Skip to content

Create rule S8347: ASP.NET applications should prefer file providers over direct file access (APPSEC-2834) #5953

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
github-actions wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Create rule S8347: ASP.NET applications should prefer file providers over direct file access (APPSEC-2834) #5953

github-actions wants to merge 6 commits into from

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Dec 4, 2025

You can preview this rule here (updated a few minutes after each push).

Review

A dedicated reviewer checked the rule description successfully for:

  • logical errors and incorrect information
  • information gaps and missing content
  • text style and tone
  • PR summary and labels follow the guidelines

@github-actions github-actions bot added the dotnet label Dec 4, 2025
@egon-okerman-sonarsource egon-okerman-sonarsource changed the title Create rule S8347 Create rule S8347: ASP.NET applications should prefer file providers over direct file access (APPSEC-2834) Dec 5, 2025
@egon-okerman-sonarsource egon-okerman-sonarsource marked this pull request as ready for review December 5, 2025 16:04
daniel-teuchert-sonarsource
daniel-teuchert-sonarsource approved these changes Dec 8, 2025
View reviewed changes
Copy link
Contributor

@daniel-teuchert-sonarsource daniel-teuchert-sonarsource left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!
I guess because we are not raising with a taint flow here it is also okay to not map any security standard to it right?
Otherwise we could also use this rule as an example for defining the new process of mapping standards.

@egon-okerman-sonarsource
Copy link
Contributor

egon-okerman-sonarsource commented Dec 8, 2025

@daniel-teuchert-sonarsource I simply don't know the process at this point of adding rules to existing standards, so I left it out. It would be a good example, I do agree.

@egon-okerman-sonarsource egon-okerman-sonarsource added this pull request to the merge queue Dec 8, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Dec 8, 2025
@egon-okerman-sonarsource egon-okerman-sonarsource added this pull request to the merge queue Dec 9, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Dec 9, 2025
@sonarqube-next
Copy link

sonarqube-next bot commented Dec 9, 2025

Quality Gate passed Quality Gate passed for 'rspec-tools'

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
No data about Duplication

See analysis details on SonarQube

@sonarqube-next
Copy link

sonarqube-next bot commented Dec 9, 2025

Quality Gate passed Quality Gate passed for 'rspec-frontend'

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
No data about Duplication

See analysis details on SonarQube

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@daniel-teuchert-sonarsource daniel-teuchert-sonarsource daniel-teuchert-sonarsource approved these changes

Assignees

@egon-okerman-sonarsource egon-okerman-sonarsource

Labels

appsec dotnet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@egon-okerman-sonarsource @daniel-teuchert-sonarsource