Description of the false positive
We are using a .NET 10 Api and since commit 5bb31af we get a false positive on a server -> server endpoint where we have a ApiKey in the header with no tokens or cookies.
Is it possible to extend the check to look if cookie/token authentication is used instead of a ApiKey?
Code samples or links to source code
public class Controller()
{
[HttpPost()]
public string Execute()
{
return "test";
}
Description of the false positive
We are using a .NET 10 Api and since commit 5bb31af we get a false positive on a server -> server endpoint where we have a ApiKey in the header with no tokens or cookies.
Is it possible to extend the check to look if cookie/token authentication is used instead of a ApiKey?
Code samples or links to source code