Updated C# CSRF rule: exception for class level CSRF Attribute Scenario (!201) · Merge requests · GitLab.org / security-products / sast-rules · GitLab

Dinura Seneviratne requested to merge dseneviratne-ext/sast-rules:main into main Aug 28, 2023

csharp/csrf/rule-Csrf.yml - Updated Rule to take into account the application possibly using https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.mvc.autovalidateantiforgerytokenattribute?view=aspnetcore-7.0

Modified the existing rule to scan at a class level if [AutoValidateAntiforgeryToken] is applied and prevent the triggering of the false positive.

Relates to Draft: Enhance C# semgrep rules (gitlab-org/gitlab#408758 - closed)

Edited Aug 28, 2023 by Wayne Haber