Disable warning S4502

pseudonym00042 · January 21, 2022, 11:27am

Why can I not ignore S4502 with #pragma so that it does not show up in the build log?

#pragma warning disable S4502 // Make sure disabling CSRF protection is safe here. 
[IgnoreAntiforgeryToken]
#pragma warning restore S4502 // Make sure disabling CSRF protection is safe here. 
public class ErrorModel : PageModel
{
  ...
}

It is possible for other warnings like S2302:

public void Test(string response)
{
#pragma warning disable S2302 // 'response' in message should use nameof.
   throw new InvalidOperationException("response is a funny argument");
#pragma warning restore S2302 // 'response' in message should use nameof.
}

ALM used: Azure DevOps
CI system used: Azure DevOps
Scanner command:

      - task: SonarCloudPrepare@1
        inputs:
          SonarCloud: 'xxxx'
          organization: 'xxxx'
          scannerMode: 'MSBuild'
          projectKey: 'xxxx'
          projectName: 'xxxx'
          extraProperties: |
            sonar.coverage.exclusions=**/FrontEndWeb.Client/Program.cs

Languages of the repository: C#

Colin · January 21, 2022, 1:49pm

Hey there.

The rule in question is a Security Hotspot, which cannot be disabled via #pragma. We have an open issue for this here: `#pragma warning disable` compiler directives are not working for hotspot rules · Issue #4724 · SonarSource/sonar-dotnet · GitHub

pseudonym00042 · January 24, 2022, 9:04am

Thank you for a precise answer.

system · January 31, 2022, 9:04am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.