[5.2.1] | Fix CodeQL and Rozlyn warnings (dotnet#2428) and (dotnet#2432)

DavoudEshtehari · DavoudEshtehari · commit 7dee5cd66edc · 2024-04-17T10:54:03.000-07:00
diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserHelperClasses.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserHelperClasses.cs
@@ -764,13 +764,14 @@ private static string ToFriendlyName(this SslProtocols protocol)
             {
                 name = "TLS 1.0";
             }
-#pragma warning disable CS0618 // Type or member is obsolete: SSL is depricated
+// SSL 2.0 and 3.0 are only referenced to log a warning, not explicitly used for connections
+#pragma warning disable CS0618, CA5397
             else if ((protocol & SslProtocols.Ssl3) == SslProtocols.Ssl3)
             {
                 name = "SSL 3.0";
             }
             else if ((protocol & SslProtocols.Ssl2) == SslProtocols.Ssl2)
-#pragma warning restore CS0618 // Type or member is obsolete: SSL is depricated
+#pragma warning restore CS0618, CA5397
             {
                 name = "SSL 2.0";
             }
@@ -790,9 +791,10 @@ private static string ToFriendlyName(this SslProtocols protocol)
         public static string GetProtocolWarning(this SslProtocols protocol)
         {
             string message = string.Empty;
-#pragma warning disable CS0618 // Type or member is obsolete : SSL is depricated
+// SSL 2.0 and 3.0 are only referenced to log a warning, not explicitly used for connections
+#pragma warning disable CS0618, CA5397
             if ((protocol & (SslProtocols.Ssl2 | SslProtocols.Ssl3 | SslProtocols.Tls | SslProtocols.Tls11)) != SslProtocols.None)
-#pragma warning restore CS0618 // Type or member is obsolete : SSL is depricated
+#pragma warning restore CS0618, CA5397
             {
                 message = StringsHelper.Format(Strings.SEC_ProtocolWarning, protocol.ToFriendlyName());
             }
diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs
@@ -427,13 +427,14 @@ internal override uint WaitForSSLHandShakeToComplete(out int protocolVersion)
             }
             else if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL3_CLIENT) || nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL3_SERVER))
             {
-#pragma warning disable CS0618 // Type or member is obsolete : SSL is depricated
+// SSL 2.0 and 3.0 are only referenced to log a warning, not explicitly used for connections
+#pragma warning disable CS0618, CA5397
                 protocolVersion = (int)SslProtocols.Ssl3;
             }
             else if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL2_CLIENT) || nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL2_SERVER))
             {
                 protocolVersion = (int)SslProtocols.Ssl2;
-#pragma warning restore CS0618 // Type or member is obsolete : SSL is depricated
+#pragma warning restore CS0618, CA5397
             }
             else //if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_NONE))
             {
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/VirtualSecureModeEnclaveProviderBase.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/VirtualSecureModeEnclaveProviderBase.cs
@@ -252,7 +252,13 @@ private bool VerifyHealthReportAgainstRootCertificate(X509Certificate2Collection
                 chain.ChainPolicy.ExtraStore.Add(cert);
             }
 
+            // An Always Encrypted-enabled driver doesn't verify an expiration date or a certificate authority chain.
+            // A certificate is simply used as a key pair consisting of a public and private key. This is by design.
+            
+            #pragma warning disable IA5352
+            // CodeQL [SM00395] By design. Always Encrypted certificates should not be checked.
             chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
+            #pragma warning restore IA5352
 
             if (!chain.Build(healthReportCert))
             {

Original file line number	Diff line number	Diff line change
`@@ -764,13 +764,14 @@ private static string ToFriendlyName(this SslProtocols protocol)`
`764`	`764`	`{`
`765`	`765`	`name = "TLS 1.0";`
`766`	`766`	`}`
`767`		`-#pragma warning disable CS0618 // Type or member is obsolete: SSL is depricated`
	`767`	`+// SSL 2.0 and 3.0 are only referenced to log a warning, not explicitly used for connections`
	`768`	`+#pragma warning disable CS0618, CA5397`
`768`	`769`	`else if ((protocol & SslProtocols.Ssl3) == SslProtocols.Ssl3)`
`769`	`770`	`{`
`770`	`771`	`name = "SSL 3.0";`
`771`	`772`	`}`
`772`	`773`	`else if ((protocol & SslProtocols.Ssl2) == SslProtocols.Ssl2)`
`773`		`-#pragma warning restore CS0618 // Type or member is obsolete: SSL is depricated`
	`774`	`+#pragma warning restore CS0618, CA5397`
`774`	`775`	`{`
`775`	`776`	`name = "SSL 2.0";`
`776`	`777`	`}`
`@@ -790,9 +791,10 @@ private static string ToFriendlyName(this SslProtocols protocol)`
`790`	`791`	`public static string GetProtocolWarning(this SslProtocols protocol)`
`791`	`792`	`{`
`792`	`793`	`string message = string.Empty;`
`793`		`-#pragma warning disable CS0618 // Type or member is obsolete : SSL is depricated`
	`794`	`+// SSL 2.0 and 3.0 are only referenced to log a warning, not explicitly used for connections`
	`795`	`+#pragma warning disable CS0618, CA5397`
`794`	`796`	`if ((protocol & (SslProtocols.Ssl2 \| SslProtocols.Ssl3 \| SslProtocols.Tls \| SslProtocols.Tls11)) != SslProtocols.None)`
`795`		`-#pragma warning restore CS0618 // Type or member is obsolete : SSL is depricated`
	`797`	`+#pragma warning restore CS0618, CA5397`
`796`	`798`	`{`
`797`	`799`	`message = StringsHelper.Format(Strings.SEC_ProtocolWarning, protocol.ToFriendlyName());`
`798`	`800`	`}`
Original file line number	Diff line number	Diff line change
`@@ -427,13 +427,14 @@ internal override uint WaitForSSLHandShakeToComplete(out int protocolVersion)`
`427`	`427`	`}`
`428`	`428`	`else if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL3_CLIENT) \|\| nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL3_SERVER))`
`429`	`429`	`{`
`430`		`-#pragma warning disable CS0618 // Type or member is obsolete : SSL is depricated`
	`430`	`+// SSL 2.0 and 3.0 are only referenced to log a warning, not explicitly used for connections`
	`431`	`+#pragma warning disable CS0618, CA5397`
`431`	`432`	`protocolVersion = (int)SslProtocols.Ssl3;`
`432`	`433`	`}`
`433`	`434`	`else if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL2_CLIENT) \|\| nativeProtocol.HasFlag(NativeProtocols.SP_PROT_SSL2_SERVER))`
`434`	`435`	`{`
`435`	`436`	`protocolVersion = (int)SslProtocols.Ssl2;`
`436`		`-#pragma warning restore CS0618 // Type or member is obsolete : SSL is depricated`
	`437`	`+#pragma warning restore CS0618, CA5397`
`437`	`438`	`}`
`438`	`439`	`else //if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_NONE))`
`439`	`440`	`{`
Original file line number	Diff line number	Diff line change
`@@ -252,7 +252,13 @@ private bool VerifyHealthReportAgainstRootCertificate(X509Certificate2Collection`
`252`	`252`	`chain.ChainPolicy.ExtraStore.Add(cert);`
`253`	`253`	`}`
`254`	`254`
	`255`	`+ // An Always Encrypted-enabled driver doesn't verify an expiration date or a certificate authority chain.`
	`256`	`+ // A certificate is simply used as a key pair consisting of a public and private key. This is by design.`
	`257`	`+`
	`258`	`+ #pragma warning disable IA5352`
	`259`	`+ // CodeQL [SM00395] By design. Always Encrypted certificates should not be checked.`
`255`	`260`	`chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;`
	`261`	`+ #pragma warning restore IA5352`
`256`	`262`
`257`	`263`	`if (!chain.Build(healthReportCert))`
`258`	`264`	`{`