gitlab.security_code_scan.SCS0011-1

unknown
Download Count*
License

The method identified is susceptible to injection. The input should be validated and properly escaped.

Run Locally

Run in CI

Defintion

rules:
  - id: security_code_scan.SCS0011-1
    patterns:
      - pattern-either:
          - pattern: new XsltSettings() {EnableScript = true};
          - pattern: |
              var $SETTINGS = new XsltSettings();
              ...
              $SETTINGS.EnableScript = true;
    message: >
      The method identified is susceptible to injection. The input should be
      validated and properly

      escaped.
    languages:
      - csharp
    severity: WARNING
    metadata:
      category: security
      cwe: "CWE-611: Improper Restriction of XML External Entity Reference"
      license: MIT