Secure by default attribute and analyzers #45658
Labels
Comments
dotnet-issue-labeler
bot
added
Area-NetSDK
untriaged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem?
With «secure by default» being pushed more and more, and «insecure» still having to be supported for whatever legacy or compatibility reason, there could be a benefit in having a standardized way of giving warnings when you are not using the default approach.
The issue might be that an sdk, either internal to microsoft or external, follows best practices and implements secure by default, but the users of the sdks arent fully aware of the consequences of overriding this behavior. This can ofcourse be mitigated though shipping their own analyzers (high effort) or good documentation (less visible), but a standardized approach might be beneficial here.
Describe the solution you'd like
Might need investigation and usage analysis, but an example would be a (dotnet provided) attribute that can be added to extension methods, and a (dotnet provided) analyzer giving warnings on the usage of them.
The text was updated successfully, but these errors were encountered: