gitlab.security_code_scan.SCS0032-1.SCS0033-1.SCS0034-1
unknown
Download Count*
License
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.
Run Locally
Run in CI
Defintion
rules:
- id: security_code_scan.SCS0032-1.SCS0033-1.SCS0034-1
patterns:
- pattern: |
new PasswordValidator
{
...,
};
- pattern: |
new PasswordValidator
{
...,
RequiredLength = $LEN,
...,
};
- pattern-not: |
new PasswordValidator
{
...,
RequireNonLetterOrDigit = true,
...,
};
- pattern-not: |
new PasswordValidator
{
...,
RequireDigit = true,
...,
};
- pattern-not: |
new PasswordValidator
{
...,
RequireLowercase = true,
...,
};
- pattern-not: |
new PasswordValidator
{
...,
RequireUppercase = true,
...,
};
- metavariable-comparison:
metavariable: $LEN
comparison: $LEN < 8
message: >
The product does not require that users should have strong passwords,
which
makes it easier for attackers to compromise user accounts.
languages:
- csharp
severity: WARNING
metadata:
category: security
cwe: "CWE-521: Weak Password Requirements"
license: MIT
Short Link: https://sg.run/o1e0