Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create rule S4347: 'SecureRandom' seeds should not be predictable (part 3) #9333

Merged
merged 4 commits into from
May 29, 2024
Merged

Create rule S4347: 'SecureRandom' seeds should not be predictable (part 3) #9333

merged 4 commits into from
May 29, 2024

Conversation

gregory-paidis-sonarsource
Copy link
Contributor

Covers Scenario 3

Also fixed some minor issues.

Part of #8992

@gregory-paidis-sonarsource gregory-paidis-sonarsource marked this pull request as ready for review May 24, 2024 15:34
Tim-Pohlmann
Tim-Pohlmann requested changes May 27, 2024
View reviewed changes
Copy link
Contributor

@Tim-Pohlmann Tim-Pohlmann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review 1

...src/SonarAnalyzer.CSharp/SymbolicExecution/Roslyn/SecureRandomSeedsShouldNotBePredictable.cs Outdated Show resolved Hide resolved
...src/SonarAnalyzer.CSharp/SymbolicExecution/Roslyn/SecureRandomSeedsShouldNotBePredictable.cs Outdated Show resolved Hide resolved
...src/SonarAnalyzer.CSharp/SymbolicExecution/Roslyn/SecureRandomSeedsShouldNotBePredictable.cs Outdated Show resolved Hide resolved
...src/SonarAnalyzer.CSharp/SymbolicExecution/Roslyn/SecureRandomSeedsShouldNotBePredictable.cs Outdated Show resolved Hide resolved
...src/SonarAnalyzer.CSharp/SymbolicExecution/Roslyn/SecureRandomSeedsShouldNotBePredictable.cs Outdated Show resolved Hide resolved
...src/SonarAnalyzer.CSharp/SymbolicExecution/Roslyn/SecureRandomSeedsShouldNotBePredictable.cs Outdated Show resolved Hide resolved
...src/SonarAnalyzer.CSharp/SymbolicExecution/Roslyn/SecureRandomSeedsShouldNotBePredictable.cs Outdated Show resolved Hide resolved
analyzers/tests/SonarAnalyzer.Test/Rules/SecureRandomSeedsShouldNotBePredictableTest.cs Show resolved Hide resolved
analyzers/tests/SonarAnalyzer.Test/TestCases/SecureRandomSeedsShouldNotBePredictable.cs Outdated Show resolved Hide resolved
analyzers/tests/SonarAnalyzer.Test/TestCases/SecureRandomSeedsShouldNotBePredictable.cs Show resolved Hide resolved
@gregory-paidis-sonarsource
Copy link
Contributor Author

@Tim-Pohlmann I think the coverage is missing something.
I re-wrote the code locally as simple-nested if-elses and it hits every line, but for some reason I get 2 uncovered conditions on the pipeline :S

@gregory-paidis-sonarsource gregory-paidis-sonarsource mentioned this pull request May 28, 2024
Merged
Tim-Pohlmann
Tim-Pohlmann requested changes May 28, 2024
View reviewed changes
Copy link
Contributor

@Tim-Pohlmann Tim-Pohlmann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One correction on how to use NumberConstraint and a suggestion on simplifying a condition with (more) pattern matching.

...src/SonarAnalyzer.CSharp/SymbolicExecution/Roslyn/SecureRandomSeedsShouldNotBePredictable.cs Outdated Show resolved Hide resolved
...src/SonarAnalyzer.CSharp/SymbolicExecution/Roslyn/SecureRandomSeedsShouldNotBePredictable.cs Outdated Show resolved Hide resolved
@Tim-Pohlmann
Copy link
Contributor

Regarding coverage: It looks like the coverage issue Cristian and I fixed a few weeks ago. It probably did not make it to SC yet.

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented May 29, 2024

Quality Gate Passed Quality Gate passed for 'Sonar .NET Java Plugin'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented May 29, 2024

Quality Gate Failed Quality Gate failed for 'SonarAnalyzer for .NET'

Failed conditions
88.9% Coverage on New Code (required ≥ 90%)

See analysis details on SonarCloud

Tim-Pohlmann
Tim-Pohlmann approved these changes May 29, 2024
View reviewed changes
Copy link
Contributor

@Tim-Pohlmann Tim-Pohlmann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@costin-zaharia-sonarsource costin-zaharia-sonarsource merged commit 5a076cd into master May 29, 2024
27 of 29 checks passed
@costin-zaharia-sonarsource costin-zaharia-sonarsource deleted the greg/S4347-part-3 branch May 29, 2024 13:10
@zsolt-kolbay-sonarsource zsolt-kolbay-sonarsource added this to the 9.26 milestone May 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Tim-Pohlmann Tim-Pohlmann Tim-Pohlmann approved these changes

Assignees

@gregory-paidis-sonarsource gregory-paidis-sonarsource

Labels
None yet
Projects
None yet
Milestone
9.26
Development

Successfully merging this pull request may close these issues.
4 participants
@gregory-paidis-sonarsource @Tim-Pohlmann @costin-zaharia-sonarsource @zsolt-kolbay-sonarsource