I’m using the SonarCloud services and scan my open source project with it. For scanning I use SonarScanner for MSBuild version 4.9.0.17385-net46.
I get the following security hotspot issue:
https://sonarcloud.io/project/issues?id=WhereToFly&open=AXIRqllZg2Yetd9XHruV&resolved=false&types=SECURITY_HOTSPOT
In the code, ASP.NET Core’s UseDeveloperExceptionPage()
is called, which is an issue, unless it is wrapped by an if (env.IsDevelopment())
, which I did. The description of S4507 also says this. So I think this is a false-positive.
Thanks!
Michael