Skip to content

Commit

Permalink
Update documentation files
Browse files Browse the repository at this point in the history
  • Loading branch information
@mavasani
mavasani committed Jul 26, 2019
1 parent 1e3538e commit c7c8759
Show file tree
Hide file tree
Showing 4 changed files with 105 additions and 5 deletions.
3 changes: 2 additions & 1 deletion src/Microsoft.CodeAnalysis.FxCopAnalyzers/Microsoft.CodeAnalysis.FxCopAnalyzers.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -186,4 +186,5 @@ Sr. No. | Rule ID | Title | Category | Enabled | CodeFix | Description |
183 | CA5387 | Do Not Use Weak Key Derivation Function With Insufficient Iteration Count | Security | False | False | When deriving cryptographic keys from user-provided inputs such as password, use sufficient iteration count (at least 100k). |
184 | CA5388 | Ensure Sufficient Iteration Count When Using Weak Key Derivation Function | Security | False | False | When deriving cryptographic keys from user-provided inputs such as password, use sufficient iteration count (at least 100k). |
185 | CA5389 | Do Not Add Archive Item's Path To The Target File System Path | Security | True | False | When extracting files from an archive and using the archive item's path, check if the path is safe. Archive path can be relative and can lead to file system access outside of the expected file system target path, leading to malicious config changes and remote code execution via lay-and-wait technique. |
186 | CA9999 | Analyzer version mismatch | Reliability | True | False | Analyzers in this package require a certain minimum version of Microsoft.CodeAnalysis to execute correctly. Refer to https://docs.microsoft.com/visualstudio/code-quality/install-fxcop-analyzers#fxcopanalyzers-package-versions to install the correct analyzer version. |
186 | CA5390 | Do Not Hard Code Encryption Key | Security | True | False | SymmetricAlgorithm's .Key property, or a method's rgbKey parameter, should never be a hardcoded value. |
187 | CA9999 | Analyzer version mismatch | Reliability | True | False | Analyzers in this package require a certain minimum version of Microsoft.CodeAnalysis to execute correctly. Refer to https://docs.microsoft.com/visualstudio/code-quality/install-fxcop-analyzers#fxcopanalyzers-package-versions to install the correct analyzer version. |
53 changes: 51 additions & 2 deletions src/Microsoft.CodeAnalysis.FxCopAnalyzers/Microsoft.CodeAnalysis.FxCopAnalyzers.sarif
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2471,6 +2471,10 @@
"languages": [
"C#",
"Visual Basic"
],
"tags": [
"Dataflow",
"Telemetry"
]
}
},
Expand All @@ -2487,6 +2491,10 @@
"languages": [
"C#",
"Visual Basic"
],
"tags": [
"Dataflow",
"Telemetry"
]
}
},
Expand Down Expand Up @@ -2535,6 +2543,10 @@
"languages": [
"C#",
"Visual Basic"
],
"tags": [
"Dataflow",
"Telemetry"
]
}
},
Expand All @@ -2551,6 +2563,10 @@
"languages": [
"C#",
"Visual Basic"
],
"tags": [
"Dataflow",
"Telemetry"
]
}
},
Expand Down Expand Up @@ -2583,6 +2599,10 @@
"languages": [
"C#",
"Visual Basic"
],
"tags": [
"Dataflow",
"Telemetry"
]
}
},
Expand All @@ -2599,6 +2619,10 @@
"languages": [
"C#",
"Visual Basic"
],
"tags": [
"Dataflow",
"Telemetry"
]
}
},
Expand Down Expand Up @@ -2629,6 +2653,10 @@
"languages": [
"C#",
"Visual Basic"
],
"tags": [
"Dataflow",
"Telemetry"
]
}
},
Expand All @@ -2644,6 +2672,10 @@
"languages": [
"C#",
"Visual Basic"
],
"tags": [
"Dataflow",
"Telemetry"
]
}
},
Expand Down Expand Up @@ -3388,7 +3420,6 @@
"Visual Basic"
],
"tags": [
"Dataflow",
"Telemetry"
]
}
Expand All @@ -3407,7 +3438,6 @@
"Visual Basic"
],
"tags": [
"Dataflow",
"Telemetry"
]
}
Expand Down Expand Up @@ -3487,6 +3517,25 @@
"Telemetry"
]
}
},
"CA5390": {
"id": "CA5390",
"shortDescription": "Do Not Hard Code Encryption Key",
"fullDescription": "SymmetricAlgorithm's .Key property, or a method's rgbKey parameter, should never be a hardcoded value.",
"defaultLevel": "warning",
"properties": {
"category": "Security",
"isEnabledByDefault": true,
"typeName": "DoNotHardCodeEncryptionKey",
"languages": [
"C#",
"Visual Basic"
],
"tags": [
"Dataflow",
"Telemetry"
]
}
}
}
},
Expand Down
1 change: 1 addition & 0 deletions src/Microsoft.NetCore.Analyzers/Microsoft.NetCore.Analyzers.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,3 +93,4 @@ Sr. No. | Rule ID | Title | Category | Enabled | CodeFix | Description |
90 | CA5387 | Do Not Use Weak Key Derivation Function With Insufficient Iteration Count | Security | False | False | When deriving cryptographic keys from user-provided inputs such as password, use sufficient iteration count (at least 100k). |
91 | CA5388 | Ensure Sufficient Iteration Count When Using Weak Key Derivation Function | Security | False | False | When deriving cryptographic keys from user-provided inputs such as password, use sufficient iteration count (at least 100k). |
92 | CA5389 | Do Not Add Archive Item's Path To The Target File System Path | Security | True | False | When extracting files from an archive and using the archive item's path, check if the path is safe. Archive path can be relative and can lead to file system access outside of the expected file system target path, leading to malicious config changes and remote code execution via lay-and-wait technique. |
93 | CA5390 | Do Not Hard Code Encryption Key | Security | True | False | SymmetricAlgorithm's .Key property, or a method's rgbKey parameter, should never be a hardcoded value. |
53 changes: 51 additions & 2 deletions src/Microsoft.NetCore.Analyzers/Microsoft.NetCore.Analyzers.sarif
View file
Original file line number Diff line number Diff line change
Expand Up @@ -536,6 +536,10 @@
"languages": [
"C#",
"Visual Basic"
],
"tags": [
"Dataflow",
"Telemetry"
]
}
},
Expand All @@ -552,6 +556,10 @@
"languages": [
"C#",
"Visual Basic"
],
"tags": [
"Dataflow",
"Telemetry"
]
}
},
Expand Down Expand Up @@ -600,6 +608,10 @@
"languages": [
"C#",
"Visual Basic"
],
"tags": [
"Dataflow",
"Telemetry"
]
}
},
Expand All @@ -616,6 +628,10 @@
"languages": [
"C#",
"Visual Basic"
],
"tags": [
"Dataflow",
"Telemetry"
]
}
},
Expand Down Expand Up @@ -648,6 +664,10 @@
"languages": [
"C#",
"Visual Basic"
],
"tags": [
"Dataflow",
"Telemetry"
]
}
},
Expand All @@ -664,6 +684,10 @@
"languages": [
"C#",
"Visual Basic"
],
"tags": [
"Dataflow",
"Telemetry"
]
}
},
Expand Down Expand Up @@ -694,6 +718,10 @@
"languages": [
"C#",
"Visual Basic"
],
"tags": [
"Dataflow",
"Telemetry"
]
}
},
Expand All @@ -709,6 +737,10 @@
"languages": [
"C#",
"Visual Basic"
],
"tags": [
"Dataflow",
"Telemetry"
]
}
},
Expand Down Expand Up @@ -1453,7 +1485,6 @@
"Visual Basic"
],
"tags": [
"Dataflow",
"Telemetry"
]
}
Expand All @@ -1472,7 +1503,6 @@
"Visual Basic"
],
"tags": [
"Dataflow",
"Telemetry"
]
}
Expand Down Expand Up @@ -1552,6 +1582,25 @@
"Telemetry"
]
}
},
"CA5390": {
"id": "CA5390",
"shortDescription": "Do Not Hard Code Encryption Key",
"fullDescription": "SymmetricAlgorithm's .Key property, or a method's rgbKey parameter, should never be a hardcoded value.",
"defaultLevel": "warning",
"properties": {
"category": "Security",
"isEnabledByDefault": true,
"typeName": "DoNotHardCodeEncryptionKey",
"languages": [
"C#",
"Visual Basic"
],
"tags": [
"Dataflow",
"Telemetry"
]
}
}
}
},
Expand Down

0 comments on commit c7c8759

Please sign in to comment.