ALM used: Azure DevOps - Git Languages of the repository: C# .Net MVC 4.8.1 This rule does not seem to be picking up issues: C# static code analysis We have an example of a .Net framework MVC project (4.8.1) with unsafe http POST actions on the controller and no ValidateAntiforgeryToken attribute…

Rule 'Disabling CSRF protections is security-sensitive' does not seem to be working

Rules and Languages Report False-positive / False-negative...

Colin (Colin) March 1, 2024, 2:00pm 2

Hey there.

We would ask that you provide code that reproduces the (lack of) issue where you would expect an issue to be raised (whether it is the original code or not). I’ve moved your post to the section on reporting false-negatives.

Topic		Replies	Views
Debug feature in production code, false positive S4507 SonarQube Cloud csharp , security	3	1757	May 22, 2020
Security Hotspot warnings not displayed on the Security Hotspots page on SonarQube 8.2 version community edition SonarQube Server / Community Build dotnet	12	2544	March 10, 2020
SonarQube: Issues fixed for Roslyn rules are not detected in SonarQube SonarQube Server / Community Build csharp , sonarqube , security	1	554	March 25, 2019
Problem with security of HTTP Method SonarQube Cloud dotnet	8	3431	July 23, 2019
SonarCloud SAST SonarQube Cloud csharp , security , sonarqube-cloud	10	4809	January 24, 2020

Rule 'Disabling CSRF protections is security-sensitive' does not seem to be working

Related topics