Avoid Exposed Controller Actions

Please follow this template to help us specify this new rule:

  • description of the Rule. By default, the Model-View-Controller (MVC) framework treats all public methods of a controller class as action methods. If your controller class contains a public method and you do not want it to be an action method, you must mark that method with the NonActionAttribute. If you fail to do so, the method will be exposed for direct access. (Security Hotspots)

  • snippet of Noncompliant Code

private void DoSomething()
{
// Method logic.
}
  • snippet of Compilant Code (fixing the above noncompliant code)
< [NonAction]
private void DoSomething()
{
// Method logic.
}/>