Skip to content

Fix credscan bugs#40454

Closed
aik-jahoda wants to merge 3 commits intodotnet:masterfrom
aik-jahoda:jajahoda/credscan4
Closed

Fix credscan bugs#40454
aik-jahoda wants to merge 3 commits intodotnet:masterfrom
aik-jahoda:jajahoda/credscan4

Conversation

@aik-jahoda
Copy link
Contributor

@aik-jahoda aik-jahoda commented Aug 6, 2020
edited
Loading

follow up of #38026

@Dotnet-GitSync-Bot
Copy link
Collaborator

Dotnet-GitSync-Bot commented Aug 6, 2020

I couldn't figure out the best area label to add to this PR. If you have write-permissions please help me learn by adding exactly one area label.

@aik-jahoda aik-jahoda requested a review from a team August 6, 2020 11:39
vcsjones
vcsjones reviewed Aug 6, 2020
View reviewed changes
src/libraries/Common/src/System/Security/Cryptography/EccSecurityTransforms.cs Outdated
{
// Apple requires all private keys to be exported encrypted, but since we're trying to export
// as parsed structures we will need to decrypt it for the user.
// [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test password.")]
Copy link
Member

@vcsjones vcsjones Aug 6, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This code, and a few other places, are not part of a unit test. Perhaps the comment above can be incorporated as the justification?

Copy link
Contributor Author

@aik-jahoda aik-jahoda Aug 7, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately it is not possible to use multiline justification. I added short justification with reference to the source.

ManickaP
ManickaP reviewed Aug 7, 2020
View reviewed changes
.config/CredScanSuppressions.json
"src/libraries/System.Security.Cryptography.Xml/tests/TestHelpers.cs"
"src/libraries/System.Security.Cryptography.Xml/tests/TestHelpers.cs",
"src/libraries/System.Security.Cryptography.X509Certificates/tests/PfxTests.cs",
"src/libraries/System.Management/src/System/Management/ManagementScope.cs",
Copy link
Member

@ManickaP ManickaP Aug 7, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file, according to the path, doesn't look like a test code. Is there a reason we cannot do inline suppression for it instead?

ManickaP
ManickaP approved these changes Aug 7, 2020
View reviewed changes
Copy link
Member

@ManickaP ManickaP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small comments, otherwise LGTM. Thanks!

src/libraries/Common/src/System/Security/Cryptography/EccSecurityTransforms.cs

internal static ECParameters ExportPublicParametersFromPrivateKey(SafeSecKeyRefHandle handle)
{
// [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Password for temporary operation. See code comments for more details.")]
Copy link
Member

@ManickaP ManickaP Aug 7, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See code comments for more details.

There're no comments though.

@ericstj
Copy link
Member

ericstj commented Jan 22, 2021

@aik-jahoda is this PR still important? Be sure to rerun tests if you want to merge it.

@joperezr
Copy link
Member

joperezr commented Feb 9, 2021

ping @aik-jahoda 😄

Do we still need this PR or can we go ahead and close?

@aik-jahoda
Copy link
Contributor Author

aik-jahoda commented Feb 10, 2021

Closing as we have new credscan effort and we need reevaluate the approach

@aik-jahoda aik-jahoda closed this Feb 10, 2021
@ghost ghost locked as resolved and limited conversation to collaborators Mar 12, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@vcsjones vcsjones vcsjones left review comments

@ManickaP ManickaP ManickaP approved these changes

Assignees

No one assigned

Labels

area-Meta

Projects

No open projects
Triage POD for Reflection, META, etc.
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@aik-jahoda @Dotnet-GitSync-Bot @ericstj @joperezr @vcsjones @ManickaP @jeffhandley @danmoseley