[4.0.6] | Fix CodeQL and Rozlyn warnings (#2428) and (#2432)

src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserHelperClasses.cs

@@ -822,13 +822,14 @@ private static string ToFriendlyName(this SslProtocols protocol)
             {
                 name = "TLS 1.0";
             }
-#pragma warning disable CS0618 // Type or member is obsolete: SSL is depricated
+// SSL 2.0 and 3.0 are only referenced to log a warning, not explicitly used for connections
+#pragma warning disable CS0618, CA5397
             else if ((protocol & SslProtocols.Ssl3) == SslProtocols.Ssl3)
             {
                 name = "SSL 3.0";
             }
             else if ((protocol & SslProtocols.Ssl2) == SslProtocols.Ssl2)
-#pragma warning restore CS0618 // Type or member is obsolete: SSL is depricated
+#pragma warning restore CS0618, CA5397
             {
                 name = "SSL 2.0";
             }
@@ -848,9 +849,10 @@ private static string ToFriendlyName(this SslProtocols protocol)
         public static string GetProtocolWarning(this SslProtocols protocol)
         {
             string message = string.Empty;
-#pragma warning disable CS0618 // Type or member is obsolete : SSL is depricated
+// SSL 2.0 and 3.0 are only referenced to log a warning, not explicitly used for connections
+#pragma warning disable CS0618, CA5397
             if ((protocol & (SslProtocols.Ssl2 | SslProtocols.Ssl3 | SslProtocols.Tls | SslProtocols.Tls11)) != SslProtocols.None)
-#pragma warning restore CS0618 // Type or member is obsolete : SSL is depricated
+#pragma warning restore CS0618, CA5397
             {
                 message = StringsHelper.Format(Strings.SEC_ProtocolWarning, protocol.ToFriendlyName());
             }

src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs

@@ -413,13 +413,14 @@ internal override uint WaitForSSLHandShakeToComplete(out int protocolVersion)
             }
             else if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL3_CLIENT) || nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL3_SERVER))
             {
-#pragma warning disable CS0618 // Type or member is obsolete : SSL is depricated
+// SSL 2.0 and 3.0 are only referenced to log a warning, not explicitly used for connections
+#pragma warning disable CS0618, CA5397
                 protocolVersion = (int)SslProtocols.Ssl3;
             }
             else if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL2_CLIENT) || nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL2_SERVER))
             {
                 protocolVersion = (int)SslProtocols.Ssl2;
-#pragma warning restore CS0618 // Type or member is obsolete : SSL is depricated
+#pragma warning restore CS0618, CA5397
             }
             else //if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_NONE))
             {

src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/VirtualSecureModeEnclaveProviderBase.cs

@@ -243,7 +243,13 @@ private bool VerifyHealthReportAgainstRootCertificate(X509Certificate2Collection
                 chain.ChainPolicy.ExtraStore.Add(cert);
             }
 
+            // An Always Encrypted-enabled driver doesn't verify an expiration date or a certificate authority chain.
+            // A certificate is simply used as a key pair consisting of a public and private key. This is by design.
+
+            #pragma warning disable IA5352
+            // CodeQL [SM00395] By design. Always Encrypted certificates should not be checked.
             chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
+            #pragma warning restore IA5352
 
             if (!chain.Build(healthReportCert))
             {