mcp-server-semgrep/semgrep-rules/csharp/dotnet/security/use_deprecated_cipher_algorithm.yaml

MCP Server for Semgrep Integration - static code analysis with AI

rules:
- id: use_deprecated_cipher_algorithm
  message: Usage of deprecated cipher algorithm detected. Use Aes or ChaCha20Poly1305 instead.
  severity: ERROR
  metadata:
    likelihood: HIGH
    impact: MEDIUM
    confidence: MEDIUM
    category: security
    cwe:
    - 'CWE-327: Use of a Broken or Risky Cryptographic Algorithm'
    owasp:
    - A02:2021 - Cryptographic Failures
    references:
    - https://learn.microsoft.com/en-gb/dotnet/api/system.security.cryptography.des?view=net-6.0#remarks
    - https://learn.microsoft.com/en-gb/dotnet/api/system.security.cryptography.rc2?view=net-6.0#remarks
    - https://learn.microsoft.com/en-gb/dotnet/api/system.security.cryptography.aes?view=net-6.0
    - https://learn.microsoft.com/en-gb/dotnet/api/system.security.cryptography.chacha20poly1305?view=net-6.0
    subcategory:
    - vuln
    technology:
    - .net
  languages:
  - csharp
  patterns:
  - pattern: $KEYTYPE.Create(...);
  - metavariable-pattern:
      metavariable: $KEYTYPE
      pattern-either:
      - pattern: DES
      - pattern: RC2