ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S5122/csharp/rule.adoc
Arseniy Zaostrovnykh 28ecb72edb RULEAPI-564 fix quoted in-line code
2021-01-27 12:07:43 +01:00

127 lines
2.9 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
=== ASP.NET Core MVC
----
[HttpGet]
public string Get()
{
Response.Headers.Add("Access-Control-Allow-Origin", "*"); // Sensitive
Response.Headers.Add(HeaderNames.AccessControlAllowOrigin, "*"); // Sensitive
}
----
----
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddDefaultPolicy(builder =>
{
builder.WithOrigins("*"); // Sensitive
});
options.AddPolicy(name: "EnableAllPolicy", builder =>
{
builder.WithOrigins("*"); // Sensitive
});
options.AddPolicy(name: "OtherPolicy", builder =>
{
builder.AllowAnyOrigin(); // Sensitive
});
});
services.AddControllers();
}
----
=== ASP.NET MVC
----
public class HomeController : ApiController
{
public HttpResponseMessage Get()
{
var response = HttpContext.Current.Response;
response.Headers.Add("Access-Control-Allow-Origin", "*"); // Sensitive
response.Headers.Add(HeaderNames.AccessControlAllowOrigin, "*"); // Sensitive
response.AppendHeader(HeaderNames.AccessControlAllowOrigin, "*"); // Sensitive
}
}
----
----
[EnableCors(origins: "*", headers: "*", methods: "GET")] // Sensitive
public HttpResponseMessage Get() => new HttpResponseMessage()
{
Content = new StringContent("content")
};
----
== Compliant Solution
=== ASP.NET Core MVC
----
[HttpGet]
public string Get()
{
Response.Headers.Add("Access-Control-Allow-Origin", "https://trustedwebsite.com"); // Safe
Response.Headers.Add(HeaderNames.AccessControlAllowOrigin, "https://trustedwebsite.com"); // Safe
}
 {code}
----
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddDefaultPolicy(builder =>
{
builder.WithOrigins("https://trustedwebsite.com", "https://anothertrustedwebsite.com"); // Safe
});
options.AddPolicy(name: "EnableAllPolicy", builder =>
{
builder.WithOrigins("https://trustedwebsite.com"); // Safe
});
});
services.AddControllers();
}
----
h3. ASP.Net MVC
----
public class HomeController : ApiController
{
public HttpResponseMessage Get()
{
var response = HttpContext.Current.Response;
response.Headers.Add("Access-Control-Allow-Origin", "https://trustedwebsite.com");
response.Headers.Add(HeaderNames.AccessControlAllowOrigin, "https://trustedwebsite.com");
response.AppendHeader(HeaderNames.AccessControlAllowOrigin, "https://trustedwebsite.com");
}
}
----
----
[EnableCors(origins: "https://trustedwebsite.com", headers: "*", methods: "GET")]
public HttpResponseMessage Get() => new HttpResponseMessage()
{
Content = new StringContent("content")
};
----
----
include::../see.adoc[]
Reference in New Issue View Git Blame Copy Permalink