Skip to content

C#: ASP.NET Controller is allowed to be abstract. #17273

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Aug 22, 2024
Merged

C#: ASP.NET Controller is allowed to be abstract. #17273

merged 5 commits into from
Aug 22, 2024

Conversation

michaelnebel
Copy link
Contributor

@michaelnebel michaelnebel commented Aug 21, 2024
edited
Loading

In this PR we remove the restriction that a controller should be instantiable (this was introduced as a part of #9406).
Even though the documentation states that controllers should be instantiable then from an analysis perspective it makes sense to include abstract controllers as we are mostly interested in parameters (as remote sources) and methods (action methods) on controllers, which can easily be exposed to a user as the following example shows

public abstract class AbstractController : Controller {
    public void ActionMethod(string userInput) { sink(userInput); }
}

public class ConcreteController : AbstractController { }

@github-actions github-actions bot added the C# label Aug 21, 2024
@michaelnebel michaelnebel changed the title C#: ASP.NET Controller are allowed to be abstract. C#: ASP.NET Controller is allowed to be abstract. Aug 21, 2024
@michaelnebel
Copy link
Contributor Author

DCA looks good.

@michaelnebel michaelnebel marked this pull request as ready for review August 22, 2024 08:22
@michaelnebel michaelnebel requested a review from a team as a code owner August 22, 2024 08:22
@michaelnebel michaelnebel merged commit bd69b96 into github:main Aug 22, 2024
22 checks passed
@michaelnebel michaelnebel deleted the csharp/sqlinject branch August 22, 2024 09:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hvitved hvitved hvitved approved these changes

Assignees
No one assigned
Labels
C# documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@michaelnebel @hvitved