Veracode throws “Technology-Specific Input Validation Problems (CWE ID 100)” for a public string property in C#

问题

Veracode throws "Technology-Specific Input Validation Problems (CWE ID 100)" for a public string property in C#.

These are the formats I have tried already, and all give same flaw.

Option: 1

    public string MyProperty { get; set; }

Option: 2

    private string _myProperty;
    public string MyProperty
    {
        get
        {
            return _myProperty;
        }
        set
        {
            _myProperty = value;
        }
    }

Option: 3

    private string _myProperty;
    public string MyProperty
    {
        get
        {
            return _myProperty ?? string.Empty;
        }
        set
        {
            _myProperty = value;
        }
    }

Can anyone tell why?

回答1:

This URL has some information suggesting a potential fix to the flow:

https://docs.microsoft.com/en-us/aspnet/web-api/overview/formats-and-model-binding/model-validation-in-aspnet-web-api

So, ultimately, the property just needs an attribute and it would look like this:

[Required]
public string MyProperty { get; set; }

This is the whole list of possible attributes from System.ComponentModel.DataAnnotations Namespace.

https://msdn.microsoft.com/en-us/library/system.componentmodel.dataannotations(v=vs.110).aspx

来源：https://stackoverflow.com/questions/44289347/veracode-throws-technology-specific-input-validation-problems-cwe-id-100-for

标签

veracode

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!