ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Modify rule S5146: Add fix for Blazor (APPSEC-1905) (#4128)

Browse Source 
Co-authored-by: Thomas Serre <118730793+thomas-serre-sonarsource@users.noreply.github.com>
This commit is contained in:
daniel-teuchert-sonarsource 2024-09-02 14:56:08 +02:00 committed by GitHub
parent 22b1c621ad
commit 58f256f85c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 52 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
rules/S5146/csharp/how-to-fix-it/blazor.adoc Normal file
View File

@ -0,0 +1,50 @@
== How to fix it in Blazor
=== Code examples
include::../../common/fix/code-rationale.adoc[]
==== Noncompliant code example
[source,csharp,diff-id=2,diff-type=noncompliant]
----
@page "/"
@inject NavigationManager Navigation
@code {
[SupplyParameterFromQuery]
private String url {get ; set; }
protected override void OnInitialized() {
Navigation.NavigateTo(url);
}
}
----
==== Compliant solution
[source,csharp,diff-id=2,diff-type=compliant]
----
@page "/"
@inject NavigationManager Navigation
@code {
[SupplyParameterFromQuery]
private String url {get ; set; }
private readonly string[] allowedUrls = { "/", "/login", "/logout" };
protected override void OnInitialized() {
if (allowedUrls.Contains(url))
{
Navigation.NavigateTo(url);
}
}
}
----
include::../../common/fix/how-does-this-work.adoc[]
=== Pitfalls
include::../../common/pitfalls/starts-with.adoc[]

2
rules/S5146/csharp/rule.adoc
View File

@ -8,6 +8,8 @@ include::../impact.adoc[]
include::how-to-fix-it/dotnet.adoc[] include::how-to-fix-it/dotnet.adoc[]
include::how-to-fix-it/blazor.adoc[]
== Resources == Resources
include::../common/resources/standards.adoc[] include::../common/resources/standards.adoc[]