45 lines
1.3 KiB
Plaintext
45 lines
1.3 KiB
Plaintext
=== deprecates: S4564
|
|
|
|
=== on 15 Jan 2021, 15:39:16 Andrei Epure wrote:
|
|
\[~alexandre.gigleux] what about Web.Release.config transformations? See \https://github.com/SonarSource/sonar-dotnet/issues/3948
|
|
|
|
=== on 15 Jan 2021, 18:30:25 Andrei Epure wrote:
|
|
Removed the ``++web.config++`` part as we are having some technical difficulties in the integration with the scanner. To respect the timebox, we're going to deliver the Controller part first.
|
|
|
|
Putting it here.
|
|
|
|
|
|
== Sensitive Code Example
|
|
|
|
At application level, configured in the Web.config file:
|
|
|
|
----
|
|
<configuration>
|
|
<system.web>
|
|
<pages validateRequest="false" />
|
|
...
|
|
<httpRuntime requestValidationMode="0.0" />
|
|
</system.web>
|
|
</configuration>
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
|
|
At application level, configured in the Web.config file:
|
|
|
|
[source,text]
|
|
----
|
|
<configuration>
|
|
<system.web>
|
|
<pages validateRequest="true" />
|
|
...
|
|
<!-- see https://docs.microsoft.com/en-us/dotnet/api/system.web.configuration.httpruntimesection.requestvalidationmode?view=netframework-4.8 -->
|
|
<httpRuntime requestValidationMode="4.5" />
|
|
</system.web>
|
|
</configuration>
|
|
----
|
|
|
|
And the link to * https://docs.microsoft.com/en-us/dotnet/api/system.web.configuration.httpruntimesection.requestvalidationmode?view=netframework-4.8[HttpRuntimeSection.RequestValidationMode Property]
|
|
|