Puma Scan is a software security Visual Studio extension that provides real time, continuous source code analysis as development teams write code. Vulnerabilities are immediately displayed in the development environment as spell check and compiler warnings, preventing security bugs from entering your applications.
A newer pattern exists for auto validating CSRF tokens in .NET Core to protect all endpoints through global filter configuration. Is there any pattern for detecting this attribute is globally applied and disable SEC0019? Potentially here SEC0019 could apply to the use of the ignore attribute.
A newer pattern exists for auto validating CSRF tokens in .NET Core to protect all endpoints through global filter configuration. Is there any pattern for detecting this attribute is globally applied and disable SEC0019? Potentially here SEC0019 could apply to the use of the ignore attribute.
Filters.Add(new AutoValidateAntiforgeryTokenAttribute());
AutoValidateAntiforgeryTokenAttribute can be applied as a global filter to trigger validation of antiforgery tokens by default for an application.
Also, we should call out the usage of IgnoreAntiforgeryTokenAttribute here.
Blog explaining the topic: https://andrewlock.net/automatically-validating-anti-forgery-tokens-in-asp-net-core-with-the-autovalidateantiforgerytokenattribute/
This would be dependent on .NET Core support #36