Skip to content

Commit

Permalink
[5.2.1] | Fix CodeQL and Rozlyn warnings (dotnet#2428) and (dotnet#2432
Browse files Browse the repository at this point in the history
  • Loading branch information
DavoudEshtehari authored and dauinsight committed May 16, 2024
1 parent 8933992 commit 652ca96
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 6 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -822,13 +822,14 @@ private static string ToFriendlyName(this SslProtocols protocol)
{
name = "TLS 1.0";
}
#pragma warning disable CS0618 // Type or member is obsolete: SSL is depricated
// SSL 2.0 and 3.0 are only referenced to log a warning, not explicitly used for connections
#pragma warning disable CS0618, CA5397
else if ((protocol & SslProtocols.Ssl3) == SslProtocols.Ssl3)
{
name = "SSL 3.0";
}
else if ((protocol & SslProtocols.Ssl2) == SslProtocols.Ssl2)
#pragma warning restore CS0618 // Type or member is obsolete: SSL is depricated
#pragma warning restore CS0618, CA5397
{
name = "SSL 2.0";
}
Expand All @@ -848,9 +849,10 @@ private static string ToFriendlyName(this SslProtocols protocol)
public static string GetProtocolWarning(this SslProtocols protocol)
{
string message = string.Empty;
#pragma warning disable CS0618 // Type or member is obsolete : SSL is depricated
// SSL 2.0 and 3.0 are only referenced to log a warning, not explicitly used for connections
#pragma warning disable CS0618, CA5397
if ((protocol & (SslProtocols.Ssl2 | SslProtocols.Ssl3 | SslProtocols.Tls | SslProtocols.Tls11)) != SslProtocols.None)
#pragma warning restore CS0618 // Type or member is obsolete : SSL is depricated
#pragma warning restore CS0618, CA5397
{
message = StringsHelper.Format(Strings.SEC_ProtocolWarning, protocol.ToFriendlyName());
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -413,13 +413,14 @@ internal override uint WaitForSSLHandShakeToComplete(out int protocolVersion)
}
else if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL3_CLIENT) || nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL3_SERVER))
{
#pragma warning disable CS0618 // Type or member is obsolete : SSL is depricated
// SSL 2.0 and 3.0 are only referenced to log a warning, not explicitly used for connections
#pragma warning disable CS0618, CA5397
protocolVersion = (int)SslProtocols.Ssl3;
}
else if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL2_CLIENT) || nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL2_SERVER))
{
protocolVersion = (int)SslProtocols.Ssl2;
#pragma warning restore CS0618 // Type or member is obsolete : SSL is depricated
#pragma warning restore CS0618, CA5397
}
else //if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_NONE))
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -243,7 +243,13 @@ private bool VerifyHealthReportAgainstRootCertificate(X509Certificate2Collection
chain.ChainPolicy.ExtraStore.Add(cert);
}

// An Always Encrypted-enabled driver doesn't verify an expiration date or a certificate authority chain.
// A certificate is simply used as a key pair consisting of a public and private key. This is by design.

#pragma warning disable IA5352
// CodeQL [SM00395] By design. Always Encrypted certificates should not be checked.
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
#pragma warning restore IA5352

if (!chain.Build(healthReportCert))
{
Expand Down

0 comments on commit 652ca96

Please sign in to comment.