False-Negative for same code in other project

  • versions : SonarCloud paid
  • error observed : False-Negative for vulnerability

cryptoServiceProvider = new TripleDESCryptoServiceProvider();

The above line was flagged as

Use a strong cipher algorithm , csharpsquid:S5547 : Cipher algorithms should be robust

the same line was in another nuget class library, (in constructor) in but was not picked by SonarCloud

public SymmetricCryptoService(): base()
{
SymmetricAlgorithm = new TripleDESCryptoServiceProvider();
}

Hi Karthick,

I am sorry to hear that. Could you please share more of the code that surrounds the method call as it is likely related to the context/position of the code? Thanks!