gitlab.security_code_scan.SCS0017-1
unknown
Download Count*
License
Input validation is a first line of defence for a variety of different attacks and should be enabled per default. Please do not forget to use @Html.AntiForgeryToken() in your view.
Run Locally
Run in CI
Defintion
rules:
- id: security_code_scan.SCS0017-1
patterns:
- pattern: |
[ValidateInput(false)]
public $RET $FOO(...)
{
...
}
message: |
Input validation is a first line of defence for a variety of different
attacks and should be enabled per default. Please do not forget to use
@Html.AntiForgeryToken() in your view.
languages:
- csharp
severity: WARNING
metadata:
category: security
cwe: "CWE-554: ASP.NET Misconfiguration: Not Using Input Validation Framework"
license: MIT
Short Link: https://sg.run/p16Z