void GenericHandlerSignature() { var httpHandler = new System.Net.Http.HttpClientHandler(); httpHandler.ServerCertificateCustomValidationCallback += InvalidValidation; var ShouldNotTrigger = new NonrelatedSignatureType(); ShouldNotTrigger.Callback += (sender, chain, certificate, SslPolicyErrors) => true; ShouldNotTrigger.Callback += (sender, chain, certificate, SslPolicyErrors) => false; }
void GenericHandlerSignature() { var httpHandler = new System.Net.Http.HttpClientHandler(); //This is not RemoteCertificateValidationCallback delegate type, but Func<...> httpHandler.ServerCertificateCustomValidationCallback += InvalidValidation; //Noncompliant [flow9] //Generic signature check without RemoteCertificateValidationCallback var ShouldTrigger = new RelatedSignatureType(); ShouldTrigger.Callback += InvalidValidation; //Noncompliant [flow10] ShouldTrigger.Callback += CompliantValidation; var ShouldNotTrigger = new NonrelatedSignatureType(); ShouldNotTrigger.Callback += (sender, chain, certificate, SslPolicyErrors) => true; //Compliant, because signature types are not in expected order for validation ShouldNotTrigger.Callback += (sender, chain, certificate, SslPolicyErrors) => false; }