Skip to content

Instantly share code, notes, and snippets.

@joefarebrother

joefarebrother/_summary.md Secret

Created August 24, 2023 16:53
Show Gist options
  • Save joefarebrother/2b23e26a640b923e73b35d2e02cebd79 to your computer and use it in GitHub Desktop.
Save joefarebrother/2b23e26a640b923e73b35d2e02cebd79 to your computer and use it in GitHub Desktop.
Download ZIP
Insecure Direct Object Reference (csharp) 234 results (49 repositories)
Raw
_summary.md

Results for "Insecure Direct Object Reference"

Query 
/**
 * @name Insecure Direct Object Reference
 * @description Using user input to control which object is modified without
 *              proper authorization checks allows an attacker to modify arbitrary objects.
 * @kind problem
 * @problem.severity error
 * @security-severity 7.5
 * @precision medium
 * @id cs/web/insecure-direct-object-reference
 * @tags security
 *       external/cwe-639
 */

import csharp
import semmle.code.csharp.security.auth.InsecureDirectObjectReferenceQuery

from ActionMethod m
where hasInsecureDirectObjectReference(m)
select m,
  "This method may be missing authorization checks for which users can access the resource of the provided ID."

Summary

Repository Results
simplcommerce/SimplCommerce 25 result(s)
btcpayserver/btcpayserver 24 result(s)
dotnetcore/WTM 19 result(s)
anjoy8/Blog.Core 17 result(s)
SharpRepository/SharpRepository 12 result(s)
Sonarr/Sonarr 11 result(s)
PiranhaCMS/piranha.core 10 result(s)
Radarr/Radarr 10 result(s)
cloudscribe/cloudscribe 9 result(s)
gustavnavar/Grid.Blazor 8 result(s)
Squidex/squidex 8 result(s)
umbraco/Umbraco-CMS 8 result(s)
elsa-workflows/elsa-core 6 result(s)
kgrzybek/modular-monolith-with-ddd 5 result(s)
EduardoPires/EquinoxProject 4 result(s)
lysilver/KopSoftWms 4 result(s)
bitwarden/server 3 result(s)
dotnetcore/Util 3 result(s)
DuendeSoftware/BFF 3 result(s)
exceptionless/Exceptionless 3 result(s)
jellyfin/jellyfin 3 result(s)
aspnetrun/run-aspnetcore-microservices 2 result(s)
Azure/iotedge 2 result(s)
dotnet-architecture/eShopOnContainers 2 result(s)
fullstackhero/dotnet-webapi-boilerplate 2 result(s)
gautema/CQRSlite 2 result(s)
NickStrupat/EntityFramework.Triggers 2 result(s)
open-telemetry/opentelemetry-dotnet 2 result(s)
OrchardCMS/OrchardCore 2 result(s)
stefanprodan/AspNetCoreRateLimit 2 result(s)
ThreeMammals/Ocelot 2 result(s)
VirtoCommerce/vc-platform 2 result(s)
abpframework/abp 1 result(s)
aspnet/AspLabs 1 result(s)
aws/aws-extensions-for-dotnet-cli 1 result(s)
aws/aws-lambda-dotnet 1 result(s)
Azure/azure-functions-host 1 result(s)
Burgyn/MMLib.SwaggerForOcelot 1 result(s)
Chinchilla-Software-Com/CQRS 1 result(s)
dotnet/crank 1 result(s)
dotnetcore/SmartSql 1 result(s)
JasperFx/alba 1 result(s)
JasperFx/lamar 1 result(s)
KevinDockx/HttpCacheHeaders 1 result(s)
loic-sharma/BaGet 1 result(s)
rafaelfgx/Architecture 1 result(s)
SciSharp/BotSharp 1 result(s)
structuremap/StructureMap.Microsoft.DependencyInjection 1 result(s)
Xabaril/AspNetCore.Diagnostics.HealthChecks 1 result(s)
Raw
result-01-simplcommerce-SimplCommerce.md

simplcommerce/SimplCommerce

src/Modules/SimplCommerce.Module.Catalog/Areas/Catalog/Controllers/BrandApiController.cs

        [HttpDelete("{id}")]
        [Authorize(Roles = "admin")]
        public async Task<IActionResult> Delete(long id)
        {
            var brand = _brandRepository.Query().FirstOrDefault(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Modules/SimplCommerce.Module.Catalog/Areas/Catalog/Controllers/CategoryApiController.cs

        [HttpDelete("{id}")]
        [Authorize(Roles = "admin")]
        public async Task<IActionResult> Delete(long id)
        {
            var category = _categoryRepository.Query().Include(x => x.Children).FirstOrDefault(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Modules/SimplCommerce.Module.Catalog/Areas/Catalog/Controllers/ProductAttributeApiController.cs

        [HttpDelete("{id}")]
        [Authorize(Roles = "admin")]
        public IActionResult Delete(long id)
        {
            var productAttribute = _productAttrRepository.Query().FirstOrDefault(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Modules/SimplCommerce.Module.Catalog/Areas/Catalog/Controllers/ProductAttributeGroupApiController.cs

        [HttpDelete("{id}")]
        [Authorize(Roles = "admin")]
        public IActionResult Delete(long id)
        {
            var productAttributeGroup = _productAttrGroupRepository.Query().FirstOrDefault(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Modules/SimplCommerce.Module.Catalog/Areas/Catalog/Controllers/ProductOptionApiController.cs

        [HttpDelete("{id}")]
        [Authorize(Roles = "admin")]
        public IActionResult Delete(long id)
        {
            var productOption = _productOptionRepository.Query().FirstOrDefault(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Modules/SimplCommerce.Module.Catalog/Areas/Catalog/Controllers/ProductTemplateApiController.cs

        [HttpDelete("{id}")]
        [Authorize(Roles = "admin")]
        public IActionResult Delete(long id)
        {
            var productTemplate = _productTemplateRepository.Query().FirstOrDefault(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Modules/SimplCommerce.Module.Cms/Areas/Cms/Controllers/PageApiController.cs


        [HttpDelete("{id}")]
        public async Task<IActionResult> Delete(long id)
        {
            var page = await _pageRepository.Query().FirstOrDefaultAsync(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Modules/SimplCommerce.Module.Cms/Areas/Cms/Controllers/MenuApiController.cs


        [HttpDelete("delete-item/{id}")]
        public async Task<IActionResult> DeleteItem(long id)
        {
            var menuItem = await _menuItemRepository.Query().FirstOrDefaultAsync(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Modules/SimplCommerce.Module.Cms/Areas/Cms/Controllers/MenuApiController.cs


        [HttpDelete("{id}")]
        public async Task<IActionResult> Delete(long id)
        {
            var menu = await _menuRepository.Query().FirstOrDefaultAsync(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Modules/SimplCommerce.Module.Comments/Areas/Comments/Controllers/CommentApiController.cs


        [HttpPost("change-status/{id}")]
        public async Task<IActionResult> ChangeStatus(long id, [FromBody] int statusId)
        {
            var comment = _commentRepository.Query().FirstOrDefault(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Modules/SimplCommerce.Module.Contacts/Areas/Contacts/Controllers/ContactApiController.cs


        [HttpDelete("{id}")]
        public IActionResult Delete(long id)
        {
            var contact = _contactRepository.Query().FirstOrDefault(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Modules/SimplCommerce.Module.Contacts/Areas/Contacts/Controllers/ContactAreaApiController.cs


        [HttpDelete("{id}")]
        public IActionResult Delete(long id)
        {
            var category = _contactRepository.Query().FirstOrDefault(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Modules/SimplCommerce.Module.Core/Areas/Core/Controllers/CountryApiController.cs

        [HttpDelete("{id}")]
        [Authorize(Roles = "admin")]
        public async Task<IActionResult> Delete(string id)
        {
            var country = await _countryRepository.Query().FirstOrDefaultAsync(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Modules/SimplCommerce.Module.Core/Areas/Core/Controllers/CustomerGroupApiController.cs


        [HttpDelete("{id}")]
        public async Task<IActionResult> Delete(long id)
        {
            var customerGroup = await _customerGroupRepository.Query().FirstOrDefaultAsync(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Modules/SimplCommerce.Module.Core/Areas/Core/Controllers/StateOrProvinceApiController.cs

        [HttpDelete("{id}")]
        [Authorize(Roles = "admin")]
        public async Task<IActionResult> Delete(long id)
        {
            var stateProvince = await _stateOrProvinceRepository.Query().FirstOrDefaultAsync(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Modules/SimplCommerce.Module.Core/Areas/Core/Controllers/WidgetInstanceApiController.cs


        [HttpDelete("{id}")]
        public async Task<IActionResult> Delete(long id)
        {
            var widgetInstance = await _widgetInstanceRepository.Query().FirstOrDefaultAsync(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Modules/SimplCommerce.Module.News/Areas/News/Controllers/NewsCategoryApiController.cs

        [HttpDelete("{id}")]
        [Authorize(Roles = "admin")]
        public async Task<IActionResult> Delete(long id)
        {
            var category = await _categoryRepository.Query().FirstOrDefaultAsync(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Modules/SimplCommerce.Module.News/Areas/News/Controllers/NewsItemApiController.cs


        [HttpDelete("{id}")]
        public async Task<IActionResult> Delete(long id)
        {
            var newsItem = await _newsItemRepository.Query().FirstOrDefaultAsync(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Modules/SimplCommerce.Module.Pricing/Areas/Pricing/Controllers/CartRuleApiController.cs


        [HttpDelete("{id}")]
        public async Task<IActionResult> Delete(long id)
        {
            var cartRule = await _cartRuleRepository.Query().FirstOrDefaultAsync(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Modules/SimplCommerce.Module.Reviews/Areas/Reviews/Controllers/ReplyApiController.cs


        [HttpPost("change-status/{id}")]
        public async Task<IActionResult> ChangeStatus(long id, [FromBody] int statusId)
        {
            var reply = _replyRepository.Query().FirstOrDefault(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Modules/SimplCommerce.Module.Reviews/Areas/Reviews/Controllers/ReviewApiController.cs


        [HttpPost("change-status/{id}")]
        public async Task<IActionResult> ChangeStatus(long id, [FromBody] int statusId)
        {
            var review = _reviewRepository.Query().FirstOrDefault(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Modules/SimplCommerce.Module.ShippingTableRate/Areas/ShippingTableRate/Controllers/PriceAndDestinationApiController.cs


        [HttpDelete("{id}")]
        public async Task<IActionResult> Delete(long id)
        {
            var priceAndDestination = await _priceAndDestinationRepository.Query().FirstOrDefaultAsync(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Modules/SimplCommerce.Module.Tax/Areas/Tax/Controllers/TaxClassApiController.cs


        [HttpDelete("{id}")]
        public async Task<IActionResult> Delete(long id)
        {
            var taxClass = await _taxClassRepository.Query().FirstOrDefaultAsync(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Modules/SimplCommerce.Module.Tax/Areas/Tax/Controllers/TaxRateApiController.cs


        [HttpDelete("{id}")]
        public async Task<IActionResult> Delete(long id)
        {
            var taxRate = await _taxRateRepository.Query().FirstOrDefaultAsync(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Modules/SimplCommerce.Module.Vendors/Areas/Vendors/Controllers/VendorApiController.cs


        [HttpDelete("{id}")]
        public async Task<IActionResult> Delete(long id)
        {
            var vendor = await _vendorRepository.Query().FirstOrDefaultAsync(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-02-btcpayserver-btcpayserver.md

btcpayserver/btcpayserver

BTCPayServer/Controllers/GreenField/GreenfieldAppsController.cs


        [HttpDelete("~/api/v1/apps/{appId}")]
        public async Task<IActionResult> DeleteApp(string appId)
        {
            var app = await _appService.GetApp(appId, null);

This method may be missing authorization checks for which users can access the resource of the provided ID.

BTCPayServer/Controllers/GreenField/GreenfieldCustodianAccountController.cs

        [Authorize(Policy = Policies.CanManageCustodianAccounts,
            AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
        public async Task<IActionResult> DeleteCustodianAccount(string storeId, string accountId)
        {
            var isDeleted = await _custodianAccountRepository.Remove(accountId, storeId);

This method may be missing authorization checks for which users can access the resource of the provided ID.

BTCPayServer/Controllers/GreenField/GreenfieldStoreWebhooksController.cs

        }
        [HttpDelete("~/api/v1/stores/{storeId}/webhooks/{webhookId}")]
        public async Task<IActionResult> DeleteWebhook(string storeId, string webhookId)
        {
            var w = await StoreRepository.GetWebhook(CurrentStoreId, webhookId);

This method may be missing authorization checks for which users can access the resource of the provided ID.

BTCPayServer/Controllers/GreenField/GreenfieldTestApiKeyController.cs

        [Authorize(Policy = Policies.CanModifyStoreSettings,
            AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
        public bool CanEditStore(string storeId)
        {
            return true;

This method may be missing authorization checks for which users can access the resource of the provided ID.

BTCPayServer/Controllers/UIAppsController.cs

        [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
        [HttpGet("{appId}/delete")]
        public IActionResult DeleteApp(string appId)
        {
            var app = GetCurrentApp();

This method may be missing authorization checks for which users can access the resource of the provided ID.

BTCPayServer/Controllers/UIAppsController.cs

        [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
        [HttpPost("{appId}/delete")]
        public async Task<IActionResult> DeleteAppPost(string appId)
        {
            var app = GetCurrentApp();

This method may be missing authorization checks for which users can access the resource of the provided ID.

BTCPayServer/Controllers/UICustodianAccountsController.cs


        [HttpGet("/stores/{storeId}/custodian-accounts/{accountId}/edit")]
        public async Task<IActionResult> EditCustodianAccount(string storeId, string accountId)
        {
            var custodianAccount = await _custodianAccountRepository.FindById(storeId, accountId);

This method may be missing authorization checks for which users can access the resource of the provided ID.

BTCPayServer/Controllers/UICustodianAccountsController.cs


        [HttpPost("/stores/{storeId}/custodian-accounts/{accountId}/delete")]
        public async Task<IActionResult> DeleteCustodianAccount(string storeId, string accountId)
        {
            var custodianAccount = await _custodianAccountRepository.FindById(storeId, accountId);

This method may be missing authorization checks for which users can access the resource of the provided ID.

BTCPayServer/Controllers/UICustodianAccountsController.cs


        [HttpPost("/stores/{storeId}/custodian-accounts/{accountId}/edit")]
        public async Task<IActionResult> EditCustodianAccount(string storeId, string accountId,
            EditCustodianAccountViewModel vm)
        {

This method may be missing authorization checks for which users can access the resource of the provided ID.

BTCPayServer/Controllers/UIPullPaymentController.cs

        [HttpGet("stores/{storeId}/pull-payments/edit/{pullPaymentId}")]
        [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
        public async Task<IActionResult> EditPullPayment(string storeId, string pullPaymentId)
        {
            using var ctx = _dbContextFactory.CreateContext();

This method may be missing authorization checks for which users can access the resource of the provided ID.

BTCPayServer/Controllers/UIPullPaymentController.cs

        [HttpPost("stores/{storeId}/pull-payments/edit/{pullPaymentId}")]
        [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
        public async Task<IActionResult> EditPullPayment(string storeId, string pullPaymentId, UpdatePullPaymentModel viewModel)
        {
            using var ctx = _dbContextFactory.CreateContext();

This method may be missing authorization checks for which users can access the resource of the provided ID.

BTCPayServer/Controllers/UIStoresController.Integrations.cs


        [HttpGet("{storeId}/webhooks/{webhookId}/remove")]
        public async Task<IActionResult> DeleteWebhook(string webhookId)
        {
            var webhook = await _Repo.GetWebhook(CurrentStore.Id, webhookId);

This method may be missing authorization checks for which users can access the resource of the provided ID.

BTCPayServer/Controllers/UIStoresController.Integrations.cs


        [HttpPost("{storeId}/webhooks/{webhookId}/remove")]
        public async Task<IActionResult> DeleteWebhookPost(string webhookId)
        {
            var webhook = await _Repo.GetWebhook(CurrentStore.Id, webhookId);

This method may be missing authorization checks for which users can access the resource of the provided ID.

BTCPayServer/Controllers/UIStoresController.Integrations.cs


        [HttpGet("{storeId}/webhooks/{webhookId}")]
        public async Task<IActionResult> ModifyWebhook(string webhookId)
        {
            var webhook = await _Repo.GetWebhook(CurrentStore.Id, webhookId);

This method may be missing authorization checks for which users can access the resource of the provided ID.

BTCPayServer/Controllers/UIStoresController.Integrations.cs


        [HttpPost("{storeId}/webhooks/{webhookId}")]
        public async Task<IActionResult> ModifyWebhook(string webhookId, EditWebhookViewModel viewModel)
        {
            var webhook = await _Repo.GetWebhook(CurrentStore.Id, webhookId);

This method may be missing authorization checks for which users can access the resource of the provided ID.

BTCPayServer/Controllers/UIStoresController.cs


        [HttpGet("{storeId}/delete")]
        public IActionResult DeleteStore(string storeId)
        {
            return View("Confirm", new ConfirmModel("Delete store", "The store will be permanently deleted. This action will also delete all invoices, apps and data associated with the store. Are you sure?", "Delete"));

This method may be missing authorization checks for which users can access the resource of the provided ID.

BTCPayServer/Controllers/UIStoresController.cs


        [HttpPost("{storeId}/delete")]
        public async Task<IActionResult> DeleteStorePost(string storeId)
        {
            await _Repo.DeleteStore(CurrentStore.Id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

BTCPayServer/Controllers/UIStoresController.Onchain.cs


        [HttpGet("{storeId}/onchain/{cryptoCode}/delete")]
        public ActionResult DeleteWallet(string storeId, string cryptoCode)
        {
            var checkResult = IsAvailable(cryptoCode, out var store, out var network);

This method may be missing authorization checks for which users can access the resource of the provided ID.

BTCPayServer/Controllers/UIStoresController.Onchain.cs


        [HttpPost("{storeId}/onchain/{cryptoCode}/delete")]
        public async Task<IActionResult> ConfirmDeleteWallet(string storeId, string cryptoCode)
        {
            var checkResult = IsAvailable(cryptoCode, out var store, out var network);

This method may be missing authorization checks for which users can access the resource of the provided ID.

BTCPayServer/Controllers/UIUserStoresController.cs

        [HttpGet("{storeId}/me/delete")]
        [Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie, Policy = Policies.CanModifyStoreSettings)]
        public IActionResult DeleteStore(string storeId)
        {
            var store = HttpContext.GetStoreData();

This method may be missing authorization checks for which users can access the resource of the provided ID.

BTCPayServer/Controllers/UIWalletsController.cs

        [HttpPost]
        [Route("{walletId}")]
        public async Task<IActionResult> ModifyTransaction(
            // We need addlabel and addlabelclick. addlabel is the + button if the label does not exists,
            // addlabelclick is if the user click on existing label. For some reason, reusing the same name attribute for both

This method may be missing authorization checks for which users can access the resource of the provided ID.

BTCPayServer/Forms/UIFormsController.cs


    [HttpGet("~/stores/{storeId}/forms/modify/{id}")]
    public async Task<IActionResult> Modify(string storeId, string id)
    {
        var form = await _formDataService.GetForm(storeId, id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

BTCPayServer/Forms/UIFormsController.cs


    [HttpPost("~/stores/{storeId}/forms/modify/{id?}")]
    public async Task<IActionResult> Modify(string storeId, string? id, ModifyForm modifyForm)
    {
        if (id is not null)

This method may be missing authorization checks for which users can access the resource of the provided ID.

BTCPayServer/Plugins/Shopify/UIShopifyController.cs


        [HttpPost("stores/{storeId}/plugins/shopify")]
        public async Task<IActionResult> EditShopify(string storeId,
            ShopifySettings vm, string command = "")
        {

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-03-dotnetcore-WTM.md

dotnetcore/WTM

demo/WalkingTec.Mvvm.Demo/Controllers/CityController.cs

        #region Edit
        [ActionDescription("Edit")]
        public ActionResult Edit(string id)
        {
            var vm = CreateVM<CityVM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/CityController.cs

        #region Delete
        [ActionDescription("Delete")]
        public ActionResult Delete(string id)
        {
            var vm = CreateVM<CityVM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/CityController.cs

        [ActionDescription("Delete")]
        [HttpPost]
        public ActionResult Delete(string id, IFormCollection nouse)
        {
            var vm = CreateVM<CityVM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/MajorController.cs

        #region 删除
        [ActionDescription("删除")]
        public ActionResult Delete(Guid id)
        {
            var vm = CreateVM<MajorVM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/MajorController.cs

        #region 修改
        [ActionDescription("修改")]
        public ActionResult Edit(Guid id)
        {
            var vm = CreateVM<MajorVM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/MajorController.cs

        [ActionDescription("删除")]
        [HttpPost]
        public ActionResult Delete(Guid id, IFormCollection nouse)
        {
            var vm = CreateVM<MajorVM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/SchoolController.cs

        #region 修改
        [ActionDescription("修改")]
        public ActionResult Edit(string id)
        {
            var vm = CreateVM<SchoolVM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/SchoolController.cs

        #region 删除
        [ActionDescription("删除")]
        public ActionResult Delete(int id)
        {
            var vm = CreateVM<SchoolVM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/SchoolController.cs

        [ActionDescription("删除")]
        [HttpPost]
        public ActionResult Delete(int id, IFormCollection nouse)
        {
            var vm = CreateVM<SchoolVM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/SchoolController.cs

        #region 主子表修改
        [ActionDescription("主子表修改")]
        public ActionResult Edit2(long id)
        {
            var vm = CreateVM<SchoolVM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/StudentController.cs

        #region Edit
        [ActionDescription("Edit")]
        public ActionResult Edit(string id)
        {
            var vm = CreateVM<StudentVM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/StudentController.cs

        #region Delete
        [ActionDescription("Delete")]
        public ActionResult Delete(string id)
        {
            var vm = CreateVM<StudentVM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/StudentController.cs

        [ActionDescription("Delete")]
        [HttpPost]
        public ActionResult Delete(string id, IFormCollection nouse)
        {
            var vm = CreateVM<StudentVM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/%E4%B8%8D%E8%A6%81%E7%94%A8%E4%B8%AD%E6%96%87%E6%A8%A1%E5%9E%8B%E5%90%8DController.cs

        #region 修改
        [ActionDescription("修改")]
        public ActionResult Edit(string id)
        {
            var vm = CreateVM<不要用中文模型名VM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/%E4%B8%8D%E8%A6%81%E7%94%A8%E4%B8%AD%E6%96%87%E6%A8%A1%E5%9E%8B%E5%90%8DController.cs

        #region 删除
        [ActionDescription("删除")]
        public ActionResult Delete(string id)
        {
            var vm = CreateVM<不要用中文模型名VM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/%E4%B8%8D%E8%A6%81%E7%94%A8%E4%B8%AD%E6%96%87%E6%A8%A1%E5%9E%8B%E5%90%8DController.cs

        [ActionDescription("删除")]
        [HttpPost]
        public ActionResult Delete(string id, IFormCollection nouse)
        {
            var vm = CreateVM<不要用中文模型名VM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.ReactDemo/Controllers/CityController.cs

        [ActionDescription("删除")]
        [HttpGet("Delete/{id}")]
        public IActionResult Delete(Guid id)
        {
            var vm = CreateVM<CityVM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.ReactDemo/Controllers/SchoolController.cs

        [ActionDescription("删除")]
        [HttpGet("Delete/{id}")]
        public IActionResult Delete(Guid id)
        {
            var vm = CreateVM<SchoolVM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/WalkingTec.Mvvm.Mvc/_FrameworkController.cs

        [HttpPost]
        [ActionDescription("UploadForLayUIUEditor")]
        public IActionResult UploadForLayUIUEditor(string _DONOT_USE_CS = "default")
        {
            CurrentCS = _DONOT_USE_CS ?? "default";

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-04-anjoy8-Blog.Core.md

anjoy8/Blog.Core

Blog.Core.Api/Controllers/BlogController.cs

        [Authorize(Permissions.Name)]
        [Route("Delete")]
        public async Task<MessageModel<string>> Delete(long id)
        {
            if (id > 0)

This method may be missing authorization checks for which users can access the resource of the provided ID.

Blog.Core.Api/Controllers/DepartmentController.cs


        [HttpDelete]
        public async Task<MessageModel<string>> Delete(long id)
        {
            var data = new MessageModel<string>();

This method may be missing authorization checks for which users can access the resource of the provided ID.

Blog.Core.Api/Controllers/ImgController.cs

        // DELETE: api/ApiWithActions/5
        [HttpDelete("{id}")]
        public void Delete(int id)
        {
        }

This method may be missing authorization checks for which users can access the resource of the provided ID.

Blog.Core.Api/Controllers/ModuleController.cs

        // DELETE: api/ApiWithActions/5
        [HttpDelete]
        public async Task<MessageModel<string>> Delete(long id)
        {
            if (id <= 0)

This method may be missing authorization checks for which users can access the resource of the provided ID.

Blog.Core.Api/Controllers/RoleController.cs

        // DELETE: api/ApiWithActions/5
        [HttpDelete]
        public async Task<MessageModel<string>> Delete(long id)
        {

This method may be missing authorization checks for which users can access the resource of the provided ID.

Blog.Core.Api/Controllers/PermissionController.cs

        // DELETE: api/ApiWithActions/5
        [HttpDelete]
        public async Task<MessageModel<string>> Delete(long id)
        {
            var data = new MessageModel<string>();

This method may be missing authorization checks for which users can access the resource of the provided ID.

Blog.Core.Api/Controllers/SplitDemoController.cs

        [HttpDelete]
        [AllowAnonymous]
        public async Task<MessageModel<string>> Delete(long id)
        {
            var data = new MessageModel<string>();

This method may be missing authorization checks for which users can access the resource of the provided ID.

Blog.Core.Api/Controllers/TasksQzController.cs

        /// <returns></returns>
        [HttpDelete]
        public async Task<MessageModel<string>> Delete(long jobId)
        {
            var data = new MessageModel<string>();

This method may be missing authorization checks for which users can access the resource of the provided ID.

Blog.Core.Api/Controllers/Tenant/TenantManagerController.cs

    /// <returns></returns>
    [HttpDelete]
    public async Task<MessageModel> Delete(long id)
    {
        //是否删除租户库?

This method may be missing authorization checks for which users can access the resource of the provided ID.

Blog.Core.Api/Controllers/TopicController.cs

        // DELETE: api/ApiWithActions/5
        [HttpDelete("{id}")]
        public void Delete(long id)
        {
        }

This method may be missing authorization checks for which users can access the resource of the provided ID.

Blog.Core.Api/Controllers/TopicDetailController.cs

        // DELETE: api/ApiWithActions/5
        [HttpDelete]
        public async Task<MessageModel<string>> Delete(long id)
        {
            var data = new MessageModel<string>();

This method may be missing authorization checks for which users can access the resource of the provided ID.

Blog.Core.Api/Controllers/UserController.cs

        // DELETE: api/ApiWithActions/5
        [HttpDelete]
        public async Task<MessageModel<string>> Delete(long id)
        {
            var data = new MessageModel<string>();

This method may be missing authorization checks for which users can access the resource of the provided ID.

Blog.Core.Api/Controllers/ValuesController.cs

        // DELETE api/values/5
        [HttpDelete("{id}")]
        public void Delete(int id)
        {
        }

This method may be missing authorization checks for which users can access the resource of the provided ID.

Blog.Core.Api/Controllers/WeChatCompanyController.cs

        /// <returns></returns> 
        [HttpDelete]
        public async Task<MessageModel<string>> Delete(string id)
        {
            await _WeChatCompanyServices.DeleteById(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

Blog.Core.Api/Controllers/WeChatConfigController.cs

        /// <returns></returns> 
        [HttpDelete]
        public async Task<MessageModel<string>> Delete(string id)
        {
            await _WeChatConfigServices.DeleteById(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

Blog.Core.Api/Controllers/WeChatPushLogController.cs

        /// <returns></returns> 
        [HttpDelete]
        public async Task<MessageModel<string>> Delete(string id)
        {
            await _WeChatPushLogServices.DeleteById(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

Blog.Core.Api/Controllers/WeChatSubController.cs

        /// <returns></returns> 
        [HttpDelete]
        public async Task<MessageModel<string>> Delete(string id)
        {
            await _WeChatSubServices.DeleteById(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-05-SharpRepository-SharpRepository.md

SharpRepository/SharpRepository

SharpRepository.Samples.Core3Mvc/Controllers/ContactsController.cs


        // GET: Contacts/Edit/5
        public ActionResult Edit(string id)
        {
            var contact = repository.Get(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

SharpRepository.Samples.Core3Mvc/Controllers/ContactsController.cs

        [HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult Edit(string id, Contact contact)
        {
            try

This method may be missing authorization checks for which users can access the resource of the provided ID.

SharpRepository.Samples.Core3Mvc/Controllers/ContactsController.cs


        // GET: Contacts/Delete/5
        public ActionResult Delete(string id)
        {
            var contact = repository.Get(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

SharpRepository.Samples.Core3Mvc/Controllers/ContactsController.cs

        [HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult Delete(string id, IFormCollection collection)
        {
            try

This method may be missing authorization checks for which users can access the resource of the provided ID.

SharpRepository.Samples.CoreMvc/Controllers/ContactsController.cs


        // GET: Contacts/Edit/5
        public ActionResult Edit(string id)
        {
            var contact = repository.Get(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

SharpRepository.Samples.CoreMvc/Controllers/ContactsController.cs

        [HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult Edit(string id, Contact contact)
        {
            try

This method may be missing authorization checks for which users can access the resource of the provided ID.

SharpRepository.Samples.CoreMvc/Controllers/ContactsController.cs


        // GET: Contacts/Delete/5
        public ActionResult Delete(string id)
        {
            var contact = repository.Get(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

SharpRepository.Samples.CoreMvc/Controllers/ContactsController.cs

        [HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult Delete(string id, IFormCollection collection)
        {
            try

This method may be missing authorization checks for which users can access the resource of the provided ID.

SharpRepository.Samples.net5Mvc/Controllers/ContactsController.cs


        // GET: Contacts/Edit/5
        public ActionResult Edit(string id)
        {
            var contact = repository.Get(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

SharpRepository.Samples.net5Mvc/Controllers/ContactsController.cs

        [HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult Edit(string id, Contact contact)
        {
            try

This method may be missing authorization checks for which users can access the resource of the provided ID.

SharpRepository.Samples.net5Mvc/Controllers/ContactsController.cs


        // GET: Contacts/Delete/5
        public ActionResult Delete(string id)
        {
            var contact = repository.Get(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

SharpRepository.Samples.net5Mvc/Controllers/ContactsController.cs

        [HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult Delete(string id, IFormCollection collection)
        {
            try

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-06-Sonarr-Sonarr.md

Sonarr/Sonarr

src/Sonarr.Api.V3/AutoTagging/AutoTaggingController.cs


        [RestDeleteById]
        public void DeleteFormat(int id)
        {
            _autoTaggingService.Delete(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Sonarr.Api.V3/Blocklist/BlocklistController.cs


        [RestDeleteById]
        public void DeleteBlocklist(int id)
        {
            _blocklistService.Delete(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Sonarr.Api.V3/CustomFilters/CustomFilterController.cs


        [RestDeleteById]
        public void DeleteCustomResource(int id)
        {
            _customFilterService.Delete(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Sonarr.Api.V3/ImportLists/ImportListExclusionController.cs


        [RestDeleteById]
        public void DeleteImportListExclusionResource(int id)
        {
            _importListExclusionService.Delete(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Sonarr.Api.V3/Profiles/Delay/DelayProfileController.cs


        [RestDeleteById]
        public void DeleteProfile(int id)
        {
            if (id == 1)

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Sonarr.Api.V3/Profiles/Languages/LanguageProfileController.cs


        [RestDeleteById]
        public void DeleteProfile(int id)
        {
        }

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Sonarr.Api.V3/Profiles/Quality/QualityProfileController.cs


        [RestDeleteById]
        public void DeleteProfile(int id)
        {
            _profileService.Delete(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Sonarr.Api.V3/Profiles/Release/ReleaseProfileController.cs


        [RestDeleteById]
        public void DeleteProfile(int id)
        {
            _profileService.Delete(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Sonarr.Api.V3/RemotePathMappings/RemotePathMappingController.cs


        [RestDeleteById]
        public void DeleteMapping(int id)
        {
            _remotePathMappingService.Remove(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Sonarr.Api.V3/RootFolders/RootFolderController.cs


        [RestDeleteById]
        public void DeleteFolder(int id)
        {
            _rootFolderService.Remove(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Sonarr.Api.V3/System/Backup/BackupController.cs


        [RestDeleteById]
        public void DeleteBackup(int id)
        {
            var backup = GetBackup(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-07-PiranhaCMS-piranha.core.md

PiranhaCMS/piranha.core

core/Piranha.Manager/Controllers/AliasApiController.cs

    [HttpDelete]
    [Authorize(Policy = Permission.AliasesDelete)]
    public async Task<IActionResult> Delete([FromBody]Guid id)
    {
        var alias = await _service.Delete(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

core/Piranha.Manager/Controllers/CommentApiController.cs

    [HttpDelete]
    [Authorize(Policy = Permission.CommentsDelete)]
    public async Task<StatusMessage> Delete([FromBody]Guid id)
    {
        await _service.DeleteAsync(id).ConfigureAwait(false);

This method may be missing authorization checks for which users can access the resource of the provided ID.

core/Piranha.Manager/Controllers/ContentApiController.cs

    [HttpDelete]
    [Authorize(Policy = Permission.ContentDelete)]
    public async Task<StatusMessage> Delete([FromBody]Guid id)
    {
        try

This method may be missing authorization checks for which users can access the resource of the provided ID.

core/Piranha.Manager/Controllers/LanguageApiController.cs

    [Route("{id}")]
    [HttpDelete]
    public async Task<IActionResult> Delete(Guid id)
    {
        try

This method may be missing authorization checks for which users can access the resource of the provided ID.

core/Piranha.Manager/Controllers/PageApiController.cs

    [HttpDelete]
    [Authorize(Policy = Permission.PagesDelete)]
    public async Task<StatusMessage> Delete([FromBody]Guid id)
    {
        try

This method may be missing authorization checks for which users can access the resource of the provided ID.

core/Piranha.Manager/Controllers/PostApiController.cs

    [HttpDelete]
    [Authorize(Policy = Permission.PostsDelete)]
    public async Task<StatusMessage> Delete([FromBody]Guid id)
    {
        try

This method may be missing authorization checks for which users can access the resource of the provided ID.

core/Piranha.Manager/Controllers/SiteApiController.cs

    [HttpDelete]
    [Authorize(Policy = Permission.SitesDelete)]
    public async Task<StatusMessage> Delete([FromBody]Guid id)
    {
        try

This method may be missing authorization checks for which users can access the resource of the provided ID.

identity/Piranha.AspNetCore.Identity/Controllers/RoleController.cs

    [Route("/manager/role/delete")]
    [Authorize(Policy = Permissions.RolesDelete)]
    public IActionResult Delete(Guid id)
    {
        var role = _db.Roles

This method may be missing authorization checks for which users can access the resource of the provided ID.

identity/Piranha.AspNetCore.Identity/Controllers/RoleController.cs

    [Route("/manager/role/{id:Guid}")]
    [Authorize(Policy = Permissions.RolesEdit)]
    public IActionResult Edit(Guid id)
    {
        return View("Edit", RoleEditModel.GetById(_db, id));

This method may be missing authorization checks for which users can access the resource of the provided ID.

identity/Piranha.AspNetCore.Identity/Controllers/UserController.cs

    [Route("/manager/user/{id:Guid?}")]
    [Authorize(Policy = Permissions.UsersEdit)]
    public IActionResult Edit(Guid id)
    {
        return View(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-08-Radarr-Radarr.md

Radarr/Radarr

src/Radarr.Api.V3/AutoTagging/AutoTaggingController.cs


        [RestDeleteById]
        public void DeleteFormat(int id)
        {
            _autoTaggingService.Delete(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Radarr.Api.V3/Blocklist/BlocklistController.cs


        [RestDeleteById]
        public void DeleteBlocklist(int id)
        {
            _blocklistService.Delete(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Radarr.Api.V3/Credits/CreditController.cs


        [HttpGet]
        public List<CreditResource> GetCredits(int? movieId, int? movieMetadataId)
        {
            if (movieMetadataId.HasValue)

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Radarr.Api.V3/CustomFilters/CustomFilterController.cs


        [RestDeleteById]
        public void DeleteCustomResource(int id)
        {
            _customFilterService.Delete(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Radarr.Api.V3/Profiles/Delay/DelayProfileController.cs


        [RestDeleteById]
        public void DeleteProfile(int id)
        {
            if (id == 1)

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Radarr.Api.V3/Profiles/Quality/QualityProfileController.cs


        [RestDeleteById]
        public void DeleteProfile(int id)
        {
            _profileService.Delete(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Radarr.Api.V3/Profiles/Release/ReleaseProfileController.cs


        [RestDeleteById]
        public void DeleteProfile(int id)
        {
            _profileService.Delete(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Radarr.Api.V3/RemotePathMappings/RemotePathMappingController.cs


        [RestDeleteById]
        public void DeleteMapping(int id)
        {
            _remotePathMappingService.Remove(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Radarr.Api.V3/RootFolders/RootFolderController.cs


        [RestDeleteById]
        public void DeleteFolder(int id)
        {
            _rootFolderService.Remove(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Radarr.Api.V3/System/Backup/BackupController.cs


        [RestDeleteById]
        public void DeleteBackup(int id)
        {
            var backup = GetBackup(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-09-cloudscribe-cloudscribe.md

cloudscribe/cloudscribe

src/cloudscribe.Core.IdentityServerIntegration/Controllers/ApiResourceController.cs


        [HttpPost]
        public async Task<IActionResult> DeleteApiResource(Guid siteId, string apiName)
        {
            await _apiManager.DeleteApiResource(siteId.ToString(), apiName);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/cloudscribe.Core.IdentityServerIntegration/Controllers/ClientsController.cs


        [HttpPost]
        public async Task<IActionResult> DeleteClient(Guid siteId, string clientId)
        {
            await clientsManager.DeleteClient(siteId.ToString(), clientId);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/cloudscribe.Core.IdentityServerIntegration/Controllers/ClientsController.cs


        [HttpPost]
        public async Task<IActionResult> DeleteClientClaim(Guid siteId, string clientId, string claimType, string claimValue)
        {
            var client = await clientsManager.FetchClient(siteId.ToString(), clientId);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/cloudscribe.Core.IdentityServerIntegration/Controllers/ClientsController.cs


        [HttpPost]
        public async Task<IActionResult> DeleteClientProperty(Guid siteId, string clientId, string key, string value)
        {
            var client = await clientsManager.FetchClient(siteId.ToString(), clientId);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/cloudscribe.Core.IdentityServerIntegration/Controllers/IdentityResourceController.cs


        [HttpPost]
        public async Task<IActionResult> DeleteResource(Guid siteId, string resourceName)
        {
            await _idManager.DeleteIdentityResource(siteId.ToString(), resourceName);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/cloudscribe.Core.Web/Controllers/CoreDataController.cs

        [HttpPost]
        [ValidateAntiForgeryToken]
        public virtual async Task<IActionResult> CountryDelete(Guid countryId, int returnPageNumber = 1)
        {
            var country = await DataManager.FetchCountry(countryId);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/cloudscribe.Core.Web/Controllers/CoreDataController.cs

        [Authorize(Policy = PolicyConstants.CoreDataPolicy)]
        [HttpGet]
        public virtual async Task<IActionResult> StateEdit(
            Guid countryId,
            Guid? stateId,

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/cloudscribe.Core.Web/Controllers/CoreDataController.cs

        [HttpPost]
        [ValidateAntiForgeryToken]
        public virtual async Task<IActionResult> StateDelete(
            Guid countryId,
            Guid stateId,

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/cloudscribe.Core.Web/Controllers/CoreDataController.cs

        [Authorize(Policy = PolicyConstants.CoreDataPolicy)]
        [HttpGet]
        public virtual async Task<IActionResult> CountryEdit(
            Guid? countryId,
            int returnPageNumber = 1

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-10-gustavnavar-Grid.Blazor.md

gustavnavar/Grid.Blazor

GridBlazorClientSide.Server/Controllers/CustomerController.cs


        [HttpDelete("{id}")]
        public async Task<ActionResult> Delete(string id)
        {
            var repository = new CustomersRepository(_context);

This method may be missing authorization checks for which users can access the resource of the provided ID.

GridBlazorClientSide.Server/Controllers/EmployeeController.cs


        [HttpDelete("{id}")]
        public async Task<ActionResult> Delete(int id)
        {
            var repository = new EmployeeRepository(_context);

This method may be missing authorization checks for which users can access the resource of the provided ID.

GridBlazorClientSide.Server/Controllers/OrderController.cs


        [HttpDelete("{id}")]
        public async Task<ActionResult> Delete(int id)
        {
            var repository = new OrdersRepository(_context);

This method may be missing authorization checks for which users can access the resource of the provided ID.

GridBlazorClientSide.Server/Controllers/OrderDetailController.cs


        [HttpDelete("{orderId}/{productId}")]
        public async Task<ActionResult> Delete(int orderId, int productId)
        {
            var repository = new OrderDetailsRepository(_context);

This method may be missing authorization checks for which users can access the resource of the provided ID.

GridBlazorClientSide.Server/Controllers/SampleDataController.cs


        [HttpGet("[action]")]
        public async Task<ActionResult> OrderColumnsWithEdit()
        {
            var repository = new OrdersRepository(_context);

This method may be missing authorization checks for which users can access the resource of the provided ID.

GridBlazorOData.Server/Controllers/OrderDetailsController.cs

        }

        public async Task<ActionResult> Delete([FromODataUri] int keyOrderID, [FromODataUri] int keyProductID)
        {
            var repository = new OrderDetailsRepository(_context);

This method may be missing authorization checks for which users can access the resource of the provided ID.

GridBlazorOData.Server/Controllers/OrdersController.cs


        [HttpDelete("odata/Orders({keyOrderID})/OrderDetails(orderID={orderID},productID={productID})")]
        public async Task<ActionResult> DeleteToOrderDetails([FromODataUri] int orderID, [FromODataUri] int productID)
        {
            var repository = new OrderDetailsRepository(_context);

This method may be missing authorization checks for which users can access the resource of the provided ID.

GridMvc.Demo/Controllers/HomeController.cs

        }

        public async Task<ActionResult> Edit(int? id, string returnUrl, string gridState, string altGridState = "", string error = "")
        {
            if (id == null || !id.HasValue)

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-11-Squidex-squidex.md

Squidex/squidex

backend/src/Squidex/Areas/Api/Controllers/Assets/AssetFoldersController.cs

    [ApiPermissionOrAnonymous(PermissionIds.AppAssetFoldersDelete)]
    [ApiCosts(1)]
    public async Task<IActionResult> DeleteAssetFolder(string app, DomainId id)
    {
        var command = new DeleteAssetFolder { AssetFolderId = id };

This method may be missing authorization checks for which users can access the resource of the provided ID.

backend/src/Squidex/Areas/Api/Controllers/Assets/AssetsController.cs

    [ApiPermissionOrAnonymous(PermissionIds.AppAssetsDelete)]
    [ApiCosts(1)]
    public async Task<IActionResult> DeleteAsset(string app, DomainId id, DeleteAssetDto request)
    {
        var command = request.ToCommand(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

backend/src/Squidex/Areas/Api/Controllers/Backups/BackupsController.cs

    [ApiPermissionOrAnonymous(PermissionIds.AppBackupsDelete)]
    [ApiCosts(0)]
    public async Task<IActionResult> DeleteBackup(string app, DomainId id)
    {
        await backupService.DeleteBackupAsync(AppId, id, HttpContext.RequestAborted);

This method may be missing authorization checks for which users can access the resource of the provided ID.

backend/src/Squidex/Areas/Api/Controllers/Comments/CommentsController.cs

    [ApiPermissionOrAnonymous(PermissionIds.AppCommentsDelete)]
    [ApiCosts(0)]
    public async Task<IActionResult> DeleteComment(string app, DomainId commentsId, DomainId commentId)
    {
        var command = new DeleteComment

This method may be missing authorization checks for which users can access the resource of the provided ID.

backend/src/Squidex/Areas/Api/Controllers/Contents/ContentsController.cs

    [ApiPermissionOrAnonymous(PermissionIds.AppContentsDeleteOwn)]
    [ApiCosts(1)]
    public async Task<IActionResult> DeleteContent(string app, string schema, DomainId id, DeleteContentDto request)
    {
        var command = request.ToCommand(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

backend/src/Squidex/Areas/Api/Controllers/Rules/RulesController.cs

    [ApiPermissionOrAnonymous(PermissionIds.AppRulesDelete)]
    [ApiCosts(1)]
    public async Task<IActionResult> DeleteRule(string app, DomainId id)
    {
        var command = new DeleteRule { RuleId = id };

This method may be missing authorization checks for which users can access the resource of the provided ID.

backend/src/Squidex/Areas/Api/Controllers/Rules/RulesController.cs

    [ApiPermissionOrAnonymous(PermissionIds.AppRulesEventsDelete)]
    [ApiCosts(0)]
    public async Task<IActionResult> DeleteEvent(string app, DomainId id)
    {
        var ruleEvent = await ruleEventsRepository.FindAsync(id, HttpContext.RequestAborted);

This method may be missing authorization checks for which users can access the resource of the provided ID.

backend/src/Squidex/Areas/Api/Controllers/Rules/RulesController.cs

    [ApiPermissionOrAnonymous(PermissionIds.AppRulesEventsDelete)]
    [ApiCosts(1)]
    public async Task<IActionResult> DeleteRuleEvents(string app, DomainId id)
    {
        await ruleEventsRepository.CancelByRuleAsync(id, HttpContext.RequestAborted);

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-12-umbraco-Umbraco-CMS.md

umbraco/Umbraco-CMS

src/Umbraco.Cms.ManagementApi/Controllers/Language/DeleteLanguageController.cs

    [ProducesResponseType(StatusCodes.Status200OK)]
    // TODO: This needs to be an authorized endpoint.
    public async Task<IActionResult> Delete(int id)
    {
        ILanguage? language = _localizationService.GetLanguageById(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Umbraco.Web.BackOffice/Controllers/ContentController.cs

    [HttpDelete]
    [HttpPost]
    public IActionResult DeleteBlueprint(int id)
    {
        IContent? found = _contentService.GetBlueprintById(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Umbraco.Web.BackOffice/Controllers/LanguageController.cs

    [HttpDelete]
    [HttpPost]
    public IActionResult DeleteLanguage(int id)
    {
        ILanguage? language = _localizationService.GetLanguageById(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Umbraco.Web.BackOffice/Controllers/MacrosController.cs


    [HttpPost]
    public IActionResult DeleteById(int id)
    {
        IMacro? macro = _macroService.GetById(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Umbraco.Web.BackOffice/Controllers/MemberGroupController.cs

    [HttpDelete]
    [HttpPost]
    public IActionResult DeleteById(int id)
    {
        IMemberGroup? memberGroup = _memberGroupService.GetById(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Umbraco.Web.BackOffice/Controllers/RedirectUrlManagementController.cs


    [HttpPost]
    public IActionResult DeleteRedirectUrl(Guid id)
    {
        _redirectUrlService.Delete(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Umbraco.Web.BackOffice/Controllers/RelationTypeController.cs

    [HttpPost]
    [HttpDelete]
    public IActionResult DeleteById(int id)
    {
        IRelationType? relationType = _relationService.GetRelationTypeById(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Umbraco.Web.BackOffice/Controllers/TemplateController.cs

    [HttpDelete]
    [HttpPost]
    public IActionResult DeleteById(int id)
    {
        ITemplate? template = _fileService.GetTemplate(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-13-elsa-workflows-elsa-core.md

elsa-workflows/elsa-core

src/activities/webhooks/Elsa.Webhooks.Api/Endpoints/Delete.cs

            Tags = new[] { "WebhookDefinitions" })
        ]
        public async Task<IActionResult> Handle(string id, CancellationToken cancellationToken)
        {
            var webhookDefinition = await _webhookDefinitionStore.FindAsync(new EntityIdSpecification<WebhookDefinition>(id), cancellationToken);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/modules/secrets/Elsa.Secrets.Api/Endpoints/Secrets/Delete.cs

        [ProducesResponseType(StatusCodes.Status204NoContent)]
        [ProducesResponseType(StatusCodes.Status404NotFound)]
        public async Task<IActionResult> Handle(string id, CancellationToken cancellationToken = default)
        {
            var secret = await _secretsStore.FindByIdAsync(id, cancellationToken);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/modules/workflowsettings/Elsa.WorkflowSettings.Api/Endpoints/Delete.cs

            Tags = new[] { "WorkflowSettings" })
        ]
        public async Task<IActionResult> Handle(string id, CancellationToken cancellationToken = default)
        {
            var workflowSettings = await _workflowSettingsStore.FindByIdAsync(id, cancellationToken);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/server/Elsa.Server.Api/Endpoints/WorkflowDefinitions/DeleteByDefinition.cs

            Tags = new[] { "WorkflowDefinitions" })
        ]
        public async Task<IActionResult> Handle(string definitionId, CancellationToken cancellationToken = default)
        {
            await _workflowPublisher.DeleteAsync(definitionId, VersionOptions.All, cancellationToken);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/server/Elsa.Server.Api/Endpoints/WorkflowDefinitions/DeleteByDefinitionAndVersion.cs

            Tags = new[] { "WorkflowDefinitions" })
        ]
        public async Task<IActionResult> Handle(string definitionId, VersionOptions? versionOptions = default, CancellationToken cancellationToken = default)
        {
            if (versionOptions == null)

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/server/Elsa.Server.Api/Endpoints/WorkflowInstances/Delete.cs

            Tags = new[] { "WorkflowInstances" })
        ]
        public async Task<IActionResult> Handle(string id, CancellationToken cancellationToken = default)
        {
            var result = await _workflowInstanceDeleter.DeleteAsync(id, cancellationToken);

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-14-kgrzybek-modular-monolith-with-ddd.md

kgrzybek/modular-monolith-with-ddd

src/API/CompanyName.MyMeetings.API/Modules/Meetings/MeetingComments/MeetingCommentsController.cs

        [HasPermission(MeetingsPermissions.RemoveMeetingComment)]
        [ProducesResponseType(StatusCodes.Status200OK)]
        public async Task<IActionResult> DeleteComment([FromRoute] Guid meetingCommentId, [FromQuery] string reason)
        {
            await _meetingModule.ExecuteCommandAsync(

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/API/CompanyName.MyMeetings.API/Modules/Meetings/MeetingComments/MeetingCommentsController.cs

        [HasPermission(MeetingsPermissions.EditMeetingComment)]
        [ProducesResponseType(StatusCodes.Status200OK)]
        public async Task<IActionResult> EditComment(
            [FromRoute] Guid meetingCommentId,
            [FromBody] EditMeetingCommentRequest request)

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/API/CompanyName.MyMeetings.API/Modules/Meetings/MeetingGroups/MeetingGroupsController.cs

        [HasPermission(MeetingsPermissions.EditMeetingGroupGeneralAttributes)]
        [ProducesResponseType(StatusCodes.Status200OK)]
        public async Task<IActionResult> EditMeetingGroupGeneralAttributes(
            [FromRoute] Guid meetingGroupId,
            [FromBody] EditMeetingGroupGeneralAttributesRequest request)

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/API/CompanyName.MyMeetings.API/Modules/Meetings/Meetings/MeetingsController.cs

        [HasPermission(MeetingsPermissions.ChangeNotAttendeeDecision)]
        [ProducesResponseType(StatusCodes.Status200OK)]
        public async Task<IActionResult> ChangeNotAttendeeDecision(Guid meetingId)
        {
            await _meetingsModule.ExecuteCommandAsync(new ChangeNotAttendeeDecisionCommand(meetingId));

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/API/CompanyName.MyMeetings.API/Modules/Meetings/Meetings/MeetingsController.cs

        [HasPermission(MeetingsPermissions.EditMeeting)]
        [ProducesResponseType(StatusCodes.Status200OK)]
        public async Task<IActionResult> EditMeeting(
            [FromRoute] Guid meetingId,
            [FromBody] ChangeMeetingMainAttributesRequest mainAttributesRequest)

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-15-EduardoPires-EquinoxProject.md

EduardoPires/EquinoxProject

src/Equinox.Services.Api/Controllers/CustomerController.cs

        [CustomAuthorize("Customers", "Remove")]
        [HttpDelete("customer-management")]
        public async Task<IActionResult> Delete(Guid id)
        {
            return CustomResponse(await _customerAppService.Remove(id));

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Equinox.UI.Web/Controllers/CustomerController.cs

        [CustomAuthorize("Customers", "Write")]
        [HttpGet("customer-management/edit-customer/{id:guid}")]
        public async Task<IActionResult> Edit(Guid? id)
        {
            if (id == null) return NotFound();

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Equinox.UI.Web/Controllers/CustomerController.cs

        [CustomAuthorize("Customers", "Remove")]
        [HttpGet("customer-management/remove-customer/{id:guid}")]
        public async Task<IActionResult> Delete(Guid? id)
        {
            if (id == null) return NotFound();

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Equinox.UI.Web/Controllers/CustomerController.cs

        [CustomAuthorize("Customers", "Remove")]
        [HttpPost("customer-management/remove-customer/{id:guid}"), ActionName("Delete")]
        public async Task<IActionResult> DeleteConfirmed(Guid id)
        {
            if (ResponseHasErrors(await _customerAppService.Remove(id)))

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-16-lysilver-KopSoftWms.md

lysilver/KopSoftWms

src/KopSoftWms/Controllers/InventoryMoveController.cs

        [HttpGet]
        [OperationLog(LogType.delete)]
        public IActionResult Delete(string id)
        {
            var flag = _client.Ado.UseTran(() =>

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/KopSoftWms/Controllers/LogController.cs

        //'Content-Type': 'application/json; charset=UTF-8' FromBody 修饰的每个操作,最多可以有一个参数
        [HttpPost]
        public IActionResult Delete([FromBody] long[] Id)
        {
            var flag = _logServices.Delete(Id.ToArray());

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/KopSoftWms/Controllers/StockInController.cs

        [HttpGet]
        [OperationLog(LogType.delete)]
        public IActionResult Delete(string id)
        {
            var flag = _client.Ado.UseTran(() =>

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/KopSoftWms/Controllers/StockOutController.cs

        [HttpGet]
        [OperationLog(LogType.delete)]
        public IActionResult Delete(string id)
        {
            var flag = _client.Ado.UseTran(() =>

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-17-bitwarden-server.md

bitwarden/server

src/Api/Controllers/PushController.cs


    [HttpDelete("{id}")]
    public async Task Delete(string id)
    {
        CheckUsage();

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Api/Public/Controllers/CollectionsController.cs

    [ProducesResponseType((int)HttpStatusCode.OK)]
    [ProducesResponseType((int)HttpStatusCode.NotFound)]
    public async Task<IActionResult> Delete(Guid id)
    {
        var collection = await _collectionRepository.GetByIdAsync(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Api/Public/Controllers/GroupsController.cs

    [ProducesResponseType((int)HttpStatusCode.OK)]
    [ProducesResponseType((int)HttpStatusCode.NotFound)]
    public async Task<IActionResult> Delete(Guid id)
    {
        var group = await _groupRepository.GetByIdAsync(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-18-dotnetcore-Util.md

dotnetcore/Util

test/Util.AspNetCore.Tests.Integration/Controllers/Test4Controller.cs

    /// </summary>
    [HttpDelete( "delete/{id}" )]
    public string Delete( string id ) {
        return $"ok:{id}";
    }

This method may be missing authorization checks for which users can access the resource of the provided ID.

test/Util.AspNetCore.Tests.Integration/Controllers/Test4Controller.cs

    /// </summary>
    [HttpDelete( "{id}" )]
    public CustomerDto Delete2( string id ) {
        return new CustomerDto { Code = id }; 
    }

This method may be missing authorization checks for which users can access the resource of the provided ID.

test/Util.TestShare/Controllers/ProductController.cs

    /// <param name="id">标识</param>
    [HttpDelete( "{id}" )]
    public new async Task<IActionResult> DeleteAsync( string id ) {
        return await base.DeleteAsync( id );
    }

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-19-DuendeSoftware-BFF.md

DuendeSoftware/BFF

samples/Api/ToDoController.cs

        
        [HttpDelete("todos/{id}")]
        public IActionResult Delete(int id)
        {
            var item = __data.FirstOrDefault(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

samples/Api.DPoP/ToDoController.cs

        
        [HttpDelete("todos/{id}")]
        public IActionResult Delete(int id)
        {
            var item = __data.FirstOrDefault(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

samples/Api.Isolated/ToDoController.cs

        
        [HttpDelete("todos/{id}")]
        public IActionResult Delete(int id)
        {
            var item = __data.FirstOrDefault(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-20-exceptionless-Exceptionless.md

exceptionless/Exceptionless

src/Exceptionless.Web/Controllers/OrganizationController.cs

    [HttpDelete]
    [Route("{id:objectid}/data/{key:minlength(1)}")]
    public async Task<IActionResult> DeleteDataAsync(string id, string key)
    {
        var organization = await GetModelAsync(id, false);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Exceptionless.Web/Controllers/ProjectController.cs

    [HttpDelete("{id:objectid}/config")]
    [Authorize(Policy = AuthorizationRoles.UserPolicy)]
    public async Task<IActionResult> DeleteConfigAsync(string id, string key)
    {
        if (String.IsNullOrWhiteSpace(key))

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Exceptionless.Web/Controllers/ProjectController.cs

    [HttpDelete("{id:objectid}/data")]
    [Authorize(Policy = AuthorizationRoles.UserPolicy)]
    public async Task<IActionResult> DeleteDataAsync(string id, string key)
    {
        if (String.IsNullOrWhiteSpace(key) || key.StartsWith("-"))

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-21-jellyfin-jellyfin.md

jellyfin/jellyfin

Jellyfin.Api/Controllers/DlnaController.cs

        [ProducesResponseType(StatusCodes.Status204NoContent)]
        [ProducesResponseType(StatusCodes.Status404NotFound)]
        public ActionResult DeleteProfile([FromRoute, Required] string profileId)
        {
            var existingDeviceProfile = _dlnaManager.GetProfile(profileId);

This method may be missing authorization checks for which users can access the resource of the provided ID.

Jellyfin.Api/Controllers/LiveTvController.cs

        [Authorize(Policy = Policies.DefaultAuthorization)]
        [ProducesResponseType(StatusCodes.Status204NoContent)]
        public ActionResult DeleteTunerHost([FromQuery] string? id)
        {
            var config = _configurationManager.GetConfiguration<LiveTvOptions>("livetv");

This method may be missing authorization checks for which users can access the resource of the provided ID.

Jellyfin.Api/Controllers/LiveTvController.cs

        [Authorize(Policy = Policies.DefaultAuthorization)]
        [ProducesResponseType(StatusCodes.Status204NoContent)]
        public ActionResult DeleteListingProvider([FromQuery] string? id)
        {
            _liveTvManager.DeleteListingsProvider(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-22-aspnetrun-run-aspnetcore-microservices.md

aspnetrun/run-aspnetcore-microservices

src/Services/Catalog/Catalog.API/Controllers/CatalogController.cs

        [HttpDelete("{id:length(24)}", Name = "DeleteProduct")]        
        [ProducesResponseType(typeof(Product), (int)HttpStatusCode.OK)]
        public async Task<IActionResult> DeleteProductById(string id)
        {
            return Ok(await _repository.DeleteProduct(id));

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Services/Ordering/Ordering.API/Controllers/OrderController.cs

        [ProducesResponseType(StatusCodes.Status404NotFound)]
        [ProducesDefaultResponseType]
        public async Task<ActionResult> DeleteOrder(int id)
        {
            var command = new DeleteOrderCommand() { Id = id };

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-23-Azure-iotedge.md

Azure/iotedge

edge-hub/core/src/Microsoft.Azure.Devices.Edge.Hub.Http/controllers/RegistryController.cs

        [HttpDelete]
        [Route("devices/{deviceId}/modules/{moduleId}")]
        public async Task DeleteModuleAsync(
            [FromRoute] string deviceId,
            [FromRoute] string moduleId)

This method may be missing authorization checks for which users can access the resource of the provided ID.

edge-hub/core/src/Microsoft.Azure.Devices.Edge.Hub.Http/controllers/RegistryController.cs

        [HttpPost]
        [Route("devices/{actorDeviceId}/modules/$edgeHub/deleteModuleOnBehalfOf")]
        public async Task DeleteModuleOnBehalfOfAsync(
            [FromRoute] string actorDeviceId,
            [FromBody] DeleteModuleOnBehalfOfData requestData)

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-24-dotnet-architecture-eShopOnContainers.md

dotnet-architecture/eShopOnContainers

src/Services/Basket/Basket.API/Controllers/BasketController.cs

    [HttpDelete("{id}")]
    [ProducesResponseType(StatusCodes.Status200OK)]
    public async Task DeleteBasketByIdAsync(string id)
    {
        await _repository.DeleteBasketAsync(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Services/Catalog/Catalog.API/Controllers/CatalogController.cs

    [ProducesResponseType(StatusCodes.Status204NoContent)]
    [ProducesResponseType(StatusCodes.Status404NotFound)]
    public async Task<ActionResult> DeleteProductAsync(int id)
    {
        var product = _catalogContext.CatalogItems.SingleOrDefault(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-25-fullstackhero-dotnet-webapi-boilerplate.md

fullstackhero/dotnet-webapi-boilerplate

src/Host/Controllers/Catalog/BrandsController.cs

    [MustHavePermission(FSHAction.Delete, FSHResource.Brands)]
    [OpenApiOperation("Delete a brand.", "")]
    public Task<Guid> DeleteAsync(Guid id)
    {
        return Mediator.Send(new DeleteBrandRequest(id));

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Host/Controllers/Catalog/ProductsController.cs

    [MustHavePermission(FSHAction.Delete, FSHResource.Products)]
    [OpenApiOperation("Delete a product.", "")]
    public Task<Guid> DeleteAsync(Guid id)
    {
        return Mediator.Send(new DeleteProductRequest(id));

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-26-gautema-CQRSlite.md

gautema/CQRSlite

Sample/CQRSWeb/Controllers/HomeController.cs

        }

        public async Task<ActionResult> ChangeName(Guid id)
        {
            ViewData.Model = await _queryProcessor.Query(new GetInventoryItemDetails(id));

This method may be missing authorization checks for which users can access the resource of the provided ID.

Sample/CQRSWeb/Controllers/HomeController.cs


        [HttpPost]
        public async Task<ActionResult> ChangeName(Guid id, string name, int version, CancellationToken cancellationToken)
        {
            await _commandSender.Send(new RenameInventoryItem(id, name, version), cancellationToken);

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-27-NickStrupat-EntityFramework.Triggers.md

NickStrupat/EntityFramework.Triggers

test/EntityFramework.Triggers.AspNetCore.Test/Controllers/ValuesController.cs

        // DELETE api/values/5
        [HttpDelete("{id}")]
        public void Delete(int id)
        {
        }

This method may be missing authorization checks for which users can access the resource of the provided ID.

test/EntityFrameworkCore.Triggers.AspNetCore.Test/Controllers/ValuesController.cs

        // DELETE api/values/5
        [HttpDelete("{id}")]
        public void Delete(int id)
        {
        }

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-28-open-telemetry-opentelemetry-dotnet.md

open-telemetry/opentelemetry-dotnet

test/TestApp.AspNetCore.3.1/Controllers/ValuesController.cs

        // DELETE api/values/5
        [HttpDelete("{id}")]
        public void Delete(int id)
        {
        }

This method may be missing authorization checks for which users can access the resource of the provided ID.

test/TestApp.AspNetCore.6.0/Controllers/ValuesController.cs

        // DELETE api/values/5
        [HttpDelete("{id}")]
        public void Delete(int id)
        {
        }

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-29-OrchardCMS-OrchardCore.md

OrchardCMS/OrchardCore

src/OrchardCore.Modules/OrchardCore.Demo/Controllers/TodoController.cs

        }

        public async Task<IActionResult> Delete(string todoId)
        {
            var model = (await _session.Query<TodoModel>().ListAsync())

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/OrchardCore.Modules/OrchardCore.Demo/Controllers/TodoController.cs

        }

        public async Task<IActionResult> Edit(string todoId)
        {
            var model = (await _session.Query<TodoModel>().ListAsync())

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-30-stefanprodan-AspNetCoreRateLimit.md

stefanprodan/AspNetCoreRateLimit

test/AspNetCoreRateLimit.Demo/Controllers/ClientsController.cs

        // DELETE api/values/5
        [HttpDelete("{id}")]
        public void Delete(int id)
        {
        }

This method may be missing authorization checks for which users can access the resource of the provided ID.

test/AspNetCoreRateLimit.Demo/Controllers/ValuesController.cs

        // DELETE api/values/5
        [HttpDelete("{id}")]
        public void Delete(int id)
        {
        }

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-31-ThreeMammals-Ocelot.md

ThreeMammals/Ocelot

samples/OcelotKube/DownstreamService/Controllers/ValuesController.cs

    // DELETE api/values/5
    [HttpDelete("{id}")]
    public void Delete(int id)
    {
    }

This method may be missing authorization checks for which users can access the resource of the provided ID.

samples/OcelotServiceFabric/src/OcelotApplicationService/Controllers/ValuesController.cs

        // DELETE api/values/5
        [HttpDelete("{id}")]
        public void Delete(int id)
        {
        }

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-32-VirtoCommerce-vc-platform.md

VirtoCommerce/vc-platform

src/VirtoCommerce.Platform.Web/Controllers/Api/DynamicPropertiesController.cs

        [Authorize(PlatformConstants.Security.Permissions.DynamicPropertiesDelete)]
        [ProducesResponseType(typeof(void), StatusCodes.Status204NoContent)]
        public async Task<ActionResult> DeleteProperty([FromRoute] string typeName, [FromRoute] string propertyId)
        {
            await _dynamicPropertyService.DeleteDynamicPropertiesAsync(new[] { propertyId });

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/VirtoCommerce.Platform.Web/Controllers/Api/DynamicPropertiesController.cs

        [Authorize(PlatformConstants.Security.Permissions.DynamicPropertiesUpdate)]
        [ProducesResponseType(typeof(void), StatusCodes.Status204NoContent)]
        public async Task<ActionResult> DeleteDictionaryItem([FromRoute] string typeName, [FromRoute] string propertyId, [FromQuery] string[] ids)
        {
            await _dynamicPropertyDictionaryItemsService.DeleteDictionaryItemsAsync(ids);

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-33-abpframework-abp.md
Raw
result-34-aspnet-AspLabs.md
Raw
result-35-aws-aws-extensions-for-dotnet-cli.md
Raw
result-36-aws-aws-lambda-dotnet.md
Raw
result-37-Azure-azure-functions-host.md

Azure/azure-functions-host

src/WebJobs.Script.WebHost/Controllers/ExtensionsController.cs

        [HttpDelete]
        [Route("admin/host/extensions/{id}")]
        public async Task<IActionResult> Delete(string id)
        {
            if (_extensionBundleManager.IsExtensionBundleConfigured())

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-38-Burgyn-MMLib.SwaggerForOcelot.md

Burgyn/MMLib.SwaggerForOcelot

demo/OrderService/V3/Controllers/OrdersController.cs

        [HttpDelete("{id:int}")]
        [ProducesResponseType(204)]
        public IActionResult Delete(int id)
        {
            Console.Write(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-39-Chinchilla-Software-Com-CQRS.md

Chinchilla-Software-Com/CQRS

Sample/CQRSWeb/Controllers/HomeController.cs


		[HttpPost]
		public ActionResult ChangeName(Guid id, string name, int version)
		{
			_commandSender.Publish(new RenameInventoryItem(id, name, version));

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-40-dotnet-crank.md
Raw
result-41-dotnetcore-SmartSql.md
Raw
result-42-JasperFx-alba.md

JasperFx/alba

src/WebApp/Controllers/ValuesController.cs

        // DELETE api/values/5
        [HttpDelete("{id}")]
        public void Delete(int id)
        {
        }

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-43-JasperFx-lamar.md

JasperFx/lamar

src/UserApp/Controllers/ValuesController.cs

        // DELETE api/values/5
        [HttpDelete("{id}")]
        public void Delete(int id)
        {
        }

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-44-KevinDockx-HttpCacheHeaders.md
Raw
result-45-loic-sharma-BaGet.md

loic-sharma/BaGet

src/BaGet.Web/Controllers/PackagePublishController.cs


        [HttpDelete]
        public async Task<IActionResult> Delete(string id, string version, CancellationToken cancellationToken)
        {
            if (_options.Value.IsReadOnlyMode)

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-46-rafaelfgx-Architecture.md

rafaelfgx/Architecture

source/Web/Controllers/ExampleController.cs


    [HttpDelete("{id:long}")]
    public IActionResult Delete(long id) => Mediator.HandleAsync(new DeleteExampleRequest(id)).ApiResult();

    [HttpGet("{id:long}")]

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-47-SciSharp-BotSharp.md

SciSharp/BotSharp

src/Infrastructure/BotSharp.OpenAPI/Controllers/ConversationController.cs


    [HttpDelete("/conversation/{agentId}/{conversationId}")]
    public async Task DeleteConversation([FromRoute] string agentId, [FromRoute] string conversationId)
    {
        var service = _services.GetRequiredService<IConversationService>();

This method may be missing authorization checks for which users can access the resource of the provided ID.

Raw
result-48-structuremap-StructureMap.Microsoft.DependencyInjection.md
Raw
result-49-Xabaril-AspNetCore.Diagnostics.HealthChecks.md
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment