-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
False positive #15714
Comments
Bump for review |
I will take a look. |
I think the example might need to be changed a bit as the parameterless overload of var username = authInfo.Username.ReplaceLineEndings(string.Empty);
_logger.LogError("Invalid login attempt: {username}", username); |
The issue is fixed here: #17815 |
Thank you for working towards a resolution here. You are incorrect in your assertion there. The documentation in the source shows the following:
As such this method takes line endings (CR, LF, CR/LF) canonicalizes them to the local platform line ending, and replaces them with either the replacementText or the empty default value. |
Thank you for the quick response. The snippet of documentation you are referring to is from The documentation for
which does't remove newlines. |
Appreciate it, as I guess I didn't see that overrides' documentation. |
The improvement has been merged. |
Description of the false positive
C# CWE-117 is incorrectly applied to user input sanitized with {string}.ReplaceLineEndings() instead of {string}.Replace(Environment.NewLine, string.Empty)
**Code sample
The text was updated successfully, but these errors were encountered: