1. 首页
  2. 问答
  3. .NET代码分析警告

.NET代码分析警告

2016-07-02 109 views
-1

有什么不对下面code..The给出的代码是不是投诉CA2000:失去范围(https://msdn.microsoft.com/library/ms182289.aspx)之前释放对象。这个代码生成以下警告.NET代码分析警告

警告CA2000在方法CryptoComputer.Encrypt(字符串,字符串,字符串,字符串)',对象'new RijndaelManaged()'不沿着所有的异常路径。调用System.IDisposable.Dispose对象'new RijndaelManaged()'之前,所有对它的引用超出范围。

public static string Encrypt(string plainText, string passPhrase, string saltValue, string initVector) 
      { 
       var initVectorBytes = Encoding.UTF8.GetBytes(initVector); 
       var saltValueBytes = Encoding.UTF8.GetBytes(saltValue); 
       var plainTextBytes = Encoding.UTF8.GetBytes(plainText); 
       string cipherText; 
       PasswordDeriveBytes password = null; 
       RijndaelManaged symmetricKey = null; 
       MemoryStream memoryStream = null; 
       try 
       { 
        memoryStream = new MemoryStream(); 

        password = new PasswordDeriveBytes(passPhrase, saltValueBytes, hashAlgorithm, passwordIterations); 
        byte[] keyBytes = password.GetBytes(keySize/8); 

        symmetricKey = new RijndaelManaged { Mode = CipherMode.CBC }; 
        var encryptor = symmetricKey.CreateEncryptor(keyBytes, initVectorBytes); 

        var cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write); 

        cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length); 

        cryptoStream.FlushFinalBlock(); 

        var cipherTextBytes = memoryStream.ToArray(); 


        cipherText = Convert.ToBase64String(cipherTextBytes); 

       } 
       catch (Exception) 
       { 

        throw; 
       } 
       finally 
       { 
        password?.Dispose(); 
        symmetricKey?.Dispose(); 
        memoryStream?.Dispose(); 

       } 

       return cipherText; 
      }

我怎么可以重写这段代码,以满足微软的准则

来源

2016-07-02 Binson Eldhose

+0

使用 “使用(......)” 为密码,symmetricKey,MemoryStream的。 –

+1

或者是因为Microsoft的分析规则不能识别“password?.Dispose()”的语法?如果将其重写为'if(obj!= null)obj.Dispose();'? – kennyzx

+0

Kennyzx可能是正确的...您必须以旧方式编写代码或者抑制虚假警告 –

回答

0

使用Using { ... }块像它下面的总结,这将确保一次性实例得到处理的,一旦超出范围。确保将所有一次性物品包装在using {}区块中,而不仅仅是下面所示的物品。

using (symmetricKey = new RijndaelManaged { Mode = CipherMode.CBC }) 
{ 
    //rest code goes here 
}

来源

2016-07-02 07:13:12 Rahul

+0

没有它没有打扰 –

+0

@BinsonEldhose,向你展示了路径。就像我刚才提到的那样,你需要将所有可用的对象封装在一个'using {}'块中,而不仅仅是在回答中提到的那个。 – Rahul

1

每一次性对象 “使用(...)”:

... 
var initVectorBytes = Encoding.UTF8.GetBytes(initVector); 
var saltValueBytes = Encoding.UTF8.GetBytes(saltValue); 
var plainTextBytes = Encoding.UTF8.GetBytes(plainText); 
string cipherText; 
using (var memoryStream = new MemoryStream()) 
{ 
    using (var password = new PasswordDeriveBytes(passPhrase, saltValueBytes, hashAlgorithm, passwordIterations)) 
    { 
    var keyBytes = password.GetBytes(keySize/8); 
    using (var symmetricKey = new RijndaelManaged {Mode = CipherMode.CBC}) 
    { 
     var encryptor = symmetricKey.CreateEncryptor(keyBytes, initVectorBytes); 
     var cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write); 
     cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length); 
     cryptoStream.FlushFinalBlock(); 
     var cipherTextBytes = memoryStream.ToArray(); 
     cipherText = Convert.ToBase64String(cipherTextBytes); 
    } 
    } 
} 
return cipherText; 
...

using Statement (C# Reference)

来源

2016-07-02 07:23:03

相关问题

 相关问题