📦 Framework: Generic/Unknown

🛡️  Owstra scanning /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp [Depth: NORMAL] ...
Building project index for deep analysis...
Scanning 105 files...

[WARNING] stacktrace-disclosure
  File: /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp/lang/security/stacktrace-disclosure.cs:46
  Message: Stacktrace information is displayed in a non-Development environment. Accidentally disclosing sensitive stack trace information in a production environment aids an attacker in reconnaissance and information gathering.
  Code: app.UseDeveloperExceptionPage()

[WARNING] stacktrace-disclosure
  File: /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp/lang/security/stacktrace-disclosure.cs:39
  Message: Stacktrace information is displayed in a non-Development environment. Accidentally disclosing sensitive stack trace information in a production environment aids an attacker in reconnaissance and information gathering.
  Code: app.UseDeveloperExceptionPage()

[WARNING] stacktrace-disclosure
  File: /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp/lang/security/stacktrace-disclosure.cs:32
  Message: Stacktrace information is displayed in a non-Development environment. Accidentally disclosing sensitive stack trace information in a production environment aids an attacker in reconnaissance and information gathering.
  Code: app.UseDeveloperExceptionPage()

[WARNING] stacktrace-disclosure
  File: /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp/lang/security/stacktrace-disclosure.cs:20
  Message: Stacktrace information is displayed in a non-Development environment. Accidentally disclosing sensitive stack trace information in a production environment aids an attacker in reconnaissance and information gathering.
  Code: app.UseDeveloperExceptionPage()

[WARNING] stacktrace-disclosure
  File: /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp/lang/security/stacktrace-disclosure.cs:6
  Message: Stacktrace information is displayed in a non-Development environment. Accidentally disclosing sensitive stack trace information in a production environment aids an attacker in reconnaissance and information gathering.
  Code: app.UseDeveloperExceptionPage()

[WARNING] stacktrace-disclosure
  File: /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp/lang/security/missing-hsts-header.cs:39
  Message: Stacktrace information is displayed in a non-Development environment. Accidentally disclosing sensitive stack trace information in a production environment aids an attacker in reconnaissance and information gathering.
  Code: app.UseDeveloperExceptionPage()

[WARNING] stacktrace-disclosure
  File: /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp/lang/security/missing-hsts-header.cs:6
  Message: Stacktrace information is displayed in a non-Development environment. Accidentally disclosing sensitive stack trace information in a production environment aids an attacker in reconnaissance and information gathering.
  Code: app.UseDeveloperExceptionPage()

[WARNING] insecure-newtonsoft-deserialization
  File: /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp/lang/security/insecure-deserialization/newtonsoft.cs:41
  Message: TypeNameHandling Auto is unsafe and can lead to arbitrary code execution in the context of the process. Use a custom SerializationBinder whenever using a setting other than TypeNameHandling.None.
  Code: TypeNameHandling = TypeNameHandling.Auto

[WARNING] insecure-newtonsoft-deserialization
  File: /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp/lang/security/insecure-deserialization/newtonsoft.cs:25
  Message: TypeNameHandling Auto is unsafe and can lead to arbitrary code execution in the context of the process. Use a custom SerializationBinder whenever using a setting other than TypeNameHandling.None.
  Code: TypeNameHandling = TypeNameHandling.Auto

[WARNING] insecure-newtonsoft-deserialization
  File: /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp/lang/security/insecure-deserialization/newtonsoft.cs:14
  Message: TypeNameHandling All is unsafe and can lead to arbitrary code execution in the context of the process. Use a custom SerializationBinder whenever using a setting other than TypeNameHandling.None.
  Code: TypeNameHandling = TypeNameHandling.All

[ERROR] use_deprecated_cipher_algorithm
  File: /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp/dotnet/security/use_ecb_mode.cs:61
  Message: Usage of deprecated cipher algorithm detected. Use Aes or ChaCha20Poly1305 instead.
  Code: TripleDES.Create()

[ERROR] use_deprecated_cipher_algorithm
  File: /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp/dotnet/security/use_ecb_mode.cs:53
  Message: Usage of deprecated cipher algorithm detected. Use Aes or ChaCha20Poly1305 instead.
  Code: TripleDES.Create()

[ERROR] use_deprecated_cipher_algorithm
  File: /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp/dotnet/security/use_ecb_mode.cs:46
  Message: Usage of deprecated cipher algorithm detected. Use Aes or ChaCha20Poly1305 instead.
  Code: TripleDES.Create()

[ERROR] use_deprecated_cipher_algorithm
  File: /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp/dotnet/security/use_ecb_mode.cs:37
  Message: Usage of deprecated cipher algorithm detected. Use Aes or ChaCha20Poly1305 instead.
  Code: TripleDES.Create()

[ERROR] use_deprecated_cipher_algorithm
  File: /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp/dotnet/security/use_deprecated_cipher_algorithm.cs:53
  Message: Usage of deprecated cipher algorithm detected. Use Aes or ChaCha20Poly1305 instead.
  Code: RC2.Create("ImplementationName")

[ERROR] use_deprecated_cipher_algorithm
  File: /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp/dotnet/security/use_deprecated_cipher_algorithm.cs:48
  Message: Usage of deprecated cipher algorithm detected. Use Aes or ChaCha20Poly1305 instead.
  Code: RC2.Create()

[ERROR] use_deprecated_cipher_algorithm
  File: /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp/dotnet/security/use_deprecated_cipher_algorithm.cs:43
  Message: Usage of deprecated cipher algorithm detected. Use Aes or ChaCha20Poly1305 instead.
  Code: TripleDES.Create("ImplementationName")

[ERROR] use_deprecated_cipher_algorithm
  File: /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp/dotnet/security/use_deprecated_cipher_algorithm.cs:38
  Message: Usage of deprecated cipher algorithm detected. Use Aes or ChaCha20Poly1305 instead.
  Code: TripleDES.Create()

[ERROR] use_deprecated_cipher_algorithm
  File: /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp/dotnet/security/use_deprecated_cipher_algorithm.cs:33
  Message: Usage of deprecated cipher algorithm detected. Use Aes or ChaCha20Poly1305 instead.
  Code: DES.Create("ImplementationName")

[ERROR] use_deprecated_cipher_algorithm
  File: /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp/dotnet/security/use_deprecated_cipher_algorithm.cs:28
  Message: Usage of deprecated cipher algorithm detected. Use Aes or ChaCha20Poly1305 instead.
  Code: DES.Create()

[ERROR] use_deprecated_cipher_algorithm
  File: /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp/dotnet/security/use_deprecated_cipher_algorithm.cs:23
  Message: Usage of deprecated cipher algorithm detected. Use Aes or ChaCha20Poly1305 instead.
  Code: Rijndael.Create("ImplementationName")

[ERROR] use_deprecated_cipher_algorithm
  File: /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp/dotnet/security/use_deprecated_cipher_algorithm.cs:18
  Message: Usage of deprecated cipher algorithm detected. Use Aes or ChaCha20Poly1305 instead.
  Code: Rijndael.Create()

[WARNING] mvc-missing-antiforgery
  File: /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp/dotnet/security/mvc-missing-antiforgery.cs:26
  Message: DeleteBad is a state-changing MVC method that does not validate the antiforgery token or do strict content-type checking. State-changing controller methods should either enforce antiforgery tokens or do strict content-type checking to prevent simple HTTP request types from bypassing CORS preflight controls.
  Code: [HttpDelete]

[WARNING] mvc-missing-antiforgery
  File: /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp/dotnet/security/mvc-missing-antiforgery.cs:20
  Message: CreateBad is a state-changing MVC method that does not validate the antiforgery token or do strict content-type checking. State-changing controller methods should either enforce antiforgery tokens or do strict content-type checking to prevent simple HTTP request types from bypassing CORS preflight controls.
  Code: [HttpPost]

[WARNING] misconfigured-lockout-option
  File: /home/omoalfa/Desktop/Omoalfa/Node/owstra/semgrep-rules/csharp/dotnet/security/audit/misconfigured-lockout-option.cs:8
  Message: A misconfigured lockout mechanism allows an attacker to execute brute-force attacks. Account lockout must be correctly configured and enabled to prevent these attacks.
  Code: _signInManager.PasswordSignInAsync(Input.Email,

┌────────────────┐
│ Scan Summary   │
└────────────────┘
⚠️  Scan found issues.
 • Findings: 25
 • Rules run: 1262
 • Targets scanned: 48
 • Scan depth: NORMAL

Ran 1262 rules on 48 files: 25 findings.
