gitlab.security_code_scan.SCS0032-1.SCS0033-1.SCS0034-1

unknown
Download Count*
License

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

Run Locally

Run in CI

Defintion

rules:
  - id: security_code_scan.SCS0032-1.SCS0033-1.SCS0034-1
    patterns:
      - pattern: |
          new PasswordValidator
          {
            ...,
          };
      - pattern: |
          new PasswordValidator
          {
            ...,
            RequiredLength = $LEN,
            ...,
          };
      - pattern-not: |
          new PasswordValidator
          {
            ...,
            RequireNonLetterOrDigit = true,
            ...,
          };
      - pattern-not: |
          new PasswordValidator
          {
            ...,
            RequireDigit = true,
            ...,
          };
      - pattern-not: |
          new PasswordValidator
          {
            ...,
            RequireLowercase = true,
            ...,
          };
      - pattern-not: |
          new PasswordValidator
          {
            ...,
            RequireUppercase = true,
            ...,
          };
      - metavariable-comparison:
          metavariable: $LEN
          comparison: $LEN < 8
    message: >
      The product does not require that users should have strong passwords,
      which

      makes it easier for attackers to compromise user accounts.
    languages:
      - csharp
    severity: WARNING
    metadata:
      category: security
      cwe: "CWE-521: Weak Password Requirements"
      license: MIT