Menu
Security Scan SCS0018 Warnings in Visual Studio are shown during the build. Currently, I am working on these warnings to get removed. I tried several MSDN sites but no luck. I have also read OWSAP but they are not clearly related to C#. Please find the image of Path Traversal warning.
Code:
public void Move(string sourceFileName, string destinationFileName) { try { System.IO.File.Move(sourceFileName,destinationFileName); } catch (System.Exception e) { } }
545
asked May 08 '26 08:05
First of all, give a try to the version 5.0.0 that has better untrusted input tracking and may not give you a warning in this case.
If it still gives you the warning, you need to properly validate or sanitize the untrusted parameter. However SCS is not smart enough to recognize custom validation function so you need to add it into a configuration file like:
Sanitizers:
- Type: NamespaceAndClassName
TaintTypes:
- SCS0018
Methods:
- Name: SanitizePath
See the built-in configuration for more sanitizer examples.
If instead you prefer to not have a dedicated function, but validate it inline, the other option is to suppress the warning.
110
answered May 10 '26 21:05
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With