Do not detect HttpDelete or HttpPut
What does this MR do?
This code is detected as vulnerable by Semgrep C# analyzer.
[HttpPost]
public void Post() {}
However, this code is not detected.
[HttpDelete]
public void Delete() {}
A list of HTTP methods to be detected.
HttpPost
HttpDelete
HttpPatch
HttpPut
resources.
- CsrfHttpMethodController.cs - Sample ASP.NET Core Controller.
- original.json - GitLab version semgrep analyzer report.
- modified-rules.json - Semgrep analyzer report with modified rules.
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer