rspec/rules/S5693/csharp/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

----
using Microsoft.AspNetCore.Mvc;

public class MyController : Controller
{
    [HttpPost]
    [DisableRequestSizeLimit] // Sensitive: No size  limit
    [RequestSizeLimit(10000000)] // Sensitive: 10MB is more than the recommended limit of 2MB
    public IActionResult PostRequest(Model model) 
    {
    // ...
    }

    [HttpPost]
    [RequestFormLimits(MultipartBodyLengthLimit = 8000000)] // Sensitive: 10MB is more than the recommended limit of 8MB
    public IActionResult MultipartFormRequest(Model model)
    {
    // ...
    }
}
----

== Compliant Solution

----
using Microsoft.AspNetCore.Mvc;

public class MyController : Controller
{
    [HttpPost]
    [RequestSizeLimit(2000000)] // Compliant: 2MB
    public IActionResult PostRequest(Model model)
    {
    // ...
    }

    [HttpPost]
    [RequestFormLimits(MultipartBodyLengthLimit = 8000000)] // Compliant: 8MB
    public IActionResult MultipartFormRequest(Model model)
    {
    // ...
    }
}
----

include::../see.adoc[]
Nightly update 2021-01-22 04:06:24 +00:00			`include::../description.adoc[]`

			`include::../ask-yourself.adoc[]`

			`include::../recommended.adoc[]`

			`== Sensitive Code Example`

			`----`
			`using Microsoft.AspNetCore.Mvc;`

			`public class MyController : Controller`
			`{`
			`[HttpPost]`
			`[DisableRequestSizeLimit] // Sensitive: No size limit`
			`[RequestSizeLimit(10000000)] // Sensitive: 10MB is more than the recommended limit of 2MB`
Nightly update 2021-01-23 04:07:47 +00:00			`public IActionResult PostRequest(Model model)`
			`{`
Nightly update 2021-01-22 04:06:24 +00:00			`// ...`
			`}`

			`[HttpPost]`
			`[RequestFormLimits(MultipartBodyLengthLimit = 8000000)] // Sensitive: 10MB is more than the recommended limit of 8MB`
			`public IActionResult MultipartFormRequest(Model model)`
			`{`
			`// ...`
			`}`
			`}`
			`----`

			`== Compliant Solution`

			`----`
			`using Microsoft.AspNetCore.Mvc;`

			`public class MyController : Controller`
			`{`
			`[HttpPost]`
			`[RequestSizeLimit(2000000)] // Compliant: 2MB`
			`public IActionResult PostRequest(Model model)`
			`{`
			`// ...`
			`}`

			`[HttpPost]`
			`[RequestFormLimits(MultipartBodyLengthLimit = 8000000)] // Compliant: 8MB`
			`public IActionResult MultipartFormRequest(Model model)`
			`{`
			`// ...`
			`}`
			`}`
			`----`

			`include::../see.adoc[]`