You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
My company has a multi-tenant platform with a single API for SSO logins. I'm trying to add a custom sanitizer to for open redirects (SCS0027). Our login API is on a different subdomain from our customers' sites so we can't redirect to a relative URL. Our sanitizer checks the return URL against our database to verify that it's valid. I'm trying to add our custom sanitizer but getting an error.
Loading solution 'Example.sln'
Resolve 0:00.2828879 Example.csproj (net6.0)
Finished loading solution 'Example.sln'
Found: warning AD0001: Analyzer 'SecurityCodeScan.Analyzers.Taint.HardcodedPasswordAnalyzer' threw an exception of type 'System.ArgumentException' with message 'Conflicting sanitizers for 'Example.MyCustomSanitizer'.'.
Exception occurred with following context:
Compilation: Example
System.ArgumentException: Conflicting sanitizers for 'Example.MyCustomSanitizer'.
at SecurityCodeScan.Config.TaintConfiguration.GetSanitizerInfos(SinkKind sinkKind, Configuration config) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 462
at SecurityCodeScan.Config.TaintConfiguration..ctor(WellKnownTypeProvider wellKnownTypeProvider, Configuration config) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 104
at SecurityCodeScan.Config.Configuration.<.ctor>b__12_0() in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 702
at System.Lazy`1.ViaFactory(LazyThreadSafetyMode mode)
at System.Lazy`1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
at System.Lazy`1.CreateValue()
at System.Lazy`1.get_Value()
at SecurityCodeScan.Config.Configuration.get_TaintConfiguration() in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 695
at SecurityCodeScan.Analyzers.Taint.ConstAnalyzer.<Initialize>b__7_0(CompilationStartAnalysisContext compilationContext) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Analyzers\Taint\ConstAnalyzer.cs:line 60
at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.<>c.<ExecuteCompilationStartActions>b__44_0(ValueTuple`2 data)
at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.ExecuteAndCatchIfThrows_NoLock[TArg](DiagnosticAnalyzer analyzer, Action`1 analyze, TArg argument, Nullable`1 info)
-----
Suppress the following diagnostics to disable this analyzer: SCS0015
Found: warning AD0001: Analyzer 'SecurityCodeScan.Analyzers.Taint.CommandInjectionTaintAnalyzer' threw an exception of type 'System.ArgumentException' with message 'Conflicting sanitizers for 'Example.MyCustomSanitizer'.'.
Exception occurred with following context:
Compilation: Example
System.ArgumentException: Conflicting sanitizers for 'Example.MyCustomSanitizer'.
at SecurityCodeScan.Config.TaintConfiguration.GetSanitizerInfos(SinkKind sinkKind, Configuration config) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 462
at SecurityCodeScan.Config.TaintConfiguration..ctor(WellKnownTypeProvider wellKnownTypeProvider, Configuration config) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 104
at SecurityCodeScan.Config.Configuration.<.ctor>b__12_0() in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 702
at System.Lazy`1.ViaFactory(LazyThreadSafetyMode mode)
at System.Lazy`1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
at System.Lazy`1.CreateValue()
at System.Lazy`1.get_Value()
at SecurityCodeScan.Config.Configuration.get_TaintConfiguration() in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 695
at SecurityCodeScan.Analyzers.Taint.TaintAnalyzer.<Initialize>b__6_0(CompilationStartAnalysisContext compilationContext) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Analyzers\Taint\TaintAnalyzer.cs:line 284
at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.<>c.<ExecuteCompilationStartActions>b__44_0(ValueTuple`2 data)
at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.ExecuteAndCatchIfThrows_NoLock[TArg](DiagnosticAnalyzer analyzer, Action`1 analyze, TArg argument, Nullable`1 info)
-----
Suppress the following diagnostics to disable this analyzer: SCS0001
Found: warning AD0001: Analyzer 'SecurityCodeScan.Analyzers.Taint.SqlInjectionTaintAnalyzer' threw an exception of type 'System.ArgumentException' with message 'Conflicting sanitizers for 'Example.MyCustomSanitizer'.'.
Exception occurred with following context:
Compilation: Example
System.ArgumentException: Conflicting sanitizers for 'Example.MyCustomSanitizer'.
at SecurityCodeScan.Config.TaintConfiguration.GetSanitizerInfos(SinkKind sinkKind, Configuration config) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 462
at SecurityCodeScan.Config.TaintConfiguration..ctor(WellKnownTypeProvider wellKnownTypeProvider, Configuration config) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 104
at SecurityCodeScan.Config.Configuration.<.ctor>b__12_0() in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 702
at System.Lazy`1.ViaFactory(LazyThreadSafetyMode mode)
at System.Lazy`1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
at System.Lazy`1.CreateValue()
at System.Lazy`1.get_Value()
at SecurityCodeScan.Config.Configuration.get_TaintConfiguration() in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 695
at SecurityCodeScan.Analyzers.Taint.TaintAnalyzer.<Initialize>b__6_0(CompilationStartAnalysisContext compilationContext) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Analyzers\Taint\TaintAnalyzer.cs:line 284
at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.<>c.<ExecuteCompilationStartActions>b__44_0(ValueTuple`2 data)
at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.ExecuteAndCatchIfThrows_NoLock[TArg](DiagnosticAnalyzer analyzer, Action`1 analyze, TArg argument, Nullable`1 info)
-----
Suppress the following diagnostics to disable this analyzer: SCS0002
Found: warning AD0001: Analyzer 'SecurityCodeScan.Analyzers.Taint.XPathTaintAnalyzer' threw an exception of type 'System.ArgumentException' with message 'Conflicting sanitizers for 'Example.MyCustomSanitizer'.'.
Exception occurred with following context:
Compilation: Example
System.ArgumentException: Conflicting sanitizers for 'Example.MyCustomSanitizer'.
at SecurityCodeScan.Config.TaintConfiguration.GetSanitizerInfos(SinkKind sinkKind, Configuration config) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 462
at SecurityCodeScan.Config.TaintConfiguration..ctor(WellKnownTypeProvider wellKnownTypeProvider, Configuration config) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 104
at SecurityCodeScan.Config.Configuration.<.ctor>b__12_0() in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 702
at System.Lazy`1.ViaFactory(LazyThreadSafetyMode mode)
at System.Lazy`1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
at System.Lazy`1.CreateValue()
at System.Lazy`1.get_Value()
at SecurityCodeScan.Config.Configuration.get_TaintConfiguration() in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 695
at SecurityCodeScan.Analyzers.Taint.TaintAnalyzer.<Initialize>b__6_0(CompilationStartAnalysisContext compilationContext) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Analyzers\Taint\TaintAnalyzer.cs:line 284
at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.<>c.<ExecuteCompilationStartActions>b__44_0(ValueTuple`2 data)
at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.ExecuteAndCatchIfThrows_NoLock[TArg](DiagnosticAnalyzer analyzer, Action`1 analyze, TArg argument, Nullable`1 info)
-----
Suppress the following diagnostics to disable this analyzer: SCS0003
Found: warning AD0001: Analyzer 'SecurityCodeScan.Analyzers.Taint.PathTraversalTaintAnalyzer' threw an exception of type 'System.ArgumentException' with message 'Conflicting sanitizers for 'Example.MyCustomSanitizer'.'.
Exception occurred with following context:
Compilation: Example
System.ArgumentException: Conflicting sanitizers for 'Example.MyCustomSanitizer'.
at SecurityCodeScan.Config.TaintConfiguration.GetSanitizerInfos(SinkKind sinkKind, Configuration config) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 462
at SecurityCodeScan.Config.TaintConfiguration..ctor(WellKnownTypeProvider wellKnownTypeProvider, Configuration config) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 104
at SecurityCodeScan.Config.Configuration.<.ctor>b__12_0() in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 702
at System.Lazy`1.ViaFactory(LazyThreadSafetyMode mode)
at System.Lazy`1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
at System.Lazy`1.CreateValue()
at System.Lazy`1.get_Value()
at SecurityCodeScan.Config.Configuration.get_TaintConfiguration() in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 695
at SecurityCodeScan.Analyzers.Taint.TaintAnalyzer.<Initialize>b__6_0(CompilationStartAnalysisContext compilationContext) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Analyzers\Taint\TaintAnalyzer.cs:line 284
at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.<>c.<ExecuteCompilationStartActions>b__44_0(ValueTuple`2 data)
at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.ExecuteAndCatchIfThrows_NoLock[TArg](DiagnosticAnalyzer analyzer, Action`1 analyze, TArg argument, Nullable`1 info)
-----
Suppress the following diagnostics to disable this analyzer: SCS0018
Found: warning AD0001: Analyzer 'SecurityCodeScan.Analyzers.Taint.OpenRedirectTaintAnalyzer' threw an exception of type 'System.ArgumentException' with message 'Conflicting sanitizers for 'Example.MyCustomSanitizer'.'.
Exception occurred with following context:
Compilation: Example
System.ArgumentException: Conflicting sanitizers for 'Example.MyCustomSanitizer'.
at SecurityCodeScan.Config.TaintConfiguration.GetSanitizerInfos(SinkKind sinkKind, Configuration config) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 462
at SecurityCodeScan.Config.TaintConfiguration..ctor(WellKnownTypeProvider wellKnownTypeProvider, Configuration config) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 104
at SecurityCodeScan.Config.Configuration.<.ctor>b__12_0() in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 702
at System.Lazy`1.ViaFactory(LazyThreadSafetyMode mode)
at System.Lazy`1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
at System.Lazy`1.CreateValue()
at System.Lazy`1.get_Value()
at SecurityCodeScan.Config.Configuration.get_TaintConfiguration() in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 695
at SecurityCodeScan.Analyzers.Taint.TaintAnalyzer.<Initialize>b__6_0(CompilationStartAnalysisContext compilationContext) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Analyzers\Taint\TaintAnalyzer.cs:line 284
at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.<>c.<ExecuteCompilationStartActions>b__44_0(ValueTuple`2 data)
at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.ExecuteAndCatchIfThrows_NoLock[TArg](DiagnosticAnalyzer analyzer, Action`1 analyze, TArg argument, Nullable`1 info)
-----
Suppress the following diagnostics to disable this analyzer: SCS0027
Found: warning AD0001: Analyzer 'SecurityCodeScan.Analyzers.Taint.DeserializationTaintAnalyzer' threw an exception of type 'System.ArgumentException' with message 'Conflicting sanitizers for 'Example.MyCustomSanitizer'.'.
Exception occurred with following context:
Compilation: Example
System.ArgumentException: Conflicting sanitizers for 'Example.MyCustomSanitizer'.
at SecurityCodeScan.Config.TaintConfiguration.GetSanitizerInfos(SinkKind sinkKind, Configuration config) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 462
at SecurityCodeScan.Config.TaintConfiguration..ctor(WellKnownTypeProvider wellKnownTypeProvider, Configuration config) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 104
at SecurityCodeScan.Config.Configuration.<.ctor>b__12_0() in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 702
at System.Lazy`1.ViaFactory(LazyThreadSafetyMode mode)
at System.Lazy`1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
at System.Lazy`1.CreateValue()
at System.Lazy`1.get_Value()
at SecurityCodeScan.Config.Configuration.get_TaintConfiguration() in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 695
at SecurityCodeScan.Analyzers.Taint.TaintAnalyzer.<Initialize>b__6_0(CompilationStartAnalysisContext compilationContext) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Analyzers\Taint\TaintAnalyzer.cs:line 284
at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.<>c.<ExecuteCompilationStartActions>b__44_0(ValueTuple`2 data)
at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.ExecuteAndCatchIfThrows_NoLock[TArg](DiagnosticAnalyzer analyzer, Action`1 analyze, TArg argument, Nullable`1 info)
-----
Suppress the following diagnostics to disable this analyzer: SCS0028
Found: warning AD0001: Analyzer 'SecurityCodeScan.Analyzers.Taint.LdapFilterTaintAnalyzer' threw an exception of type 'System.ArgumentException' with message 'Conflicting sanitizers for 'Example.MyCustomSanitizer'.'.
Exception occurred with following context:
Compilation: Example
System.ArgumentException: Conflicting sanitizers for 'Example.MyCustomSanitizer'.
at SecurityCodeScan.Config.TaintConfiguration.GetSanitizerInfos(SinkKind sinkKind, Configuration config) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 462
at SecurityCodeScan.Config.TaintConfiguration..ctor(WellKnownTypeProvider wellKnownTypeProvider, Configuration config) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 104
at SecurityCodeScan.Config.Configuration.<.ctor>b__12_0() in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 702
at System.Lazy`1.ViaFactory(LazyThreadSafetyMode mode)
at System.Lazy`1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
at System.Lazy`1.CreateValue()
at System.Lazy`1.get_Value()
at SecurityCodeScan.Config.Configuration.get_TaintConfiguration() in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 695
at SecurityCodeScan.Analyzers.Taint.TaintAnalyzer.<Initialize>b__6_0(CompilationStartAnalysisContext compilationContext) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Analyzers\Taint\TaintAnalyzer.cs:line 284
at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.<>c.<ExecuteCompilationStartActions>b__44_0(ValueTuple`2 data)
at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.ExecuteAndCatchIfThrows_NoLock[TArg](DiagnosticAnalyzer analyzer, Action`1 analyze, TArg argument, Nullable`1 info)
-----
Suppress the following diagnostics to disable this analyzer: SCS0031
Found: warning AD0001: Analyzer 'SecurityCodeScan.Analyzers.Taint.LdapPathTaintAnalyzer' threw an exception of type 'System.ArgumentException' with message 'Conflicting sanitizers for 'Example.MyCustomSanitizer'.'.
Exception occurred with following context:
Compilation: Example
System.ArgumentException: Conflicting sanitizers for 'Example.MyCustomSanitizer'.
at SecurityCodeScan.Config.TaintConfiguration.GetSanitizerInfos(SinkKind sinkKind, Configuration config) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 462
at SecurityCodeScan.Config.TaintConfiguration..ctor(WellKnownTypeProvider wellKnownTypeProvider, Configuration config) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 104
at SecurityCodeScan.Config.Configuration.<.ctor>b__12_0() in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 702
at System.Lazy`1.ViaFactory(LazyThreadSafetyMode mode)
at System.Lazy`1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
at System.Lazy`1.CreateValue()
at System.Lazy`1.get_Value()
at SecurityCodeScan.Config.Configuration.get_TaintConfiguration() in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 695
at SecurityCodeScan.Analyzers.Taint.TaintAnalyzer.<Initialize>b__6_0(CompilationStartAnalysisContext compilationContext) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Analyzers\Taint\TaintAnalyzer.cs:line 284
at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.<>c.<ExecuteCompilationStartActions>b__44_0(ValueTuple`2 data)
at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.ExecuteAndCatchIfThrows_NoLock[TArg](DiagnosticAnalyzer analyzer, Action`1 analyze, TArg argument, Nullable`1 info)
-----
Suppress the following diagnostics to disable this analyzer: SCS0026
Found: warning AD0001: Analyzer 'SecurityCodeScan.Analyzers.Taint.XssTaintAnalyzer' threw an exception of type 'System.ArgumentException' with message 'Conflicting sanitizers for 'Example.MyCustomSanitizer'.'.
Exception occurred with following context:
Compilation: Example
System.ArgumentException: Conflicting sanitizers for 'Example.MyCustomSanitizer'.
at SecurityCodeScan.Config.TaintConfiguration.GetSanitizerInfos(SinkKind sinkKind, Configuration config) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 462
at SecurityCodeScan.Config.TaintConfiguration..ctor(WellKnownTypeProvider wellKnownTypeProvider, Configuration config) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 104
at SecurityCodeScan.Config.Configuration.<.ctor>b__12_0() in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 702
at System.Lazy`1.ViaFactory(LazyThreadSafetyMode mode)
at System.Lazy`1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
at System.Lazy`1.CreateValue()
at System.Lazy`1.get_Value()
at SecurityCodeScan.Config.Configuration.get_TaintConfiguration() in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Config\Configuration.cs:line 695
at SecurityCodeScan.Analyzers.Taint.TaintAnalyzer.<Initialize>b__6_0(CompilationStartAnalysisContext compilationContext) in D:\a\security-code-scan\security-code-scan\SecurityCodeScan\Analyzers\Taint\TaintAnalyzer.cs:line 284
at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.<>c.<ExecuteCompilationStartActions>b__44_0(ValueTuple`2 data)
at Microsoft.CodeAnalysis.Diagnostics.AnalyzerExecutor.ExecuteAndCatchIfThrows_NoLock[TArg](DiagnosticAnalyzer analyzer, Action`1 analyze, TArg argument, Nullable`1 info)
-----
Suppress the following diagnostics to disable this analyzer: SCS0029
Completed in 00:00:03
10 warnings
The text was updated successfully, but these errors were encountered:
mhdejonge
changed the title
Can't add customer sanitizers to config file for DotNet Core Tool.
Can't add custom sanitizers to config file for DotNet Core Tool.
Feb 28, 2022
Environment:
Describe the bug
My company has a multi-tenant platform with a single API for SSO logins. I'm trying to add a custom sanitizer to for open redirects (SCS0027). Our login API is on a different subdomain from our customers' sites so we can't redirect to a relative URL. Our sanitizer checks the return URL against our database to verify that it's valid. I'm trying to add our custom sanitizer but getting an error.
This is the config file that I made.
Repro
Example.zip
security-scan Example.sln --config=scs.config.yml
The text was updated successfully, but these errors were encountered: