Skip to content

Instantly share code, notes, and snippets.

@joefarebrother

joefarebrother/_summary.md Secret

Created September 13, 2023 15:14
Show Gist options
  • Save joefarebrother/34c1b5c1c1c15f5a882a7b5511f85ec7 to your computer and use it in GitHub Desktop.
Save joefarebrother/34c1b5c1c1c15f5a882a7b5511f85ec7 to your computer and use it in GitHub Desktop.
Download ZIP
Insecure Direct Object Reference (csharp) 80 results (21 repositories)
Raw
_summary.md

Results for "Insecure Direct Object Reference"

Query 
/**
 * @name Insecure Direct Object Reference
 * @description Using user input to control which object is modified without
 *              proper authorization checks allows an attacker to modify arbitrary objects.
 * @kind problem
 * @problem.severity error
 * @security-severity 7.5
 * @precision medium
 * @id cs/web/insecure-direct-object-reference
 * @tags security
 *       external/cwe-639
 */

import csharp
import semmle.code.csharp.security.auth.InsecureDirectObjectReferenceQuery

from ActionMethod m
where hasInsecureDirectObjectReference(m)
select m,
  "This method may be missing authorization checks for which users can access the resource of the provided ID."

Summary

Repository Results
dotnetcore/WTM 13 result(s)
SharpRepository/SharpRepository 12 result(s)
Radarr/Radarr 10 result(s)
Sonarr/Sonarr 10 result(s)
gustavnavar/Grid.Blazor 8 result(s)
elsa-workflows/elsa-core 6 result(s)
dotnetcore/Util 3 result(s)
aspnetrun/run-aspnetcore-microservices 2 result(s)
Azure/iotedge 2 result(s)
gautema/CQRSlite 2 result(s)
OrchardCMS/OrchardCore 2 result(s)
abpframework/abp 1 result(s)
anjoy8/Blog.Core 1 result(s)
Burgyn/MMLib.SwaggerForOcelot 1 result(s)
Chinchilla-Software-Com/CQRS 1 result(s)
dotnet-architecture/eShopOnContainers 1 result(s)
dotnet/crank 1 result(s)
dotnetcore/SmartSql 1 result(s)
loic-sharma/BaGet 1 result(s)
martincostello/sqllocaldb 1 result(s)
umbraco/Umbraco-CMS 1 result(s)
Raw
result-01-dotnetcore-WTM.md

dotnetcore/WTM

demo/WalkingTec.Mvvm.Demo/Controllers/CityController.cs

        #region Edit
        [ActionDescription("Edit")]
        public ActionResult Edit(string id)
        {
            var vm = CreateVM<CityVM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/CityController.cs

        #region Delete
        [ActionDescription("Delete")]
        public ActionResult Delete(string id)
        {
            var vm = CreateVM<CityVM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/CityController.cs

        [ActionDescription("Delete")]
        [HttpPost]
        public ActionResult Delete(string id, IFormCollection nouse)
        {
            var vm = CreateVM<CityVM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/MajorController.cs

        #region 删除
        [ActionDescription("删除")]
        public ActionResult Delete(Guid id)
        {
            var vm = CreateVM<MajorVM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/MajorController.cs

        #region 修改
        [ActionDescription("修改")]
        public ActionResult Edit(Guid id)
        {
            var vm = CreateVM<MajorVM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/MajorController.cs

        [ActionDescription("删除")]
        [HttpPost]
        public ActionResult Delete(Guid id, IFormCollection nouse)
        {
            var vm = CreateVM<MajorVM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/StudentController.cs

        #region Edit
        [ActionDescription("Edit")]
        public ActionResult Edit(string id)
        {
            var vm = CreateVM<StudentVM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/StudentController.cs

        #region Delete
        [ActionDescription("Delete")]
        public ActionResult Delete(string id)
        {
            var vm = CreateVM<StudentVM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/StudentController.cs

        [ActionDescription("Delete")]
        [HttpPost]
        public ActionResult Delete(string id, IFormCollection nouse)
        {
            var vm = CreateVM<StudentVM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/%E4%B8%8D%E8%A6%81%E7%94%A8%E4%B8%AD%E6%96%87%E6%A8%A1%E5%9E%8B%E5%90%8DController.cs

        #region 修改
        [ActionDescription("修改")]
        public ActionResult Edit(string id)
        {
            var vm = CreateVM<不要用中文模型名VM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/%E4%B8%8D%E8%A6%81%E7%94%A8%E4%B8%AD%E6%96%87%E6%A8%A1%E5%9E%8B%E5%90%8DController.cs

        #region 删除
        [ActionDescription("删除")]
        public ActionResult Delete(string id)
        {
            var vm = CreateVM<不要用中文模型名VM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

demo/WalkingTec.Mvvm.Demo/Controllers/%E4%B8%8D%E8%A6%81%E7%94%A8%E4%B8%AD%E6%96%87%E6%A8%A1%E5%9E%8B%E5%90%8DController.cs

        [ActionDescription("删除")]
        [HttpPost]
        public ActionResult Delete(string id, IFormCollection nouse)
        {
            var vm = CreateVM<不要用中文模型名VM>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/WalkingTec.Mvvm.Mvc/_FrameworkController.cs

        [HttpPost]
        [ActionDescription("UploadForLayUIUEditor")]
        public IActionResult UploadForLayUIUEditor(string _DONOT_USE_CS = "default")
        {
            CurrentCS = _DONOT_USE_CS ?? "default";

This method may be missing authorization checks for which users can access the resource of the provided ID.

m
Edit This method may be missing authorization checks for which users can access the resource of the provided ID.
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
Edit This method may be missing authorization checks for which users can access the resource of the provided ID.
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
Edit This method may be missing authorization checks for which users can access the resource of the provided ID.
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
Edit This method may be missing authorization checks for which users can access the resource of the provided ID.
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
UploadForLayUIUEditor This method may be missing authorization checks for which users can access the resource of the provided ID.
Raw
result-02-SharpRepository-SharpRepository.md

SharpRepository/SharpRepository

SharpRepository.Samples.Core3Mvc/Controllers/ContactsController.cs


        // GET: Contacts/Edit/5
        public ActionResult Edit(string id)
        {
            var contact = repository.Get(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

SharpRepository.Samples.Core3Mvc/Controllers/ContactsController.cs

        [HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult Edit(string id, Contact contact)
        {
            try

This method may be missing authorization checks for which users can access the resource of the provided ID.

SharpRepository.Samples.Core3Mvc/Controllers/ContactsController.cs


        // GET: Contacts/Delete/5
        public ActionResult Delete(string id)
        {
            var contact = repository.Get(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

SharpRepository.Samples.Core3Mvc/Controllers/ContactsController.cs

        [HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult Delete(string id, IFormCollection collection)
        {
            try

This method may be missing authorization checks for which users can access the resource of the provided ID.

SharpRepository.Samples.CoreMvc/Controllers/ContactsController.cs


        // GET: Contacts/Edit/5
        public ActionResult Edit(string id)
        {
            var contact = repository.Get(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

SharpRepository.Samples.CoreMvc/Controllers/ContactsController.cs

        [HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult Edit(string id, Contact contact)
        {
            try

This method may be missing authorization checks for which users can access the resource of the provided ID.

SharpRepository.Samples.CoreMvc/Controllers/ContactsController.cs


        // GET: Contacts/Delete/5
        public ActionResult Delete(string id)
        {
            var contact = repository.Get(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

SharpRepository.Samples.CoreMvc/Controllers/ContactsController.cs

        [HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult Delete(string id, IFormCollection collection)
        {
            try

This method may be missing authorization checks for which users can access the resource of the provided ID.

SharpRepository.Samples.net5Mvc/Controllers/ContactsController.cs


        // GET: Contacts/Edit/5
        public ActionResult Edit(string id)
        {
            var contact = repository.Get(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

SharpRepository.Samples.net5Mvc/Controllers/ContactsController.cs

        [HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult Edit(string id, Contact contact)
        {
            try

This method may be missing authorization checks for which users can access the resource of the provided ID.

SharpRepository.Samples.net5Mvc/Controllers/ContactsController.cs


        // GET: Contacts/Delete/5
        public ActionResult Delete(string id)
        {
            var contact = repository.Get(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

SharpRepository.Samples.net5Mvc/Controllers/ContactsController.cs

        [HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult Delete(string id, IFormCollection collection)
        {
            try

This method may be missing authorization checks for which users can access the resource of the provided ID.

m
Edit This method may be missing authorization checks for which users can access the resource of the provided ID.
Edit This method may be missing authorization checks for which users can access the resource of the provided ID.
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
Edit This method may be missing authorization checks for which users can access the resource of the provided ID.
Edit This method may be missing authorization checks for which users can access the resource of the provided ID.
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
Edit This method may be missing authorization checks for which users can access the resource of the provided ID.
Edit This method may be missing authorization checks for which users can access the resource of the provided ID.
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
Raw
result-03-Radarr-Radarr.md

Radarr/Radarr

src/Radarr.Api.V3/AutoTagging/AutoTaggingController.cs


        [RestDeleteById]
        public void DeleteFormat(int id)
        {
            _autoTaggingService.Delete(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Radarr.Api.V3/Blocklist/BlocklistController.cs


        [RestDeleteById]
        public void DeleteBlocklist(int id)
        {
            _blocklistService.Delete(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Radarr.Api.V3/Credits/CreditController.cs


        [HttpGet]
        public List<CreditResource> GetCredits(int? movieId, int? movieMetadataId)
        {
            if (movieMetadataId.HasValue)

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Radarr.Api.V3/CustomFilters/CustomFilterController.cs


        [RestDeleteById]
        public void DeleteCustomResource(int id)
        {
            _customFilterService.Delete(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Radarr.Api.V3/Profiles/Delay/DelayProfileController.cs


        [RestDeleteById]
        public void DeleteProfile(int id)
        {
            if (id == 1)

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Radarr.Api.V3/Profiles/Quality/QualityProfileController.cs


        [RestDeleteById]
        public void DeleteProfile(int id)
        {
            _profileService.Delete(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Radarr.Api.V3/Profiles/Release/ReleaseProfileController.cs


        [RestDeleteById]
        public void DeleteProfile(int id)
        {
            _profileService.Delete(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Radarr.Api.V3/RemotePathMappings/RemotePathMappingController.cs


        [RestDeleteById]
        public void DeleteMapping(int id)
        {
            _remotePathMappingService.Remove(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Radarr.Api.V3/RootFolders/RootFolderController.cs


        [RestDeleteById]
        public void DeleteFolder(int id)
        {
            _rootFolderService.Remove(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Radarr.Api.V3/System/Backup/BackupController.cs


        [RestDeleteById]
        public void DeleteBackup(int id)
        {
            var backup = GetBackup(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

m
DeleteFormat This method may be missing authorization checks for which users can access the resource of the provided ID.
DeleteBlocklist This method may be missing authorization checks for which users can access the resource of the provided ID.
GetCredits This method may be missing authorization checks for which users can access the resource of the provided ID.
DeleteCustomResource This method may be missing authorization checks for which users can access the resource of the provided ID.
DeleteProfile This method may be missing authorization checks for which users can access the resource of the provided ID.
DeleteProfile This method may be missing authorization checks for which users can access the resource of the provided ID.
DeleteProfile This method may be missing authorization checks for which users can access the resource of the provided ID.
DeleteMapping This method may be missing authorization checks for which users can access the resource of the provided ID.
DeleteFolder This method may be missing authorization checks for which users can access the resource of the provided ID.
DeleteBackup This method may be missing authorization checks for which users can access the resource of the provided ID.
Raw
result-04-Sonarr-Sonarr.md

Sonarr/Sonarr

src/Sonarr.Api.V3/AutoTagging/AutoTaggingController.cs


        [RestDeleteById]
        public void DeleteFormat(int id)
        {
            _autoTaggingService.Delete(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Sonarr.Api.V3/Blocklist/BlocklistController.cs


        [RestDeleteById]
        public void DeleteBlocklist(int id)
        {
            _blocklistService.Delete(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Sonarr.Api.V3/CustomFilters/CustomFilterController.cs


        [RestDeleteById]
        public void DeleteCustomResource(int id)
        {
            _customFilterService.Delete(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Sonarr.Api.V3/ImportLists/ImportListExclusionController.cs


        [RestDeleteById]
        public void DeleteImportListExclusionResource(int id)
        {
            _importListExclusionService.Delete(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Sonarr.Api.V3/Profiles/Delay/DelayProfileController.cs


        [RestDeleteById]
        public void DeleteProfile(int id)
        {
            if (id == 1)

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Sonarr.Api.V3/Profiles/Quality/QualityProfileController.cs


        [RestDeleteById]
        public void DeleteProfile(int id)
        {
            _profileService.Delete(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Sonarr.Api.V3/Profiles/Release/ReleaseProfileController.cs


        [RestDeleteById]
        public void DeleteProfile(int id)
        {
            _profileService.Delete(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Sonarr.Api.V3/RemotePathMappings/RemotePathMappingController.cs


        [RestDeleteById]
        public void DeleteMapping(int id)
        {
            _remotePathMappingService.Remove(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Sonarr.Api.V3/RootFolders/RootFolderController.cs


        [RestDeleteById]
        public void DeleteFolder(int id)
        {
            _rootFolderService.Remove(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Sonarr.Api.V3/System/Backup/BackupController.cs


        [RestDeleteById]
        public void DeleteBackup(int id)
        {
            var backup = GetBackup(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

m
DeleteFormat This method may be missing authorization checks for which users can access the resource of the provided ID.
DeleteBlocklist This method may be missing authorization checks for which users can access the resource of the provided ID.
DeleteCustomResource This method may be missing authorization checks for which users can access the resource of the provided ID.
DeleteImportListExclusionResource This method may be missing authorization checks for which users can access the resource of the provided ID.
DeleteProfile This method may be missing authorization checks for which users can access the resource of the provided ID.
DeleteProfile This method may be missing authorization checks for which users can access the resource of the provided ID.
DeleteProfile This method may be missing authorization checks for which users can access the resource of the provided ID.
DeleteMapping This method may be missing authorization checks for which users can access the resource of the provided ID.
DeleteFolder This method may be missing authorization checks for which users can access the resource of the provided ID.
DeleteBackup This method may be missing authorization checks for which users can access the resource of the provided ID.
Raw
result-05-gustavnavar-Grid.Blazor.md

gustavnavar/Grid.Blazor

GridBlazorClientSide.Server/Controllers/CustomerController.cs


        [HttpDelete("{id}")]
        public async Task<ActionResult> Delete(string id)
        {
            var repository = new CustomersRepository(_context);

This method may be missing authorization checks for which users can access the resource of the provided ID.

GridBlazorClientSide.Server/Controllers/EmployeeController.cs


        [HttpDelete("{id}")]
        public async Task<ActionResult> Delete(int id)
        {
            var repository = new EmployeeRepository(_context);

This method may be missing authorization checks for which users can access the resource of the provided ID.

GridBlazorClientSide.Server/Controllers/OrderController.cs


        [HttpDelete("{id}")]
        public async Task<ActionResult> Delete(int id)
        {
            var repository = new OrdersRepository(_context);

This method may be missing authorization checks for which users can access the resource of the provided ID.

GridBlazorClientSide.Server/Controllers/OrderDetailController.cs


        [HttpDelete("{orderId}/{productId}")]
        public async Task<ActionResult> Delete(int orderId, int productId)
        {
            var repository = new OrderDetailsRepository(_context);

This method may be missing authorization checks for which users can access the resource of the provided ID.

GridBlazorClientSide.Server/Controllers/SampleDataController.cs


        [HttpGet("[action]")]
        public async Task<ActionResult> OrderColumnsWithEdit()
        {
            var repository = new OrdersRepository(_context);

This method may be missing authorization checks for which users can access the resource of the provided ID.

GridBlazorOData.Server/Controllers/OrderDetailsController.cs

        }

        public async Task<ActionResult> Delete([FromODataUri] int keyOrderID, [FromODataUri] int keyProductID)
        {
            var repository = new OrderDetailsRepository(_context);

This method may be missing authorization checks for which users can access the resource of the provided ID.

GridBlazorOData.Server/Controllers/OrdersController.cs


        [HttpDelete("odata/Orders({keyOrderID})/OrderDetails(orderID={orderID},productID={productID})")]
        public async Task<ActionResult> DeleteToOrderDetails([FromODataUri] int orderID, [FromODataUri] int productID)
        {
            var repository = new OrderDetailsRepository(_context);

This method may be missing authorization checks for which users can access the resource of the provided ID.

GridMvc.Demo/Controllers/HomeController.cs

        }

        public async Task<ActionResult> Edit(int? id, string returnUrl, string gridState, string altGridState = "", string error = "")
        {
            if (id == null || !id.HasValue)

This method may be missing authorization checks for which users can access the resource of the provided ID.

m
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
OrderColumnsWithEdit This method may be missing authorization checks for which users can access the resource of the provided ID.
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
DeleteToOrderDetails This method may be missing authorization checks for which users can access the resource of the provided ID.
Edit This method may be missing authorization checks for which users can access the resource of the provided ID.
Raw
result-06-elsa-workflows-elsa-core.md

elsa-workflows/elsa-core

src/activities/webhooks/Elsa.Webhooks.Api/Endpoints/Delete.cs

            Tags = new[] { "WebhookDefinitions" })
        ]
        public async Task<IActionResult> Handle(string id, CancellationToken cancellationToken)
        {
            var webhookDefinition = await _webhookDefinitionStore.FindAsync(new EntityIdSpecification<WebhookDefinition>(id), cancellationToken);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/modules/secrets/Elsa.Secrets.Api/Endpoints/Secrets/Delete.cs

        [ProducesResponseType(StatusCodes.Status204NoContent)]
        [ProducesResponseType(StatusCodes.Status404NotFound)]
        public async Task<IActionResult> Handle(string id, CancellationToken cancellationToken = default)
        {
            var secret = await _secretsStore.FindByIdAsync(id, cancellationToken);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/modules/workflowsettings/Elsa.WorkflowSettings.Api/Endpoints/Delete.cs

            Tags = new[] { "WorkflowSettings" })
        ]
        public async Task<IActionResult> Handle(string id, CancellationToken cancellationToken = default)
        {
            var workflowSettings = await _workflowSettingsStore.FindByIdAsync(id, cancellationToken);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/server/Elsa.Server.Api/Endpoints/WorkflowDefinitions/DeleteByDefinition.cs

            Tags = new[] { "WorkflowDefinitions" })
        ]
        public async Task<IActionResult> Handle(string definitionId, CancellationToken cancellationToken = default)
        {
            await _workflowPublisher.DeleteAsync(definitionId, VersionOptions.All, cancellationToken);

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/server/Elsa.Server.Api/Endpoints/WorkflowDefinitions/DeleteByDefinitionAndVersion.cs

            Tags = new[] { "WorkflowDefinitions" })
        ]
        public async Task<IActionResult> Handle(string definitionId, VersionOptions? versionOptions = default, CancellationToken cancellationToken = default)
        {
            if (versionOptions == null)

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/server/Elsa.Server.Api/Endpoints/WorkflowInstances/Delete.cs

            Tags = new[] { "WorkflowInstances" })
        ]
        public async Task<IActionResult> Handle(string id, CancellationToken cancellationToken = default)
        {
            var result = await _workflowInstanceDeleter.DeleteAsync(id, cancellationToken);

This method may be missing authorization checks for which users can access the resource of the provided ID.

m
Handle This method may be missing authorization checks for which users can access the resource of the provided ID.
Handle This method may be missing authorization checks for which users can access the resource of the provided ID.
Handle This method may be missing authorization checks for which users can access the resource of the provided ID.
Handle This method may be missing authorization checks for which users can access the resource of the provided ID.
Handle This method may be missing authorization checks for which users can access the resource of the provided ID.
Handle This method may be missing authorization checks for which users can access the resource of the provided ID.
Raw
result-07-dotnetcore-Util.md

dotnetcore/Util

test/Util.AspNetCore.Tests.Integration/Controllers/Test4Controller.cs

    /// </summary>
    [HttpDelete( "delete/{id}" )]
    public string Delete( string id ) {
        return $"ok:{id}";
    }

This method may be missing authorization checks for which users can access the resource of the provided ID.

test/Util.AspNetCore.Tests.Integration/Controllers/Test4Controller.cs

    /// </summary>
    [HttpDelete( "{id}" )]
    public CustomerDto Delete2( string id ) {
        return new CustomerDto { Code = id }; 
    }

This method may be missing authorization checks for which users can access the resource of the provided ID.

test/Util.TestShare/Controllers/ProductController.cs

    /// <param name="id">标识</param>
    [HttpDelete( "{id}" )]
    public new async Task<IActionResult> DeleteAsync( string id ) {
        return await base.DeleteAsync( id );
    }

This method may be missing authorization checks for which users can access the resource of the provided ID.

m
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
Delete2 This method may be missing authorization checks for which users can access the resource of the provided ID.
DeleteAsync This method may be missing authorization checks for which users can access the resource of the provided ID.
Raw
result-08-aspnetrun-run-aspnetcore-microservices.md

aspnetrun/run-aspnetcore-microservices

src/Services/Catalog/Catalog.API/Controllers/CatalogController.cs

        [HttpDelete("{id:length(24)}", Name = "DeleteProduct")]        
        [ProducesResponseType(typeof(Product), (int)HttpStatusCode.OK)]
        public async Task<IActionResult> DeleteProductById(string id)
        {
            return Ok(await _repository.DeleteProduct(id));

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/Services/Ordering/Ordering.API/Controllers/OrderController.cs

        [ProducesResponseType(StatusCodes.Status404NotFound)]
        [ProducesDefaultResponseType]
        public async Task<ActionResult> DeleteOrder(int id)
        {
            var command = new DeleteOrderCommand() { Id = id };

This method may be missing authorization checks for which users can access the resource of the provided ID.

m
DeleteProductById This method may be missing authorization checks for which users can access the resource of the provided ID.
DeleteOrder This method may be missing authorization checks for which users can access the resource of the provided ID.
Raw
result-09-Azure-iotedge.md

Azure/iotedge

edge-hub/core/src/Microsoft.Azure.Devices.Edge.Hub.Http/controllers/RegistryController.cs

        [HttpDelete]
        [Route("devices/{deviceId}/modules/{moduleId}")]
        public async Task DeleteModuleAsync(
            [FromRoute] string deviceId,
            [FromRoute] string moduleId)

This method may be missing authorization checks for which users can access the resource of the provided ID.

edge-hub/core/src/Microsoft.Azure.Devices.Edge.Hub.Http/controllers/RegistryController.cs

        [HttpPost]
        [Route("devices/{actorDeviceId}/modules/$edgeHub/deleteModuleOnBehalfOf")]
        public async Task DeleteModuleOnBehalfOfAsync(
            [FromRoute] string actorDeviceId,
            [FromBody] DeleteModuleOnBehalfOfData requestData)

This method may be missing authorization checks for which users can access the resource of the provided ID.

m
DeleteModuleAsync This method may be missing authorization checks for which users can access the resource of the provided ID.
DeleteModuleOnBehalfOfAsync This method may be missing authorization checks for which users can access the resource of the provided ID.
Raw
result-10-gautema-CQRSlite.md

gautema/CQRSlite

Sample/CQRSWeb/Controllers/HomeController.cs

        }

        public async Task<ActionResult> ChangeName(Guid id)
        {
            ViewData.Model = await _queryProcessor.Query(new GetInventoryItemDetails(id));

This method may be missing authorization checks for which users can access the resource of the provided ID.

Sample/CQRSWeb/Controllers/HomeController.cs


        [HttpPost]
        public async Task<ActionResult> ChangeName(Guid id, string name, int version, CancellationToken cancellationToken)
        {
            await _commandSender.Send(new RenameInventoryItem(id, name, version), cancellationToken);

This method may be missing authorization checks for which users can access the resource of the provided ID.

m
ChangeName This method may be missing authorization checks for which users can access the resource of the provided ID.
ChangeName This method may be missing authorization checks for which users can access the resource of the provided ID.
Raw
result-11-OrchardCMS-OrchardCore.md

OrchardCMS/OrchardCore

src/OrchardCore.Modules/OrchardCore.Demo/Controllers/TodoController.cs

        }

        public async Task<IActionResult> Delete(string todoId)
        {
            var model = (await _session.Query<TodoModel>().ListAsync())

This method may be missing authorization checks for which users can access the resource of the provided ID.

src/OrchardCore.Modules/OrchardCore.Demo/Controllers/TodoController.cs

        }

        public async Task<IActionResult> Edit(string todoId)
        {
            var model = (await _session.Query<TodoModel>().ListAsync())

This method may be missing authorization checks for which users can access the resource of the provided ID.

m
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
Edit This method may be missing authorization checks for which users can access the resource of the provided ID.
Raw
result-12-abpframework-abp.md
Raw
result-13-anjoy8-Blog.Core.md

anjoy8/Blog.Core

Blog.Core.Api/Controllers/SplitDemoController.cs

        [HttpDelete]
        [AllowAnonymous]
        public async Task<MessageModel<string>> Delete(long id)
        {
            var data = new MessageModel<string>();

This method may be missing authorization checks for which users can access the resource of the provided ID.

m
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
Raw
result-14-Burgyn-MMLib.SwaggerForOcelot.md

Burgyn/MMLib.SwaggerForOcelot

demo/OrderService/V3/Controllers/OrdersController.cs

        [HttpDelete("{id:int}")]
        [ProducesResponseType(204)]
        public IActionResult Delete(int id)
        {
            Console.Write(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

m
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
Raw
result-15-Chinchilla-Software-Com-CQRS.md

Chinchilla-Software-Com/CQRS

Sample/CQRSWeb/Controllers/HomeController.cs


		[HttpPost]
		public ActionResult ChangeName(Guid id, string name, int version)
		{
			_commandSender.Publish(new RenameInventoryItem(id, name, version));

This method may be missing authorization checks for which users can access the resource of the provided ID.

m
ChangeName This method may be missing authorization checks for which users can access the resource of the provided ID.
Raw
result-16-dotnet-architecture-eShopOnContainers.md

dotnet-architecture/eShopOnContainers

src/Services/Catalog/Catalog.API/Controllers/CatalogController.cs

    [ProducesResponseType(StatusCodes.Status204NoContent)]
    [ProducesResponseType(StatusCodes.Status404NotFound)]
    public async Task<ActionResult> DeleteProductAsync(int id)
    {
        var product = _catalogContext.CatalogItems.SingleOrDefault(x => x.Id == id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

m
DeleteProductAsync This method may be missing authorization checks for which users can access the resource of the provided ID.
Raw
result-17-dotnet-crank.md

dotnet/crank

src/Microsoft.Crank.Agent/Controllers/JobsController.cs


        [HttpDelete("{id}")]
        public IActionResult Delete(int id)
        {
            try

This method may be missing authorization checks for which users can access the resource of the provided ID.

m
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
Raw
result-18-dotnetcore-SmartSql.md

dotnetcore/SmartSql

sample/SmartSql.Sample.AspNetCore/Controllers/SqlMapperCUDController.cs

        }
        [HttpPost]
        public int DeleteById(long id)
        {
            return _sqlMapper.DeleteById<AllPrimitive, long>(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

m
DeleteById This method may be missing authorization checks for which users can access the resource of the provided ID.
Raw
result-19-loic-sharma-BaGet.md

loic-sharma/BaGet

src/BaGet.Web/Controllers/PackagePublishController.cs


        [HttpDelete]
        public async Task<IActionResult> Delete(string id, string version, CancellationToken cancellationToken)
        {
            if (_options.Value.IsReadOnlyMode)

This method may be missing authorization checks for which users can access the resource of the provided ID.

m
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
Raw
result-20-martincostello-sqllocaldb.md

martincostello/sqllocaldb

samples/TodoApp/Controllers/HomeController.cs

    [HttpPost]
    [ValidateAntiForgeryToken]
    public async Task<IActionResult> DeleteItem(string id, CancellationToken cancellationToken = default)
    {
        if (string.IsNullOrWhiteSpace(id))

This method may be missing authorization checks for which users can access the resource of the provided ID.

m
DeleteItem This method may be missing authorization checks for which users can access the resource of the provided ID.
Raw
result-21-umbraco-Umbraco-CMS.md

umbraco/Umbraco-CMS

src/Umbraco.Cms.ManagementApi/Controllers/Language/DeleteLanguageController.cs

    [ProducesResponseType(StatusCodes.Status200OK)]
    // TODO: This needs to be an authorized endpoint.
    public async Task<IActionResult> Delete(int id)
    {
        ILanguage? language = _localizationService.GetLanguageById(id);

This method may be missing authorization checks for which users can access the resource of the provided ID.

m
Delete This method may be missing authorization checks for which users can access the resource of the provided ID.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment