0

在我的一些项目中,我一直在使用一对久经考验的数据加密/解密方法(加密方法粘贴在下面)。但是我一直被这个关于 memoryStream 对象的 CA2202 警告(“不要多次处理对象”)所困扰。我相信我以适当的方式处理了这个问题,但每当我在 Visual Studio 中运行分析时,我仍然会收到警告。它从未在生产代码中引发异常,但我仍然想一劳永逸地摆脱警告。那可能吗?还是我应该忽略它?提前致谢。

public static string Encrypt(string clearText, string passPhrase, string saltValue)
{
    byte[] clearTextBytes = Encoding.UTF8.GetBytes(clearText);
    byte[] saltValueBytes = Encoding.UTF8.GetBytes(saltValue);

    Rfc2898DeriveBytes passPhraseDerviedBytes = new Rfc2898DeriveBytes(passPhrase, saltValueBytes);
    byte[] keyBytes = passPhraseDerviedBytes.GetBytes(32);
    byte[] initVectorBytes = passPhraseDerviedBytes.GetBytes(16);

    RijndaelManaged symmetricKey = new RijndaelManaged() { Mode = CipherMode.CBC };
    ICryptoTransform encryptor = symmetricKey.CreateEncryptor(keyBytes, initVectorBytes);

    byte[] cipherTextBytes = null;
    MemoryStream memoryStream = null;
    try
    {
        memoryStream = new MemoryStream();
        using (CryptoStream cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))
        {
            cryptoStream.Write(clearTextBytes, 0, clearTextBytes.Length);
            cryptoStream.FlushFinalBlock();
            cipherTextBytes = memoryStream.ToArray();
        }
    }
    finally
    {
        if (memoryStream != null)
        {
            memoryStream.Dispose();
        }
    }

    return Convert.ToBase64String(cipherTextBytes);
}
4

2 回答 2

1

这是因为CryptoStream关闭memoryStream

您正在使用构造函数

public CryptoStream(Stream stream, ICryptoTransform transform, CryptoStreamMode mode)
    : this(stream, transform, mode, false) {
}

哪个调用

public CryptoStream(Stream stream, ICryptoTransform transform, CryptoStreamMode mode, bool leaveOpen) {
    _stream = stream;
    _leaveOpen = leaveOpen;
    //...
}

_leaveOpen并且_stream后来被用于Dispose

protected override void Dispose(bool disposing) {
    try {
        if (!_leaveOpen) {
            _stream.Close();
        }
        //...
    }
}

您可以删除memoryStream.Dispose();, 或true作为参数传递给CryptoStream构造函数

using (CryptoStream cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write, true)) { }

github源代码参考

于 2018-11-05T11:48:42.253 回答
1

问题是对给定流的调用CryptoStream.Dispose 可以调用 dispose:

protected override void Dispose(bool disposing) 
{
    try 
    {
        if (disposing) 
        {
            if (!_finalBlockTransformed) 
            {
                FlushFinalBlock();
            }
            if (!_leaveOpen) 
            {
                _stream.Close();
            }
        }
    }
    ...
}

如果您使用带有 4 个参数的构造函数:

CryptoStream(Stream stream, ICryptoTransform transform, CryptoStreamMode mode, bool leaveOpen)

最后一个参数确定流是否关闭。依次调用Close(),默认情况下也调用Dispose

public virtual void Close()
{
    /* These are correct, but we'd have to fix PipeStream & NetworkStream very carefully.
    Contract.Ensures(CanRead == false);
    Contract.Ensures(CanWrite == false);
    Contract.Ensures(CanSeek == false);
    */

    Dispose(true);
    GC.SuppressFinalize(this);
}

因此,检查似乎无法正确确定特定的 Stream 实现是否将被 Disposed,并且回退到认为它将是 - 就是这种情况。

但是请注意,MemoryStream在大多数情况下,处理两次、一次或零次 a 并不重要。

于 2018-11-05T11:49:00.703 回答