Update CommonCryptographyManager.cs to suppress codeql rule

bgavrilMS · web-flow · commit 8bde6d27f64a · 2025-02-11T16:09:17.000Z
diff --git a/src/client/Microsoft.Identity.Client/PlatformsCommon/Shared/CommonCryptographyManager.cs b/src/client/Microsoft.Identity.Client/PlatformsCommon/Shared/CommonCryptographyManager.cs
@@ -90,7 +90,7 @@ public virtual byte[] SignWithCertificate(string message, X509Certificate2 certi
 
             byte[] SignDataAndCacheProvider(string message)
             {                
-                // codeql[cs/cryptography/rsa-unapproved-signing-padding-scheme] Backwards Compatibility: Requires using PKCS1 padding for Identity Providers not supporting PSS (older ADFS, non-Microsoft identity providers)                
+                // codeql [SM03799] Backwards Compatibility: Requires using PKCS1 padding for Identity Providers not supporting PSS (older ADFS, dSTS)                
                 var signedData = rsa.SignData(Encoding.UTF8.GetBytes(message), HashAlgorithmName.SHA256, signaturePadding);
                 
                 // Cache only valid RSA crypto providers, which are able to sign data successfully

Original file line number	Diff line number	Diff line change
`@@ -90,7 +90,7 @@ public virtual byte[] SignWithCertificate(string message, X509Certificate2 certi`
`90`	`90`
`91`	`91`	`byte[] SignDataAndCacheProvider(string message)`
`92`	`92`	`{`
`93`		`- // codeql[cs/cryptography/rsa-unapproved-signing-padding-scheme] Backwards Compatibility: Requires using PKCS1 padding for Identity Providers not supporting PSS (older ADFS, non-Microsoft identity providers)`
	`93`	`+ // codeql [SM03799] Backwards Compatibility: Requires using PKCS1 padding for Identity Providers not supporting PSS (older ADFS, dSTS)`
`94`	`94`	`var signedData = rsa.SignData(Encoding.UTF8.GetBytes(message), HashAlgorithmName.SHA256, signaturePadding);`
`95`	`95`
`96`	`96`	`// Cache only valid RSA crypto providers, which are able to sign data successfully`