hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: remove token section from qhelp overview

Browse Source 
discussing tokens is not directly relevant to this query's recommendation and examples
This commit is contained in:
Jami Cogswell
2025-02-04 13:36:15 -05:00
parent f438282674
commit 0367846333
1 changed files with 0 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.qhelp
View File

@@ -17,14 +17,6 @@
credentials that are automatically included in the request, then this
request will appear as legitimate to the server.
</p>
<p>
A common countermeasure for CSRF is to generate a unique token to be
included in the HTML sent from the server to a user. This token can be
used as a hidden field to be sent back with requests to the server, where
the server can then check that the token is valid and associated with the
relevant user session.
</p>
</overview>
<recommendation>