I have below simple class but veracode reporting below flaws
Insufficient Input Validation( 7 flaws) ASP.NET Misconfiguration: Improper Model Validation (CWE ID 1174)(7 flaws)
Please help me to fix this issue
Code:
namespace Automation.Web.Configuration
{
public class AppSettings
{
public string BaseURL { get; set; }
public string SearchAll { get; set; }
public string SearchMyReviews { get; set; }
public string SearchEscalated { get; set; }
public string SearchAllUrl
{
get { return BaseURL + SearchAll; }
}
public string SearchMyReviewsUrl
{
get { return BaseURL + SearchMyReviews; }
}
public string SearchEscalatedUrl
{
get { return BaseURL + SearchEscalated; }
}
}
}
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Apply one of Microsoft’s Data Annotation attributes to the property to validate inputs.
For example:
public class UserModel
{
public Guid Id { get; set; }
public string Username { get; set; }
public string Email { get; set; }
}
We could remediate this by using annotations on each of the properties, like so:
public class UserModel
{
[Key]
public Guid Id { get; set; }
[RegularExpression("^[a-zA-Z-0-9]{3,16}$")]
public string Username { get; set; }
[EmailAddress]
public string Email { get; set; }
}
Method 2
Try putting StringLength() Data Annotation in every string properties.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0