[4.0.6] | Fix CodeQL and Rozlyn warnings (#2428) and (#2432) (#2513)

dauinsight · David-Engel · JRahnama · web-flow · commit 2ec2e72fa289 · 2024-05-17T10:00:20.000-07:00
[4.0.6] | Fix CodeQL and Rozlyn warnings (#2428) and (#2432) --------- Co-authored-by: David Engel <v-davidengel@microsoft.com> Co-authored-by: Javad Rahnama <v-jarahn@microsoft.com> Co-authored-by: David Engel <dengel1012@gmail.com> Co-authored-by: DavoudEshtehari <61173489+DavoudEshtehari@users.noreply.github.com>
diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserHelperClasses.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserHelperClasses.cs
@@ -822,13 +822,14 @@ private static string ToFriendlyName(this SslProtocols protocol)
             {
                 name = "TLS 1.0";
             }
-#pragma warning disable CS0618 // Type or member is obsolete: SSL is depricated
+// SSL 2.0 and 3.0 are only referenced to log a warning, not explicitly used for connections
+#pragma warning disable CS0618, CA5397
             else if ((protocol & SslProtocols.Ssl3) == SslProtocols.Ssl3)
             {
                 name = "SSL 3.0";
             }
             else if ((protocol & SslProtocols.Ssl2) == SslProtocols.Ssl2)
-#pragma warning restore CS0618 // Type or member is obsolete: SSL is depricated
+#pragma warning restore CS0618, CA5397
             {
                 name = "SSL 2.0";
             }
@@ -848,9 +849,10 @@ private static string ToFriendlyName(this SslProtocols protocol)
         public static string GetProtocolWarning(this SslProtocols protocol)
         {
             string message = string.Empty;
-#pragma warning disable CS0618 // Type or member is obsolete : SSL is depricated
+// SSL 2.0 and 3.0 are only referenced to log a warning, not explicitly used for connections
+#pragma warning disable CS0618, CA5397
             if ((protocol & (SslProtocols.Ssl2 | SslProtocols.Ssl3 | SslProtocols.Tls | SslProtocols.Tls11)) != SslProtocols.None)
-#pragma warning restore CS0618 // Type or member is obsolete : SSL is depricated
+#pragma warning restore CS0618, CA5397
             {
                 message = StringsHelper.Format(Strings.SEC_ProtocolWarning, protocol.ToFriendlyName());
             }
diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs
@@ -413,13 +413,14 @@ internal override uint WaitForSSLHandShakeToComplete(out int protocolVersion)
             }
             else if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL3_CLIENT) || nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL3_SERVER))
             {
-#pragma warning disable CS0618 // Type or member is obsolete : SSL is depricated
+// SSL 2.0 and 3.0 are only referenced to log a warning, not explicitly used for connections
+#pragma warning disable CS0618, CA5397
                 protocolVersion = (int)SslProtocols.Ssl3;
             }
             else if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL2_CLIENT) || nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL2_SERVER))
             {
                 protocolVersion = (int)SslProtocols.Ssl2;
-#pragma warning restore CS0618 // Type or member is obsolete : SSL is depricated
+#pragma warning restore CS0618, CA5397
             }
             else //if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_NONE))
             {
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/VirtualSecureModeEnclaveProviderBase.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/VirtualSecureModeEnclaveProviderBase.cs
@@ -243,7 +243,13 @@ private bool VerifyHealthReportAgainstRootCertificate(X509Certificate2Collection
                 chain.ChainPolicy.ExtraStore.Add(cert);
             }
 
+            // An Always Encrypted-enabled driver doesn't verify an expiration date or a certificate authority chain.
+            // A certificate is simply used as a key pair consisting of a public and private key. This is by design.
+            
+            #pragma warning disable IA5352
+            // CodeQL [SM00395] By design. Always Encrypted certificates should not be checked.
             chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
+            #pragma warning restore IA5352
 
             if (!chain.Build(healthReportCert))
             {

Original file line number	Diff line number	Diff line change
`@@ -822,13 +822,14 @@ private static string ToFriendlyName(this SslProtocols protocol)`
`822`	`822`	`{`
`823`	`823`	`name = "TLS 1.0";`
`824`	`824`	`}`
`825`		`-#pragma warning disable CS0618 // Type or member is obsolete: SSL is depricated`
	`825`	`+// SSL 2.0 and 3.0 are only referenced to log a warning, not explicitly used for connections`
	`826`	`+#pragma warning disable CS0618, CA5397`
`826`	`827`	`else if ((protocol & SslProtocols.Ssl3) == SslProtocols.Ssl3)`
`827`	`828`	`{`
`828`	`829`	`name = "SSL 3.0";`
`829`	`830`	`}`
`830`	`831`	`else if ((protocol & SslProtocols.Ssl2) == SslProtocols.Ssl2)`
`831`		`-#pragma warning restore CS0618 // Type or member is obsolete: SSL is depricated`
	`832`	`+#pragma warning restore CS0618, CA5397`
`832`	`833`	`{`
`833`	`834`	`name = "SSL 2.0";`
`834`	`835`	`}`
`@@ -848,9 +849,10 @@ private static string ToFriendlyName(this SslProtocols protocol)`
`848`	`849`	`public static string GetProtocolWarning(this SslProtocols protocol)`
`849`	`850`	`{`
`850`	`851`	`string message = string.Empty;`
`851`		`-#pragma warning disable CS0618 // Type or member is obsolete : SSL is depricated`
	`852`	`+// SSL 2.0 and 3.0 are only referenced to log a warning, not explicitly used for connections`
	`853`	`+#pragma warning disable CS0618, CA5397`
`852`	`854`	`if ((protocol & (SslProtocols.Ssl2 \| SslProtocols.Ssl3 \| SslProtocols.Tls \| SslProtocols.Tls11)) != SslProtocols.None)`
`853`		`-#pragma warning restore CS0618 // Type or member is obsolete : SSL is depricated`
	`855`	`+#pragma warning restore CS0618, CA5397`
`854`	`856`	`{`
`855`	`857`	`message = StringsHelper.Format(Strings.SEC_ProtocolWarning, protocol.ToFriendlyName());`
`856`	`858`	`}`
Original file line number	Diff line number	Diff line change
`@@ -413,13 +413,14 @@ internal override uint WaitForSSLHandShakeToComplete(out int protocolVersion)`
`413`	`413`	`}`
`414`	`414`	`else if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL3_CLIENT) \|\| nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL3_SERVER))`
`415`	`415`	`{`
`416`		`-#pragma warning disable CS0618 // Type or member is obsolete : SSL is depricated`
	`416`	`+// SSL 2.0 and 3.0 are only referenced to log a warning, not explicitly used for connections`
	`417`	`+#pragma warning disable CS0618, CA5397`
`417`	`418`	`protocolVersion = (int)SslProtocols.Ssl3;`
`418`	`419`	`}`
`419`	`420`	`else if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL2_CLIENT) \|\| nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL2_SERVER))`
`420`	`421`	`{`
`421`	`422`	`protocolVersion = (int)SslProtocols.Ssl2;`
`422`		`-#pragma warning restore CS0618 // Type or member is obsolete : SSL is depricated`
	`423`	`+#pragma warning restore CS0618, CA5397`
`423`	`424`	`}`
`424`	`425`	`else //if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_NONE))`
`425`	`426`	`{`
Original file line number	Diff line number	Diff line change
`@@ -243,7 +243,13 @@ private bool VerifyHealthReportAgainstRootCertificate(X509Certificate2Collection`
`243`	`243`	`chain.ChainPolicy.ExtraStore.Add(cert);`
`244`	`244`	`}`
`245`	`245`
	`246`	`+ // An Always Encrypted-enabled driver doesn't verify an expiration date or a certificate authority chain.`
	`247`	`+ // A certificate is simply used as a key pair consisting of a public and private key. This is by design.`
	`248`	`+`
	`249`	`+ #pragma warning disable IA5352`
	`250`	`+ // CodeQL [SM00395] By design. Always Encrypted certificates should not be checked.`
`246`	`251`	`chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;`
	`252`	`+ #pragma warning restore IA5352`
`247`	`253`
`248`	`254`	`if (!chain.Build(healthReportCert))`
`249`	`255`	`{`