gitlab.security_code_scan.SCS0006-1

unknown
Download Count*
License

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

Run Locally

Run in CI

Defintion

rules:
  - id: security_code_scan.SCS0006-1
    patterns:
      - pattern-either:
          - patterns:
              - metavariable-regex:
                  metavariable: $HASH_PROVIDER
                  regex: ^(SHA1CryptoServiceProvider|MD5CryptoServiceProvider)$
              - pattern: new $HASH_PROVIDER
          - patterns:
              - metavariable-regex:
                  metavariable: $HASH_CLASS
                  regex: ^System.Security.Cryptography.(SHA1|MD5)$
              - pattern: $HASH_CLASS.$METHOD();
    message: >
      The use of a broken or risky cryptographic algorithm is an unnecessary
      risk that may result in

      the exposure of sensitive information.
    languages:
      - csharp
    severity: WARNING
    metadata:
      category: security
      cwe: "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
      license: MIT