Veracode throws "Technology-Specific Input Validation Problems (CWE ID 100)" for a public string property in C#

Question

Veracode throws "Technology-Specific Input Validation Problems (CWE ID 100)" for a public string property in C#.

These are the formats I have tried already, and all give same flaw.

Option: 1

    public string MyProperty { get; set; }

Option: 2

    private string _myProperty;
    public string MyProperty
    {
        get
        {
            return _myProperty;
        }
        set
        {
            _myProperty = value;
        }
    }

Option: 3

    private string _myProperty;
    public string MyProperty
    {
        get
        {
            return _myProperty ?? string.Empty;
        }
        set
        {
            _myProperty = value;
        }
    }

Can anyone tell why?

score 2 · Answer 1 · answered Jun 07 '17 at 20:02

This URL has some information suggesting a potential fix to the flow:

https://learn.microsoft.com/en-us/aspnet/web-api/overview/formats-and-model-binding/model-validation-in-aspnet-web-api

So, ultimately, the property just needs an attribute and it would look like this:

[Required]
public string MyProperty { get; set; }

This is the whole list of possible attributes from System.ComponentModel.DataAnnotations Namespace.

https://msdn.microsoft.com/en-us/library/system.componentmodel.dataannotations(v=vs.110).aspx

Veracode throws "Technology-Specific Input Validation Problems (CWE ID 100)" for a public string property in C#

1 Answers1

Linked