I am creating an ASP.NET MVC application.
I have a model with data annotations like this:
public class SearchModel
{
[MaxLength(11)]
public string? SSN { get; set; } = string.Empty;
}
And I have a controller method that receives an object of this type as parameter:
public async Task<IActionResult> Search([Bind(include: "SSN")] SearchModel searchModel)
{
// do something
}
I get a Veracode error
ASP.NET misconfiguration : improper model validation (CWE ID 1174)
on the definition of the method...
Testing.. If I replace SearchModel with String, it works. So the problem is the model definition, but I added the data annotations to the property.
What else can I check?
Thanks
No comments:
Post a Comment