rspec/rules/S5146/csharp/how-to-fix-it/dotnet.adoc

=== How to fix it in ASP.NET

include::../../common/fix/code-rationale.adoc[]

==== Non-compliant code example

[source,csharp,diff-id=1,diff-type=noncompliant]
----
using System.Web;
using System.Web.Mvc;

public class ExampleController : Controller
{
    [HttpGet]
    public void Redirect(string url)
    {
        Response.Redirect(url);
    }
}
----

==== Compliant solution

[source,csharp,diff-id=1,diff-type=compliant]
----
using System.Web;
using System.Web.Mvc;

public class ExampleController : Controller
{
    private readonly string[] allowedUrls = { "/", "/login", "/logout" };

    [HttpGet]
    public void Redirect(string url)

    {
        if (allowedUrls.Contains(url))
        {
            Response.Redirect(url);
        }
    }
}
----

include::../../common/fix/how-does-this-work.adoc[]

=== Pitfalls

include::../../common/pitfalls/starts-with.adoc[]
[APPSEC-58] Modify rule S5146: Educational content (C#) (#1138) 2022-08-04 17:21:56 +02:00			`=== How to fix it in ASP.NET`

[APPSEC-59] Modify rule S5146: Educational content (Java) (#1146) 2022-08-05 12:24:14 +02:00			`include::../../common/fix/code-rationale.adoc[]`
[APPSEC-58] Modify rule S5146: Educational content (C#) (#1138) 2022-08-04 17:21:56 +02:00
Modify All Current Education Rules: Support intuitive view (#1256) 2022-09-15 10:28:08 +02:00			`==== Non-compliant code example`

			`[source,csharp,diff-id=1,diff-type=noncompliant]`
[APPSEC-58] Modify rule S5146: Educational content (C#) (#1138) 2022-08-04 17:21:56 +02:00			`----`
			`using System.Web;`
			`using System.Web.Mvc;`

[APPSEC-59] Modify rule S5146: Educational content (Java) (#1146) 2022-08-05 12:24:14 +02:00			`public class ExampleController : Controller`
[APPSEC-58] Modify rule S5146: Educational content (C#) (#1138) 2022-08-04 17:21:56 +02:00			`{`
			`[HttpGet]`
[APPSEC-59] Modify rule S5146: Educational content (Java) (#1146) 2022-08-05 12:24:14 +02:00			`public void Redirect(string url)`
[APPSEC-58] Modify rule S5146: Educational content (C#) (#1138) 2022-08-04 17:21:56 +02:00			`{`
Modify All Current Education Rules: Support intuitive view (#1256) 2022-09-15 10:28:08 +02:00			`Response.Redirect(url);`
[APPSEC-58] Modify rule S5146: Educational content (C#) (#1138) 2022-08-04 17:21:56 +02:00			`}`
			`}`
			`----`
Modify All Current Education Rules: Support intuitive view (#1256) 2022-09-15 10:28:08 +02:00
			`==== Compliant solution`

			`[source,csharp,diff-id=1,diff-type=compliant]`
[APPSEC-58] Modify rule S5146: Educational content (C#) (#1138) 2022-08-04 17:21:56 +02:00			`----`
			`using System.Web;`
			`using System.Web.Mvc;`

[APPSEC-59] Modify rule S5146: Educational content (Java) (#1146) 2022-08-05 12:24:14 +02:00			`public class ExampleController : Controller`
[APPSEC-58] Modify rule S5146: Educational content (C#) (#1138) 2022-08-04 17:21:56 +02:00			`{`
			`private readonly string[] allowedUrls = { "/", "/login", "/logout" };`

			`[HttpGet]`
[APPSEC-59] Modify rule S5146: Educational content (Java) (#1146) 2022-08-05 12:24:14 +02:00			`public void Redirect(string url)`
[APPSEC-58] Modify rule S5146: Educational content (C#) (#1138) 2022-08-04 17:21:56 +02:00
			`{`
			`if (allowedUrls.Contains(url))`
			`{`
			`Response.Redirect(url);`
			`}`
			`}`
			`}`
			`----`

Modify All Current Education Rules: Support intuitive view (#1256) 2022-09-15 10:28:08 +02:00			`include::../../common/fix/how-does-this-work.adoc[]`
Modify Education Rules S514{4,6}: Add trailing slash pitfall (#1262) 2022-09-15 14:25:49 +02:00
			`=== Pitfalls`

			`include::../../common/pitfalls/starts-with.adoc[]`