Moxposer is a diagnostic tool tailored to safeguard .NET applications against unintended or potentially harmful HttpClient
usage patterns. If you're building applications with sensitive data and want to ensure data doesn't unknowingly leak to external sources via the HttpClient
class, Moxposer is here to help!
- Deep Analysis: Dive into the depths of your C# code to identify potential pitfalls in
HttpClient
usage. - Focused Detection: Targets HTTP methods like
PostAsync
,PutAsync
, andPatchAsync
that transmit data. - Variable URL Warnings: For variable URLs, receive alerts on potential data sent to unknown destinations.
- CI/CD Ready: Perfectly suited for CI/CD pipelines, enabling automated checks in continuous integration environments.
- Whitelisting: Option to exempt certain packages from the analyzer's scrutiny via custom whitelisting.
- Comprehensive Tests: Reliability is key! And that's why Moxposer comes with an extensive set of unit tests.
-
Clone the Repository
git clone git@github.com:aixasz/Moxposer.git cd Moxposer
-
Build the Project
dotnet build
-
Run the Tests
dotnet test
-
Analyze Your Project
To analyze the current directory
moxposer.runner
or specify path to analyze
moxposer.runner -p [Path of C# project or path contains DLL files to analyze]
- Development Phase: Incorporate Moxposer early in the development process to ensure code quality and data safety.
- Code Audits: A handy supplement during code reviews to highlight potential data leakage points.
- Pipeline Integration: Integrate into your CI/CD pipeline for automatic adherence to code standards and data protection norms.
- Whitelisting Packages: Moxposer provides flexibility in exempting certain packages or libraries from analysis.
Open appsettings.json
then added whitelist dll name to GlobalWhitelists
property.
{
"GlobalWhitelists": [
"Microsoft.*",
"System.*"
]
}
Extract package names from PackageReference tags under ItemGroup tags that have the attribute DllAnalyzerWhitelist="true"
example:
<ItemGroup DllAnalyzerWhitelist="true">
<PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="4.7.0" />
</ItemGroup>
Moxposer is MIT licensed.