contrib.csharp.best-practices.viewstatecrypt.viewstate-crypt

returntocorp

Author

unknown

Download Count*

License

Web Forms controls use hidden base64 encoded fields to store state information. If sensitive information is stored there it may be leaked to the client side.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: viewstate-crypt
    patterns:
      - pattern-not: viewStateEncryptionMode="Always"
      - pattern: viewStateEncryptionMode="$VALUE"
    message: Web Forms controls use hidden base64 encoded fields to store state
      information. If sensitive information is stored there it may be leaked to
      the client side.
    languages:
      - generic
    severity: WARNING
    metadata:
      technology:
        - asp.net
        - csharp
      category: best-practice
      owasp: A06:2017 - Security Misconfiguration
      cwe: "CWE-554: ASP.NET Misconfiguration: Not Using Input Validation Framework"
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Short Link: https://sg.run/lZ7y