New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to fix HP Fortify ( Static Code Analyzer) Vulnerabilities in T4MVC generated files #115
Comments
Where exactly does this piece of code come from? It has errors like |
This could be Typo.
I could not copy & paste actual code.
We have around 1000 errors, only because of T4MVC in multiple applications.
We are able to compile & even run on production, but when we run HP fortify for security reason then we see these error.
Thanks,
Imran
… On Oct 29, 2018, at 4:31 PM, David Ebbo ***@***.***> wrote:
Where exactly does this piece of code come from? It has errors like retur instead of return, which would guarantee that it won't compile, so I doubt this is what T4MVC would generate. If you mean to include some T4MVC generated code, please include it exactly, and use proper markdown to format it.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
What is preventing you from copying the actual code? I don't mind looking deeper at this issue if you clean it up as suggested. |
Following code is from Controller class where I am referring T4MVC generated code.
Following Partial class is generated by T4MVC Template. It's look like, T4MVC Template is not including Bind[()], when it's generating code. Now when I run Fortify Scan, it complaint about "Insecure Binding". ` public override System.Web.Mvc.ActionResult Edit(Proj.Models.UserViewModel viewModel ) |
Please see https://guides.github.com/features/mastering-markdown/ for instructions on formatting your code on GitHub so it's easily readable. What I would suggest here is:
|
I have MVC project in .Net Framework 4.6.2. When I run HP Fortify (Static Code Analyzer) Scan on my Project, I get "Mass Assignment : insecure Binder Cofiguration" Vulnerability in my myControll.generated.cs File. This file is generated by T4MVC Template. To fix vulnerability, I have couple of options, but those options I can use in myControll.generated.cs file, once I run template again, this file will be overridden.
Public override System.Web.Mvc.ActionResult Edit(Proj.Models.UserViewModel viewModel ){
var callInfor = new T4MVC_System_Web_Mvc_ActionResult(Area, Name, ActionNames.Edit);
ModelUnbinderHelpers.AddRouteValues(callInfo.RouteValueDictionary, "modelView" , modelView);
retur callInfo;
}
Please suggest.
The text was updated successfully, but these errors were encountered: