Disable warning S4502

Why can I not ignore S4502 with #pragma so that it does not show up in the build log?

#pragma warning disable S4502 // Make sure disabling CSRF protection is safe here. 
[IgnoreAntiforgeryToken]
#pragma warning restore S4502 // Make sure disabling CSRF protection is safe here. 
public class ErrorModel : PageModel
{
  ...
}

It is possible for other warnings like S2302:

public void Test(string response)
{
#pragma warning disable S2302 // 'response' in message should use nameof.
   throw new InvalidOperationException("response is a funny argument");
#pragma warning restore S2302 // 'response' in message should use nameof.
}
  • ALM used: Azure DevOps
  • CI system used: Azure DevOps
  • Scanner command:
      - task: SonarCloudPrepare@1
        inputs:
          SonarCloud: 'xxxx'
          organization: 'xxxx'
          scannerMode: 'MSBuild'
          projectKey: 'xxxx'
          projectName: 'xxxx'
          extraProperties: |
            sonar.coverage.exclusions=**/FrontEndWeb.Client/Program.cs
  • Languages of the repository: C#

Hey there.

The rule in question is a Security Hotspot, which cannot be disabled via #pragma. We have an open issue for this here: `#pragma warning disable` compiler directives are not working for hotspot rules · Issue #4724 · SonarSource/sonar-dotnet · GitHub

Thank you for a precise answer.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.