"GitLab Advanced SAST rules: C#"
- Tier: Ultimate
- Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
Rules used by GitLab Advanced SAST to detect vulnerabilities in C# code.
| Rule ID | Rule description | CWE | OWASP Top 10 |
|---|---|---|---|
csharp-dapper-sqli-taint |
Improper neutralization of special elements used in an SQL command ('SQL Injection') | CWE-89 | A1:2017, A03:2021 |
csharp-lang-cmdi-os-command-injection-taint |
Improper neutralization of special elements used in an OS command ('OS Command Injection') | CWE-78 | A1:2017, A03:2021 |
csharp-lang-cmdi-process-start-taint |
Improper neutralization of special elements used in an OS command('OS Command Injection') | CWE-78 | A1:2017, A03:2021 |
csharp-lang-codei-taint |
Improper control of generation of code ('Code Injection') | CWE-94 | A1:2017, A03:2021 |
csharp-lang-crypto-certificate-validation-disabled-atomic |
Certificate validation disabled | CWE-295 | A2:2017, A07:2021 |
csharp-lang-crypto-weak-cipher-alg-atomic |
Use of a broken or risky cryptographic algorithm | CWE-327 | A3:2017, A02:2021 |
csharp-lang-crypto-weak-cipher-mode-atomic |
Use of a broken or risky cryptographic algorithm | CWE-327 | A3:2017, A02:2021 |
csharp-lang-crypto-weak-hashing-function-atomic |
Use of a broken or risky cryptographic algorithm (SHA1/MD5) | CWE-327 | A3:2017, A02:2021 |
csharp-lang-crypto-weak-rng-atomic |
Use of cryptographically weak Pseudo-Random Number Generator (PRNG) | CWE-338 | A3:2017, A02:2021 |
csharp-lang-csrf-input-no-validate-antiforgery-token-atomic |
Potential Cross-Site Request Forgery (CSRF) | CWE-352 | A5:2017, A01:2021 |
csharp-lang-deserialization-binaryformatter-taint |
Deserialization of potentially untrusted data | CWE-502 | A8:2017, A08:2021 |
csharp-lang-deserialization-soapformatter-taint |
Deserialization of potentially untrusted data | CWE-502 | A8:2017, A08:2021 |
csharp-lang-deserialization-taint |
Deserialization of potentially untrusted data | CWE-502 | A8:2017, A08:2021 |
csharp-lang-ldapi-taint |
Improper neutralization of special elements used in an LDAP query ('LDAP Injection') | CWE-90 | A1:2017, A03:2021 |
csharp-lang-misconfiguration-cookie-httponly-atomic |
Sensitive cookie without 'HttpOnly' flag | CWE-1004 | A6:2017, A05:2021 |
csharp-lang-misconfiguration-cookie-secure-atomic |
Sensitive cookie in HTTPS session without 'Secure' attribute | CWE-614 | A6:2017, A05:2021 |
csharp-lang-misconfiguration-input-validation-atomic |
ASP.NET input validation disabled | CWE-554 | A6:2017, A05:2021 |
csharp-lang-misconfiguration-password-complexity-atomic |
Weak password requirements | CWE-521 | A2:2017, A07:2021 |
csharp-lang-openredirect-taint |
URL redirection to untrusted site 'open redirect' | CWE-601 | A1:2017, A03:2021 |
csharp-lang-pathtraversal-aspnetcore-taint |
Improper limitation of a pathname to a restricted directory ('Path Traversal') | CWE-22 | A5:2017, A01:2021 |
csharp-lang-pathtraversal-fileproviders-low-taint |
Improper limitation of a pathname to a restricted directory ('Path Traversal') | CWE-22 | A5:2017, A01:2021 |
csharp-lang-pathtraversal-fileproviders-taint |
Improper limitation of a pathname to a restricted directory ('Path Traversal') | CWE-22 | A5:2017, A01:2021 |
csharp-lang-pathtraversal-reflection-taint |
Use of externally-controlled input to select classes or code ('Unsafe Reflection') | CWE-470 | A01:2017, A03:2021 |
csharp-lang-pathtraversal-systemio-low-taint |
Improper limitation of a pathname to a restricted directory ('Path Traversal') | CWE-22 | A5:2017, A01:2021 |
csharp-lang-pathtraversal-systemio-medium-taint |
Improper limitation of a pathname to a restricted directory ('Path Traversal') | CWE-22 | A5:2017, A01:2021 |
csharp-lang-pathtraversal-systemio-taint |
Improper limitation of a pathname to a restricted directory ('Path Traversal') | CWE-22 | A5:2017, A01:2021 |
csharp-lang-pathtraversal-systemiocompression-taint |
Improper limitation of a pathname to a restricted directory ('Path Traversal') | CWE-22 | A5:2017, A01:2021 |
csharp-lang-pathtraversal-systemnet-taint |
Improper limitation of a pathname to a restricted directory ('Path Traversal') | CWE-22 | A5:2017, A01:2021 |
csharp-lang-pathtraversal-systemweb-taint |
Improper limitation of a pathname to a restricted directory ('Path Traversal') | CWE-22 | A5:2017, A01:2021 |
csharp-lang-pathtraversal-systemxml-taint |
Improper limitation of a pathname to a restricted directory ('Path Traversal') | CWE-22 | A5:2017, A01:2021 |
csharp-lang-sqli-injection-taint |
Improper neutralization of special elements used in an SQL command ('SQL Injection') | CWE-89 | A1:2017, A03:2021 |
csharp-lang-sqli-mysqlconnector-taint |
Improper neutralization of special elements used in an SQL command ('SQL Injection') | CWE-89 | A1:2017, A03:2021 |
csharp-lang-sqli-sql-command-taint |
Improper neutralization of special elements used in an SQL command ('SQL Injection') | CWE-89 | A1:2017, A03:2021 |
csharp-lang-ssrf-http-client-taint |
Server Side Request Forgery (SSRF) | CWE-918 | A1:2017, A10:2021 |
csharp-lang-ssrf-rest-client-taint |
Server Side Request Forgery (SSRF) | CWE-918 | A1:2017, A10:2021 |
csharp-lang-ssrf-web-client-taint |
Server Side Request Forgery (SSRF) | CWE-918 | A1:2017, A10:2021 |
csharp-lang-ssrf-web-request-taint |
Server Side Request Forgery (SSRF) | CWE-918 | A1:2017, A10:2021 |
csharp-lang-xpathi-xml-query-taint |
Improper neutralization of data within XPath expressions ('XPath Injection') | CWE-643 | A1:2017, A03:2021 |
csharp-lang-xss-html-elements-taint |
Improper neutralization of input during web page generation ('Cross-site Scripting') | CWE-79 | A1:2017, A03:2021 |
csharp-lang-xss-scriptxss-taint |
Improper neutralization of input during web page generation ('Cross-site Scripting') | CWE-79 | A7:2017, A03:2021 |
csharp-lang-xxe-externalxmlentities-taint |
Improper restriction of XML external entity reference ('XXE') | CWE-611 | A1:2017, A03:2021 |
csharp-lang-xxe-unsafe-xslt-setting-used-atomic |
Improper restriction of XML external entity reference | CWE-611 | A4:2017, A05:2021 |
csharp-lang-xxe-xmldocument-taint |
Improper restriction of XML external entity reference ('XXE') | CWE-611 | A1:2017, A03:2021 |
csharp-lang-xxe-xmlreadersettings-taint |
Improper restriction of XML external entity reference ('XXE') | CWE-611 | A1:2017, A03:2021 |
csharp-newtonsoft-deserialization-json-taint |
Deserialization of potentially untrusted data | CWE-502 | A8:2017, A08:2021 |
csharp-razor-ssti-razlorlight-filebased-taint |
Improper neutralization of special elements used in a template engine | CWE-1336 | A1:2017, A03:2021 |
csharp-razor-ssti-razlorlight-taint |
Improper neutralization of special elements used in a template engine | CWE-1336 | A1:2017, A03:2021 |
csharp-razor-ssti-taint |
Improper neutralization of special elements used in a template engine | CWE-1336 | A1:2017, A03:2021 |