hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: add query

Browse Source
This commit is contained in:
Jami Cogswell
2024-11-26 23:06:56 -05:00
parent c553e3132e
commit 178b032453
1 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.ql Normal file
View File

@@ -0,0 +1,27 @@
/**
* @name HTTP request type unprotected from CSRF
* @description Using an HTTP request type that is not default-protected from CSRF for a
* state-changing action makes the application vulnerable to a Cross-Site
* Request Forgery (CSRF) attack.
* @kind path-problem
* @problem.severity error
* @security-severity 8.8
* @precision low
* @id java/csrf-unprotected-request-type
* @tags security
* external/cwe/cwe-352
*/
import java
import semmle.code.java.security.CsrfUnprotectedRequestTypeQuery
import CallGraph
from PathNode source, PathNode reachable, PathNode callsReachable
where
source.asMethod() instanceof CsrfUnprotectedMethod and
reachable.asMethod() instanceof DatabaseUpdateMethod and
callsReachable.getASuccessor() = reachable and
source.getASuccessor+() = callsReachable
select source.asMethod(), source, callsReachable,
"Potential CSRF vulnerability due to using an HTTP request type which is not default-protected from CSRF for an apparent $@.",
callsReachable, "state-changing action"