One of the main issues that under-posting can cause is data inconsistency. If the client sends less data than expected, the application might fill
any value type properties with their default values, leading to inaccurate or inconsistent data in your database. Additionally, there might be
unexpected behavior if there are certain data expected that are not provided and even security issues; for example, if a user omits a role or
permission field from a POST request, and the server fills in a default value, it could inadvertently grant more access than intended.
A model class (in this case the
Product class) can be an input of an HTTP handler method:
public class ProductsController : Controller
{
[HttpPost]
public IActionResult Create([FromBody]Product product)
{
// Process product data...
}
}
Exceptions
This rule does not raise an issue when properties are decorated with the following attributes:
Additionally, this rule does not raise for properties in model classes that are not in the same project as the Controller class that references
them. This is due to a limitation of Roslyn (see here).
