Skip to content

Commit c96b938

Browse files
Octokitmichaelnebel
authored andcommitted
Controller is public, non-abstract, not generic class
1 parent 853a80b commit c96b938

File tree

1 file changed

+8
-1
lines changed

1 file changed

+8
-1
lines changed

csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/AspNetCore.qll

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -194,7 +194,11 @@ class MicrosoftAspNetCoreMvcControllerBaseClass extends Class {
194194
}
195195
}
196196

197-
/** A valid ASP.NET Core controller according to https://docs.microsoft.com/en-us/aspnet/core/mvc/controllers/actions?view=aspnetcore-3.1 */
197+
/**
198+
* A valid ASP.NET Core controller according to:
199+
* https://docs.microsoft.com/en-us/aspnet/core/mvc/controllers/actions?view=aspnetcore-3.1
200+
* https://github.com/dotnet/aspnetcore/blob/b3c93967ba508b8ef139add27132d9483c1a9eb4/src/Mvc/Mvc.Core/src/Controllers/ControllerFeatureProvider.cs#L39-L75
201+
*/
198202
class MicrosoftAspNetCoreMvcController extends Class {
199203
MicrosoftAspNetCoreMvcController() {
200204
exists(Assembly a, string name |
@@ -204,6 +208,9 @@ class MicrosoftAspNetCoreMvcController extends Class {
204208
name = "Microsoft.AspNetCore.Mvc.ViewFeatures"
205209
)
206210
) and
211+
this.isPublic() and
212+
not this.isAbstract() and
213+
not this.containsTypeParameters() and
207214
(
208215
this.getABaseType*() instanceof MicrosoftAspNetCoreMvcControllerBaseClass or
209216
this.getABaseType*().getName().matches("%Controller") or

0 commit comments

Comments
 (0)