我使用 Fortify SCA 扫描了我的源代码
我在检查 Fortify 报告时遇到了ASP.NET MVC Bad Practices: Controller Action Not Restricted to POST (API Abuse, Structural)错误
Fortify 发现高级错误说
Recommendations:
The following controller action accepts only the POST verb because it has the
[HttpPost] attribute:
[HttpPost]
public ActionResult UpdateWidget(Model model)
{
// ... controller logic
}
但我看了那行代码。它包含
[HtttpPost]
属性。
是假阳性还是假阳性?