Fix S6967 FP: controller without model

[hugoqribeiro]

Description

S6967 reports an error for a controller that does not use any model.

Repro steps

This controller accepts a boolean in the parameters. I think it does not make sense to validate the model state in these cases.
This happens also with controllers accepting integers or strings in the parameters.

[HttpGet(Constants.Controllers.Home.Routes.SessionError)]
[ActionName(Constants.Controllers.Home.Actions.SessionError)]
[AllowAnonymous]
public virtual IActionResult SessionErrorView(bool signedIn)
{
    SessionRefreshViewModel model = new SessionRefreshViewModel()
    {
        SignedIn = signedIn
    };

    return this.PartialView(Constants.Views.ShellViews.SessionError, model);
}

Expected behavior

This controller action should not trigger the rule error.

Actual behavior

See above.

Known workarounds

None.

Related information

• SonarAnalyzer.CSharp version 9.25.0.90414
• Visual Studio 17.9.6
• .NET 8.0.204
• Windows 10

[zsolt-kolbay-sonarsource]

Hi @hugoqribeiro. Thank you for reporting the issue.
I don't consider this a False Positive for a bool type argument. Even though the Controller doesn't have a complex Model type as an input, the client can still pass something invalid.
e.g. .../SessionError?signedIn=HELLO
This input will result in ModelState.IsValid being set to false in the Action method.
Similarly, you can pass an invalid value for an integer as well (something that's out of range or not a number).
Now a string input is a different question: I don't know if the client can pass anything invalid (maybe mess up the encoding?). I'll check if I can turn ModelState.IsValid to false in any way with a string input. If not, then an exception will be added to the rule.