csharp.dotnet.security.use_deprecated_cipher_algorithm.use_deprecated_cipher_algorithm
semgrep
Author
unknown
Download Count*
License
Usage of deprecated cipher algorithm detected. Use Aes or ChaCha20Poly1305 instead.
Run Locally
Run in CI
Defintion
rules:
- id: use_deprecated_cipher_algorithm
message: Usage of deprecated cipher algorithm detected. Use Aes or
ChaCha20Poly1305 instead.
severity: ERROR
metadata:
likelihood: HIGH
impact: MEDIUM
confidence: MEDIUM
category: security
cwe:
- "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
owasp:
- A02:2021 - Cryptographic Failures
references:
- https://learn.microsoft.com/en-gb/dotnet/api/system.security.cryptography.des?view=net-6.0#remarks
- https://learn.microsoft.com/en-gb/dotnet/api/system.security.cryptography.rc2?view=net-6.0#remarks
- https://learn.microsoft.com/en-gb/dotnet/api/system.security.cryptography.aes?view=net-6.0
- https://learn.microsoft.com/en-gb/dotnet/api/system.security.cryptography.chacha20poly1305?view=net-6.0
subcategory:
- vuln
technology:
- .net
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- Cryptographic Issues
languages:
- csharp
patterns:
- pattern: $KEYTYPE.Create(...);
- metavariable-pattern:
metavariable: $KEYTYPE
pattern-either:
- pattern: DES
- pattern: RC2
Examples
use_deprecated_cipher_algorithm.cs
using System;
using System.Security.Cryptography;
public class Encryption
{
public void CreateAes1() {
//ok: use_deprecated_cipher_algorithm
var key = Aes.Create();
}
public void CreateAes2() {
//ok: use_deprecated_cipher_algorithm
var key = Aes.Create("ImplementationName");
}
public void CreateRijndael1() {
//ok: use_deprecated_cipher_algorithm
var key = Rijndael.Create();
}
public void CreateRijndael2() {
//ok: use_deprecated_cipher_algorithm
var key = Rijndael.Create("ImplementationName");
}
public void CreateDES1() {
//ruleid: use_deprecated_cipher_algorithm
var key = DES.Create();
}
public void CreateDES2() {
//ruleid: use_deprecated_cipher_algorithm
var key = DES.Create("ImplementationName");
}
public void CreateTripleDES1() {
//ok: use_deprecated_cipher_algorithm
var key = TripleDES.Create();
}
public void CreateTripleDES2() {
//ok: use_deprecated_cipher_algorithm
var key = TripleDES.Create("ImplementationName");
}
public void CreateRC21() {
//ruleid: use_deprecated_cipher_algorithm
var key = RC2.Create();
}
public void CreateRC22() {
//ruleid: use_deprecated_cipher_algorithm
var key = RC2.Create("ImplementationName");
}
}
Short Link: https://sg.run/k8Qo