I have tried a simple console application with the following code:
using System;
using System.Security.Cryptography;
namespace ConsoleApp2
{
class Program
{
static void Main(string[] args)
{
AesManaged aes = new AesManaged
{
KeySize = 128,
BlockSize = 128,
Mode = CipherMode.OFB, // Noncompliant
Padding = PaddingMode.PKCS7
};
}
}
}
and I have been successful in having the issue raised.
Could you ensure the rule is correctly active in the quality profile bound to your project? Can you see the warning in the msbuild logs? You can also check that in the .sonarqube/conf the ruleset does contain the rule with the severity warning.