我有以下代码:
Public Shared Function Crypt(text As String) As String
If text <> "" Then
Dim cryptoProvider As New DESCryptoServiceProvider()
Dim ms As New MemoryStream()
Dim cs As New CryptoStream(ms, cryptoProvider.CreateEncryptor(KEY_64, IV_64), CryptoStreamMode.Write)
Dim sw As New StreamWriter(cs)
sw.Write(text)
sw.Flush()
cs.FlushFinalBlock()
ms.Flush()
'convert back to a string
Return Convert.ToBase64String(ms.GetBuffer(), 0, CInt(ms.Length))
End If
Return ""
End Function
Fortify扫描后,他们报告我需要释放CS CryptoStream对象。
据我所知,FlushFinalBlock()方法可完成此工作。
我也需要调用disponse()函数吗?或可能是假阳性问题?
实现IDisposable
接口且仅在单个块范围内使用的任何对象,都应使用Using
语句创建。这样,可以确保将其隐式放置在Using
块的末尾。即使命中Return
语句或引发异常,该规则也适用。对于您的情况,您要创建四个一次性对象。在创建每个对象或销毁每个对象之间不需要任何代码,因此您不需要多个嵌套的Using
块。您应该对它们全部使用单个Using
语句:
Using cryptoProvider As New DESCryptoServiceProvider(),
ms As New MemoryStream(),
cs As New CryptoStream(ms, cryptoProvider.CreateEncryptor(KEY_64, IV_64), CryptoStreamMode.Write),
sw As New StreamWriter(cs)
'...
End Using