hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 00:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: add qhelp

Browse Source
This commit is contained in:
Jami Cogswell
2024-12-16 18:44:55 -05:00
parent b3b7817a2b
commit 0c6925399d
3 changed files with 53 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.qhelp Normal file
View File

@@ -0,0 +1,43 @@
<!DOCTYPE qhelp SYSTEM "qhelp.dtd">
<qhelp>
<overview>
<p>When you set up a web server to receive a request from a client without any mechanism
for verifying that it was intentionally sent, then it is vulnerable to attack. An attacker can
trick a client into making an unintended request to the web server that will be treated as
an authentic request. This can be done via a URL, image load, XMLHttpRequest, etc. and can
result in exposure of data or unintended code execution.</p>
</overview>
<recommendation>
<p>When handling requests, make sure any requests that change application state are protected from
Cross Site Request Forgery (CSRF). Some application frameworks, such as Spring, provide default CSRF
protection for HTTP request types that may change application state, such as POST. Other HTTP request
types, such as GET, should not be used for actions that change the state of the application, since these
request types are not default-protected from CSRF by the framework.</p>
</recommendation>
<example>
<p>The following example shows a Spring request handler using a GET request for a state-changing action.
Since a GET request does not have default CSRF protection in Spring, this type of request should
not be used when modifying application state. Instead use one of Spring's default-protected request
types, such as POST.</p>
<sample src="CsrfUnprotectedRequestTypeBad.java" />
<sample src="CsrfUnprotectedRequestTypeGood.java" />
</example>
<references>
<li>
OWASP:
<a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)">Cross-Site Request Forgery (CSRF)</a>.
</li>
<li>
Spring Security Reference:
<a href="https://docs.spring.io/spring-security/reference/servlet/exploits/csrf.html">
Cross Site Request Forgery (CSRF)
</a>.
</li>
</references>
</qhelp>

5
java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestTypeBad.java Normal file
View File

@@ -0,0 +1,5 @@
// BAD - a GET request should not be used for a state-changing action like transfer
@RequestMapping(value="transfer", method=RequestMethod.GET)
public boolean transfer(HttpServletRequest request, HttpServletResponse response){
return doTransfer(request, response);
}

5
java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestTypeGood.java Normal file
View File

@@ -0,0 +1,5 @@
// GOOD - use a POST request for a state-changing action
@RequestMapping(value="transfer", method=RequestMethod.POST)
public boolean transfer(HttpServletRequest request, HttpServletResponse response){
return doTransfer(request, response);
}