Hello .NET developers,
After C, C++, JavaScript, TypeScript and Java, the C# and VB.NET analyzers were upgraded to be able to detect cryptography-related security issues.
You are no longer alone to implement code dealing with cryptography APIs and I hope you will feel more confident to jump into this complex area thanks to these 5 rules:
- S3329: Cipher Block Chaining IV’s should be random and unique (Critical)
- S2257: Using non-standard cryptographic algorithms is security-sensitive (Critical)
- S2053: Hashes should include an unpredictable salt (Critical)
- S5332: Using clear-text protocols is security-sensitive (Critical)
- S4423: Weak SSL and TLS protocols should not be used (Major)
As usual a couple of fixes were also provided, more details are available in the Release Notes.
These changes are available now on SonarCloud , and will be included in SonarQube 8.7.
Alex