# This preset enables all C# warning classes that are # characterized as 'deep' # # Enable the advanced injection engine for deeper taint propagation. # CSHARP_ANALYSIS_ADVANCED_INJECTION = Yes # # These warning classes are disabled by default. # WARNING_FILTER += allow class="Actual Parameter Element may be null (C#)" WARNING_FILTER += allow class="Field Element may be null (deep) (C#)" WARNING_FILTER += allow class="Field may be null (deep) (C#)" WARNING_FILTER += allow class="Missing synchronized Statement (C#)" WARNING_FILTER += allow class="Null Pointer Dereference (deep) (C#)" WARNING_FILTER += allow class="Return Value may Contain null Element (C#)" WARNING_FILTER += allow class="Return Value may be null (C#)" WARNING_FILTER += allow class="Unchecked Parameter Dereference (deep) (C#)" WARNING_FILTER += allow class="Unchecked Parameter Element Dereference (deep) (C#)" WARNING_FILTER += allow class="Unguarded Field (C#)" WARNING_FILTER += allow class="Unguarded Method (C#)" WARNING_FILTER += allow class="Unguarded Parameter (C#)" WARNING_FILTER += allow class="Useless null Test (C#)" WARNING_FILTER += allow class="Useless null Test of Field (C#)" WARNING_FILTER += allow class="Useless null Test of Parameter (C#)" WARNING_FILTER += allow class="Useless null Test of Return Value (C#)" WARNING_FILTER += allow class="null Passed to Method (deep) (C#)" # Classes below are enabled by default: they are included for # completeness, in case they have been disabled by a previous rule. # Note that this default enabling means that a class may remain # enabled even if its WARNING_FILTER rule is commented out below. WARNING_FILTER += allow class="Code Injection (C#)" WARNING_FILTER += allow class="Command Injection (C#)" WARNING_FILTER += allow class="Cross Site Scripting (C#)" WARNING_FILTER += allow class="Cross Site Scripting In Error Message Web Page (C#)" WARNING_FILTER += allow class="DLL Injection (C#)" WARNING_FILTER += allow class="DOS Injection (C#)" WARNING_FILTER += allow class="Open Redirect (C#)" WARNING_FILTER += allow class="Reflection Injection (C#)" WARNING_FILTER += allow class="SQL Injection (C#)" WARNING_FILTER += allow class="Tainted @Trusted Value (C#)" WARNING_FILTER += allow class="Tainted Bundle (C#)" WARNING_FILTER += allow class="Tainted Control (C#)" WARNING_FILTER += allow class="Tainted Expression Evaluation (C#)" WARNING_FILTER += allow class="Tainted HTTP Response (C#)" WARNING_FILTER += allow class="Tainted Hardware Device Property (C#)" WARNING_FILTER += allow class="Tainted LDAP Attribute (C#)" WARNING_FILTER += allow class="Tainted LDAP Filter (C#)" WARNING_FILTER += allow class="Tainted Log (C#)" WARNING_FILTER += allow class="Tainted Message (C#)" WARNING_FILTER += allow class="Tainted Network Address (C#)" WARNING_FILTER += allow class="Tainted Path (C#)" WARNING_FILTER += allow class="Tainted Regular Expression (C#)" WARNING_FILTER += allow class="Tainted Resource (C#)" WARNING_FILTER += allow class="Tainted Session (C#)" WARNING_FILTER += allow class="Tainted URL (C#)" WARNING_FILTER += allow class="Tainted XAML (C#)" WARNING_FILTER += allow class="Tainted XML (C#)" WARNING_FILTER += allow class="Tainted Xpath (C#)"