fix 2 warnings in CodeAnalysis #3388
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
heng-liu
requested review from
aortiz-msft,
cristinamanum,
dominoFire,
donnie-msft,
dtivel,
kartheekp-ms,
nkolev92,
rrelyea,
zivkan and
zkat
as code owners
zivkan
reviewed
May 12, 2020
Comment on lines
50
to
53
| using (var certificate = new X509Certificate2(cert)) | ||
| { | ||
| _signedCms.AddCertificate(certificate); | ||
| } |
There was a problem hiding this comment.
By putting this is a using block, it means the certificate that was added to _signedCms is now disposed. Are you sure that's ok?
There was a problem hiding this comment.
Thanks for reviewing!
Looks like the AddCertificate method will create a copy of the certificate in following code:
https://github.com/dotnet/runtime/blob/master/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignedCms.cs#L639-L671
There was a problem hiding this comment.
Consider adding a comment saying that AddCertificates copies the cert.
As you pointed out, there's no point making a new cert.
There was a problem hiding this comment.
So it should be ok not new any certificate, just use the one from parameter.
I'll fix it. Thanks!
zivkan
approved these changes
May 12, 2020
Comment on lines
50
to
53
| using (var certificate = new X509Certificate2(cert)) | ||
| { | ||
| _signedCms.AddCertificate(certificate); | ||
| } |
There was a problem hiding this comment.
Consider adding a comment saying that AddCertificates copies the cert.
As you pointed out, there's no point making a new cert.
heng-liu
added a commit
that referenced
this pull request
May 20, 2020
* fix 2 warnings in CodeAnalysis
heng-liu
added a commit
that referenced
this pull request
May 26, 2020
* fix 2 warnings in CodeAnalysis
heng-liu
added a commit
that referenced
this pull request
Jun 12, 2020
* fix 2 warnings in CodeAnalysis
heng-liu
added a commit
that referenced
this pull request
Jun 16, 2020
* fix 2 warnings in CodeAnalysis
heng-liu
added a commit
that referenced
this pull request
Jun 17, 2020
* fix 2 warnings in CodeAnalysis
heng-liu
added a commit
that referenced
this pull request
Jun 19, 2020
* fix 2 warnings in CodeAnalysis
heng-liu
added a commit
that referenced
this pull request
Jun 19, 2020
* fix 2 warnings in CodeAnalysis
aortiz-msft
pushed a commit
that referenced
this pull request
Jun 20, 2020
* Signing: Support signature verification on .NET Core Remove 2nd N.B.T.P package (#2984) remove WorkaroundNetStandard target, change SDK for build from 3.0 preview to 3.1 stable (#3161) * remove WorkaroundNetStandard target, change SDK for build from 3.0 preview to 3.1 stable version, fix error; change LockSDKVersion default value from empty string to false; apply Linux workaround in my change Retarget to netcore5.0 (#3162) * retarget to netcore5.0; Linux script workaround need to apply for downloading SDK for build add pkcs and cng packages Temporary fix on patching SDK, add System.Security.Cryptography.Pkcs.dll and update deps.json, use dll from .nuget/packages Address PR comments implement add cert to store on Mac; display openssl version (#3166) Implement timestamp integrity verification; Implement an equivalent NativeCms; enable signing APIs and tests (#3168) * implement timestamp integrity verification; implement ManagedCms; enable signing APIs and tests fix xplat verification branch after rebase (#3191) Fixes: NuGet/Home#9012 check different cross-platform error messages for self-signed cert test (#3208) Fixes: NuGet/Home#8933 Xplat Signing/Verification : Fix broken tests for setting privatekey of a X509Certificate2 (#3195) use workaround to set private key for X509Certificate2 (netcore), change ToRSA to workaround for netcore(especially for non-windows) enable PathTooLongException test (#3216) Fixes: NuGet/Home#8920 enable TrustedSignerActionsProvider on netcore, along with tests (#3213) Fixes: NuGet/Home#8921 Enable SignedPackageIntegrityVerificationTests for netcore5.0 (#3220) Enable SignedPackageIntegrityVerificationTests for netcore, remove extra preprocessors Enable timestamp provider test and fix 3 broken tests (#3210) enable all unit tests; enable 8 more tests; enable timestampProviderTest; fix 3 broken tests in TimestampProviderTests Fix 4 tests in SignatureTrustAndValidityVerificationProviderTests (#3242) fix untrusted msg for different platforms fixed broken tests using utility methods (#3263) disable outdated tests (#3274) enable 4 tests on Mac (#3275) fix 5 broken tests in SignatureTrustAndValidityVerificationProviderTests, add workaround for Linux (#3252) fix broken test case ExecuteCommandAsync_WithAmbiguousMatch_ThrowsAsync (#3291) * Enable test ExecuteCommandAsync_WithMultiplePackagesAndInvalidCertificate_RaisesErrorsOnceAsync (#3342) * enable a test, change the comments; extend test limitation on Linux * Updated SDK version and removed the hardcoded version when reading from JSON file (#3372) * update Pkcs package to the preview3 version (#3382) * fix 2 warnings in CodeAnalysis (#3388) * fix 2 warnings in CodeAnalysis * disable dynamic revoke tests on Mac (#3373) * fix 1 test (#3371) * Fix more warnings reported by CodeAnalysis (#3393) * fix string warnings raised by CodeAnalysis * Retarget xplat verification to netcoreapp5.0 (#3386) * retarget netcoreapp5.0 (a workaround for net5.0) * fix all the rest warnings raised by code analysis (#3401) * Suppress CA1307 warning for string.GetHashCode() method (#3404) * Linux test failure due to generic exception (#3405) * add TFM netcoreapp5.0 to N.B.T.Console and N.P.Core projects (#3419) * add TFM netcoreapp5.0 to N.B.T.Console and N.P.Core projects * add PIN prompt for netcore (#3389) * Run dotnet nuget tests on multiple TFMs (#3387) * enabled mac assertions * Revert "enabled mac assertions" This reverts commit d8a52e2. * Enable test GetCertificateChain_WithUntrustedRoot_Throws on Mac (#3428) * run signing integration tests cross plat (#3415) * added GetNonce() to IRfc3161TimestampRequest interface (#3427) * disable test for netcore (#3445) * log Status and StatusInformation, fix 2 tests (#3268) * Disable verification during extraction for Mono, disable a test on Mono (#3451) * disable verification during extraction on mono,disable a mono test on Mac * adapt 2 newly added dotnet integration tests for multiple TFMs (#3460) * remove useless Sdk2x.targets * get TimestampTests working again (#3218) * get TimestampTests working again Fixes: NuGet/Home#8935 * change GetTimestampAsync into internal * fix runFuncTests.sh and InstallCLIforBuild.sh * address feedback * upgrade dotnet 5 to preview4 as preview5 is broken * Fix exception thrown in SigningTestFixture during disposing (#3464) Co-authored-by: Kartheek Penagamuri <52756182+kartheekp-ms@users.noreply.github.com> Co-authored-by: Andy Zivkovic <zivkan@users.noreply.github.com> Co-authored-by: Kat Marchán <kzm@zkat.tech>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bug
Fixes: NuGet/Home#9546
Regression: No
Fix
Details: fix 2 warnings raised by CodeAnalysis.FxCopAnalyzer
Testing/Validation
Tests Added: No
Reason for not adding tests:
Validation: