rspec/rules/S4502/csharp/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Noncompliant Code Example

----
public void ConfigureServices(IServiceCollection services)
{
    // ...
    services.AddControllersWithViews(options => options.Filters.Add(new IgnoreAntiforgeryTokenAttribute())); // Sensitive
    // ...
}
----

----
[HttpPost, IgnoreAntiforgeryToken] // Sensitive
public IActionResult ChangeEmail(ChangeEmailModel model) => View("~/Views/...");
----

== Compliant Solution

----
public void ConfigureServices(IServiceCollection services)
{
    // ...
    services.AddControllersWithViews(options => options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute()));
    // or 
    services.AddControllersWithViews(options => options.Filters.Add(new ValidateAntiForgeryTokenAttribute()));
    // ...
}
----

----
[HttpPost]
[AutoValidateAntiforgeryToken]
public IActionResult ChangeEmail(ChangeEmailModel model) => View("~/Views/...");
----

include::../see.adoc[]
Add coveredLanguages field 2021-01-29 15:53:23 +01:00			`include::../description.adoc[]`

			`include::../ask-yourself.adoc[]`

			`include::../recommended.adoc[]`

			`== Noncompliant Code Example`

			`----`
			`public void ConfigureServices(IServiceCollection services)`
			`{`
			`// ...`
			`services.AddControllersWithViews(options => options.Filters.Add(new IgnoreAntiforgeryTokenAttribute())); // Sensitive`
			`// ...`
			`}`
			`----`

			`----`
			`[HttpPost, IgnoreAntiforgeryToken] // Sensitive`
			`public IActionResult ChangeEmail(ChangeEmailModel model) => View("~/Views/...");`
			`----`

			`== Compliant Solution`

			`----`
			`public void ConfigureServices(IServiceCollection services)`
			`{`
			`// ...`
			`services.AddControllersWithViews(options => options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute()));`
			`// or`
			`services.AddControllersWithViews(options => options.Filters.Add(new ValidateAntiForgeryTokenAttribute()));`
			`// ...`
			`}`
			`----`

			`----`
			`[HttpPost]`
			`[AutoValidateAntiforgeryToken]`
			`public IActionResult ChangeEmail(ChangeEmailModel model) => View("~/Views/...");`
			`----`

			`include::../see.adoc[]`