Request validation should not be disabled

Docs > Datadog Security > Code Security > Static Analysis (SAST) > SAST Rules > Request validation should not be disabled

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Metadata

ID: csharp-security/disable-request-validation

Language: C#

Severity: Warning

Category: Security

CWE: 1019

Description

Input should always be validated to prevent attack vectors (such as injections or XSS). Disabling validation may expose your application to these attacks. For these reasons, validation should not be disabled.

Learn More

HttpRequest.ValidateInput

Non-Compliant Code Examples

public class MyController : Controller
{
    [ValidateInput(false)]
    public IActionResult MyRequest()
    {
        Console.WriteLine("inside controller");
    }
}

Compliant Code Examples

public class MyController : Controller
{
    [ValidateInput(true)]
    public IActionResult MyRequest()
    {
        Console.WriteLine("inside controller");
    }
}