Addressing review feedback

dotpaul · dotpaul · commit 27a737c1ac90 · 2019-07-11T13:38:13.000-07:00
diff --git a/docs/code-quality/ca5361.md b/docs/code-quality/ca5361.md
@@ -1,5 +1,5 @@
 ---
-title: "CA5361: Do Not Disable SChannel Use of Strong Crypto"
+title: "CA5361: Do not disable SChannel use of strong crypto"
 ms.date: 07/10/2019
 ms.topic: reference
 author: dotpaul
@@ -14,7 +14,7 @@ f1_keywords:
   - "CA5361"
   - "DoNotSetSwitch"
 ---
-# CA5361: Do Not Disable SChannel Use of Strong Crypto
+# CA5361: Do not disable SChannel use of strong crypto
 
 |||
 |-|-|
@@ -34,12 +34,12 @@ Setting `Switch.System.Net.DontEnableSchUseStrongCrypto` to `true` weakens the c
 ## How to fix violations
 
 - If your application targets .NET Framework v4.6 or later, you can either remove the <xref:System.AppContext.SetSwitch%2A?displayProperty=nameWithType> method call, or set the switch's value to `false`.
-- If your application targets .NET Framework earlier than v4.6, and runs on .NET Framework v4.6 or later, set the switch's value to `false`.
+- If your application targets .NET Framework earlier than v4.6 and runs on .NET Framework v4.6 or later, set the switch's value to `false`.
 - Otherwise, refer to [Transport Layer Security (TLS) best practices with the .NET Framework](/dotnet/framework/network-programming/tls) for mitigations.
 
 ## When to suppress warnings
 
-You can suppress this warning if you need to connect to a legacy service, which can't be upgraded to use secure TLS configurations.
+You can suppress this warning if you need to connect to a legacy service that can't be upgraded to use secure TLS configurations.
 
 ## Pseudo-code examples
 
diff --git a/docs/code-quality/ca5364.md b/docs/code-quality/ca5364.md
@@ -1,5 +1,5 @@
 ---
-title: "CA5364: Do Not Use Deprecated Security Protocols"
+title: "CA5364: Do not use deprecated security protocols"
 ms.date: 07/10/2019
 ms.topic: reference
 author: dotpaul
@@ -14,7 +14,7 @@ f1_keywords:
   - "CA5364"
   - "DoNotUseDeprecatedSecurityProtocols"
 ---
-# CA5364: Do Not Use Deprecated Security Protocols
+# CA5364: Do not use deprecated security protocols
 
 |||
 |-|-|
@@ -25,6 +25,7 @@ f1_keywords:
 
 ## Cause
 
+This rule fires when either of the following conditions are met:
 - A deprecated <xref:System.Net.SecurityProtocolType?displayProperty=nameWithType> value was referenced.
 - An integer value representing a deprecated value was assigned to a <xref:System.Net.SecurityProtocolType> variable.
 
@@ -44,8 +45,9 @@ Don't use deprecated TLS protocol versions.
 
 ## When to suppress warnings
 
-- It's safe to suppress this warning if the reference to the deprecated protocol version isn't being used to enable a deprecated version.
-- You can suppress this warning if you need to connect to a legacy service, which can't be upgraded to use secure TLS configurations.
+It's safe to suppress this warning if:
+- The reference to the deprecated protocol version isn't being used to enable a deprecated version.
+- You need to connect to a legacy service that can't be upgraded to use secure TLS configurations.
 
 ## Pseudo-code examples
 
@@ -77,6 +79,34 @@ Public Class TestClass
 End Class
 ```
 
+### Violation
+
+```csharp
+using System;
+using System.Net;
+
+public class ExampleClass
+{
+    public void ExampleMethod()
+    {
+        // CA5364 violation
+        ServicePointManager.SecurityProtocol = (SecurityProtocolType) 768;    // TLS 1.1
+    }
+}
+```
+
+```vb
+Imports System
+Imports System.Net
+
+Public Class TestClass
+    Public Sub ExampleMethod()
+        ' CA5364 violation
+        ServicePointManager.SecurityProtocol = CType(768, SecurityProtocolType)   ' TLS 1.1
+    End Sub
+End Class
+```
+
 ### Solution
 
 ```csharp
diff --git a/docs/code-quality/ca5378.md b/docs/code-quality/ca5378.md
@@ -34,12 +34,12 @@ Setting `Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProto
 ## How to fix violations
 
 - If your application targets .NET Framework v4.7 or later, you can either remove the <xref:System.AppContext.SetSwitch%2A?displayProperty=nameWithType> method call, or set the switch's value to `false`.
-- If your application targets .NET Framework v4.6.2 or earlier, and runs on .NET Framework v4.7 or later, set the switch's value to `false`.
+- If your application targets .NET Framework v4.6.2 or earlier and runs on .NET Framework v4.7 or later, set the switch's value to `false`.
 - Otherwise, refer to [Transport Layer Security (TLS) best practices with the .NET Framework](/dotnet/framework/network-programming/tls) for mitigations.
 
 ## When to suppress warnings
 
-You can suppress this warning if you need to connect to a legacy service, which can't be upgraded to use secure TLS configurations.
+You can suppress this warning if you need to connect to a legacy service that can't be upgraded to use secure TLS configurations.
 
 ## Pseudo-code examples
 
diff --git a/docs/code-quality/ca5386.md b/docs/code-quality/ca5386.md
@@ -38,11 +38,11 @@ Transport Layer Security (TLS) secures communication between computers, most com
 
 ## How to fix violations
 
-Don't use hardcode TLS protocol versions.
+Don't hardcode TLS protocol versions.
 
 ## When to suppress warnings
 
-You can suppress this warning if you need to connect to a legacy service, which can't be upgraded to use secure TLS configurations.
+You can suppress this warning if your application targets .NET Framework v4.6.2 or earlier and may run on a computer that has insecure defaults.
 
 ## Pseudo-code examples
 
@@ -74,6 +74,34 @@ Public Class TestClass
 End Class
 ```
 
+### Violation
+
+```csharp
+using System;
+using System.Net;
+
+public class ExampleClass
+{
+    public void ExampleMethod()
+    {
+        // CA5386 violation
+        ServicePointManager.SecurityProtocol = (SecurityProtocolType) 3072;    // TLS 1.2
+    }
+}
+```
+
+```vb
+Imports System
+Imports System.Net
+
+Public Class TestClass
+    Public Sub ExampleMethod()
+        ' CA5386 violation
+        ServicePointManager.SecurityProtocol = CType(3072, SecurityProtocolType)   ' TLS 1.2
+    End Sub
+End Class
+```
+
 ### Solution
 
 ```csharp
diff --git a/docs/code-quality/toc.yml b/docs/code-quality/toc.yml
@@ -690,9 +690,9 @@
           href: ca3077-insecure-processing-in-api-design-xml-document-and-xml-text-reader.md
         - name: "CA3147: Mark verb handlers with ValidateAntiForgeryToken"
           href: ca3147-mark-verb-handlers-with-validateantiforgerytoken.md
-        - name: "CA5361: Do Not Disable SChannel Use of Strong Crypto"
+        - name: "CA5361: Do not disable SChannel use of strong crypto"
           href: ca5361.md
-        - name: "CA5364: Do Not Use Deprecated Security Protocols"
+        - name: "CA5364: Do not use deprecated security protocols"
           href: ca5364.md
         - name: "CA5378: Do not disable ServicePointManagerSecurityProtocols"
           href: ca5378.md
