Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rule S4529: Exposing HTTP endpoints is security-sensitive #1991

Closed
valhristov opened this issue Oct 10, 2018 · 5 comments
Closed

Rule S4529: Exposing HTTP endpoints is security-sensitive #1991

valhristov opened this issue Oct 10, 2018 · 5 comments
Assignees
@valhristov
Labels
Area: C# C# rules related issues. Area: VB.NET VB.NET rules related issues.
Milestone
7.9

Comments

@valhristov
Copy link
Contributor

RSPEC-4529

Exposing HTTP endpoints is security-sensitive. It has led in the past to the following vulnerabilities:
@valhristov valhristov added this to the Security Hotspots milestone Oct 10, 2018
@duncanp-lseg duncanp-lseg added Area: C# C# rules related issues. Area: VB.NET VB.NET rules related issues. labels Oct 29, 2018
@valhristov valhristov self-assigned this Nov 12, 2018
@valhristov valhristov mentioned this issue Nov 12, 2018
Merged
@valhristov valhristov mentioned this issue Nov 16, 2018
Merged
@PeterRockstars
Copy link

@valhristov We are seeing this pop up in SonarCloud, but not in Visual Studio, any idea why that is?

@Evangelink
Copy link
Contributor

@PeterRockstars The hotspot rules are not displayed in SonarLint because they are a special kind of rules that might generate more FPs and so lower having a good experience inside the IDE.

@PeterRockstars
Copy link

That makes sense, thanks. Our build server is logging those errors during the build however, and if I run the same dotnet build command on my machine, the warnings are not logged. Is that because of something the "Prepare Sonar Analysis" step does?

@videepthMSFT
Copy link

Any Update on this issue. @PeterRockstars ?

@duncanp-lseg
Copy link
Contributor

FYI the hotspot rules are only executed when an analysis is being run and the results pushed to SonarQube/Cloud.
For local builds, this happens when you execute the SonarScanner for MSBuild begin step before running MSBuild. For Azure Pipeline builds, it happens when the Prepare Sonar Analysis step is executed before the MSBuild step.

@vishnu2017 if you have an issue/question about using the scanner, please start a thread on the community forum.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@valhristov valhristov

Labels
Area: C# C# rules related issues. Area: VB.NET VB.NET rules related issues.
Projects
None yet
Milestone
7.9
Development

No branches or pull requests
5 participants
@duncanp-lseg @Evangelink @videepthMSFT @valhristov @PeterRockstars