gitlab.security_code_scan.SCS0017-1

unknown
Download Count*
License

Input validation is a first line of defence for a variety of different attacks and should be enabled per default. Please do not forget to use @Html.AntiForgeryToken() in your view.

Run Locally

Run in CI

Defintion

rules:
  - id: security_code_scan.SCS0017-1
    patterns:
      - pattern: |
          [ValidateInput(false)]
          public $RET $FOO(...)
          {
            ...
          }
    message: |
      Input validation is a first line of defence for a variety of different
      attacks and should be enabled per default. Please do not forget to use
      @Html.AntiForgeryToken() in your view.
    languages:
      - csharp
    severity: WARNING
    metadata:
      category: security
      cwe: "CWE-554: ASP.NET Misconfiguration: Not Using Input Validation Framework"
      license: MIT