False positive: "Missing function level access control" where public endpoint name contains "Edit"

[joepvtl]

Description of the false positive

We have a .NET 8 Api.

We have a controller method that has the characters 'Edit' in it, but the whole word is not Edit. This causes the method to be marked with the rule cs/web/missing-function-level-access-control. The method even has the 'AllowAnonymous' attribute on it.

Code samples or links to source code

[AllowAnonymous]
public async Task TestEditionAsync(){

}

Is there a way to get this alert resolved?

[mbg]

Hi @joepvtl 👋🏻

If you believe that an alert you have received is a false positive, you can generally dismiss it in the alerts UI. Once dismissed, the alert will not come back for the same location.

Aside from that, we continue to track false positive reports like this one internally. However, I cannot say how long it may take until this would be improved.