-
Notifications
You must be signed in to change notification settings - Fork 115
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Data from one API to another API of the SDK needs Sanitization and Validation #2239
Comments
There is only one caller of this internal method, and it is guaranteed to call it correctly, but we should add a null precondition check on The need for Is there a way to opt-out of specific instances of false positives, based on context and code inspection? |
After discussing with @ericwol-msft, this is discovered through manual code inspection, so regarding |
Improper Input Validation (CWE-20) inside Trust Boundary:
• Data from one API to another API of the SDK needs Sanitization and Validation, for future safety concerns.
• File : src\azure\core\az_json_writer.c
• API : _az_validate_json( )
• Lines : 717 – 750
• Issue : Improper Input Validation is Missing for:
• json_text
• last_token_kind
• Caller Graph:
The text was updated successfully, but these errors were encountered: