Veracode抛出“特定于技术的输入验证问题(CWE ID 100)".用于C#中的公共字符串属性 [英] Veracode throws "Technology-Specific Input Validation Problems (CWE ID 100)" for a public string property in C#
问题描述
Veracode为C#中的公共字符串属性引发特定于技术的输入验证问题(CWE ID 100)".
Veracode throws "Technology-Specific Input Validation Problems (CWE ID 100)" for a public string property in C#.
这些是我已经尝试过的格式,并且都具有相同的缺陷.
These are the formats I have tried already, and all give same flaw.
选项:1
public string MyProperty { get; set; }
选项:2
private string _myProperty;
public string MyProperty
{
get
{
return _myProperty;
}
set
{
_myProperty = value;
}
}
选项:3
private string _myProperty;
public string MyProperty
{
get
{
return _myProperty ?? string.Empty;
}
set
{
_myProperty = value;
}
}
任何人都可以告诉原因吗?
Can anyone tell why?
推荐答案
此URL包含一些信息,提示该流程有潜在的解决方案:
This URL has some information suggesting a potential fix to the flow:
因此,最终,该属性仅需要一个属性,并且看起来像这样:
So, ultimately, the property just needs an attribute and it would look like this:
[Required]
public string MyProperty { get; set; }
这是System.ComponentModel.DataAnnotations命名空间中所有可能的属性的列表.
This is the whole list of possible attributes from System.ComponentModel.DataAnnotations Namespace.
https://msdn.microsoft.com/zh-CN/library/system.componentmodel.dataannotations(v=vs.110).aspx
这篇关于Veracode抛出“特定于技术的输入验证问题(CWE ID 100)".用于C#中的公共字符串属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!