You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
S6967 reports an error for a controller that does not use any model.
Repro steps
This controller accepts a boolean in the parameters. I think it does not make sense to validate the model state in these cases.
This happens also with controllers accepting integers or strings in the parameters.
[HttpGet(Constants.Controllers.Home.Routes.SessionError)]
[ActionName(Constants.Controllers.Home.Actions.SessionError)]
[AllowAnonymous]
public virtual IActionResult SessionErrorView(bool signedIn)
{
SessionRefreshViewModel model = new SessionRefreshViewModel()
{
SignedIn = signedIn
};
return this.PartialView(Constants.Views.ShellViews.SessionError, model);
}
Expected behavior
This controller action should not trigger the rule error.
Actual behavior
See above.
Known workarounds
None.
Related information
SonarAnalyzer.CSharp version 9.25.0.90414
Visual Studio 17.9.6
.NET 8.0.204
Windows 10
The text was updated successfully, but these errors were encountered:
Hi @hugoqribeiro. Thank you for reporting the issue.
I don't consider this a False Positive for a bool type argument. Even though the Controller doesn't have a complex Model type as an input, the client can still pass something invalid.
e.g. .../SessionError?signedIn=HELLO
This input will result in ModelState.IsValid being set to false in the Action method.
Similarly, you can pass an invalid value for an integer as well (something that's out of range or not a number).
Now a string input is a different question: I don't know if the client can pass anything invalid (maybe mess up the encoding?). I'll check if I can turn ModelState.IsValid to false in any way with a string input. If not, then an exception will be added to the rule.
Description
S6967 reports an error for a controller that does not use any model.
Repro steps
This controller accepts a boolean in the parameters. I think it does not make sense to validate the model state in these cases.
This happens also with controllers accepting integers or strings in the parameters.
Expected behavior
This controller action should not trigger the rule error.
Actual behavior
See above.
Known workarounds
None.
Related information
The text was updated successfully, but these errors were encountered: