diff --git a/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotHardCodeCertificateTests.cs b/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotHardCodeCertificateTests.cs index 2981c915e1..dd4a837207 100644 --- a/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotHardCodeCertificateTests.cs +++ b/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotHardCodeCertificateTests.cs @@ -116,27 +116,6 @@ public void TestMethod(byte[] bytes, string path) GetCSharpResultAt(12, 9, 10, 38, "X509Certificate.X509Certificate(string fileName)", "void TestClass.TestMethod(byte[] bytes, string path)", "string chars", "int ASCIIEncoding.GetBytes(string chars, int charIndex, int charCount, byte[] bytes, int byteIndex)")); } - [Fact] - public void Test_Source_ASCIIEncodingGetBytes_WithCharArrayAndInt32AndInt32AndByteArrayAndInt32Parameters_WithConstantCharArray_Diagnostic() - { - VerifyCSharp(@" -using System.IO; -using System.Text; -using System.Security.Cryptography.X509Certificates; - -class TestClass -{ - public void TestMethod(byte[] bytes, string path) - { - char[] chars = new char[] {'1', '2', '3'}; - new ASCIIEncoding().GetBytes(chars, 0, 3, bytes, 0); - File.WriteAllBytes(path, bytes); - new X509Certificate(path); - } -}", - GetCSharpResultAt(13, 9, 10, 24, "X509Certificate.X509Certificate(string fileName)", "void TestClass.TestMethod(byte[] bytes, string path)", "char[]", "void TestClass.TestMethod(byte[] bytes, string path)")); - } - [Fact] public void Test_Sink_X509Certificate_WithStringAndSecureStringAndX509KeyStorageFlagsParameters_Diagnostic() { @@ -383,6 +362,27 @@ public void TestMethod(byte[] bytes, string path) }"); } + [Fact] + public void Test_Source_ASCIIEncodingGetBytes_WithCharArrayAndInt32AndInt32AndByteArrayAndInt32Parameters_WithConstantCharArray_NoDiagnostic() + { + VerifyCSharp(@" +using System.IO; +using System.Text; + +using System.Security.Cryptography.X509Certificates; + +class TestClass +{ + public void TestMethod(byte[] bytes, string path) + { + char[] chars = new char[] {'1', '2', '3'}; + new ASCIIEncoding().GetBytes(chars, 0, 3, bytes, 0); + File.WriteAllBytes(path, bytes); + new X509Certificate(path); + } +}"); + } + protected override DiagnosticAnalyzer GetBasicDiagnosticAnalyzer() { return new DoNotHardCodeCertificate(); diff --git a/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotHardCodeEncryptionKeyTests.cs b/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotHardCodeEncryptionKeyTests.cs index e67e42ef92..bf7f516c2e 100644 --- a/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotHardCodeEncryptionKeyTests.cs +++ b/src/Microsoft.NetCore.Analyzers/UnitTests/Security/DoNotHardCodeEncryptionKeyTests.cs @@ -155,26 +155,6 @@ public void TestMethod(byte[] key, byte[] someOtherBytesForIV) GetCSharpResultAt(11, 9, 9, 38, "ICryptoTransform SymmetricAlgorithm.CreateEncryptor(byte[] rgbKey, byte[] rgbIV)", "void TestClass.TestMethod(byte[] key, byte[] someOtherBytesForIV)", "string chars", "int ASCIIEncoding.GetBytes(string chars, int charIndex, int charCount, byte[] bytes, int byteIndex)")); } - [Fact] - public void Test_ASCIIEncodingGetBytesWithCharArrayAndInt32AndInt32AndByteArrayAndInt32Parameters_CreateEncryptor_Diagnostic() - { - VerifyCSharp(@" -using System.Text; -using System.Security.Cryptography; - -class TestClass -{ - public void TestMethod(byte[] key, byte[] someOtherBytesForIV) - { - char[] chars = new char[] {'1', '2', '3'}; - new ASCIIEncoding().GetBytes(chars, 0, 3, key, 0); - SymmetricAlgorithm rijn = SymmetricAlgorithm.Create(); - rijn.CreateEncryptor(key, someOtherBytesForIV); - } -}", - GetCSharpResultAt(12, 9, 9, 24, "ICryptoTransform SymmetricAlgorithm.CreateEncryptor(byte[] rgbKey, byte[] rgbIV)", "void TestClass.TestMethod(byte[] key, byte[] someOtherBytesForIV)", "char[]", "void TestClass.TestMethod(byte[] key, byte[] someOtherBytesForIV)")); - } - [Fact] public void Test_HardcodedInStringWithVariable_CreateEncryptor_Diagnostic() { @@ -668,6 +648,25 @@ public void TestMethod(char[] chars, byte[] key, byte[] someOtherBytesForIV) }"); } + [Fact] + public void Test_ASCIIEncodingGetBytesWithConstantCharArrayAndInt32AndInt32AndByteArrayAndInt32Parameters_CreateEncryptor_NoDiagnostic() + { + VerifyCSharp(@" +using System.Text; +using System.Security.Cryptography; + +class TestClass +{ + public void TestMethod(byte[] key, byte[] someOtherBytesForIV) + { + char[] chars = new char[] {'1', '2', '3'}; + new ASCIIEncoding().GetBytes(chars, 0, 3, key, 0); + SymmetricAlgorithm rijn = SymmetricAlgorithm.Create(); + rijn.CreateEncryptor(key, someOtherBytesForIV); + } +}"); + } + [Fact] public void Test_ElementTypeIsTypeParameter_NoDiagnostic() { diff --git a/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/TaintedDataAnalysis/HardcodedBytesSources.cs b/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/TaintedDataAnalysis/HardcodedBytesSources.cs index 6d9e820543..c9f913f408 100644 --- a/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/TaintedDataAnalysis/HardcodedBytesSources.cs +++ b/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/TaintedDataAnalysis/HardcodedBytesSources.cs @@ -96,13 +96,6 @@ static HardcodedBytesSources() taintedMethodsNeedsPointsToAnalysis: null, taintedMethodsNeedsValueContentAnalysis: null, taintConstantArray: true); - builder.AddSourceInfo( - WellKnownTypeNames.SystemChar, - isInterface: false, - taintedProperties: null, - taintedMethodsNeedsPointsToAnalysis: null, - taintedMethodsNeedsValueContentAnalysis: null, - taintConstantArray: true); SourceInfos = builder.ToImmutableAndFree(); }