public void WeakHashAnalyserWillNotReportInvocationsOfMD5()
{
string code = @"
using System;
using System.Security.Cryptography;
public class TestClass
{
public void TestMethod()
{
var test = MD5.Create();
}
}
";
CompilationUnitSyntax root = CSharpSyntaxTree.ParseText(code).GetCompilationUnitRoot();
WeakHashAnalyser analyser = new WeakHashAnalyser();
analyser.Visit(root);
IReadOnlyCollection <AnalyserItem> result = analyser.AnalyserItems;
Assert.NotEmpty(result);
Assert.Equal(1, result.Count);
Assert.Equal("Weak hash algorithm usage detected", result.First().Message);
Assert.Equal(8, result.First().NodeReference.GetSyntax().GetLocation().GetMappedLineSpan().StartLinePosition.Line);
}
public void WeakHashAnalyserWillNotReportVariablesNamedMD5()
{
string code = @"
using System;
using System.Security.Cryptography;
public class TestClass
{
public void TestMethod()
{
string MD5 = ""hash"";
}
}
";
CompilationUnitSyntax root = CSharpSyntaxTree.ParseText(code).GetCompilationUnitRoot();
WeakHashAnalyser analyser = new WeakHashAnalyser();
analyser.Visit(root);
IReadOnlyCollection <AnalyserItem> result = analyser.AnalyserItems;
Assert.Empty(result);
}
