newNodes) {
- detectedNodes.addAll(newNodes);
- IAggregator.log(newNodes);
- }
-
- public static void reset() {
- csharpLanguageSupport = LanguageSupporter.csharpLanguageSupporter();
- detectedNodes = new ArrayList<>();
- }
-}
diff --git a/csharp/src/main/java/com/ibm/plugin/CSharpParserErrorListener.java b/csharp/src/main/java/com/ibm/plugin/CSharpParserErrorListener.java
deleted file mode 100644
index 3625e515f..000000000
--- a/csharp/src/main/java/com/ibm/plugin/CSharpParserErrorListener.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin;
-
-import javax.annotation.Nonnull;
-import javax.annotation.Nullable;
-import org.antlr.v4.runtime.BaseErrorListener;
-import org.antlr.v4.runtime.RecognitionException;
-import org.antlr.v4.runtime.Recognizer;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.sonar.api.batch.fs.InputFile;
-
-/**
- * ANTLR error listener that logs parse errors at WARN level instead of silently discarding them.
- *
- * Malformed C# files will still be partially scanned (the parser recovers where possible), but
- * any syntax errors encountered are surfaced as warnings so users know that analysis may be
- * incomplete for those files.
- */
-public final class CSharpParserErrorListener extends BaseErrorListener {
-
- private static final Logger LOG = LoggerFactory.getLogger(CSharpParserErrorListener.class);
-
- @Nonnull private final InputFile inputFile;
-
- public CSharpParserErrorListener(@Nonnull InputFile inputFile) {
- this.inputFile = inputFile;
- }
-
- @Override
- public void syntaxError(
- @Nonnull Recognizer recognizer,
- @Nullable Object offendingSymbol,
- int line,
- int charPositionInLine,
- @Nonnull String msg,
- @Nullable RecognitionException e) {
- LOG.warn("Parse error in {}: line {}:{} — {}", inputFile, line, charPositionInLine, msg);
- }
-}
diff --git a/csharp/src/main/java/com/ibm/plugin/CSharpRuleList.java b/csharp/src/main/java/com/ibm/plugin/CSharpRuleList.java
deleted file mode 100755
index a63d42bfe..000000000
--- a/csharp/src/main/java/com/ibm/plugin/CSharpRuleList.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin;
-
-import com.ibm.plugin.rules.CSharpInventoryRule;
-import java.util.List;
-
-/** Lists all C# check classes registered in the rule repository. */
-public final class CSharpRuleList {
-
- private CSharpRuleList() {
- // nothing
- }
-
- public static List> getChecks() {
- return List.of(CSharpInventoryRule.class);
- }
-}
diff --git a/csharp/src/main/java/com/ibm/plugin/CSharpScannerRuleDefinition.java b/csharp/src/main/java/com/ibm/plugin/CSharpScannerRuleDefinition.java
deleted file mode 100755
index 76e5762bf..000000000
--- a/csharp/src/main/java/com/ibm/plugin/CSharpScannerRuleDefinition.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin;
-
-import java.util.Collections;
-import java.util.Objects;
-import java.util.Set;
-import org.sonar.api.SonarRuntime;
-import org.sonar.api.server.rule.RulesDefinition;
-import org.sonarsource.analyzer.commons.RuleMetadataLoader;
-
-/** SonarQube rule repository definition for C# cryptographic rules. */
-public class CSharpScannerRuleDefinition implements RulesDefinition {
-
- public static final String REPOSITORY_KEY = "sonar-cs-crypto";
- public static final String REPOSITORY_NAME = "Sonar Cryptography";
-
- private static final Set RULE_TEMPLATES_KEY = Collections.emptySet();
- private static final String RESOURCE_BASE_PATH = "/org/sonar/l10n/cs/rules/cs";
-
- private final SonarRuntime sonarRuntime;
-
- public CSharpScannerRuleDefinition(SonarRuntime sonarRuntime) {
- this.sonarRuntime = sonarRuntime;
- }
-
- @Override
- public void define(Context context) {
- NewRepository repository =
- context.createRepository(REPOSITORY_KEY, "cs").setName(REPOSITORY_NAME);
-
- RuleMetadataLoader ruleMetadataLoader =
- new RuleMetadataLoader(RESOURCE_BASE_PATH, sonarRuntime);
- ruleMetadataLoader.addRulesByAnnotatedClass(repository, CSharpRuleList.getChecks());
- setTemplates(repository);
-
- repository.done();
- }
-
- private static void setTemplates(NewRepository repository) {
- RULE_TEMPLATES_KEY.stream()
- .map(repository::rule)
- .filter(Objects::nonNull)
- .forEach(rule -> rule.setTemplate(true));
- }
-}
diff --git a/csharp/src/main/java/com/ibm/plugin/CryptoCSharpSensor.java b/csharp/src/main/java/com/ibm/plugin/CryptoCSharpSensor.java
deleted file mode 100755
index 2970209f9..000000000
--- a/csharp/src/main/java/com/ibm/plugin/CryptoCSharpSensor.java
+++ /dev/null
@@ -1,160 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin;
-
-import com.ibm.engine.language.csharp.CSharpCheck;
-import com.ibm.engine.language.csharp.CSharpScanContext;
-import com.ibm.engine.language.csharp.CSharpTreeConverter;
-import com.ibm.engine.language.csharp.antlr.CSharpLexer;
-import com.ibm.engine.language.csharp.antlr.CSharpParser;
-import com.ibm.engine.language.csharp.tree.CSharpBlockTree;
-import java.io.IOException;
-import java.util.Collection;
-import java.util.List;
-import javax.annotation.Nonnull;
-import javax.annotation.Nullable;
-import org.antlr.v4.runtime.CharStreams;
-import org.antlr.v4.runtime.CommonTokenStream;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.sonar.api.batch.fs.FileSystem;
-import org.sonar.api.batch.fs.InputFile;
-import org.sonar.api.batch.rule.CheckFactory;
-import org.sonar.api.batch.sensor.Sensor;
-import org.sonar.api.batch.sensor.SensorContext;
-import org.sonar.api.batch.sensor.SensorDescriptor;
-
-/**
- * Custom sensor for executing cryptography detection rules on C# source files.
- *
- * Unlike Java/Python (which use SonarQube's {@code CheckRegistrar}) and Go (which reuses the
- * sonar-go {@code ChecksVisitor}), C# requires a fully custom sensor because sonar-csharp exposes
- * no public custom rule API. Each .cs file is parsed independently with the ANTLR4-based
- * CSharpLexer/CSharpParser, and detection checks are invoked directly for every method body found.
- */
-public class CryptoCSharpSensor implements Sensor {
-
- private static final Logger LOG = LoggerFactory.getLogger(CryptoCSharpSensor.class);
-
- private final Collection checks;
-
- public CryptoCSharpSensor(@Nonnull CheckFactory checkFactory) {
- this.checks =
- checkFactory
- .create(CSharpScannerRuleDefinition.REPOSITORY_KEY)
- .addAnnotatedChecks(CSharpRuleList.getChecks())
- .all();
- }
-
- @Override
- public void describe(@Nonnull SensorDescriptor descriptor) {
- descriptor.onlyOnLanguage("cs").name("Cryptography for C#");
- }
-
- @Override
- public void execute(@Nonnull SensorContext context) {
- execute(context, checks);
- }
-
- public static void execute(
- @Nonnull SensorContext context, @Nonnull Collection checks) {
- if (checks.isEmpty()) {
- return;
- }
-
- FileSystem fs = context.fileSystem();
- Iterable csFiles =
- fs.inputFiles(
- fs.predicates()
- .and(
- fs.predicates().hasLanguage("cs"),
- fs.predicates().hasType(InputFile.Type.MAIN)));
-
- for (InputFile inputFile : csFiles) {
- if (context.isCancelled()) {
- return;
- }
- analyzeFile(context, checks, inputFile);
- }
- }
-
- private static void analyzeFile(
- @Nonnull SensorContext context,
- @Nonnull Collection checks,
- @Nonnull InputFile inputFile) {
- String content;
- try {
- content = inputFile.contents();
- } catch (IOException e) {
- LOG.warn("Unable to read file: {}", inputFile, e);
- return;
- }
-
- CSharpParser.Compilation_unitContext parseTree = parseContent(content, inputFile);
- if (parseTree == null) {
- return;
- }
-
- CSharpTreeConverter converter = new CSharpTreeConverter();
- List methodBodies = converter.extractMethodBodies(parseTree);
- if (methodBodies.isEmpty()) {
- return;
- }
-
- CSharpScanContext scanContext =
- new CSharpScanContext(
- context, inputFile, CSharpScannerRuleDefinition.REPOSITORY_KEY);
-
- for (CSharpBlockTree blockTree : methodBodies) {
- for (CSharpCheck check : checks) {
- try {
- check.scan(scanContext, blockTree);
- } catch (RuntimeException e) {
- LOG.warn(
- "Error running check {} on {}: {}",
- check.getClass().getSimpleName(),
- inputFile,
- e.getMessage(),
- e);
- }
- }
- }
- }
-
- @Nullable private static CSharpParser.Compilation_unitContext parseContent(
- @Nonnull String content, @Nonnull InputFile inputFile) {
- try {
- CSharpLexer lexer =
- new CSharpLexer(CharStreams.fromString(content, inputFile.toString()));
- lexer.removeErrorListeners();
- lexer.addErrorListener(new CSharpParserErrorListener(inputFile));
-
- CommonTokenStream tokens = new CommonTokenStream(lexer);
- CSharpParser parser = new CSharpParser(tokens);
- parser.removeErrorListeners();
- parser.addErrorListener(new CSharpParserErrorListener(inputFile));
-
- return parser.compilation_unit();
- } catch (RuntimeException e) {
- LOG.warn("Unable to parse file: {}", inputFile, e);
- return null;
- }
- }
-}
diff --git a/csharp/src/main/java/com/ibm/plugin/rules/CSharpInventoryRule.java b/csharp/src/main/java/com/ibm/plugin/rules/CSharpInventoryRule.java
deleted file mode 100755
index 89f04d607..000000000
--- a/csharp/src/main/java/com/ibm/plugin/rules/CSharpInventoryRule.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules;
-
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.rule.IDetectionRule;
-import com.ibm.mapper.model.INode;
-import com.ibm.plugin.rules.detection.CSharpBaseDetectionRule;
-import com.ibm.plugin.rules.detection.CSharpDetectionRules;
-import com.ibm.plugin.translation.reorganizer.CSharpReorganizerRules;
-import com.ibm.rules.InventoryRule;
-import com.ibm.rules.issue.Issue;
-import java.util.List;
-import javax.annotation.Nonnull;
-import org.sonar.check.Rule;
-import org.sonar.java.annotations.VisibleForTesting;
-
-/** The single C# cryptographic inventory rule — detects all known crypto API usage. */
-@Rule(key = "Inventory")
-public class CSharpInventoryRule extends CSharpBaseDetectionRule {
-
- public CSharpInventoryRule() {
- super(true, CSharpDetectionRules.rules(), CSharpReorganizerRules.rules());
- }
-
- @VisibleForTesting
- protected CSharpInventoryRule(@Nonnull List> detectionRules) {
- super(true, detectionRules, CSharpReorganizerRules.rules());
- }
-
- @Override
- public @Nonnull List> report(
- @Nonnull CSharpTree markerTree, @Nonnull List translatedNodes) {
- return new InventoryRule().report(markerTree, translatedNodes);
- }
-}
diff --git a/csharp/src/main/java/com/ibm/plugin/rules/detection/CSharpBaseDetectionRule.java b/csharp/src/main/java/com/ibm/plugin/rules/detection/CSharpBaseDetectionRule.java
deleted file mode 100755
index bbe34499b..000000000
--- a/csharp/src/main/java/com/ibm/plugin/rules/detection/CSharpBaseDetectionRule.java
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules.detection;
-
-import com.ibm.common.IObserver;
-import com.ibm.engine.detection.Finding;
-import com.ibm.engine.executive.DetectionExecutive;
-import com.ibm.engine.language.csharp.CSharpCheck;
-import com.ibm.engine.language.csharp.CSharpScanContext;
-import com.ibm.engine.language.csharp.CSharpSymbol;
-import com.ibm.engine.language.csharp.tree.CSharpBlockTree;
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.rule.IDetectionRule;
-import com.ibm.mapper.model.INode;
-import com.ibm.mapper.reorganizer.IReorganizerRule;
-import com.ibm.plugin.CSharpAggregator;
-import com.ibm.plugin.translation.CSharpTranslationProcess;
-import com.ibm.plugin.translation.reorganizer.CSharpReorganizerRules;
-import com.ibm.rules.IReportableDetectionRule;
-import com.ibm.rules.issue.Issue;
-import java.util.Collections;
-import java.util.List;
-import javax.annotation.Nonnull;
-
-/**
- * Abstract base class for C# cryptographic detection rules.
- *
- * Mirrors {@code GoBaseDetectionRule}: holds a set of {@link IDetectionRule}s, runs them for
- * every method body via {@link CSharpCheck#scan}, and translates findings to {@link INode} objects.
- */
-public abstract class CSharpBaseDetectionRule
- implements CSharpCheck,
- IObserver>,
- IReportableDetectionRule {
-
- private final boolean isInventory;
- @Nonnull protected final CSharpTranslationProcess csharpTranslationProcess;
- @Nonnull protected final List> detectionRules;
-
- protected CSharpBaseDetectionRule() {
- this.isInventory = false;
- this.detectionRules = CSharpDetectionRules.rules();
- this.csharpTranslationProcess =
- new CSharpTranslationProcess(CSharpReorganizerRules.rules());
- }
-
- protected CSharpBaseDetectionRule(
- final boolean isInventory,
- @Nonnull List> detectionRules,
- @Nonnull List reorganizerRules) {
- this.isInventory = isInventory;
- this.detectionRules = detectionRules;
- this.csharpTranslationProcess = new CSharpTranslationProcess(reorganizerRules);
- }
-
- @Override
- public void scan(@Nonnull CSharpScanContext scanContext, @Nonnull CSharpBlockTree blockTree) {
- detectionRules.forEach(
- rule -> {
- DetectionExecutive
- detectionExecutive =
- CSharpAggregator.getLanguageSupport()
- .createDetectionExecutive(blockTree, rule, scanContext);
- detectionExecutive.subscribe(this);
- detectionExecutive.start();
- });
- }
-
- @Override
- public void update(
- @Nonnull Finding finding) {
- List nodes = csharpTranslationProcess.initiate(finding.detectionStore());
- if (isInventory) {
- CSharpAggregator.addNodes(nodes);
- }
- this.report(finding.getMarkerTree(), nodes)
- .forEach(
- issue ->
- finding.detectionStore()
- .getScanContext()
- .reportIssue(this, issue.tree(), issue.message()));
- }
-
- @Override
- @Nonnull
- public List> report(
- @Nonnull CSharpTree markerTree, @Nonnull List translatedNodes) {
- return Collections.emptyList();
- }
-}
diff --git a/csharp/src/main/java/com/ibm/plugin/rules/detection/CSharpDetectionRules.java b/csharp/src/main/java/com/ibm/plugin/rules/detection/CSharpDetectionRules.java
deleted file mode 100755
index 92576f65a..000000000
--- a/csharp/src/main/java/com/ibm/plugin/rules/detection/CSharpDetectionRules.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules.detection;
-
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.rule.IDetectionRule;
-import com.ibm.plugin.rules.detection.dotnet.DotNetAES;
-import com.ibm.plugin.rules.detection.dotnet.DotNetDES;
-import com.ibm.plugin.rules.detection.dotnet.DotNetDSA;
-import com.ibm.plugin.rules.detection.dotnet.DotNetECDiffieHellman;
-import com.ibm.plugin.rules.detection.dotnet.DotNetECDsa;
-import com.ibm.plugin.rules.detection.dotnet.DotNetHMAC;
-import com.ibm.plugin.rules.detection.dotnet.DotNetRC2;
-import com.ibm.plugin.rules.detection.dotnet.DotNetRSA;
-import com.ibm.plugin.rules.detection.dotnet.DotNetRfc2898DeriveBytes;
-import com.ibm.plugin.rules.detection.dotnet.DotNetSHA;
-import com.ibm.plugin.rules.detection.dotnet.DotNetTripleDES;
-import java.util.List;
-import java.util.stream.Stream;
-import javax.annotation.Nonnull;
-
-/** Aggregates all C# detection rule lists. */
-public final class CSharpDetectionRules {
-
- private CSharpDetectionRules() {
- // nothing
- }
-
- @Nonnull
- public static List> rules() {
- return Stream.of(
- DotNetAES.rules().stream(),
- DotNetDES.rules().stream(),
- DotNetTripleDES.rules().stream(),
- DotNetRC2.rules().stream(),
- DotNetRSA.rules().stream(),
- DotNetECDsa.rules().stream(),
- DotNetECDiffieHellman.rules().stream(),
- DotNetDSA.rules().stream(),
- DotNetSHA.rules().stream(),
- DotNetHMAC.rules().stream(),
- DotNetRfc2898DeriveBytes.rules().stream())
- .flatMap(i -> i)
- .toList();
- }
-}
diff --git a/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetAES.java b/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetAES.java
deleted file mode 100755
index f750ea4e0..000000000
--- a/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetAES.java
+++ /dev/null
@@ -1,159 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules.detection.dotnet;
-
-import com.ibm.engine.detection.MethodMatcher;
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.Size;
-import com.ibm.engine.model.context.CipherContext;
-import com.ibm.engine.model.factory.KeySizeFactory;
-import com.ibm.engine.model.factory.ModeFactory;
-import com.ibm.engine.model.factory.PaddingFactory;
-import com.ibm.engine.model.factory.ValueActionFactory;
-import com.ibm.engine.rule.IDetectionRule;
-import com.ibm.engine.rule.builder.DetectionRuleBuilder;
-import java.util.List;
-import javax.annotation.Nonnull;
-
-/**
- * Detection rules for AES usage in System.Security.Cryptography.
- *
- * Detects:
- *
- *
- * - {@code Aes.Create()} — factory method on abstract base class
- *
- {@code new AesManaged()} — legacy concrete class (deprecated in .NET 6+)
- *
- {@code new AesGcm(key)} — authenticated encryption with GCM mode
- *
- {@code new AesCcm(key)} — authenticated encryption with CCM mode
- *
- */
-@SuppressWarnings("java:S1192")
-public final class DotNetAES {
-
- private DotNetAES() {
- // nothing
- }
-
- // aes.Mode = CipherMode.CBC → synthetic set_Mode(CipherMode.CBC)
- private static final IDetectionRule AES_SET_MODE =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes(MethodMatcher.ANY)
- .forMethods("set_Mode")
- .withMethodParameter(MethodMatcher.ANY)
- .shouldBeDetectedAs(new ModeFactory<>())
- .buildForContext(new CipherContext())
- .inBundle(() -> "DotNet")
- .withoutDependingDetectionRules();
-
- // aes.KeySize = 256 → synthetic set_KeySize(256)
- private static final IDetectionRule AES_SET_KEY_SIZE =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes(MethodMatcher.ANY)
- .forMethods("set_KeySize")
- .withMethodParameter(MethodMatcher.ANY)
- .shouldBeDetectedAs(new KeySizeFactory<>(Size.UnitType.BIT))
- .buildForContext(new CipherContext())
- .inBundle(() -> "DotNet")
- .withoutDependingDetectionRules();
-
- // aes.Padding = PaddingMode.PKCS7 → synthetic set_Padding(PaddingMode.PKCS7)
- private static final IDetectionRule AES_SET_PADDING =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes(MethodMatcher.ANY)
- .forMethods("set_Padding")
- .withMethodParameter(MethodMatcher.ANY)
- .shouldBeDetectedAs(new PaddingFactory<>())
- .buildForContext(new CipherContext())
- .inBundle(() -> "DotNet")
- .withoutDependingDetectionRules();
-
- private static final List> PROPERTY_SETTER_RULES =
- List.of(AES_SET_MODE, AES_SET_KEY_SIZE, AES_SET_PADDING);
-
- // Aes.Create() — abstract factory
- private static final IDetectionRule AES_CREATE =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("Aes")
- .forMethods("Create")
- .shouldBeDetectedAs(new ValueActionFactory<>("AES"))
- .withoutParameters()
- .buildForContext(new CipherContext())
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(PROPERTY_SETTER_RULES);
-
- // new AesManaged() — legacy concrete class
- private static final IDetectionRule AES_MANAGED =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("AesManaged")
- .forMethods("")
- .shouldBeDetectedAs(new ValueActionFactory<>("AES"))
- .withoutParameters()
- .buildForContext(new CipherContext())
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(PROPERTY_SETTER_RULES);
-
- // new AesCng() — CNG-backed implementation
- private static final IDetectionRule AES_CNG =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("AesCng")
- .forMethods("")
- .shouldBeDetectedAs(new ValueActionFactory<>("AES"))
- .withoutParameters()
- .buildForContext(new CipherContext())
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(PROPERTY_SETTER_RULES);
-
- // new AesGcm(key) — GCM authenticated encryption
- // TODO: capture key parameter (byte[] key) to extract key length as a known gap
- private static final IDetectionRule AES_GCM =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("AesGcm")
- .forMethods("")
- .shouldBeDetectedAs(new ValueActionFactory<>("AES"))
- .withAnyParameters()
- .buildForContext(new CipherContext())
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- // new AesCcm(key) — CCM authenticated encryption
- // TODO: capture key parameter (byte[] key) to extract key length as a known gap
- private static final IDetectionRule AES_CCM =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("AesCcm")
- .forMethods("")
- .shouldBeDetectedAs(new ValueActionFactory<>("AES"))
- .withAnyParameters()
- .buildForContext(new CipherContext())
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- @Nonnull
- public static List> rules() {
- return List.of(AES_CREATE, AES_MANAGED, AES_CNG, AES_GCM, AES_CCM);
- }
-}
diff --git a/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetDES.java b/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetDES.java
deleted file mode 100755
index f4384f7f7..000000000
--- a/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetDES.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules.detection.dotnet;
-
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.context.CipherContext;
-import com.ibm.engine.model.factory.ValueActionFactory;
-import com.ibm.engine.rule.IDetectionRule;
-import com.ibm.engine.rule.builder.DetectionRuleBuilder;
-import java.util.List;
-import javax.annotation.Nonnull;
-
-/**
- * Detection rules for DES usage in System.Security.Cryptography.
- *
- * Detects:
- *
- *
- * - {@code DES.Create()} — abstract factory (deprecated in .NET 5+)
- *
- {@code new DESCryptoServiceProvider()} — CAPI-backed (deprecated)
- *
- */
-@SuppressWarnings("java:S1192")
-public final class DotNetDES {
-
- private DotNetDES() {
- // nothing
- }
-
- private static final IDetectionRule DES_CREATE =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("DES")
- .forMethods("Create")
- .shouldBeDetectedAs(new ValueActionFactory<>("DES"))
- .withoutParameters()
- .buildForContext(new CipherContext())
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- private static final IDetectionRule DES_CSP =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("DESCryptoServiceProvider")
- .forMethods("")
- .shouldBeDetectedAs(new ValueActionFactory<>("DES"))
- .withoutParameters()
- .buildForContext(new CipherContext())
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- @Nonnull
- public static List> rules() {
- return List.of(DES_CREATE, DES_CSP);
- }
-}
diff --git a/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetDSA.java b/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetDSA.java
deleted file mode 100755
index 30fdd70fc..000000000
--- a/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetDSA.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules.detection.dotnet;
-
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.context.KeyContext;
-import com.ibm.engine.model.factory.ValueActionFactory;
-import com.ibm.engine.rule.IDetectionRule;
-import com.ibm.engine.rule.builder.DetectionRuleBuilder;
-import java.util.List;
-import java.util.Map;
-import javax.annotation.Nonnull;
-
-/**
- * Detection rules for DSA usage in System.Security.Cryptography.
- *
- * Detects:
- *
- *
- * - {@code DSA.Create()} — abstract factory
- *
- {@code new DSACryptoServiceProvider()} — CAPI-backed implementation
- *
- */
-@SuppressWarnings("java:S1192")
-public final class DotNetDSA {
-
- private DotNetDSA() {
- // nothing
- }
-
- private static final IDetectionRule DSA_CREATE =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("DSA")
- .forMethods("Create")
- .shouldBeDetectedAs(new ValueActionFactory<>("DSA"))
- .withoutParameters()
- .buildForContext(new KeyContext(Map.of("kind", "DSA")))
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- private static final IDetectionRule DSA_CSP =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("DSACryptoServiceProvider")
- .forMethods("")
- .shouldBeDetectedAs(new ValueActionFactory<>("DSA"))
- .withoutParameters()
- .buildForContext(new KeyContext(Map.of("kind", "DSA")))
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- @Nonnull
- public static List> rules() {
- return List.of(DSA_CREATE, DSA_CSP);
- }
-}
diff --git a/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetECDiffieHellman.java b/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetECDiffieHellman.java
deleted file mode 100755
index 79ea96196..000000000
--- a/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetECDiffieHellman.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules.detection.dotnet;
-
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.context.KeyContext;
-import com.ibm.engine.model.factory.ValueActionFactory;
-import com.ibm.engine.rule.IDetectionRule;
-import com.ibm.engine.rule.builder.DetectionRuleBuilder;
-import java.util.List;
-import java.util.Map;
-import javax.annotation.Nonnull;
-
-/**
- * Detection rules for ECDH usage in System.Security.Cryptography.
- *
- * Detects:
- *
- *
- * - {@code ECDiffieHellman.Create()} — abstract factory
- *
- {@code ECDiffieHellman.Create(curve)} — factory with ECCurve
- *
- {@code new ECDiffieHellmanCng()} — CNG-backed implementation
- *
- */
-@SuppressWarnings("java:S1192")
-public final class DotNetECDiffieHellman {
-
- private DotNetECDiffieHellman() {
- // nothing
- }
-
- private static final IDetectionRule ECDH_CREATE =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("ECDiffieHellman")
- .forMethods("Create")
- .shouldBeDetectedAs(new ValueActionFactory<>("ECDH"))
- .withAnyParameters()
- .buildForContext(new KeyContext(Map.of("kind", "ECDH")))
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- private static final IDetectionRule ECDH_CNG =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("ECDiffieHellmanCng")
- .forMethods("")
- .shouldBeDetectedAs(new ValueActionFactory<>("ECDH"))
- .withoutParameters()
- .buildForContext(new KeyContext(Map.of("kind", "ECDH")))
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- @Nonnull
- public static List> rules() {
- return List.of(ECDH_CREATE, ECDH_CNG);
- }
-}
diff --git a/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetECDsa.java b/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetECDsa.java
deleted file mode 100755
index 5c9fb5f54..000000000
--- a/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetECDsa.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules.detection.dotnet;
-
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.context.KeyContext;
-import com.ibm.engine.model.factory.ValueActionFactory;
-import com.ibm.engine.rule.IDetectionRule;
-import com.ibm.engine.rule.builder.DetectionRuleBuilder;
-import java.util.List;
-import java.util.Map;
-import javax.annotation.Nonnull;
-
-/**
- * Detection rules for ECDSA usage in System.Security.Cryptography.
- *
- * Detects:
- *
- *
- * - {@code ECDsa.Create()} — factory without curve
- *
- {@code ECDsa.Create(curve)} — factory with ECCurve parameter
- *
- {@code new ECDsaCng()} — CNG-backed implementation
- *
- */
-@SuppressWarnings("java:S1192")
-public final class DotNetECDsa {
-
- private DotNetECDsa() {
- // nothing
- }
-
- private static final IDetectionRule ECDSA_CREATE =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("ECDsa")
- .forMethods("Create")
- .shouldBeDetectedAs(new ValueActionFactory<>("ECDSA"))
- .withAnyParameters()
- .buildForContext(new KeyContext(Map.of("kind", "ECDSA")))
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- private static final IDetectionRule ECDSA_CNG =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("ECDsaCng")
- .forMethods("")
- .shouldBeDetectedAs(new ValueActionFactory<>("ECDSA"))
- .withoutParameters()
- .buildForContext(new KeyContext(Map.of("kind", "ECDSA")))
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- @Nonnull
- public static List> rules() {
- return List.of(ECDSA_CREATE, ECDSA_CNG);
- }
-}
diff --git a/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetHMAC.java b/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetHMAC.java
deleted file mode 100755
index 073cfdf08..000000000
--- a/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetHMAC.java
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules.detection.dotnet;
-
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.context.MacContext;
-import com.ibm.engine.model.factory.ValueActionFactory;
-import com.ibm.engine.rule.IDetectionRule;
-import com.ibm.engine.rule.builder.DetectionRuleBuilder;
-import java.util.List;
-import javax.annotation.Nonnull;
-
-/**
- * Detection rules for HMAC algorithms in System.Security.Cryptography.
- *
- * Detects constructor calls for all concrete HMAC implementations. The detected value encodes
- * the full class name (e.g., {@code "HMACSHA256"}) so the translator can resolve the inner hash.
- */
-@SuppressWarnings("java:S1192")
-public final class DotNetHMAC {
-
- private DotNetHMAC() {
- // nothing
- }
-
- private static IDetectionRule hmacRule(String className) {
- return new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes(className)
- .forMethods("")
- .shouldBeDetectedAs(new ValueActionFactory<>(className.toUpperCase()))
- .withAnyParameters()
- .buildForContext(new MacContext())
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
- }
-
- @Nonnull
- public static List> rules() {
- return List.of(
- hmacRule("HMACSHA1"),
- hmacRule("HMACSHA256"),
- hmacRule("HMACSHA384"),
- hmacRule("HMACSHA512"),
- hmacRule("HMACMD5"));
- }
-}
diff --git a/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetRC2.java b/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetRC2.java
deleted file mode 100755
index 5c73f7ada..000000000
--- a/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetRC2.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules.detection.dotnet;
-
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.context.CipherContext;
-import com.ibm.engine.model.factory.ValueActionFactory;
-import com.ibm.engine.rule.IDetectionRule;
-import com.ibm.engine.rule.builder.DetectionRuleBuilder;
-import java.util.List;
-import javax.annotation.Nonnull;
-
-/**
- * Detection rules for RC2 usage in System.Security.Cryptography.
- *
- * Detects:
- *
- *
- * - {@code RC2.Create()} — abstract factory (weak cipher)
- *
- {@code new RC2CryptoServiceProvider()} — CAPI-backed (weak cipher)
- *
- */
-@SuppressWarnings("java:S1192")
-public final class DotNetRC2 {
-
- private DotNetRC2() {
- // nothing
- }
-
- private static final IDetectionRule RC2_CREATE =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("RC2")
- .forMethods("Create")
- .shouldBeDetectedAs(new ValueActionFactory<>("RC2"))
- .withoutParameters()
- .buildForContext(new CipherContext())
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- private static final IDetectionRule RC2_CSP =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("RC2CryptoServiceProvider")
- .forMethods("")
- .shouldBeDetectedAs(new ValueActionFactory<>("RC2"))
- .withoutParameters()
- .buildForContext(new CipherContext())
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- @Nonnull
- public static List> rules() {
- return List.of(RC2_CREATE, RC2_CSP);
- }
-}
diff --git a/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetRSA.java b/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetRSA.java
deleted file mode 100755
index 43cb3f561..000000000
--- a/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetRSA.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules.detection.dotnet;
-
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.context.KeyContext;
-import com.ibm.engine.model.factory.ValueActionFactory;
-import com.ibm.engine.rule.IDetectionRule;
-import com.ibm.engine.rule.builder.DetectionRuleBuilder;
-import java.util.List;
-import java.util.Map;
-import javax.annotation.Nonnull;
-
-/**
- * Detection rules for RSA usage in System.Security.Cryptography.
- *
- * Detects:
- *
- *
- * - {@code RSA.Create()} — abstract factory, no key size
- *
- {@code RSA.Create(2048)} — factory with key size
- *
- {@code new RSACryptoServiceProvider()} — CAPI-backed, no key size
- *
- {@code new RSACryptoServiceProvider(2048)} — CAPI-backed with key size
- *
- */
-@SuppressWarnings("java:S1192")
-public final class DotNetRSA {
-
- private DotNetRSA() {
- // nothing
- }
-
- private static final IDetectionRule RSA_CREATE =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("RSA")
- .forMethods("Create")
- .shouldBeDetectedAs(new ValueActionFactory<>("RSA"))
- .withAnyParameters()
- .buildForContext(new KeyContext(Map.of("kind", "RSA")))
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- private static final IDetectionRule RSA_CRYPTO_SERVICE_PROVIDER =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("RSACryptoServiceProvider")
- .forMethods("")
- .shouldBeDetectedAs(new ValueActionFactory<>("RSA"))
- .withAnyParameters()
- .buildForContext(new KeyContext(Map.of("kind", "RSA")))
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- @Nonnull
- public static List> rules() {
- return List.of(RSA_CREATE, RSA_CRYPTO_SERVICE_PROVIDER);
- }
-}
diff --git a/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetRfc2898DeriveBytes.java b/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetRfc2898DeriveBytes.java
deleted file mode 100755
index 0bb0822ed..000000000
--- a/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetRfc2898DeriveBytes.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules.detection.dotnet;
-
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.context.KeyContext;
-import com.ibm.engine.model.factory.ValueActionFactory;
-import com.ibm.engine.rule.IDetectionRule;
-import com.ibm.engine.rule.builder.DetectionRuleBuilder;
-import java.util.List;
-import java.util.Map;
-import javax.annotation.Nonnull;
-
-/**
- * Detection rules for PBKDF2 via {@code Rfc2898DeriveBytes} in System.Security.Cryptography.
- *
- * Detects:
- *
- *
- * - {@code new Rfc2898DeriveBytes(password, salt, iterations)} — SHA-1 default
- *
- {@code new Rfc2898DeriveBytes(password, salt, iterations, hashAlgorithm)} — explicit hash
- *
- */
-@SuppressWarnings("java:S1192")
-public final class DotNetRfc2898DeriveBytes {
-
- private DotNetRfc2898DeriveBytes() {
- // nothing
- }
-
- private static final IDetectionRule RFC2898 =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("Rfc2898DeriveBytes")
- .forMethods("")
- .shouldBeDetectedAs(new ValueActionFactory<>("PBKDF2"))
- .withAnyParameters()
- .buildForContext(new KeyContext(Map.of("kind", "KDF")))
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- @Nonnull
- public static List> rules() {
- return List.of(RFC2898);
- }
-}
diff --git a/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetSHA.java b/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetSHA.java
deleted file mode 100755
index 5911f9c64..000000000
--- a/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetSHA.java
+++ /dev/null
@@ -1,172 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules.detection.dotnet;
-
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.context.DigestContext;
-import com.ibm.engine.model.factory.ValueActionFactory;
-import com.ibm.engine.rule.IDetectionRule;
-import com.ibm.engine.rule.builder.DetectionRuleBuilder;
-import java.util.List;
-import javax.annotation.Nonnull;
-
-/**
- * Detection rules for SHA hash algorithms in System.Security.Cryptography.
- *
- * Detects factory methods and concrete class constructors for SHA-1, SHA-256, SHA-384, and
- * SHA-512 (and their {@code Managed} concrete variants).
- */
-@SuppressWarnings("java:S1192")
-public final class DotNetSHA {
-
- private DotNetSHA() {
- // nothing
- }
-
- // SHA1
- private static final IDetectionRule SHA1_CREATE =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("SHA1")
- .forMethods("Create")
- .shouldBeDetectedAs(new ValueActionFactory<>("SHA1"))
- .withoutParameters()
- .buildForContext(new DigestContext())
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- private static final IDetectionRule SHA1_MANAGED =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("SHA1Managed")
- .forMethods("")
- .shouldBeDetectedAs(new ValueActionFactory<>("SHA1"))
- .withoutParameters()
- .buildForContext(new DigestContext())
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- // SHA256
- private static final IDetectionRule SHA256_CREATE =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("SHA256")
- .forMethods("Create")
- .shouldBeDetectedAs(new ValueActionFactory<>("SHA256"))
- .withoutParameters()
- .buildForContext(new DigestContext())
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- private static final IDetectionRule SHA256_MANAGED =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("SHA256Managed")
- .forMethods("")
- .shouldBeDetectedAs(new ValueActionFactory<>("SHA256"))
- .withoutParameters()
- .buildForContext(new DigestContext())
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- // SHA384
- private static final IDetectionRule SHA384_CREATE =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("SHA384")
- .forMethods("Create")
- .shouldBeDetectedAs(new ValueActionFactory<>("SHA384"))
- .withoutParameters()
- .buildForContext(new DigestContext())
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- private static final IDetectionRule SHA384_MANAGED =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("SHA384Managed")
- .forMethods("")
- .shouldBeDetectedAs(new ValueActionFactory<>("SHA384"))
- .withoutParameters()
- .buildForContext(new DigestContext())
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- // SHA512
- private static final IDetectionRule SHA512_CREATE =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("SHA512")
- .forMethods("Create")
- .shouldBeDetectedAs(new ValueActionFactory<>("SHA512"))
- .withoutParameters()
- .buildForContext(new DigestContext())
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- private static final IDetectionRule SHA512_MANAGED =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("SHA512Managed")
- .forMethods("")
- .shouldBeDetectedAs(new ValueActionFactory<>("SHA512"))
- .withoutParameters()
- .buildForContext(new DigestContext())
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- // MD5
- private static final IDetectionRule MD5_CREATE =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("MD5")
- .forMethods("Create")
- .shouldBeDetectedAs(new ValueActionFactory<>("MD5"))
- .withoutParameters()
- .buildForContext(new DigestContext())
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- private static final IDetectionRule MD5_CSP =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("MD5CryptoServiceProvider")
- .forMethods("")
- .shouldBeDetectedAs(new ValueActionFactory<>("MD5"))
- .withoutParameters()
- .buildForContext(new DigestContext())
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- @Nonnull
- public static List> rules() {
- return List.of(
- SHA1_CREATE,
- SHA1_MANAGED,
- SHA256_CREATE,
- SHA256_MANAGED,
- SHA384_CREATE,
- SHA384_MANAGED,
- SHA512_CREATE,
- SHA512_MANAGED,
- MD5_CREATE,
- MD5_CSP);
- }
-}
diff --git a/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetTripleDES.java b/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetTripleDES.java
deleted file mode 100755
index 2f1892e4d..000000000
--- a/csharp/src/main/java/com/ibm/plugin/rules/detection/dotnet/DotNetTripleDES.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules.detection.dotnet;
-
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.context.CipherContext;
-import com.ibm.engine.model.factory.ValueActionFactory;
-import com.ibm.engine.rule.IDetectionRule;
-import com.ibm.engine.rule.builder.DetectionRuleBuilder;
-import java.util.List;
-import javax.annotation.Nonnull;
-
-/**
- * Detection rules for Triple DES usage in System.Security.Cryptography.
- *
- * Detects:
- *
- *
- * - {@code TripleDES.Create()} — abstract factory
- *
- {@code new TripleDESCryptoServiceProvider()} — CAPI-backed (deprecated)
- *
- */
-@SuppressWarnings("java:S1192")
-public final class DotNetTripleDES {
-
- private DotNetTripleDES() {
- // nothing
- }
-
- private static final IDetectionRule TRIPLE_DES_CREATE =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("TripleDES")
- .forMethods("Create")
- .shouldBeDetectedAs(new ValueActionFactory<>("TRIPLEDES"))
- .withoutParameters()
- .buildForContext(new CipherContext())
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- private static final IDetectionRule TRIPLE_DES_CSP =
- new DetectionRuleBuilder()
- .createDetectionRule()
- .forObjectTypes("TripleDESCryptoServiceProvider")
- .forMethods("")
- .shouldBeDetectedAs(new ValueActionFactory<>("TRIPLEDES"))
- .withoutParameters()
- .buildForContext(new CipherContext())
- .inBundle(() -> "DotNet")
- .withDependingDetectionRules(List.of());
-
- @Nonnull
- public static List> rules() {
- return List.of(TRIPLE_DES_CREATE, TRIPLE_DES_CSP);
- }
-}
diff --git a/csharp/src/main/java/com/ibm/plugin/translation/CSharpTranslationProcess.java b/csharp/src/main/java/com/ibm/plugin/translation/CSharpTranslationProcess.java
deleted file mode 100755
index 05b093c8d..000000000
--- a/csharp/src/main/java/com/ibm/plugin/translation/CSharpTranslationProcess.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.translation;
-
-import com.ibm.engine.detection.DetectionStore;
-import com.ibm.engine.language.csharp.CSharpCheck;
-import com.ibm.engine.language.csharp.CSharpScanContext;
-import com.ibm.engine.language.csharp.CSharpSymbol;
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.enricher.Enricher;
-import com.ibm.mapper.ITranslationProcess;
-import com.ibm.mapper.model.INode;
-import com.ibm.mapper.reorganizer.IReorganizerRule;
-import com.ibm.mapper.reorganizer.Reorganizer;
-import com.ibm.mapper.utils.Utils;
-import com.ibm.plugin.translation.translator.CSharpTranslator;
-import java.util.Collections;
-import java.util.List;
-import javax.annotation.Nonnull;
-
-/** Three-stage translation pipeline for C#: translate → reorganize → enrich. */
-public final class CSharpTranslationProcess
- extends ITranslationProcess {
-
- public CSharpTranslationProcess(@Nonnull List reorganizerRules) {
- super(reorganizerRules);
- }
-
- @Nonnull
- @Override
- public List initiate(
- @Nonnull
- DetectionStore
- rootDetectionStore) {
- // 1. Translate
- final CSharpTranslator csharpTranslator = new CSharpTranslator();
- final List translatedValues = csharpTranslator.translate(rootDetectionStore);
- Utils.printNodeTree(" translated ", translatedValues);
-
- // 2. Reorganize
- final Reorganizer reorganizer = new Reorganizer(reorganizerRules);
- final List reorganizedValues = reorganizer.reorganize(translatedValues);
- Utils.printNodeTree("reorganised ", reorganizedValues);
-
- // 3. Enrich
- final List enrichedValues = Enricher.enrich(reorganizedValues).stream().toList();
- Utils.printNodeTree(" enriched ", enrichedValues);
-
- return Collections.unmodifiableCollection(enrichedValues).stream().toList();
- }
-}
diff --git a/csharp/src/main/java/com/ibm/plugin/translation/reorganizer/CSharpReorganizerRules.java b/csharp/src/main/java/com/ibm/plugin/translation/reorganizer/CSharpReorganizerRules.java
deleted file mode 100755
index 0b75dd550..000000000
--- a/csharp/src/main/java/com/ibm/plugin/translation/reorganizer/CSharpReorganizerRules.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.translation.reorganizer;
-
-import com.ibm.mapper.model.BlockCipher;
-import com.ibm.mapper.model.MessageDigest;
-import com.ibm.mapper.reorganizer.IReorganizerRule;
-import com.ibm.mapper.reorganizer.rules.CipherSuiteReorganizer;
-import com.ibm.mapper.reorganizer.rules.KeyDerivationReorganizer;
-import com.ibm.mapper.reorganizer.rules.PaddingReorganizer;
-import com.ibm.mapper.reorganizer.rules.SignatureReorganizer;
-import java.util.List;
-import java.util.stream.Stream;
-import javax.annotation.Nonnull;
-
-/** Reorganizer rules for the C# translation pipeline. Delegates to existing shared rules. */
-public final class CSharpReorganizerRules {
-
- private CSharpReorganizerRules() {
- // nothing
- }
-
- @Nonnull
- public static List rules() {
- return Stream.of(
- SignatureReorganizer.MERGE_SIGNATURE_PARENT_AND_CHILD,
- KeyDerivationReorganizer.moveModeFromParentToNode(BlockCipher.class),
- KeyDerivationReorganizer.moveModeFromParentToNode(MessageDigest.class),
- CipherSuiteReorganizer.REPLACE_TLS_WITH_VERSIONED_CHILD,
- PaddingReorganizer.MOVE_OAEP_UNDER_ALGORITHM)
- .toList();
- }
-}
diff --git a/csharp/src/main/java/com/ibm/plugin/translation/translator/CSharpTranslator.java b/csharp/src/main/java/com/ibm/plugin/translation/translator/CSharpTranslator.java
deleted file mode 100755
index 793796b3f..000000000
--- a/csharp/src/main/java/com/ibm/plugin/translation/translator/CSharpTranslator.java
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.translation.translator;
-
-import com.ibm.engine.language.csharp.CSharpCheck;
-import com.ibm.engine.language.csharp.CSharpScanContext;
-import com.ibm.engine.language.csharp.CSharpSymbol;
-import com.ibm.engine.language.csharp.tree.CSharpMethodInvocationTree;
-import com.ibm.engine.language.csharp.tree.CSharpObjectCreationTree;
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.IValue;
-import com.ibm.engine.model.context.CipherContext;
-import com.ibm.engine.model.context.DigestContext;
-import com.ibm.engine.model.context.IDetectionContext;
-import com.ibm.engine.model.context.KeyContext;
-import com.ibm.engine.model.context.MacContext;
-import com.ibm.engine.model.context.PRNGContext;
-import com.ibm.engine.model.context.ProtocolContext;
-import com.ibm.engine.model.context.SignatureContext;
-import com.ibm.engine.rule.IBundle;
-import com.ibm.mapper.ITranslator;
-import com.ibm.mapper.model.INode;
-import com.ibm.mapper.utils.DetectionLocation;
-import com.ibm.plugin.translation.translator.contexts.CSharpCipherContextTranslator;
-import com.ibm.plugin.translation.translator.contexts.CSharpDigestContextTranslator;
-import com.ibm.plugin.translation.translator.contexts.CSharpKeyContextTranslator;
-import com.ibm.plugin.translation.translator.contexts.CSharpMacContextTranslator;
-import java.util.List;
-import java.util.Optional;
-import javax.annotation.Nonnull;
-import javax.annotation.Nullable;
-
-/** Translator for C# cryptographic detections. Dispatches to context-specific translators. */
-public class CSharpTranslator
- extends ITranslator {
-
- public CSharpTranslator() {
- // nothing
- }
-
- @Nonnull
- @Override
- public Optional translate(
- @Nonnull final IBundle bundleIdentifier,
- @Nonnull final IValue value,
- @Nonnull final IDetectionContext detectionValueContext,
- @Nonnull final String filePath) {
- DetectionLocation detectionLocation =
- getDetectionContextFrom(value.getLocation(), bundleIdentifier, filePath);
- if (detectionLocation == null) {
- return Optional.empty();
- }
-
- if (detectionValueContext.is(CipherContext.class)) {
- return new CSharpCipherContextTranslator()
- .translate(bundleIdentifier, value, detectionValueContext, detectionLocation);
- }
-
- if (detectionValueContext.is(DigestContext.class)) {
- return new CSharpDigestContextTranslator()
- .translate(bundleIdentifier, value, detectionValueContext, detectionLocation);
- }
-
- if (detectionValueContext.is(MacContext.class)) {
- return new CSharpMacContextTranslator()
- .translate(bundleIdentifier, value, detectionValueContext, detectionLocation);
- }
-
- if (detectionValueContext.is(KeyContext.class)) {
- return new CSharpKeyContextTranslator()
- .translate(bundleIdentifier, value, detectionValueContext, detectionLocation);
- }
-
- if (detectionValueContext.is(PRNGContext.class)
- || detectionValueContext.is(SignatureContext.class)
- || detectionValueContext.is(ProtocolContext.class)) {
- return Optional.empty();
- }
-
- return Optional.empty();
- }
-
- @Override
- @Nullable protected DetectionLocation getDetectionContextFrom(
- @Nonnull CSharpTree location, @Nonnull IBundle bundle, @Nonnull String filePath) {
- int lineNumber = location.getLine();
- int offset = location.getColumn();
-
- List keywords = List.of();
- if (location instanceof CSharpMethodInvocationTree invocation) {
- keywords = List.of(invocation.getMethodName());
- } else if (location instanceof CSharpObjectCreationTree creation) {
- keywords = List.of(creation.getTypeName());
- }
-
- return new DetectionLocation(filePath, lineNumber, offset, keywords, bundle);
- }
-}
diff --git a/csharp/src/main/java/com/ibm/plugin/translation/translator/contexts/CSharpCipherContextTranslator.java b/csharp/src/main/java/com/ibm/plugin/translation/translator/contexts/CSharpCipherContextTranslator.java
deleted file mode 100755
index 4fa746e89..000000000
--- a/csharp/src/main/java/com/ibm/plugin/translation/translator/contexts/CSharpCipherContextTranslator.java
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.translation.translator.contexts;
-
-import com.ibm.engine.model.BlockSize;
-import com.ibm.engine.model.IValue;
-import com.ibm.engine.model.KeySize;
-import com.ibm.engine.model.Mode;
-import com.ibm.engine.model.OperationMode;
-import com.ibm.engine.model.Padding;
-import com.ibm.engine.model.ValueAction;
-import com.ibm.engine.model.context.IDetectionContext;
-import com.ibm.engine.rule.IBundle;
-import com.ibm.mapper.IContextTranslation;
-import com.ibm.mapper.mapper.jca.JcaCipherOperationModeMapper;
-import com.ibm.mapper.mapper.jca.JcaModeMapper;
-import com.ibm.mapper.mapper.jca.JcaPaddingMapper;
-import com.ibm.mapper.model.INode;
-import com.ibm.mapper.model.KeyLength;
-import com.ibm.mapper.model.algorithms.AES;
-import com.ibm.mapper.model.algorithms.DES;
-import com.ibm.mapper.model.algorithms.DESede;
-import com.ibm.mapper.model.algorithms.RC2;
-import com.ibm.mapper.model.algorithms.RSA;
-import com.ibm.mapper.utils.DetectionLocation;
-import java.util.Optional;
-import javax.annotation.Nonnull;
-import org.sonar.api.utils.log.Logger;
-import org.sonar.api.utils.log.Loggers;
-
-/** Translates {@link com.ibm.engine.model.context.CipherContext} detections for .NET APIs. */
-public final class CSharpCipherContextTranslator
- implements IContextTranslation {
-
- private static final Logger LOG = Loggers.get(CSharpCipherContextTranslator.class);
-
- @Override
- public @Nonnull Optional translate(
- @Nonnull IBundle bundleIdentifier,
- @Nonnull IValue value,
- @Nonnull IDetectionContext detectionContext,
- @Nonnull DetectionLocation detectionLocation) {
-
- if (value instanceof ValueAction) {
- String valueStr = value.asString().toUpperCase().trim();
- Optional result =
- switch (valueStr) {
- case "AES" -> Optional.of(new AES(detectionLocation));
- case "DES" -> Optional.of(new DES(detectionLocation));
- case "3DES", "DESEDE", "TRIPLEDES" ->
- Optional.of(new DESede(detectionLocation));
- case "RSA" -> Optional.of(new RSA(detectionLocation));
- case "RC2" -> Optional.of(new RC2(detectionLocation));
- default -> Optional.empty();
- };
- if (result.isPresent()) {
- return result;
- }
- // Try operation mode
- JcaCipherOperationModeMapper modeMapper = new JcaCipherOperationModeMapper();
- return modeMapper.parse(valueStr, detectionLocation).map(mode -> mode);
- } else if (value instanceof BlockSize blockSize) {
- return Optional.of(
- new com.ibm.mapper.model.BlockSize(blockSize.getValue(), detectionLocation));
- } else if (value instanceof KeySize keySize) {
- return Optional.of(new KeyLength(keySize.getValue(), detectionLocation));
- } else if (value instanceof OperationMode operationMode) {
- JcaCipherOperationModeMapper operationModeMapper = new JcaCipherOperationModeMapper();
- return operationModeMapper
- .parse(operationMode.asString(), detectionLocation)
- .map(f -> f);
- } else if (value instanceof Mode mode) {
- // From set_Mode property setter: CipherMode.CBC → "CBC"
- JcaModeMapper modeMapper = new JcaModeMapper();
- return modeMapper.parse(mode.asString(), detectionLocation).map(m -> m);
- } else if (value instanceof Padding padding) {
- // From set_Padding property setter: PaddingMode.PKCS7 → "PKCS7"
- JcaPaddingMapper paddingMapper = new JcaPaddingMapper();
- return paddingMapper.parse(padding.asString(), detectionLocation).map(p -> p);
- }
-
- return Optional.empty();
- }
-}
diff --git a/csharp/src/main/java/com/ibm/plugin/translation/translator/contexts/CSharpDigestContextTranslator.java b/csharp/src/main/java/com/ibm/plugin/translation/translator/contexts/CSharpDigestContextTranslator.java
deleted file mode 100755
index 121acad2b..000000000
--- a/csharp/src/main/java/com/ibm/plugin/translation/translator/contexts/CSharpDigestContextTranslator.java
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.translation.translator.contexts;
-
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.IValue;
-import com.ibm.engine.model.ValueAction;
-import com.ibm.engine.model.context.IDetectionContext;
-import com.ibm.engine.rule.IBundle;
-import com.ibm.mapper.IContextTranslation;
-import com.ibm.mapper.model.INode;
-import com.ibm.mapper.model.algorithms.MD5;
-import com.ibm.mapper.model.algorithms.SHA;
-import com.ibm.mapper.model.algorithms.SHA2;
-import com.ibm.mapper.utils.DetectionLocation;
-import java.util.Optional;
-import javax.annotation.Nonnull;
-
-/** Translates {@link com.ibm.engine.model.context.DigestContext} detections for .NET APIs. */
-public final class CSharpDigestContextTranslator implements IContextTranslation {
-
- @Override
- public @Nonnull Optional translate(
- @Nonnull IBundle bundleIdentifier,
- @Nonnull IValue value,
- @Nonnull IDetectionContext detectionContext,
- @Nonnull DetectionLocation detectionLocation) {
-
- if (value instanceof ValueAction) {
- return switch (value.asString().toUpperCase().trim()) {
- case "SHA1" -> Optional.of(new SHA(detectionLocation));
- case "SHA256" -> Optional.of(new SHA2(256, detectionLocation));
- case "SHA384" -> Optional.of(new SHA2(384, detectionLocation));
- case "SHA512" -> Optional.of(new SHA2(512, detectionLocation));
- case "MD5" -> Optional.of(new MD5(detectionLocation));
- default -> Optional.empty();
- };
- }
-
- return Optional.empty();
- }
-}
diff --git a/csharp/src/main/java/com/ibm/plugin/translation/translator/contexts/CSharpKeyContextTranslator.java b/csharp/src/main/java/com/ibm/plugin/translation/translator/contexts/CSharpKeyContextTranslator.java
deleted file mode 100755
index 6b50ce83c..000000000
--- a/csharp/src/main/java/com/ibm/plugin/translation/translator/contexts/CSharpKeyContextTranslator.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.translation.translator.contexts;
-
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.IValue;
-import com.ibm.engine.model.KeySize;
-import com.ibm.engine.model.ValueAction;
-import com.ibm.engine.model.context.DetectionContext;
-import com.ibm.engine.model.context.IDetectionContext;
-import com.ibm.engine.rule.IBundle;
-import com.ibm.mapper.IContextTranslation;
-import com.ibm.mapper.model.INode;
-import com.ibm.mapper.model.KeyLength;
-import com.ibm.mapper.model.algorithms.DSA;
-import com.ibm.mapper.model.algorithms.ECDH;
-import com.ibm.mapper.model.algorithms.ECDSA;
-import com.ibm.mapper.model.algorithms.PBKDF2;
-import com.ibm.mapper.model.algorithms.RSA;
-import com.ibm.mapper.utils.DetectionLocation;
-import java.util.Optional;
-import javax.annotation.Nonnull;
-
-/** Translates {@link com.ibm.engine.model.context.KeyContext} detections for .NET APIs. */
-public final class CSharpKeyContextTranslator implements IContextTranslation {
-
- @Override
- public @Nonnull Optional translate(
- @Nonnull IBundle bundleIdentifier,
- @Nonnull IValue value,
- @Nonnull IDetectionContext detectionContext,
- @Nonnull DetectionLocation detectionLocation) {
-
- if (value instanceof ValueAction
- && detectionContext instanceof DetectionContext context) {
- String kind = context.get("kind").orElse("");
- return switch (kind) {
- case "RSA" -> Optional.of(new RSA(detectionLocation));
- case "ECDSA" -> Optional.of(new ECDSA(detectionLocation));
- case "ECDH" -> Optional.of(new ECDH(detectionLocation));
- case "DSA" -> Optional.of(new DSA(detectionLocation));
- case "KDF" -> Optional.of(new PBKDF2(detectionLocation));
- default -> Optional.empty();
- };
- } else if (value instanceof KeySize keySize) {
- return Optional.of(new KeyLength(keySize.getValue(), detectionLocation));
- }
-
- return Optional.empty();
- }
-}
diff --git a/csharp/src/main/java/com/ibm/plugin/translation/translator/contexts/CSharpMacContextTranslator.java b/csharp/src/main/java/com/ibm/plugin/translation/translator/contexts/CSharpMacContextTranslator.java
deleted file mode 100755
index c0e0ddd68..000000000
--- a/csharp/src/main/java/com/ibm/plugin/translation/translator/contexts/CSharpMacContextTranslator.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.translation.translator.contexts;
-
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.IValue;
-import com.ibm.engine.model.ValueAction;
-import com.ibm.engine.model.context.IDetectionContext;
-import com.ibm.engine.rule.IBundle;
-import com.ibm.mapper.IContextTranslation;
-import com.ibm.mapper.model.INode;
-import com.ibm.mapper.model.algorithms.HMAC;
-import com.ibm.mapper.model.algorithms.MD5;
-import com.ibm.mapper.model.algorithms.SHA;
-import com.ibm.mapper.model.algorithms.SHA2;
-import com.ibm.mapper.utils.DetectionLocation;
-import java.util.Optional;
-import javax.annotation.Nonnull;
-
-/** Translates {@link com.ibm.engine.model.context.MacContext} detections for .NET APIs. */
-public final class CSharpMacContextTranslator implements IContextTranslation {
-
- @Override
- public @Nonnull Optional translate(
- @Nonnull IBundle bundleIdentifier,
- @Nonnull IValue value,
- @Nonnull IDetectionContext detectionContext,
- @Nonnull DetectionLocation detectionLocation) {
-
- if (value instanceof ValueAction) {
- return switch (value.asString().toUpperCase().trim()) {
- case "HMACSHA1" -> Optional.of(new HMAC(new SHA(detectionLocation)));
- case "HMACSHA256" -> Optional.of(new HMAC(new SHA2(256, detectionLocation)));
- case "HMACSHA384" -> Optional.of(new HMAC(new SHA2(384, detectionLocation)));
- case "HMACSHA512" -> Optional.of(new HMAC(new SHA2(512, detectionLocation)));
- case "HMACMD5" -> Optional.of(new HMAC(new MD5(detectionLocation)));
- default -> Optional.empty();
- };
- }
-
- return Optional.empty();
- }
-}
diff --git a/csharp/src/main/resources/org/sonar/l10n/cs/rules/cs/Inventory.html b/csharp/src/main/resources/org/sonar/l10n/cs/rules/cs/Inventory.html
deleted file mode 100755
index b625f8385..000000000
--- a/csharp/src/main/resources/org/sonar/l10n/cs/rules/cs/Inventory.html
+++ /dev/null
@@ -1,9 +0,0 @@
-Cryptography Usage: Be careful
-
-Cryptography is a critical component of modern digital security, protecting sensitive data and communications
- from unauthorized access. However, implementing cryptographic systems correctly is notoriously challenging,
- even for experienced developers. Therefore, caution is necessary when writing code related to
- cryptography.
-
-It is important that you read the documentation for the cryptographic library you are using and strictly
- adhere to the specified implementation guidelines.
diff --git a/csharp/src/main/resources/org/sonar/l10n/cs/rules/cs/Inventory.json b/csharp/src/main/resources/org/sonar/l10n/cs/rules/cs/Inventory.json
deleted file mode 100755
index 43c59154c..000000000
--- a/csharp/src/main/resources/org/sonar/l10n/cs/rules/cs/Inventory.json
+++ /dev/null
@@ -1,17 +0,0 @@
-{
- "title": "Cryptographic Inventory (CBOM)",
- "type": "CODE_SMELL",
- "status": "ready",
- "remediation": {
- "func": "Constant\/Issue",
- "constantCost": "5min"
- },
- "tags": [
- "cryptography",
- "cbom",
- "cwe"
- ],
- "defaultSeverity": "Minor",
- "scope": "Main",
- "sqKey": "Inventory"
-}
diff --git a/csharp/src/test/files/rules/detection/dotnet/DotNetAESPropertyTestFile.cs b/csharp/src/test/files/rules/detection/dotnet/DotNetAESPropertyTestFile.cs
deleted file mode 100644
index a97e1add3..000000000
--- a/csharp/src/test/files/rules/detection/dotnet/DotNetAESPropertyTestFile.cs
+++ /dev/null
@@ -1,19 +0,0 @@
-using System.Security.Cryptography;
-
-public class DotNetAESPropertyTest
-{
- public void TestAesWithProperties()
- {
- var aes = Aes.Create();
- aes.Mode = CipherMode.CBC;
- aes.KeySize = 256;
- aes.Padding = PaddingMode.PKCS7;
- }
-
- public void TestAesManagedWithMode()
- {
- var aes = new AesManaged();
- aes.Mode = CipherMode.ECB;
- aes.KeySize = 128;
- }
-}
diff --git a/csharp/src/test/files/rules/detection/dotnet/DotNetAESTestFile.cs b/csharp/src/test/files/rules/detection/dotnet/DotNetAESTestFile.cs
deleted file mode 100755
index 6f242273f..000000000
--- a/csharp/src/test/files/rules/detection/dotnet/DotNetAESTestFile.cs
+++ /dev/null
@@ -1,14 +0,0 @@
-using System.Security.Cryptography;
-
-public class DotNetAESTest
-{
- public void TestAesCreate()
- {
- var aes = Aes.Create(); // Noncompliant
- }
-
- public void TestAesManaged()
- {
- var aes = new AesManaged(); // Noncompliant
- }
-}
diff --git a/csharp/src/test/files/rules/detection/dotnet/DotNetDESTestFile.cs b/csharp/src/test/files/rules/detection/dotnet/DotNetDESTestFile.cs
deleted file mode 100755
index 7e53f088e..000000000
--- a/csharp/src/test/files/rules/detection/dotnet/DotNetDESTestFile.cs
+++ /dev/null
@@ -1,4 +0,0 @@
-using System.Security.Cryptography;
-public class DotNetDESTest {
- public void TestDesCreate() { var des = DES.Create(); } // Noncompliant
-}
diff --git a/csharp/src/test/files/rules/detection/dotnet/DotNetDSATestFile.cs b/csharp/src/test/files/rules/detection/dotnet/DotNetDSATestFile.cs
deleted file mode 100755
index 63e24c9bf..000000000
--- a/csharp/src/test/files/rules/detection/dotnet/DotNetDSATestFile.cs
+++ /dev/null
@@ -1,4 +0,0 @@
-using System.Security.Cryptography;
-public class DotNetDSATest {
- public void TestDsaCreate() { var dsa = DSA.Create(); } // Noncompliant
-}
diff --git a/csharp/src/test/files/rules/detection/dotnet/DotNetECDiffieHellmanTestFile.cs b/csharp/src/test/files/rules/detection/dotnet/DotNetECDiffieHellmanTestFile.cs
deleted file mode 100755
index 2c918535e..000000000
--- a/csharp/src/test/files/rules/detection/dotnet/DotNetECDiffieHellmanTestFile.cs
+++ /dev/null
@@ -1,4 +0,0 @@
-using System.Security.Cryptography;
-public class DotNetECDiffieHellmanTest {
- public void TestECDHCreate() { var ecdh = ECDiffieHellman.Create(); } // Noncompliant
-}
diff --git a/csharp/src/test/files/rules/detection/dotnet/DotNetECDsaTestFile.cs b/csharp/src/test/files/rules/detection/dotnet/DotNetECDsaTestFile.cs
deleted file mode 100755
index addadc0c4..000000000
--- a/csharp/src/test/files/rules/detection/dotnet/DotNetECDsaTestFile.cs
+++ /dev/null
@@ -1,4 +0,0 @@
-using System.Security.Cryptography;
-public class DotNetECDsaTest {
- public void TestECDsaCreate() { var ecdsa = ECDsa.Create(); } // Noncompliant
-}
diff --git a/csharp/src/test/files/rules/detection/dotnet/DotNetHMACTestFile.cs b/csharp/src/test/files/rules/detection/dotnet/DotNetHMACTestFile.cs
deleted file mode 100755
index b652359c4..000000000
--- a/csharp/src/test/files/rules/detection/dotnet/DotNetHMACTestFile.cs
+++ /dev/null
@@ -1,8 +0,0 @@
-using System.Security.Cryptography;
-public class DotNetHMACTest {
- public void TestHmacSha1() { var h = new HMACSHA1(); } // Noncompliant
- public void TestHmacSha256() { var h = new HMACSHA256(); } // Noncompliant
- public void TestHmacSha384() { var h = new HMACSHA384(); } // Noncompliant
- public void TestHmacSha512() { var h = new HMACSHA512(); } // Noncompliant
- public void TestHmacMd5() { var h = new HMACMD5(); } // Noncompliant
-}
diff --git a/csharp/src/test/files/rules/detection/dotnet/DotNetRC2TestFile.cs b/csharp/src/test/files/rules/detection/dotnet/DotNetRC2TestFile.cs
deleted file mode 100755
index ac739520d..000000000
--- a/csharp/src/test/files/rules/detection/dotnet/DotNetRC2TestFile.cs
+++ /dev/null
@@ -1,4 +0,0 @@
-using System.Security.Cryptography;
-public class DotNetRC2Test {
- public void TestRc2Create() { var rc2 = RC2.Create(); } // Noncompliant
-}
diff --git a/csharp/src/test/files/rules/detection/dotnet/DotNetRSATestFile.cs b/csharp/src/test/files/rules/detection/dotnet/DotNetRSATestFile.cs
deleted file mode 100755
index 147848228..000000000
--- a/csharp/src/test/files/rules/detection/dotnet/DotNetRSATestFile.cs
+++ /dev/null
@@ -1,4 +0,0 @@
-using System.Security.Cryptography;
-public class DotNetRSATest {
- public void TestRsaCreate() { var rsa = RSA.Create(); } // Noncompliant
-}
diff --git a/csharp/src/test/files/rules/detection/dotnet/DotNetRfc2898DeriveBytesTestFile.cs b/csharp/src/test/files/rules/detection/dotnet/DotNetRfc2898DeriveBytesTestFile.cs
deleted file mode 100755
index eefd47425..000000000
--- a/csharp/src/test/files/rules/detection/dotnet/DotNetRfc2898DeriveBytesTestFile.cs
+++ /dev/null
@@ -1,6 +0,0 @@
-using System.Security.Cryptography;
-public class DotNetRfc2898DeriveBytesTest {
- public void TestPbkdf2() {
- var kdf = new Rfc2898DeriveBytes("password", new byte[16], 10000, HashAlgorithmName.SHA256); // Noncompliant
- }
-}
diff --git a/csharp/src/test/files/rules/detection/dotnet/DotNetSHATestFile.cs b/csharp/src/test/files/rules/detection/dotnet/DotNetSHATestFile.cs
deleted file mode 100755
index 9ab3b53cf..000000000
--- a/csharp/src/test/files/rules/detection/dotnet/DotNetSHATestFile.cs
+++ /dev/null
@@ -1,8 +0,0 @@
-using System.Security.Cryptography;
-public class DotNetSHATest {
- public void TestSha1Create() { var h = SHA1.Create(); } // Noncompliant
- public void TestSha256Create() { var h = SHA256.Create(); } // Noncompliant
- public void TestSha384Create() { var h = SHA384.Create(); } // Noncompliant
- public void TestSha512Create() { var h = SHA512.Create(); } // Noncompliant
- public void TestMd5Create() { var h = MD5.Create(); } // Noncompliant
-}
diff --git a/csharp/src/test/files/rules/detection/dotnet/DotNetTripleDESTestFile.cs b/csharp/src/test/files/rules/detection/dotnet/DotNetTripleDESTestFile.cs
deleted file mode 100755
index 9c85d16ca..000000000
--- a/csharp/src/test/files/rules/detection/dotnet/DotNetTripleDESTestFile.cs
+++ /dev/null
@@ -1,4 +0,0 @@
-using System.Security.Cryptography;
-public class DotNetTripleDESTest {
- public void TestTripleDesCreate() { var des = TripleDES.Create(); } // Noncompliant
-}
diff --git a/csharp/src/test/java/com/ibm/plugin/CSharpParserErrorListenerTest.java b/csharp/src/test/java/com/ibm/plugin/CSharpParserErrorListenerTest.java
deleted file mode 100644
index 9e4f44938..000000000
--- a/csharp/src/test/java/com/ibm/plugin/CSharpParserErrorListenerTest.java
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-import ch.qos.logback.classic.Level;
-import ch.qos.logback.classic.Logger;
-import ch.qos.logback.classic.spi.ILoggingEvent;
-import ch.qos.logback.core.read.ListAppender;
-import com.ibm.engine.language.csharp.antlr.CSharpLexer;
-import com.ibm.engine.language.csharp.antlr.CSharpParser;
-import java.nio.charset.StandardCharsets;
-import org.antlr.v4.runtime.CharStreams;
-import org.antlr.v4.runtime.CommonTokenStream;
-import org.junit.jupiter.api.AfterEach;
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import org.slf4j.LoggerFactory;
-import org.sonar.api.batch.fs.InputFile;
-import org.sonar.api.batch.fs.internal.TestInputFileBuilder;
-
-/**
- * Verifies that {@link CSharpParserErrorListener} emits a WARN log when the ANTLR parser encounters
- * a syntax error in a C# file.
- */
-class CSharpParserErrorListenerTest {
-
- private Logger listenerLogger;
- private ListAppender listAppender;
-
- @BeforeEach
- void setUp() {
- listenerLogger = (Logger) LoggerFactory.getLogger(CSharpParserErrorListener.class);
- listAppender = new ListAppender<>();
- listAppender.start();
- listenerLogger.addAppender(listAppender);
- }
-
- @AfterEach
- void tearDown() {
- listenerLogger.detachAppender(listAppender);
- }
-
- @Test
- void warningIsLoggedForMalformedCSharp() {
- // Incomplete C# — missing closing braces triggers a parse error
- String brokenCode = "class Foo { void Bar() { Aes.Create();";
-
- InputFile inputFile =
- TestInputFileBuilder.create("test-module", "src/Broken.cs")
- .setContents(brokenCode)
- .setCharset(StandardCharsets.UTF_8)
- .setLanguage("cs")
- .setType(InputFile.Type.MAIN)
- .build();
-
- CSharpLexer lexer =
- new CSharpLexer(CharStreams.fromString(brokenCode, inputFile.toString()));
- lexer.removeErrorListeners();
- lexer.addErrorListener(new CSharpParserErrorListener(inputFile));
-
- CommonTokenStream tokens = new CommonTokenStream(lexer);
- CSharpParser parser = new CSharpParser(tokens);
- parser.removeErrorListeners();
- parser.addErrorListener(new CSharpParserErrorListener(inputFile));
-
- parser.compilation_unit();
-
- assertThat(listAppender.list)
- .isNotEmpty()
- .anyMatch(
- event ->
- event.getLevel() == Level.WARN
- && event.getFormattedMessage().contains("Parse error"));
- }
-
- @Test
- void noWarningForValidCSharp() {
- String validCode =
- """
- class Foo {
- void Bar() {
- var aes = System.Security.Cryptography.Aes.Create();
- }
- }
- """;
-
- InputFile inputFile =
- TestInputFileBuilder.create("test-module", "src/Valid.cs")
- .setContents(validCode)
- .setCharset(StandardCharsets.UTF_8)
- .setLanguage("cs")
- .setType(InputFile.Type.MAIN)
- .build();
-
- CSharpLexer lexer =
- new CSharpLexer(CharStreams.fromString(validCode, inputFile.toString()));
- lexer.removeErrorListeners();
- lexer.addErrorListener(new CSharpParserErrorListener(inputFile));
-
- CommonTokenStream tokens = new CommonTokenStream(lexer);
- CSharpParser parser = new CSharpParser(tokens);
- parser.removeErrorListeners();
- parser.addErrorListener(new CSharpParserErrorListener(inputFile));
-
- parser.compilation_unit();
-
- assertThat(listAppender.list).noneMatch(event -> event.getLevel() == Level.WARN);
- }
-}
diff --git a/csharp/src/test/java/com/ibm/plugin/CSharpTreeConverterTest.java b/csharp/src/test/java/com/ibm/plugin/CSharpTreeConverterTest.java
deleted file mode 100644
index febb428ab..000000000
--- a/csharp/src/test/java/com/ibm/plugin/CSharpTreeConverterTest.java
+++ /dev/null
@@ -1,188 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-import com.ibm.engine.language.csharp.CSharpTreeConverter;
-import com.ibm.engine.language.csharp.antlr.CSharpLexer;
-import com.ibm.engine.language.csharp.antlr.CSharpParser;
-import com.ibm.engine.language.csharp.tree.CSharpBlockTree;
-import com.ibm.engine.language.csharp.tree.CSharpMethodInvocationTree;
-import com.ibm.engine.language.csharp.tree.CSharpObjectCreationTree;
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import java.util.List;
-import org.antlr.v4.runtime.CharStreams;
-import org.antlr.v4.runtime.CommonTokenStream;
-import org.junit.jupiter.api.Test;
-
-/**
- * Verifies that {@link CSharpTreeConverter} correctly extracts the {@code assignedIdentifier} from
- * variable declarations ({@code var x = Expr.Create()}) and leaves it null for bare expressions.
- */
-class CSharpTreeConverterTest {
-
- private List parse(String code) {
- CSharpLexer lexer = new CSharpLexer(CharStreams.fromString(code));
- lexer.removeErrorListeners();
- CommonTokenStream tokens = new CommonTokenStream(lexer);
- CSharpParser parser = new CSharpParser(tokens);
- parser.removeErrorListeners();
- CSharpParser.Compilation_unitContext tree = parser.compilation_unit();
- return new CSharpTreeConverter().extractMethodBodies(tree);
- }
-
- @Test
- void assignedIdentifierIsSetForVarDeclaration() {
- // var aes = Aes.Create(); — result is assigned to "aes"
- String code =
- """
- class Foo {
- void Bar() {
- var aes = Aes.Create();
- }
- }
- """;
-
- List blocks = parse(code);
- List statements =
- blocks.stream()
- .flatMap(b -> b.getStatements().stream())
- .filter(s -> s instanceof CSharpMethodInvocationTree)
- .toList();
-
- assertThat(statements).hasSize(1);
- CSharpMethodInvocationTree invocation = (CSharpMethodInvocationTree) statements.get(0);
- assertThat(invocation.getObjectTypeName()).isEqualTo("Aes");
- assertThat(invocation.getMethodName()).isEqualTo("Create");
- assertThat(invocation.getAssignedIdentifier()).isEqualTo("aes");
- }
-
- @Test
- void assignedIdentifierIsNullForBareExpression() {
- // Aes.Create(); — not assigned to any variable
- String code =
- """
- class Foo {
- void Bar() {
- Aes.Create();
- }
- }
- """;
-
- List blocks = parse(code);
- List statements =
- blocks.stream()
- .flatMap(b -> b.getStatements().stream())
- .filter(s -> s instanceof CSharpMethodInvocationTree)
- .toList();
-
- assertThat(statements).hasSize(1);
- CSharpMethodInvocationTree invocation = (CSharpMethodInvocationTree) statements.get(0);
- assertThat(invocation.getAssignedIdentifier()).isNull();
- }
-
- @Test
- void assignedIdentifierIsSetForConstructor() {
- // var gcm = new AesGcm(key); — constructor result assigned to "gcm"
- String code =
- """
- class Foo {
- void Bar() {
- var gcm = new AesGcm(key);
- }
- }
- """;
-
- List blocks = parse(code);
- List statements =
- blocks.stream()
- .flatMap(b -> b.getStatements().stream())
- .filter(s -> s instanceof CSharpObjectCreationTree)
- .toList();
-
- assertThat(statements).hasSize(1);
- CSharpObjectCreationTree creation = (CSharpObjectCreationTree) statements.get(0);
- assertThat(creation.getTypeName()).isEqualTo("AesGcm");
- assertThat(creation.getAssignedIdentifier()).isEqualTo("gcm");
- }
-
- @Test
- void assignedIdentifierIsNullForBareConstructor() {
- // new AesGcm(key); — no assignment
- String code =
- """
- class Foo {
- void Bar() {
- new AesGcm(key);
- }
- }
- """;
-
- List blocks = parse(code);
- List statements =
- blocks.stream()
- .flatMap(b -> b.getStatements().stream())
- .filter(s -> s instanceof CSharpObjectCreationTree)
- .toList();
-
- assertThat(statements).hasSize(1);
- CSharpObjectCreationTree creation = (CSharpObjectCreationTree) statements.get(0);
- assertThat(creation.getAssignedIdentifier()).isNull();
- }
-
- @Test
- void multipleDeclarationsGetSeparateIdentifiers() {
- // Two declarations in the same block — each gets its own identifier
- String code =
- """
- class Foo {
- void Bar() {
- var aes = Aes.Create();
- var rsa = RSA.Create(2048);
- }
- }
- """;
-
- List blocks = parse(code);
- List invocations =
- blocks.stream()
- .flatMap(b -> b.getStatements().stream())
- .filter(s -> s instanceof CSharpMethodInvocationTree)
- .map(s -> (CSharpMethodInvocationTree) s)
- .toList();
-
- assertThat(invocations).hasSize(2);
-
- CSharpMethodInvocationTree aesCall =
- invocations.stream()
- .filter(i -> "Aes".equals(i.getObjectTypeName()))
- .findFirst()
- .orElseThrow();
- assertThat(aesCall.getAssignedIdentifier()).isEqualTo("aes");
-
- CSharpMethodInvocationTree rsaCall =
- invocations.stream()
- .filter(i -> "RSA".equals(i.getObjectTypeName()))
- .findFirst()
- .orElseThrow();
- assertThat(rsaCall.getAssignedIdentifier()).isEqualTo("rsa");
- }
-}
diff --git a/csharp/src/test/java/com/ibm/plugin/CSharpVerifier.java b/csharp/src/test/java/com/ibm/plugin/CSharpVerifier.java
deleted file mode 100755
index 4da5e6e50..000000000
--- a/csharp/src/test/java/com/ibm/plugin/CSharpVerifier.java
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin;
-
-import com.ibm.engine.language.csharp.CSharpCheck;
-import com.ibm.engine.language.csharp.CSharpScanContext;
-import com.ibm.engine.language.csharp.CSharpTreeConverter;
-import com.ibm.engine.language.csharp.antlr.CSharpLexer;
-import com.ibm.engine.language.csharp.antlr.CSharpParser;
-import com.ibm.engine.language.csharp.tree.CSharpBlockTree;
-import java.io.IOException;
-import java.nio.charset.StandardCharsets;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.Paths;
-import java.util.List;
-import javax.annotation.Nonnull;
-import org.antlr.v4.runtime.CharStreams;
-import org.antlr.v4.runtime.CommonTokenStream;
-import org.sonar.api.batch.fs.InputFile;
-import org.sonar.api.batch.fs.internal.TestInputFileBuilder;
-import org.sonar.api.batch.sensor.internal.SensorContextTester;
-
-/**
- * ANTLR-based verifier for C# detection rule tests.
- *
- * Parses a {@code .cs} test file using the ANTLR4 C# grammar, extracts all method bodies, and
- * runs the given {@link CSharpCheck} against each block. Findings are observed directly via the
- * check's internal observer subscription — no native SonarQube binary required.
- *
- *
Usage: {@code CSharpVerifier.verify("rules/detection/dotnet/MyTestFile.cs", this);} where the
- * path is relative to {@code src/test/files/}.
- */
-public final class CSharpVerifier {
-
- private static final String TEST_FILES_ROOT = "src/test/files/";
-
- private CSharpVerifier() {
- // utility
- }
-
- /**
- * Parses the given test file and runs the check against all discovered method bodies.
- *
- * @param relativeTestFilePath path to the .cs file relative to {@code src/test/files/}
- * @param check the check instance to run (typically a {@code TestBase} subclass)
- */
- public static void verify(@Nonnull String relativeTestFilePath, @Nonnull CSharpCheck check)
- throws IOException {
- Path filePath = Paths.get(TEST_FILES_ROOT + relativeTestFilePath);
- String content = Files.readString(filePath, StandardCharsets.UTF_8);
-
- CSharpLexer lexer = new CSharpLexer(CharStreams.fromString(content, filePath.toString()));
- lexer.removeErrorListeners();
- CommonTokenStream tokens = new CommonTokenStream(lexer);
- CSharpParser parser = new CSharpParser(tokens);
- parser.removeErrorListeners();
- CSharpParser.Compilation_unitContext parseTree = parser.compilation_unit();
-
- CSharpTreeConverter converter = new CSharpTreeConverter();
- List methodBodies = converter.extractMethodBodies(parseTree);
-
- Path moduleRoot = Paths.get(".").toAbsolutePath().normalize();
- SensorContextTester sensorContext = SensorContextTester.create(moduleRoot);
-
- InputFile inputFile =
- TestInputFileBuilder.create("test-module", filePath.toString())
- .setContents(content)
- .setCharset(StandardCharsets.UTF_8)
- .setLanguage("cs")
- .setType(InputFile.Type.MAIN)
- .build();
- sensorContext.fileSystem().add(inputFile);
-
- CSharpScanContext scanContext =
- new CSharpScanContext(
- sensorContext, inputFile, CSharpScannerRuleDefinition.REPOSITORY_KEY);
-
- for (CSharpBlockTree blockTree : methodBodies) {
- check.scan(scanContext, blockTree);
- }
- }
-}
diff --git a/csharp/src/test/java/com/ibm/plugin/TestBase.java b/csharp/src/test/java/com/ibm/plugin/TestBase.java
deleted file mode 100755
index 8f47d63bc..000000000
--- a/csharp/src/test/java/com/ibm/plugin/TestBase.java
+++ /dev/null
@@ -1,173 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin;
-
-import com.ibm.engine.detection.DetectionStore;
-import com.ibm.engine.detection.Finding;
-import com.ibm.engine.language.csharp.CSharpCheck;
-import com.ibm.engine.language.csharp.CSharpScanContext;
-import com.ibm.engine.language.csharp.CSharpSymbol;
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.IValue;
-import com.ibm.engine.rule.IDetectionRule;
-import com.ibm.engine.utils.DetectionStoreLogger;
-import com.ibm.mapper.model.INode;
-import com.ibm.plugin.rules.CSharpInventoryRule;
-import com.ibm.plugin.rules.detection.CSharpDetectionRules;
-import java.io.IOException;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.Paths;
-import java.nio.file.StandardOpenOption;
-import java.util.List;
-import java.util.Optional;
-import javax.annotation.Nonnull;
-import javax.annotation.Nullable;
-import org.junit.jupiter.api.BeforeEach;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public abstract class TestBase extends CSharpInventoryRule {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(TestBase.class);
-
- @Nonnull
- private final DetectionStoreLogger
- detectionStoreLogger = new DetectionStoreLogger<>();
-
- private int findingId = 0;
-
- public TestBase(@Nonnull List> detectionRules) {
- super(detectionRules);
- }
-
- public TestBase() {
- super(CSharpDetectionRules.rules());
- }
-
- @BeforeEach
- public void resetState() {
- CSharpAggregator.reset();
- }
-
- @BeforeEach
- public void resetNodeTreeLog() {
- try {
- Path logFile = Paths.get("target/node-tree.log");
- Files.createDirectories(logFile.getParent());
- Files.writeString(
- logFile,
- "=== Node Tree Log: " + getClass().getSimpleName() + " ===\n",
- StandardOpenOption.CREATE,
- StandardOpenOption.TRUNCATE_EXISTING);
- } catch (IOException e) {
- LOGGER.warn("Could not reset node-tree.log", e);
- }
- }
-
- @Override
- public void update(
- @Nonnull Finding finding) {
- final DetectionStore
- detectionStore = finding.detectionStore();
- detectionStoreLogger.print(detectionStore);
-
- final List nodes = csharpTranslationProcess.initiate(detectionStore);
- writeNodeTree(findingId, nodes);
- asserts(findingId, detectionStore, nodes);
- findingId++;
- this.report(finding.getMarkerTree(), nodes)
- .forEach(
- issue ->
- finding.detectionStore()
- .getScanContext()
- .reportIssue(this, issue.tree(), issue.message()));
- }
-
- public abstract void asserts(
- int findingId,
- @Nonnull
- DetectionStore
- detectionStore,
- @Nonnull List nodes);
-
- private void writeNodeTree(int id, @Nonnull List nodes) {
- try {
- StringBuilder sb = new StringBuilder();
- sb.append("\n[findingId=").append(id).append("] Node tree:\n");
- nodes.forEach(node -> appendNodeTree(sb, node, 0));
- Files.writeString(
- Paths.get("target/node-tree.log"),
- sb.toString(),
- StandardOpenOption.CREATE,
- StandardOpenOption.APPEND);
- } catch (IOException e) {
- LOGGER.warn("Could not write node-tree.log", e);
- }
- }
-
- private void appendNodeTree(@Nonnull StringBuilder sb, @Nonnull INode node, int depth) {
- String indent = " ".repeat(depth) + (depth > 0 ? "└─ " : "");
- sb.append(indent)
- .append(node.getKind().getSimpleName())
- .append(" \"")
- .append(node.asString())
- .append("\" [")
- .append(node.getOrigin())
- .append("]\n");
- node.getChildren().values().forEach(child -> appendNodeTree(sb, child, depth + 1));
- }
-
- @Nullable public DetectionStore
- getStoreOfValueType(
- @Nonnull Class valueType,
- @Nonnull
- List<
- DetectionStore<
- CSharpCheck,
- CSharpTree,
- CSharpSymbol,
- CSharpScanContext>>
- detectionStores) {
- Optional>
- relevantStore =
- detectionStores.stream()
- .filter(
- store ->
- store.getDetectionValues().stream()
- .anyMatch(
- value ->
- value.getClass()
- .equals(valueType)))
- .findFirst();
- return relevantStore.orElseGet(
- () ->
- detectionStores.stream()
- .map(
- store ->
- Optional.ofNullable(
- getStoreOfValueType(
- valueType, store.getChildren())))
- .filter(Optional::isPresent)
- .map(Optional::get)
- .findFirst()
- .orElse(null));
- }
-}
diff --git a/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetAESPropertyTest.java b/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetAESPropertyTest.java
deleted file mode 100644
index babbe2772..000000000
--- a/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetAESPropertyTest.java
+++ /dev/null
@@ -1,153 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules.detection.dotnet;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-import com.ibm.engine.detection.DetectionStore;
-import com.ibm.engine.language.csharp.CSharpCheck;
-import com.ibm.engine.language.csharp.CSharpScanContext;
-import com.ibm.engine.language.csharp.CSharpSymbol;
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.IValue;
-import com.ibm.engine.model.KeySize;
-import com.ibm.engine.model.Mode;
-import com.ibm.engine.model.Padding;
-import com.ibm.engine.model.ValueAction;
-import com.ibm.engine.model.context.CipherContext;
-import com.ibm.mapper.model.BlockCipher;
-import com.ibm.mapper.model.INode;
-import com.ibm.mapper.model.KeyLength;
-import com.ibm.plugin.CSharpVerifier;
-import com.ibm.plugin.TestBase;
-import java.util.List;
-import javax.annotation.Nonnull;
-import org.junit.jupiter.api.Test;
-
-/**
- * Verifies that property-setter assignments on a detected AES variable are linked back to the
- * primary detection via the synthetic {@code set_X} method invocation approach.
- *
- * Test scenario (from DotNetAESPropertyTestFile.cs):
- *
- *
{@code
- * var aes = Aes.Create();
- * aes.Mode = CipherMode.CBC; // → synthetic set_Mode(CipherMode.CBC)
- * aes.KeySize = 256; // → synthetic set_KeySize(256)
- * aes.Padding = PaddingMode.PKCS7; // → synthetic set_Padding(PaddingMode.PKCS7)
- * }
- */
-class DotNetAESPropertyTest extends TestBase {
-
- @Test
- void test() throws Exception {
- CSharpVerifier.verify("rules/detection/dotnet/DotNetAESPropertyTestFile.cs", this);
- }
-
- @Override
- public void asserts(
- int findingId,
- @Nonnull
- DetectionStore
- detectionStore,
- @Nonnull List nodes) {
-
- switch (findingId) {
- case 0 -> {
- /*
- * TestAesWithProperties: var aes = Aes.Create() + Mode/KeySize/Padding setters
- */
-
- // Primary detection: AES
- assertThat(detectionStore.getDetectionValues()).hasSize(1);
- assertThat(detectionStore.getDetectionValueContext())
- .isInstanceOf(CipherContext.class);
- IValue primaryValue = detectionStore.getDetectionValues().get(0);
- assertThat(primaryValue).isInstanceOf(ValueAction.class);
- assertThat(primaryValue.asString()).isEqualTo("AES");
-
- // Depending rule: set_Mode detected Mode("CBC")
- DetectionStore modeStore =
- getStoreOfValueType(Mode.class, detectionStore.getChildren());
- assertThat(modeStore).isNotNull();
- assertThat(modeStore.getDetectionValues()).hasSize(1);
- assertThat(modeStore.getDetectionValues().get(0).asString()).isEqualTo("CBC");
-
- // Depending rule: set_KeySize detected KeySize(256)
- DetectionStore
- keySizeStore =
- getStoreOfValueType(KeySize.class, detectionStore.getChildren());
- assertThat(keySizeStore).isNotNull();
- assertThat(keySizeStore.getDetectionValues()).hasSize(1);
- assertThat(keySizeStore.getDetectionValues().get(0).asString()).isEqualTo("256");
-
- // Depending rule: set_Padding detected Padding("PKCS7")
- DetectionStore
- paddingStore =
- getStoreOfValueType(Padding.class, detectionStore.getChildren());
- assertThat(paddingStore).isNotNull();
- assertThat(paddingStore.getDetectionValues()).hasSize(1);
- assertThat(paddingStore.getDetectionValues().get(0).asString()).isEqualTo("PKCS7");
-
- // Translation: BlockCipher node with KeyLength child
- assertThat(nodes).hasSize(1);
- INode node = nodes.get(0);
- assertThat(node.getKind()).isEqualTo(BlockCipher.class);
- assertThat(node.asString()).isEqualTo("AES256-CBC-PKCS7");
- INode keyLength = node.getChildren().get(KeyLength.class);
- assertThat(keyLength).isNotNull();
- assertThat(keyLength.asString()).isEqualTo("256");
- }
-
- case 1 -> {
- /*
- * TestAesManagedWithMode: var aes = new AesManaged() + Mode/KeySize setters
- */
-
- // Primary detection: AES
- assertThat(detectionStore.getDetectionValues()).hasSize(1);
- IValue primaryValue = detectionStore.getDetectionValues().get(0);
- assertThat(primaryValue).isInstanceOf(ValueAction.class);
- assertThat(primaryValue.asString()).isEqualTo("AES");
-
- // Depending rule: set_Mode detected Mode("ECB")
- DetectionStore modeStore =
- getStoreOfValueType(Mode.class, detectionStore.getChildren());
- assertThat(modeStore).isNotNull();
- assertThat(modeStore.getDetectionValues().get(0).asString()).isEqualTo("ECB");
-
- // Depending rule: set_KeySize detected KeySize(128)
- DetectionStore
- keySizeStore =
- getStoreOfValueType(KeySize.class, detectionStore.getChildren());
- assertThat(keySizeStore).isNotNull();
- assertThat(keySizeStore.getDetectionValues().get(0).asString()).isEqualTo("128");
-
- // Translation: BlockCipher node
- assertThat(nodes).hasSize(1);
- INode node = nodes.get(0);
- assertThat(node.getKind()).isEqualTo(BlockCipher.class);
- assertThat(node.asString()).isEqualTo("AES128-ECB");
- }
-
- default -> throw new IllegalStateException("Unexpected findingId: " + findingId);
- }
- }
-}
diff --git a/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetAESTest.java b/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetAESTest.java
deleted file mode 100755
index 43858ef62..000000000
--- a/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetAESTest.java
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules.detection.dotnet;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-import com.ibm.engine.detection.DetectionStore;
-import com.ibm.engine.language.csharp.CSharpCheck;
-import com.ibm.engine.language.csharp.CSharpScanContext;
-import com.ibm.engine.language.csharp.CSharpSymbol;
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.IValue;
-import com.ibm.engine.model.ValueAction;
-import com.ibm.engine.model.context.CipherContext;
-import com.ibm.mapper.model.BlockCipher;
-import com.ibm.mapper.model.BlockSize;
-import com.ibm.mapper.model.INode;
-import com.ibm.plugin.CSharpVerifier;
-import com.ibm.plugin.TestBase;
-import java.util.List;
-import javax.annotation.Nonnull;
-import org.junit.jupiter.api.Test;
-
-class DotNetAESTest extends TestBase {
-
- @Test
- void test() throws Exception {
- CSharpVerifier.verify("rules/detection/dotnet/DotNetAESTestFile.cs", this);
- }
-
- @Override
- public void asserts(
- int findingId,
- @Nonnull
- DetectionStore
- detectionStore,
- @Nonnull List nodes) {
-
- /*
- * Detection Store
- */
- assertThat(detectionStore.getDetectionValues()).hasSize(1);
- assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(CipherContext.class);
- IValue value0 = detectionStore.getDetectionValues().get(0);
- assertThat(value0).isInstanceOf(ValueAction.class);
- assertThat(value0.asString()).isEqualTo("AES");
-
- /*
- * Translation
- */
- assertThat(nodes).hasSize(1);
- INode node = nodes.get(0);
- assertThat(node.getKind()).isEqualTo(BlockCipher.class);
- assertThat(node.asString()).isEqualTo("AES");
-
- INode blockSize = node.getChildren().get(BlockSize.class);
- assertThat(blockSize).isNotNull();
- assertThat(blockSize.asString()).isEqualTo("128");
- }
-}
diff --git a/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetDESTest.java b/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetDESTest.java
deleted file mode 100755
index d2437244c..000000000
--- a/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetDESTest.java
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules.detection.dotnet;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-import com.ibm.engine.detection.DetectionStore;
-import com.ibm.engine.language.csharp.CSharpCheck;
-import com.ibm.engine.language.csharp.CSharpScanContext;
-import com.ibm.engine.language.csharp.CSharpSymbol;
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.IValue;
-import com.ibm.engine.model.ValueAction;
-import com.ibm.engine.model.context.CipherContext;
-import com.ibm.mapper.model.BlockCipher;
-import com.ibm.mapper.model.BlockSize;
-import com.ibm.mapper.model.INode;
-import com.ibm.mapper.model.KeyLength;
-import com.ibm.plugin.CSharpVerifier;
-import com.ibm.plugin.TestBase;
-import java.util.List;
-import javax.annotation.Nonnull;
-import org.junit.jupiter.api.Test;
-
-class DotNetDESTest extends TestBase {
-
- @Test
- void test() throws Exception {
- CSharpVerifier.verify("rules/detection/dotnet/DotNetDESTestFile.cs", this);
- }
-
- @Override
- public void asserts(
- int findingId,
- @Nonnull
- DetectionStore
- detectionStore,
- @Nonnull List nodes) {
- assertThat(detectionStore.getDetectionValues()).hasSize(1);
- assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(CipherContext.class);
- IValue value0 = detectionStore.getDetectionValues().get(0);
- assertThat(value0).isInstanceOf(ValueAction.class);
- assertThat(value0.asString()).isEqualTo("DES");
-
- /*
- * Translation
- */
- assertThat(nodes).hasSize(1);
- INode node = nodes.get(0);
- assertThat(node.getKind()).isEqualTo(BlockCipher.class);
- assertThat(node.asString()).startsWith("DES");
-
- // DES carries a default key length of 56 bits and block size of 64 bits
- INode keyLength = node.getChildren().get(KeyLength.class);
- assertThat(keyLength).isNotNull();
- assertThat(keyLength.asString()).isEqualTo("56");
-
- INode blockSize = node.getChildren().get(BlockSize.class);
- assertThat(blockSize).isNotNull();
- assertThat(blockSize.asString()).isEqualTo("64");
- }
-}
diff --git a/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetDSATest.java b/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetDSATest.java
deleted file mode 100755
index 04c43bbf4..000000000
--- a/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetDSATest.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules.detection.dotnet;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-import com.ibm.engine.detection.DetectionStore;
-import com.ibm.engine.language.csharp.CSharpCheck;
-import com.ibm.engine.language.csharp.CSharpScanContext;
-import com.ibm.engine.language.csharp.CSharpSymbol;
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.IValue;
-import com.ibm.engine.model.ValueAction;
-import com.ibm.engine.model.context.KeyContext;
-import com.ibm.mapper.model.INode;
-import com.ibm.mapper.model.Oid;
-import com.ibm.mapper.model.Signature;
-import com.ibm.plugin.CSharpVerifier;
-import com.ibm.plugin.TestBase;
-import java.util.List;
-import javax.annotation.Nonnull;
-import org.junit.jupiter.api.Test;
-
-class DotNetDSATest extends TestBase {
-
- @Test
- void test() throws Exception {
- CSharpVerifier.verify("rules/detection/dotnet/DotNetDSATestFile.cs", this);
- }
-
- @Override
- public void asserts(
- int findingId,
- @Nonnull
- DetectionStore
- detectionStore,
- @Nonnull List nodes) {
- assertThat(detectionStore.getDetectionValues()).hasSize(1);
- assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(KeyContext.class);
- IValue value0 = detectionStore.getDetectionValues().get(0);
- assertThat(value0).isInstanceOf(ValueAction.class);
- assertThat(value0.asString()).isEqualTo("DSA");
-
- assertThat(nodes).hasSize(1);
- INode node = nodes.get(0);
- assertThat(node.getKind()).isEqualTo(Signature.class);
- assertThat(node.asString()).isEqualTo("DSA");
-
- INode oid = node.getChildren().get(Oid.class);
- assertThat(oid).isNotNull();
- assertThat(oid.asString()).isEqualTo("1.2.840.10040.4.1");
- }
-}
diff --git a/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetECDiffieHellmanTest.java b/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetECDiffieHellmanTest.java
deleted file mode 100755
index 8b88a4d3a..000000000
--- a/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetECDiffieHellmanTest.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules.detection.dotnet;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-import com.ibm.engine.detection.DetectionStore;
-import com.ibm.engine.language.csharp.CSharpCheck;
-import com.ibm.engine.language.csharp.CSharpScanContext;
-import com.ibm.engine.language.csharp.CSharpSymbol;
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.IValue;
-import com.ibm.engine.model.ValueAction;
-import com.ibm.engine.model.context.KeyContext;
-import com.ibm.mapper.model.INode;
-import com.ibm.mapper.model.KeyAgreement;
-import com.ibm.mapper.model.Oid;
-import com.ibm.plugin.CSharpVerifier;
-import com.ibm.plugin.TestBase;
-import java.util.List;
-import javax.annotation.Nonnull;
-import org.junit.jupiter.api.Test;
-
-class DotNetECDiffieHellmanTest extends TestBase {
-
- @Test
- void test() throws Exception {
- CSharpVerifier.verify("rules/detection/dotnet/DotNetECDiffieHellmanTestFile.cs", this);
- }
-
- @Override
- public void asserts(
- int findingId,
- @Nonnull
- DetectionStore
- detectionStore,
- @Nonnull List nodes) {
- assertThat(detectionStore.getDetectionValues()).hasSize(1);
- assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(KeyContext.class);
- IValue value0 = detectionStore.getDetectionValues().get(0);
- assertThat(value0).isInstanceOf(ValueAction.class);
- assertThat(value0.asString()).isEqualTo("ECDH");
-
- assertThat(nodes).hasSize(1);
- INode node = nodes.get(0);
- assertThat(node.getKind()).isEqualTo(KeyAgreement.class);
- assertThat(node.asString()).isEqualTo("ECDH");
-
- INode oid = node.getChildren().get(Oid.class);
- assertThat(oid).isNotNull();
- assertThat(oid.asString()).isEqualTo("1.3.132.1.12");
- }
-}
diff --git a/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetECDsaTest.java b/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetECDsaTest.java
deleted file mode 100755
index f7337a1c3..000000000
--- a/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetECDsaTest.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules.detection.dotnet;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-import com.ibm.engine.detection.DetectionStore;
-import com.ibm.engine.language.csharp.CSharpCheck;
-import com.ibm.engine.language.csharp.CSharpScanContext;
-import com.ibm.engine.language.csharp.CSharpSymbol;
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.IValue;
-import com.ibm.engine.model.ValueAction;
-import com.ibm.engine.model.context.KeyContext;
-import com.ibm.mapper.model.INode;
-import com.ibm.mapper.model.Signature;
-import com.ibm.plugin.CSharpVerifier;
-import com.ibm.plugin.TestBase;
-import java.util.List;
-import javax.annotation.Nonnull;
-import org.junit.jupiter.api.Test;
-
-class DotNetECDsaTest extends TestBase {
-
- @Test
- void test() throws Exception {
- CSharpVerifier.verify("rules/detection/dotnet/DotNetECDsaTestFile.cs", this);
- }
-
- @Override
- public void asserts(
- int findingId,
- @Nonnull
- DetectionStore
- detectionStore,
- @Nonnull List nodes) {
- assertThat(detectionStore.getDetectionValues()).hasSize(1);
- assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(KeyContext.class);
- IValue value0 = detectionStore.getDetectionValues().get(0);
- assertThat(value0).isInstanceOf(ValueAction.class);
- assertThat(value0.asString()).isEqualTo("ECDSA");
-
- /*
- * Translation
- */
- assertThat(nodes).hasSize(1);
- INode node = nodes.get(0);
- assertThat(node.getKind()).isEqualTo(Signature.class);
- assertThat(node.asString()).isEqualTo("ECDSA");
- }
-}
diff --git a/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetHMACTest.java b/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetHMACTest.java
deleted file mode 100755
index d361e9640..000000000
--- a/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetHMACTest.java
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules.detection.dotnet;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-import com.ibm.engine.detection.DetectionStore;
-import com.ibm.engine.language.csharp.CSharpCheck;
-import com.ibm.engine.language.csharp.CSharpScanContext;
-import com.ibm.engine.language.csharp.CSharpSymbol;
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.IValue;
-import com.ibm.engine.model.ValueAction;
-import com.ibm.engine.model.context.MacContext;
-import com.ibm.mapper.model.DigestSize;
-import com.ibm.mapper.model.INode;
-import com.ibm.mapper.model.Mac;
-import com.ibm.mapper.model.MessageDigest;
-import com.ibm.plugin.CSharpVerifier;
-import com.ibm.plugin.TestBase;
-import java.util.List;
-import javax.annotation.Nonnull;
-import org.junit.jupiter.api.Test;
-
-class DotNetHMACTest extends TestBase {
-
- @Test
- void test() throws Exception {
- CSharpVerifier.verify("rules/detection/dotnet/DotNetHMACTestFile.cs", this);
- }
-
- @Override
- public void asserts(
- int findingId,
- @Nonnull
- DetectionStore
- detectionStore,
- @Nonnull List nodes) {
-
- /*
- * Detection Store
- */
- assertThat(detectionStore.getDetectionValues()).hasSize(1);
- assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(MacContext.class);
- IValue value0 = detectionStore.getDetectionValues().get(0);
- assertThat(value0).isInstanceOf(ValueAction.class);
-
- /*
- * Translation
- */
- assertThat(nodes).hasSize(1);
- INode node = nodes.get(0);
- assertThat(node.getKind()).isEqualTo(Mac.class);
-
- switch (findingId) {
- case 0 -> {
- assertThat(value0.asString()).isEqualTo("HMACSHA1");
- assertThat(node.asString()).isEqualTo("HMAC-SHA1");
- INode digest = node.getChildren().get(MessageDigest.class);
- assertThat(digest).isNotNull();
- assertThat(digest.asString()).isEqualTo("SHA1");
- INode digestSize = digest.getChildren().get(DigestSize.class);
- assertThat(digestSize).isNotNull();
- assertThat(digestSize.asString()).isEqualTo("160");
- }
- case 1 -> {
- assertThat(value0.asString()).isEqualTo("HMACSHA256");
- assertThat(node.asString()).isEqualTo("HMAC-SHA256");
- INode digest = node.getChildren().get(MessageDigest.class);
- assertThat(digest).isNotNull();
- assertThat(digest.asString()).isEqualTo("SHA256");
- INode digestSize = digest.getChildren().get(DigestSize.class);
- assertThat(digestSize).isNotNull();
- assertThat(digestSize.asString()).isEqualTo("256");
- }
- case 2 -> {
- assertThat(value0.asString()).isEqualTo("HMACSHA384");
- assertThat(node.asString()).isEqualTo("HMAC-SHA384");
- INode digest = node.getChildren().get(MessageDigest.class);
- assertThat(digest).isNotNull();
- assertThat(digest.asString()).isEqualTo("SHA384");
- INode digestSize = digest.getChildren().get(DigestSize.class);
- assertThat(digestSize).isNotNull();
- assertThat(digestSize.asString()).isEqualTo("384");
- }
- case 3 -> {
- assertThat(value0.asString()).isEqualTo("HMACSHA512");
- assertThat(node.asString()).isEqualTo("HMAC-SHA512");
- INode digest = node.getChildren().get(MessageDigest.class);
- assertThat(digest).isNotNull();
- assertThat(digest.asString()).isEqualTo("SHA512");
- INode digestSize = digest.getChildren().get(DigestSize.class);
- assertThat(digestSize).isNotNull();
- assertThat(digestSize.asString()).isEqualTo("512");
- }
- case 4 -> {
- assertThat(value0.asString()).isEqualTo("HMACMD5");
- assertThat(node.asString()).isEqualTo("HMAC-MD5");
- INode digest = node.getChildren().get(MessageDigest.class);
- assertThat(digest).isNotNull();
- assertThat(digest.asString()).isEqualTo("MD5");
- INode digestSize = digest.getChildren().get(DigestSize.class);
- assertThat(digestSize).isNotNull();
- assertThat(digestSize.asString()).isEqualTo("128");
- }
- default -> throw new IllegalStateException("Unexpected findingId: " + findingId);
- }
- }
-}
diff --git a/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetRC2Test.java b/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetRC2Test.java
deleted file mode 100755
index 512f9fbb4..000000000
--- a/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetRC2Test.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules.detection.dotnet;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-import com.ibm.engine.detection.DetectionStore;
-import com.ibm.engine.language.csharp.CSharpCheck;
-import com.ibm.engine.language.csharp.CSharpScanContext;
-import com.ibm.engine.language.csharp.CSharpSymbol;
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.IValue;
-import com.ibm.engine.model.ValueAction;
-import com.ibm.engine.model.context.CipherContext;
-import com.ibm.mapper.model.BlockCipher;
-import com.ibm.mapper.model.INode;
-import com.ibm.plugin.CSharpVerifier;
-import com.ibm.plugin.TestBase;
-import java.util.List;
-import javax.annotation.Nonnull;
-import org.junit.jupiter.api.Test;
-
-class DotNetRC2Test extends TestBase {
-
- @Test
- void test() throws Exception {
- CSharpVerifier.verify("rules/detection/dotnet/DotNetRC2TestFile.cs", this);
- }
-
- @Override
- public void asserts(
- int findingId,
- @Nonnull
- DetectionStore
- detectionStore,
- @Nonnull List nodes) {
- assertThat(detectionStore.getDetectionValues()).hasSize(1);
- assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(CipherContext.class);
- IValue value0 = detectionStore.getDetectionValues().get(0);
- assertThat(value0).isInstanceOf(ValueAction.class);
- assertThat(value0.asString()).isEqualTo("RC2");
-
- /*
- * Translation
- */
- assertThat(nodes).hasSize(1);
- INode node = nodes.get(0);
- assertThat(node.getKind()).isEqualTo(BlockCipher.class);
- assertThat(node.asString()).isEqualTo("RC2");
- }
-}
diff --git a/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetRSATest.java b/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetRSATest.java
deleted file mode 100755
index 5336bc3e1..000000000
--- a/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetRSATest.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules.detection.dotnet;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-import com.ibm.engine.detection.DetectionStore;
-import com.ibm.engine.language.csharp.CSharpCheck;
-import com.ibm.engine.language.csharp.CSharpScanContext;
-import com.ibm.engine.language.csharp.CSharpSymbol;
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.IValue;
-import com.ibm.engine.model.ValueAction;
-import com.ibm.engine.model.context.KeyContext;
-import com.ibm.mapper.model.INode;
-import com.ibm.mapper.model.Oid;
-import com.ibm.mapper.model.PublicKeyEncryption;
-import com.ibm.plugin.CSharpVerifier;
-import com.ibm.plugin.TestBase;
-import java.util.List;
-import javax.annotation.Nonnull;
-import org.junit.jupiter.api.Test;
-
-class DotNetRSATest extends TestBase {
-
- @Test
- void test() throws Exception {
- CSharpVerifier.verify("rules/detection/dotnet/DotNetRSATestFile.cs", this);
- }
-
- @Override
- public void asserts(
- int findingId,
- @Nonnull
- DetectionStore
- detectionStore,
- @Nonnull List nodes) {
- assertThat(detectionStore).isNotNull();
- assertThat(detectionStore.getDetectionValues()).hasSize(1);
- assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(KeyContext.class);
- IValue value0 = detectionStore.getDetectionValues().get(0);
- assertThat(value0).isInstanceOf(ValueAction.class);
- assertThat(value0.asString()).isEqualTo("RSA");
-
- /*
- * Translation
- */
- assertThat(nodes).hasSize(1);
- INode node = nodes.get(0);
- assertThat(node.getKind()).isEqualTo(PublicKeyEncryption.class);
- assertThat(node.asString()).isEqualTo("RSA");
-
- // RSA carries its OID as a child node
- INode oid = node.getChildren().get(Oid.class);
- assertThat(oid).isNotNull();
- assertThat(oid.asString()).isEqualTo("1.2.840.113549.1.1.1");
- }
-}
diff --git a/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetRfc2898DeriveBytesTest.java b/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetRfc2898DeriveBytesTest.java
deleted file mode 100755
index 4cf6473a4..000000000
--- a/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetRfc2898DeriveBytesTest.java
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules.detection.dotnet;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-import com.ibm.engine.detection.DetectionStore;
-import com.ibm.engine.language.csharp.CSharpCheck;
-import com.ibm.engine.language.csharp.CSharpScanContext;
-import com.ibm.engine.language.csharp.CSharpSymbol;
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.IValue;
-import com.ibm.engine.model.ValueAction;
-import com.ibm.engine.model.context.KeyContext;
-import com.ibm.mapper.model.INode;
-import com.ibm.mapper.model.PasswordBasedKeyDerivationFunction;
-import com.ibm.plugin.CSharpVerifier;
-import com.ibm.plugin.TestBase;
-import java.util.List;
-import javax.annotation.Nonnull;
-import org.junit.jupiter.api.Test;
-
-class DotNetRfc2898DeriveBytesTest extends TestBase {
-
- @Test
- void test() throws Exception {
- CSharpVerifier.verify("rules/detection/dotnet/DotNetRfc2898DeriveBytesTestFile.cs", this);
- }
-
- @Override
- public void asserts(
- int findingId,
- @Nonnull
- DetectionStore
- detectionStore,
- @Nonnull List nodes) {
- assertThat(detectionStore.getDetectionValues()).hasSize(1);
- assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(KeyContext.class);
- IValue value0 = detectionStore.getDetectionValues().get(0);
- assertThat(value0).isInstanceOf(ValueAction.class);
- assertThat(value0.asString()).isEqualTo("PBKDF2");
-
- assertThat(nodes).hasSize(1);
- assertThat(nodes.get(0).getKind()).isEqualTo(PasswordBasedKeyDerivationFunction.class);
- assertThat(nodes.get(0).asString()).isEqualTo("PBKDF2");
- }
-}
diff --git a/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetSHATest.java b/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetSHATest.java
deleted file mode 100755
index 4c877a4c4..000000000
--- a/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetSHATest.java
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules.detection.dotnet;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-import com.ibm.engine.detection.DetectionStore;
-import com.ibm.engine.language.csharp.CSharpCheck;
-import com.ibm.engine.language.csharp.CSharpScanContext;
-import com.ibm.engine.language.csharp.CSharpSymbol;
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.IValue;
-import com.ibm.engine.model.ValueAction;
-import com.ibm.engine.model.context.DigestContext;
-import com.ibm.mapper.model.DigestSize;
-import com.ibm.mapper.model.INode;
-import com.ibm.mapper.model.MessageDigest;
-import com.ibm.plugin.CSharpVerifier;
-import com.ibm.plugin.TestBase;
-import java.util.List;
-import javax.annotation.Nonnull;
-import org.junit.jupiter.api.Test;
-
-class DotNetSHATest extends TestBase {
-
- @Test
- void test() throws Exception {
- CSharpVerifier.verify("rules/detection/dotnet/DotNetSHATestFile.cs", this);
- }
-
- @Override
- public void asserts(
- int findingId,
- @Nonnull
- DetectionStore
- detectionStore,
- @Nonnull List nodes) {
-
- /*
- * Detection Store
- */
- assertThat(detectionStore.getDetectionValues()).hasSize(1);
- assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(DigestContext.class);
- IValue value0 = detectionStore.getDetectionValues().get(0);
- assertThat(value0).isInstanceOf(ValueAction.class);
-
- /*
- * Translation
- */
- assertThat(nodes).hasSize(1);
- INode node = nodes.get(0);
- assertThat(node.getKind()).isEqualTo(MessageDigest.class);
-
- switch (findingId) {
- case 0 -> {
- assertThat(value0.asString()).isEqualTo("SHA1");
- assertThat(node.asString()).isEqualTo("SHA1");
- INode digestSize = node.getChildren().get(DigestSize.class);
- assertThat(digestSize).isNotNull();
- assertThat(digestSize.asString()).isEqualTo("160");
- }
- case 1 -> {
- assertThat(value0.asString()).isEqualTo("SHA256");
- assertThat(node.asString()).isEqualTo("SHA256");
- INode digestSize = node.getChildren().get(DigestSize.class);
- assertThat(digestSize).isNotNull();
- assertThat(digestSize.asString()).isEqualTo("256");
- }
- case 2 -> {
- assertThat(value0.asString()).isEqualTo("SHA384");
- assertThat(node.asString()).isEqualTo("SHA384");
- INode digestSize = node.getChildren().get(DigestSize.class);
- assertThat(digestSize).isNotNull();
- assertThat(digestSize.asString()).isEqualTo("384");
- }
- case 3 -> {
- assertThat(value0.asString()).isEqualTo("SHA512");
- assertThat(node.asString()).isEqualTo("SHA512");
- INode digestSize = node.getChildren().get(DigestSize.class);
- assertThat(digestSize).isNotNull();
- assertThat(digestSize.asString()).isEqualTo("512");
- }
- case 4 -> {
- assertThat(value0.asString()).isEqualTo("MD5");
- assertThat(node.asString()).isEqualTo("MD5");
- INode digestSize = node.getChildren().get(DigestSize.class);
- assertThat(digestSize).isNotNull();
- assertThat(digestSize.asString()).isEqualTo("128");
- }
- default -> throw new IllegalStateException("Unexpected findingId: " + findingId);
- }
- }
-}
diff --git a/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetTripleDESTest.java b/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetTripleDESTest.java
deleted file mode 100755
index 36904ba51..000000000
--- a/csharp/src/test/java/com/ibm/plugin/rules/detection/dotnet/DotNetTripleDESTest.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Sonar Cryptography Plugin
- * Copyright (C) 2024 PQCA
- *
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to you under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.ibm.plugin.rules.detection.dotnet;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-import com.ibm.engine.detection.DetectionStore;
-import com.ibm.engine.language.csharp.CSharpCheck;
-import com.ibm.engine.language.csharp.CSharpScanContext;
-import com.ibm.engine.language.csharp.CSharpSymbol;
-import com.ibm.engine.language.csharp.tree.CSharpTree;
-import com.ibm.engine.model.IValue;
-import com.ibm.engine.model.ValueAction;
-import com.ibm.engine.model.context.CipherContext;
-import com.ibm.mapper.model.BlockCipher;
-import com.ibm.mapper.model.BlockSize;
-import com.ibm.mapper.model.INode;
-import com.ibm.plugin.CSharpVerifier;
-import com.ibm.plugin.TestBase;
-import java.util.List;
-import javax.annotation.Nonnull;
-import org.junit.jupiter.api.Test;
-
-class DotNetTripleDESTest extends TestBase {
-
- @Test
- void test() throws Exception {
- CSharpVerifier.verify("rules/detection/dotnet/DotNetTripleDESTestFile.cs", this);
- }
-
- @Override
- public void asserts(
- int findingId,
- @Nonnull
- DetectionStore
- detectionStore,
- @Nonnull List nodes) {
- assertThat(detectionStore.getDetectionValues()).hasSize(1);
- assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(CipherContext.class);
- IValue value0 = detectionStore.getDetectionValues().get(0);
- assertThat(value0).isInstanceOf(ValueAction.class);
- assertThat(value0.asString()).isEqualTo("TRIPLEDES");
-
- /*
- * Translation
- */
- assertThat(nodes).hasSize(1);
- INode node = nodes.get(0);
- assertThat(node.getKind()).isEqualTo(BlockCipher.class);
- // DESede is the canonical name for Triple-DES in the mapper model
- assertThat(node.asString()).isEqualTo("DESede");
-
- // TripleDES carries a default block size of 64 bits
- INode blockSize = node.getChildren().get(BlockSize.class);
- assertThat(blockSize).isNotNull();
- assertThat(blockSize.asString()).isEqualTo("64");
- }
-}
diff --git a/engine/pom.xml b/engine/pom.xml
index 20acc80fd..7495510f1 100644
--- a/engine/pom.xml
+++ b/engine/pom.xml
@@ -23,37 +23,6 @@
2.0.0-SNAPSHOT
compile
-
-
- org.antlr
- antlr4-runtime
- 4.13.1
-
-
-
-
-
- org.antlr
- antlr4-maven-plugin
- 4.13.1
-
-
- antlr4
-
- antlr4
-
-
- ${project.basedir}/src/main/antlr4
- ${project.build.directory}/generated-sources/antlr4
- true
- true
-
-
-
-
-
-
-
-
\ No newline at end of file
+
diff --git a/engine/src/main/antlr4/com/ibm/engine/language/csharp/antlr/CSharpLexer.g4 b/engine/src/main/antlr4/com/ibm/engine/language/csharp/antlr/CSharpLexer.g4
deleted file mode 100755
index ec3c62764..000000000
--- a/engine/src/main/antlr4/com/ibm/engine/language/csharp/antlr/CSharpLexer.g4
+++ /dev/null
@@ -1,1066 +0,0 @@
-// EBNF following ECMA 334 Version 7 language specification.
-// MIT License.
-
-// Eclipse Public License - v 1.0, http://www.eclipse.org/legal/epl-v10.html
-// Copyright (c) 2013, Christian Wulf (chwchw@gmx.de)
-// Copyright (c) 2016-2017, Ivan Kochurkin (kvanttt@gmail.com), Positive Technologies.
-
-// $antlr-format alignTrailingComments true, columnLimit 150, maxEmptyLinesToKeep 1, reflowComments false, useTab false
-// $antlr-format allowShortRulesOnASingleLine true, allowShortBlocksOnASingleLine true, minEmptyLines 0, alignSemicolons ownLine
-// $antlr-format alignColons trailing, singleLineOverrulesHangingColon true, alignLexerCommands true, alignLabels true, alignTrailers true
-
-lexer grammar CSharpLexer;
-
-channels {
- COMMENTS_CHANNEL,
- DIRECTIVE
-}
-
-options {
- superClass = CSharpLexerBase;
-}
-
-// Insert here @header for lexer.
-
-BYTE_ORDER_MARK: '\u00EF\u00BB\u00BF';
-
-SINGLE_LINE_DOC_COMMENT : '///' InputCharacter* -> channel(COMMENTS_CHANNEL);
-EMPTY_DELIMITED_DOC_COMMENT : '/***/' -> channel(COMMENTS_CHANNEL);
-DELIMITED_DOC_COMMENT : '/**' ~'/' .*? '*/' -> channel(COMMENTS_CHANNEL);
-SINGLE_LINE_COMMENT : '//' InputCharacter* -> channel(COMMENTS_CHANNEL);
-DELIMITED_COMMENT : '/*' .*? '*/' -> channel(COMMENTS_CHANNEL);
-WHITESPACES : (Whitespace | NewLine)+ -> channel(HIDDEN);
-SHARP : '#' -> mode(DIRECTIVE_MODE), skip;
-
-ABSTRACT : 'abstract';
-ADD : 'add';
-ALIAS : 'alias';
-ARGLIST : '__arglist';
-AS : 'as';
-ASCENDING : 'ascending';
-ASYNC : 'async';
-AWAIT : 'await';
-BASE : 'base';
-BOOL : 'bool';
-BREAK : 'break';
-BY : 'by';
-BYTE : 'byte';
-CASE : 'case';
-CATCH : 'catch';
-CHAR : 'char';
-CHECKED : 'checked';
-CLASS : 'class';
-CONST : 'const';
-CONTINUE : 'continue';
-DECIMAL : 'decimal';
-DEFAULT : 'default';
-DELEGATE : 'delegate';
-DESCENDING : 'descending';
-DO : 'do';
-DOUBLE : 'double';
-DYNAMIC : 'dynamic';
-ELSE : 'else';
-ENUM : 'enum';
-EQUALS : 'equals';
-EVENT : 'event';
-EXPLICIT : 'explicit';
-EXTERN : 'extern';
-FALSE : 'false';
-FINALLY : 'finally';
-FIXED : 'fixed';
-FLOAT : 'float';
-FOR : 'for';
-FOREACH : 'foreach';
-FROM : 'from';
-GET : 'get';
-GOTO : 'goto';
-GROUP : 'group';
-IF : 'if';
-IMPLICIT : 'implicit';
-IN : 'in';
-INT : 'int';
-INTERFACE : 'interface';
-INTERNAL : 'internal';
-INTO : 'into';
-IS : 'is';
-JOIN : 'join';
-LET : 'let';
-LOCK : 'lock';
-LONG : 'long';
-NAMEOF : 'nameof';
-NAMESPACE : 'namespace';
-NEW : 'new';
-NULL_ : 'null';
-OBJECT : 'object';
-ON : 'on';
-OPERATOR : 'operator';
-ORDERBY : 'orderby';
-OUT : 'out';
-OVERRIDE : 'override';
-PARAMS : 'params';
-PARTIAL : 'partial';
-PRIVATE : 'private';
-PROTECTED : 'protected';
-PUBLIC : 'public';
-READONLY : 'readonly';
-REF : 'ref';
-REMOVE : 'remove';
-RETURN : 'return';
-SBYTE : 'sbyte';
-SEALED : 'sealed';
-SELECT : 'select';
-SET : 'set';
-SHORT : 'short';
-SIZEOF : 'sizeof';
-STACKALLOC : 'stackalloc';
-STATIC : 'static';
-STRING : 'string';
-STRUCT : 'struct';
-SWITCH : 'switch';
-THIS : 'this';
-THROW : 'throw';
-TRUE : 'true';
-TRY : 'try';
-TYPEOF : 'typeof';
-UINT : 'uint';
-ULONG : 'ulong';
-UNCHECKED : 'unchecked';
-UNMANAGED : 'unmanaged';
-UNSAFE : 'unsafe';
-USHORT : 'ushort';
-USING : 'using';
-VAR : 'var';
-VIRTUAL : 'virtual';
-VOID : 'void';
-VOLATILE : 'volatile';
-WHEN : 'when';
-WHERE : 'where';
-WHILE : 'while';
-YIELD : 'yield';
-
-//B.1.6 Identifiers
-// must be defined after all keywords so the first branch (Available_identifier) does not match keywords
-// https://msdn.microsoft.com/en-us/library/aa664670(v=vs.71).aspx
-IDENTIFIER: '@'? IdentifierOrKeyword;
-
-//B.1.8 Literals
-// 0.Equals() would be parsed as an invalid real (1. branch) causing a lexer error
-LITERAL_ACCESS : [0-9] ('_'* [0-9])* IntegerTypeSuffix? '.' '@'? IdentifierOrKeyword;
-INTEGER_LITERAL : [0-9] ('_'* [0-9])* IntegerTypeSuffix?;
-HEX_INTEGER_LITERAL : '0' [xX] ('_'* HexDigit)+ IntegerTypeSuffix?;
-BIN_INTEGER_LITERAL : '0' [bB] ('_'* [01])+ IntegerTypeSuffix?;
-REAL_LITERAL:
- ([0-9] ('_'* [0-9])*)? '.' [0-9] ('_'* [0-9])* ExponentPart? [FfDdMm]?
- | [0-9] ('_'* [0-9])* ([FfDdMm] | ExponentPart [FfDdMm]?)
-;
-
-CHARACTER_LITERAL : '\'' (~['\\\r\n\u0085\u2028\u2029] | CommonCharacter) '\'';
-REGULAR_STRING : '"' (~["\\\r\n\u0085\u2028\u2029] | CommonCharacter)* '"';
-VERBATIUM_STRING : '@"' (~'"' | '""')* '"';
-INTERPOLATED_REGULAR_STRING_START:
- '$"' { this.OnInterpolatedRegularStringStart(); } -> pushMode(INTERPOLATION_STRING)
-;
-INTERPOLATED_VERBATIUM_STRING_START:
- '$@"' { this.OnInterpolatedVerbatiumStringStart(); } -> pushMode(INTERPOLATION_STRING)
-;
-
-//B.1.9 Operators And Punctuators
-OPEN_BRACE : '{' { this.OnOpenBrace(); };
-CLOSE_BRACE : '}' { this.OnCloseBrace(); };
-OPEN_BRACKET : '[';
-CLOSE_BRACKET : ']';
-OPEN_PARENS : '(';
-CLOSE_PARENS : ')';
-DOT : '.';
-COMMA : ',';
-COLON : ':' { this.OnColon(); };
-SEMICOLON : ';';
-PLUS : '+';
-MINUS : '-';
-STAR : '*';
-DIV : '/';
-PERCENT : '%';
-AMP : '&';
-BITWISE_OR : '|';
-CARET : '^';
-BANG : '!';
-TILDE : '~';
-ASSIGNMENT : '=';
-LT : '<';
-GT : '>';
-INTERR : '?';
-DOUBLE_COLON : '::';
-OP_COALESCING : '??';
-OP_INC : '++';
-OP_DEC : '--';
-OP_AND : '&&';
-OP_OR : '||';
-OP_PTR : '->';
-OP_EQ : '==';
-OP_NE : '!=';
-OP_LE : '<=';
-OP_GE : '>=';
-OP_ADD_ASSIGNMENT : '+=';
-OP_SUB_ASSIGNMENT : '-=';
-OP_MULT_ASSIGNMENT : '*=';
-OP_DIV_ASSIGNMENT : '/=';
-OP_MOD_ASSIGNMENT : '%=';
-OP_AND_ASSIGNMENT : '&=';
-OP_OR_ASSIGNMENT : '|=';
-OP_XOR_ASSIGNMENT : '^=';
-OP_LEFT_SHIFT : '<<';
-OP_LEFT_SHIFT_ASSIGNMENT : '<<=';
-OP_COALESCING_ASSIGNMENT : '??=';
-OP_RANGE : '..';
-
-// Emitted programmatically by CSharpLexerBase for false #if blocks; never matched from input.
-SKIPPED_SECTION : '\u0000' -> channel(HIDDEN);
-
-// https://msdn.microsoft.com/en-us/library/dn961160.aspx
-mode INTERPOLATION_STRING;
-
-DOUBLE_CURLY_INSIDE : '{{';
-OPEN_BRACE_INSIDE : '{' { this.OpenBraceInside(); } -> skip, pushMode(DEFAULT_MODE);
-REGULAR_CHAR_INSIDE : { this.IsRegularCharInside() }? SimpleEscapeSequence;
-VERBATIUM_DOUBLE_QUOTE_INSIDE : { this.IsVerbatiumDoubleQuoteInside() }? '""';
-DOUBLE_QUOTE_INSIDE : '"' { this.OnDoubleQuoteInside(); } -> popMode;
-REGULAR_STRING_INSIDE : { this.IsRegularCharInside() }? ~('{' | '\\' | '"')+;
-VERBATIUM_INSIDE_STRING : { this.IsVerbatiumDoubleQuoteInside() }? ~('{' | '"')+;
-
-mode INTERPOLATION_FORMAT;
-
-DOUBLE_CURLY_CLOSE_INSIDE : '}}' -> type(FORMAT_STRING);
-CLOSE_BRACE_INSIDE : '}' { this.OnCloseBraceInside(); } -> skip, popMode;
-FORMAT_STRING : ~'}'+;
-
-mode DIRECTIVE_MODE;
-
-DIRECTIVE_WHITESPACES : Whitespace+ -> channel(HIDDEN);
-DIGITS : [0-9]+ -> channel(DIRECTIVE);
-DIRECTIVE_TRUE : 'true' -> channel(DIRECTIVE), type(TRUE);
-DIRECTIVE_FALSE : 'false' -> channel(DIRECTIVE), type(FALSE);
-DEFINE : 'define' -> channel(DIRECTIVE);
-UNDEF : 'undef' -> channel(DIRECTIVE);
-DIRECTIVE_IF : 'if' -> channel(DIRECTIVE), type(IF);
-ELIF : 'elif' -> channel(DIRECTIVE);
-DIRECTIVE_ELSE : 'else' -> channel(DIRECTIVE), type(ELSE);
-ENDIF : 'endif' -> channel(DIRECTIVE);
-LINE : 'line' -> channel(DIRECTIVE);
-ERROR : 'error' Whitespace+ -> channel(DIRECTIVE), mode(DIRECTIVE_TEXT);
-WARNING : 'warning' Whitespace+ -> channel(DIRECTIVE), mode(DIRECTIVE_TEXT);
-REGION : 'region' Whitespace* -> channel(DIRECTIVE), mode(DIRECTIVE_TEXT);
-ENDREGION : 'endregion' Whitespace* -> channel(DIRECTIVE), mode(DIRECTIVE_TEXT);
-PRAGMA : 'pragma' Whitespace+ -> channel(DIRECTIVE), mode(DIRECTIVE_TEXT);
-NULLABLE : 'nullable' Whitespace+ -> channel(DIRECTIVE), mode(DIRECTIVE_TEXT);
-DIRECTIVE_DEFAULT : 'default' -> channel(DIRECTIVE), type(DEFAULT);
-DIRECTIVE_HIDDEN : 'hidden' -> channel(DIRECTIVE);
-DIRECTIVE_OPEN_PARENS : '(' -> channel(DIRECTIVE), type(OPEN_PARENS);
-DIRECTIVE_CLOSE_PARENS : ')' -> channel(DIRECTIVE), type(CLOSE_PARENS);
-DIRECTIVE_BANG : '!' -> channel(DIRECTIVE), type(BANG);
-DIRECTIVE_OP_EQ : '==' -> channel(DIRECTIVE), type(OP_EQ);
-DIRECTIVE_OP_NE : '!=' -> channel(DIRECTIVE), type(OP_NE);
-DIRECTIVE_OP_AND : '&&' -> channel(DIRECTIVE), type(OP_AND);
-DIRECTIVE_OP_OR : '||' -> channel(DIRECTIVE), type(OP_OR);
-DIRECTIVE_STRING:
- '"' ~('"' | [\r\n\u0085\u2028\u2029])* '"' -> channel(DIRECTIVE), type(STRING)
-;
-CONDITIONAL_SYMBOL: IdentifierOrKeyword -> channel(DIRECTIVE);
-DIRECTIVE_SINGLE_LINE_COMMENT:
- '//' ~[\r\n\u0085\u2028\u2029]* -> channel(COMMENTS_CHANNEL), type(SINGLE_LINE_COMMENT)
-;
-DIRECTIVE_NEW_LINE: NewLine -> channel(DIRECTIVE), mode(DEFAULT_MODE);
-
-mode DIRECTIVE_TEXT;
-
-TEXT : ~[\r\n\u0085\u2028\u2029]+ -> channel(DIRECTIVE);
-TEXT_NEW_LINE : NewLine -> channel(DIRECTIVE), type(DIRECTIVE_NEW_LINE), mode(DEFAULT_MODE);
-
-// Fragments
-
-fragment InputCharacter: ~[\r\n\u0085\u2028\u2029];
-
-fragment NewLineCharacter:
- '\u000D' //''
- | '\u000A' //''
- | '\u0085' //''
- | '\u2028' //''
- | '\u2029' //''
-;
-
-fragment IntegerTypeSuffix : [lL]? [uU] | [uU]? [lL];
-fragment ExponentPart : [eE] ('+' | '-')? [0-9] ('_'* [0-9])*;
-
-fragment CommonCharacter: SimpleEscapeSequence | HexEscapeSequence | UnicodeEscapeSequence;
-
-fragment SimpleEscapeSequence:
- '\\\''
- | '\\"'
- | '\\\\'
- | '\\0'
- | '\\a'
- | '\\b'
- | '\\f'
- | '\\n'
- | '\\r'
- | '\\t'
- | '\\v'
-;
-
-fragment HexEscapeSequence:
- '\\x' HexDigit
- | '\\x' HexDigit HexDigit
- | '\\x' HexDigit HexDigit HexDigit
- | '\\x' HexDigit HexDigit HexDigit HexDigit
-;
-
-fragment NewLine:
- '\r\n'
- | '\r'
- | '\n'
- | '\u0085' // '
- | '\u2028' //''
- | '\u2029' //''
-;
-
-fragment Whitespace:
- UnicodeClassZS //''
- | '\u0009' //''
- | '\u000B' //''
- | '\u000C' //'