When reviewing issues in my project, I encountered the rule csharpsquid:S6964:

Value type property used as input in a controller action should be nullable, required or annotated with the JsonRequiredAttribute to avoid under-posting.

Why Use Nullable Types with [Required]?

The [Required] attribute is intended to ensure that a value is explicitly provided by the client when making a request. However, it doesn't function effectively on its own in certain scenarios, especially with non-nullable value types.

Here’s why:

Default Value Assignment

When a client omits a non-nullable value type property (e.g., int, decimal, bool), the model binder cannot leave it unset. Instead, it assigns the type's default value:

int → 0 bool → false decimal → 0.0 This automatic assignment can lead to unintended behavior (known as under-posting) because the default values might not represent valid input from the client.

Nullable Types as a Solution

By declaring the property as nullable (e.g., int?, bool?, decimal?), you create a state where the value can explicitly be null. When combined with the [Required] attribute, the model binder enforces that the client must provide either a valid value or explicitly set it to null. This ensures the property is never unintentionally set to its default value.

My Thoughts

While this approach solves the problem, implementing it would require adding numerous null checks throughout the codebase, potentially increasing complexity and maintenance overhead.

As a result, I opted to disable this rule in SonarQube for the project.