gitlab.security_code_scan.SCS0011-1

unknown

Download Count*

MIT

License

The method identified is susceptible to injection. The input should be validated and properly escaped.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: security_code_scan.SCS0011-1
    patterns:
      - pattern-either:
          - pattern: new XsltSettings() {EnableScript = true};
          - pattern: |
              var $SETTINGS = new XsltSettings();
              ...
              $SETTINGS.EnableScript = true;
    message: >
      The method identified is susceptible to injection. The input should be
      validated and properly

      escaped.
    languages:
      - csharp
    severity: WARNING
    metadata:
      category: security
      cwe: "CWE-611: Improper Restriction of XML External Entity Reference"
      license: MIT

Short Link: https://sg.run/64k1