hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Simplify the query

Browse Source
This commit is contained in:
Grzegorz Golawski
2020-01-05 22:05:00 +01:00
parent ab49397bb8
commit 4ce25c045d
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql
View File

@@ -12,11 +12,11 @@
import java
from MethodAccess call, Method method
from MethodAccess call
where
call.getMethod() = method and
method.hasName("disable") and
method.getDeclaringType().getQualifiedName().regexpMatch(
"org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<CsrfConfigurer<.*>,.*>"
call.getMethod().hasName("disable") and
call.getReceiverType().hasQualifiedName(
"org.springframework.security.config.annotation.web.configurers",
"CsrfConfigurer<HttpSecurity>"
)
select call, "CSRF vulnerability due to protection being disabled."