Add stride template#61
Conversation
![arnica-github-connector[bot]](https://avatars.githubusercontent.com/in/144692?s=60&v=4){kind=small}
| public IActionResult Index(ExperienceData currentPage) | ||
| { | ||
| var model = CreateModel(currentPage); | ||
| return View(model); |
There was a problem hiding this comment.
Static Code Analysis Risk: Software and Data Integrity Failures - Mass assignment
Mass assignment or Autobinding vulnerability in code allows an attacker to execute over-posting attacks, which could create a new parameter in the binding request and manipulate the underlying object in the application.
Severity: Medium
Status: Open 🔴
References:
- https://cwe.mitre.org/data/definitions/915.html
- https://github.com/OWASP/API-Security/blob/master/2019/en/src/0xa6-mass-assignment.md
More details:
Take action by replying with an [arnica] command 💬
Actions
Use [arnica] or [a] to interact with the Arnica bot to acknowledge or dismiss code risks.
To acknowledge the finding as a valid code risk: [arnica] ack <acknowledge additional details>
To dismiss the risk with a reason: [arnica] dismiss <fp|accept|capacity> <dismissal reason>
Examples
-
[arnica] ack This is a valid risk and I'm looking into it -
[arnica] dismiss fp Dismissed - Risk Not Accurate: (i.e. False Positive) -
[arnica] dismiss accept Dismiss - Risk Accepted: Allow the risk to exist in the system -
[arnica] dismiss capacity Dismiss - No Capacity: This will need to wait for a future sprint
Tson-optimizely
force-pushed
the
user/tsng/CMS-38450-Upgrade-Alloy
branch
from
4da02f5 to
f73e611
Compare
Story: CMS-38450
Tson-optimizely
force-pushed
the
user/tsng/CMS-38450-Upgrade-Alloy
branch
from
f73e611 to
0f9739a
Compare
|
The PR should be updated to use released package version and public feed before merge later. |
1 participant
Story: CMS-38450