt(11, 12, CA5351RuleName, DoNotUseDSAMessage));
+ GetBasicResultAt(9, 12, CA5351Rule, "get_MyProperty", "DSA"),
+ GetBasicResultAt(11, 12, CA5351Rule, "get_MyProperty", "DSA"));
}
[Fact]
@@ -1863,7 +1864,7 @@ public override bool VerifySignature(byte[] rgbHash, byte[] rgbSignature)
}
}
}" },
- GetCSharpResultAt(11, 13, CA5351RuleName, DoNotUseDSAMessage));
+ GetCSharpResultAt(11, 13, CA5351Rule, "TestMethod", "DSA"));
VerifyBasic(new[] {
//Test0
@@ -1913,7 +1914,7 @@ Throw New NotImplementedException()
End Function
End Class
End Namespace" },
- GetBasicResultAt(7, 4, CA5351RuleName, DoNotUseDSAMessage));
+ GetBasicResultAt(7, 4, CA5351Rule, "TestMethod", "DSA"));
}
[Fact]
@@ -2134,12 +2135,28 @@ protected override DiagnosticAnalyzer GetCSharpDiagnosticAnalyzer()
private const string CA5350RuleName = DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseWeakCryptographicRuleId;
private const string CA5351RuleName = DoNotUseInsecureCryptographicAlgorithmsAnalyzer.DoNotUseBrokenCryptographicRuleId;
-
- private readonly string DoNotUseMD5Message = DesktopAnalyzersResources.DoNotUseMD5;
- private readonly string DoNotUseDESMessage = DesktopAnalyzersResources.DoNotUseDES;
- private readonly string DoNotUseRC2Message = DesktopAnalyzersResources.DoNotUseRC2;
- private readonly string DoNotUseTripleDESMessage = DesktopAnalyzersResources.DoNotUseTripleDES;
- private readonly string DoNotUseRIPEMD160Message = DesktopAnalyzersResources.DoNotUseRIPEMD160;
- private readonly string DoNotUseDSAMessage = DesktopAnalyzersResources.DoNotUseDSA;
+ private static readonly string CA5350RuleTitle = DesktopAnalyzersResources.DoNotUseWeakCryptographicAlgorithms;
+ private static readonly string CA5351RuleTitle = DesktopAnalyzersResources.DoNotUseBrokenCryptographicAlgorithms;
+
+ private static readonly string CA5350RuleMessage = DesktopAnalyzersResources.DoNotUseWeakCryptographicAlgorithmsMessage;
+ private static readonly string CA5351RuleMessage = DesktopAnalyzersResources.DoNotUseBrokenCryptographicAlgorithmsMessage;
+
+ private static DiagnosticDescriptor CA5350Rule =
+ new DiagnosticDescriptor(CA5350RuleName,
+ CA5350RuleTitle,
+ CA5350RuleMessage,
+ Common.DiagnosticCategory.Security,
+ DiagnosticSeverity.Warning,
+ true
+ );
+
+ private static DiagnosticDescriptor CA5351Rule =
+ new DiagnosticDescriptor(CA5351RuleName,
+ CA5351RuleTitle,
+ CA5351RuleMessage,
+ Common.DiagnosticCategory.Security,
+ DiagnosticSeverity.Warning,
+ true
+ );
}
}