Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Secure by default attribute and analyzers #45658

Open
haavapet opened this issue Dec 30, 2024 · 1 comment
Open

Secure by default attribute and analyzers #45658

haavapet opened this issue Dec 30, 2024 · 1 comment
Assignees
Labels
Area-NetSDK untriaged Request triage from a team member

Comments

@haavapet
Copy link

Is your feature request related to a problem?

With «secure by default» being pushed more and more, and «insecure» still having to be supported for whatever legacy or compatibility reason, there could be a benefit in having a standardized way of giving warnings when you are not using the default approach.

The issue might be that an sdk, either internal to microsoft or external, follows best practices and implements secure by default, but the users of the sdks arent fully aware of the consequences of overriding this behavior. This can ofcourse be mitigated though shipping their own analyzers (high effort) or good documentation (less visible), but a standardized approach might be beneficial here.

Describe the solution you'd like

Might need investigation and usage analysis, but an example would be a (dotnet provided) attribute that can be added to extension methods, and a (dotnet provided) analyzer giving warnings on the usage of them.

@dotnet-issue-labeler dotnet-issue-labeler bot added Area-NetSDK untriaged Request triage from a team member labels Dec 30, 2024
@marcpopMSFT
Copy link
Member

This would be a buildcheck but not sure what it would check for.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Area-NetSDK untriaged Request triage from a team member
Projects
None yet
Development

No branches or pull requests

3 participants