gitlab.security_code_scan.SCS0007-1
unknown
Download Count*
License
The method identified is susceptible to injection. The input should be validated and properly escaped.
Run Locally
Run in CI
Defintion
rules:
- id: security_code_scan.SCS0007-1
mode: taint
pattern-sanitizers:
- pattern: (XmlReaderSettings $SETTINGS).ProhibitDtd = true;
- pattern: (XmlReaderSettings $SETTINGS).DtdProcessing = DtdProcessing.Prohibit;
- pattern: (XmlDocument $DOC).XmlResolver = null;
- pattern: var $DOC = new XmlDocument { ..., XmlResolver = null, ... };
pattern-sinks:
- pattern: XmlReader.Create(..., $SETTINGS);
- pattern: (XmlDocument $DOC).Load(...);
pattern-sources:
- pattern: var $SETTINGS = new XmlReaderSettings();
- pattern: var $DOC = new XmlDocument(...);
- pattern: var $DOC = new XmlDocument {...};
message: >
The method identified is susceptible to injection. The input should be
validated and properly
escaped.
languages:
- csharp
severity: WARNING
metadata:
category: security
cwe: "CWE-611: Improper Restriction of XML External Entity Reference (‘XXE’)"
license: MIT
Short Link: https://sg.run/lbWE