gitlab.security_code_scan.SCS0012-1

unknown
Download Count*
License

The endpoint is potentially accessible to not authorized users. If it contains sensitive information, like log files for example, it may lead to privilege escalation.

Run Locally

Run in CI

Defintion

rules:
  - id: security_code_scan.SCS0012-1
    patterns:
      - pattern-inside: |
          using System.Web.Mvc;
          ...
      - pattern-either:
          - pattern: |
              [$ANNO]
              class $CLASS : Controller{ ... }
          - pattern: |
              class $CLASS : Controller{ ... }
      - pattern-not: |
          [AllowAnonymous]
          class $CLASS : Controller{ ... }
      - pattern-not: |
          [Authorize]
          class $CLASS : Controller{ ... }
    message: >
      The endpoint is potentially accessible to not authorized users. If it
      contains sensitive

      information, like log files for example, it may lead to privilege escalation.
    languages:
      - csharp
    severity: WARNING
    metadata:
      category: security
      cwe: "CWE-284: Improper Access Control"
      license: MIT