DangerousGetHandle
CS-A1001Handle returned by DangerousGetHandle
can be invalidated, become stale, or be recycled when APIs such as SetHandleAsInvalid
is invoked. This can lead to potential security vulnerabilities within your application. It is therefore recommended that you use this method only if you know what you're doing and absolutely require it.
According to Microsoft, BinaryFormatter
deserializes data in an insecure manner and using it is "equivalent of interpreting the payload as a standalone executable and launching it". It is therefore recommended that you switch to preferred alternatives that can handle untrusted data safely such as XmlSerializer
, DataContractSerializer
, BinaryReader
, BinaryWriter
, or System.Text.Json
.
System.URI
instead of string
s CS-A1000Representing URIs as string
s can prove to be a security risk as they are difficult to parse, validate and encode. It is therefore recommended that you use the more safer and reliable built-in alternative System.URI
.
One or more crypto algorithms such as TripleDESCryptoServiceProvider, DESCryptoServiceProvider, and RC2CryptoServiceProvider are being used by your application. These algorithms are marked as obsolete and are no longer recommended. Please consider switching to a more modern and robust algorithm instead. Please check out the reference for some recommended algorithms.
Random
is a pseudo-random number generator, which is an algorithm that produces a sequence of numbers that meet certain statistical requirements for randomness. Because the number generated is not random enough for sensitive operations, consider using RandomNumberGenerator
from System.Security.Cryptography
namespace instead.