From 48bab2bb7ffb31a81a745e7efb9c3145fa156dd7 Mon Sep 17 00:00:00 2001
From: elachlan <2433737+elachlan@users.noreply.github.com>
Date: Sat, 8 Jan 2022 16:32:03 +1000
Subject: [PATCH 1/2] CA5350 Do Not Use Weak Cryptographic Algorithms
---
eng/Common.globalconfig | 2 +-
src/Tasks/Hash.cs | 2 ++
src/Tasks/ManifestUtil/Util.cs | 2 +-
src/Tasks/ManifestUtil/mansign2.cs | 2 +-
4 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/eng/Common.globalconfig b/eng/Common.globalconfig
index fd878420d57..aeff9b7cd03 100644
--- a/eng/Common.globalconfig
+++ b/eng/Common.globalconfig
@@ -549,7 +549,7 @@ dotnet_diagnostic.CA3077.severity = suggestion
dotnet_diagnostic.CA3147.severity = warning
# Do Not Use Weak Cryptographic Algorithms
-dotnet_diagnostic.CA5350.severity = suggestion
+dotnet_diagnostic.CA5350.severity = warning
# Do Not Use Broken Cryptographic Algorithms
dotnet_diagnostic.CA5351.severity = warning
diff --git a/src/Tasks/Hash.cs b/src/Tasks/Hash.cs
index 23e8eaf7650..54ebe8b718d 100644
--- a/src/Tasks/Hash.cs
+++ b/src/Tasks/Hash.cs
@@ -42,9 +42,11 @@ public class Hash : TaskExtension
[Output]
public string HashResult { get; set; }
+
///
/// Execute the task.
///
+ [System.Diagnostics.CodeAnalysis.SuppressMessage("Security", "CA5350:Do Not Use Weak Cryptographic Algorithms", Justification = "This is not intended as a cryptographic security measure, only for uniqueness between build executions.")]
public override bool Execute()
{
if (ItemsToHash?.Length > 0)
diff --git a/src/Tasks/ManifestUtil/Util.cs b/src/Tasks/ManifestUtil/Util.cs
index ebc38e86e2b..847e043a111 100644
--- a/src/Tasks/ManifestUtil/Util.cs
+++ b/src/Tasks/ManifestUtil/Util.cs
@@ -208,7 +208,7 @@ public static void GetFileInfo(string path, string targetFrameworkVersion, out s
GetFileInfoImpl(path, targetFrameworkVersion, out hash, out length);
}
- [SuppressMessage("Microsoft.Security.Cryptography", "CA5354: SHA1CannotBeUsed.", Justification = ".NET 4.0 and earlier versions cannot parse SHA-2.")]
+ [SuppressMessage("Security", "CA5350:Do Not Use Weak Cryptographic Algorithms", Justification = ".NET 4.0 and earlier versions cannot parse SHA-2.")]
private static void GetFileInfoImpl(string path, string targetFrameWorkVersion, out string hash, out long length)
{
FileInfo fi = new FileInfo(path);
diff --git a/src/Tasks/ManifestUtil/mansign2.cs b/src/Tasks/ManifestUtil/mansign2.cs
index 2923d63cddb..191add569e4 100644
--- a/src/Tasks/ManifestUtil/mansign2.cs
+++ b/src/Tasks/ManifestUtil/mansign2.cs
@@ -559,7 +559,7 @@ private static byte[] ComputeHashFromManifest(XmlDocument manifestDom, bool useS
return ComputeHashFromManifest(manifestDom, false, useSha256);
}
- [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Cryptographic.Standard", "CA5354:SHA1CannotBeUsed", Justification = "SHA1 is retained for compatibility reasons as an option in VisualStudio signing page and consequently in the trust manager, default is SHA2.")]
+ [System.Diagnostics.CodeAnalysis.SuppressMessage("Security", "CA5350:Do Not Use Weak Cryptographic Algorithms", Justification = "SHA1 is retained for compatibility reasons as an option in VisualStudio signing page and consequently in the trust manager, default is SHA2.")]
private static byte[] ComputeHashFromManifest(XmlDocument manifestDom, bool oldFormat, bool useSha256)
{
if (oldFormat)
From c6f40f3332be26d9b4cdcf390cdc6e8dd4e6de66 Mon Sep 17 00:00:00 2001
From: Lachlan Ennis <2433737+elachlan@users.noreply.github.com>
Date: Tue, 11 Jan 2022 08:04:46 +1000
Subject: [PATCH 2/2] Update src/Tasks/Hash.cs
Co-authored-by: Rainer Sigwald
---
src/Tasks/Hash.cs | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/Tasks/Hash.cs b/src/Tasks/Hash.cs
index 54ebe8b718d..ea6a836d9c1 100644
--- a/src/Tasks/Hash.cs
+++ b/src/Tasks/Hash.cs
@@ -42,7 +42,6 @@ public class Hash : TaskExtension
[Output]
public string HashResult { get; set; }
-
///
/// Execute the task.
///