Upcoming improvements to Snyk Code Anti-Forgery Token Validation in .NET MVC Apps

As part of our ongoing commitment to improving and making Snyk Code findings more accurate and relevant, we're improving our Anti-Forgery Token Validation detection for C#, particularly in cases where .NET MVC is used.

This updates changes the logic to only be triggered in specific instances where .NET MVC usage is detected, a change from the previous "blacklist" approach.

Supported classes include: System.Web.Mvc.Controller, System.Web.Mvc.ControllerBase, Microsoft.AspNetCore.Mvc.Controller, Microsoft.AspNetCore.Mvc.ControllerBase.

This update will be released Wednesday, January 15th. Customers should see a decrease in False-Positive results pertaining to the rule mentioned above.

Please do not hesitate to reach out to your account team with any questions or inquiries!