C# Rules
SAST rules for C# that identify insecure patterns in application code.
C# Rule Catalog
| ID | Title | Severity | Category |
|---|---|---|---|
CODE-0449 | OS Command Injection | CRITICAL | Injection |
CODE-0451 | SQL Injection | CRITICAL | Injection |
CODE-0447 | Deserialization of potentially untrusted data | HIGH | Deserialization |
CODE-0448 | URL Redirection to Untrusted Site 'Open Redirect' | HIGH | Web |
CODE-0455 | XML Injection via XSLT Settings | HIGH | Injection |
CODE-0441 | Certificate validation disabled | MEDIUM | Crypto |
CODE-0442 | Use of broken or insecure cryptographic algorithms | MEDIUM | Crypto |
CODE-0443 | Use of a broken or risky cryptographic algorithm | MEDIUM | Crypto |
CODE-0444 | Use of a broken or risky cryptographic algorithm (SHA1/MD5) | MEDIUM | Crypto |
CODE-0445 | Use of cryptographically weak Pseudo-Random Number Generator (PRNG) | MEDIUM | Crypto |
CODE-0446 | Cross-Site Request Forgery (CSRF) Vulnerability | MEDIUM | Web |
CODE-0450 | LDAP Injection | MEDIUM | Injection |
CODE-0452 | XPath Injection | MEDIUM | Injection |
CODE-0453 | Improper Restriction of XML External Entity Reference ('XXE') | MEDIUM | Injection |
CODE-0454 | Improper Restriction of XML External Entity Reference ('XXE') | MEDIUM | Injection |
CODE-0456 | Weak password requirements | MEDIUM | Auth |
CODE-0457 | Path Traversal Vulnerability | MEDIUM | Injection |
CODE-0458 | ASP.NET input validation disabled | MEDIUM | InsecureConfig |
CODE-0459 | Cross-Site Scripting (XSS) via Unencoded User Input | MEDIUM | Web |
CODE-0460 | Cross-Site Scripting (XSS) via Unencoded User Input | MEDIUM | Web |
CODE-0439 | Sensitive cookie without 'HttpOnly' flag | LOW | Web |
CODE-0440 | Sensitive cookie in HTTPS session without 'Secure' attribute | LOW | Secrets |
Total Rules: 22
Click on any rule ID to view detailed information, examples, and remediation guidance.