gitlab.security_code_scan.SCS0017-1

unknown

Download Count*

License

Input validation is a first line of defence for a variety of different attacks and should be enabled per default. Please do not forget to use @Html.AntiForgeryToken() in your view.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: security_code_scan.SCS0017-1
    patterns:
      - pattern: |
          [ValidateInput(false)]
          public $RET $FOO(...)
          {
            ...
          }
    message: |
      Input validation is a first line of defence for a variety of different
      attacks and should be enabled per default. Please do not forget to use
      @Html.AntiForgeryToken() in your view.
    languages:
      - csharp
    severity: WARNING
    metadata:
      category: security
      cwe: "CWE-554: ASP.NET Misconfiguration: Not Using Input Validation Framework"
      license: MIT

Short Link: https://sg.run/p16Z