hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

C#: Fix a bad join

Browse Source
This commit is contained in:
Tom Hvitved
2024-04-23 11:47:55 +02:00
parent 553c09ada3
commit 6aa4c5c187
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
csharp/ql/src/Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql
View File

@@ -16,11 +16,15 @@ import semmle.code.csharp.frameworks.system.Web
import semmle.code.csharp.frameworks.system.web.Helpers import semmle.code.csharp.frameworks.system.web.Helpers
import semmle.code.csharp.frameworks.system.web.Mvc import semmle.code.csharp.frameworks.system.web.Mvc
private Method getAValidatingMethod() {
result = any(AntiForgeryClass a).getValidateMethod()
or
result.calls(getAValidatingMethod())
}
/** An `AuthorizationFilter` that calls the `AntiForgery.Validate` method. */ /** An `AuthorizationFilter` that calls the `AntiForgery.Validate` method. */
class AntiForgeryAuthorizationFilter extends AuthorizationFilter { class AntiForgeryAuthorizationFilter extends AuthorizationFilter {
AntiForgeryAuthorizationFilter() { AntiForgeryAuthorizationFilter() { this.getOnAuthorizationMethod() = getAValidatingMethod() }
this.getOnAuthorizationMethod().calls*(any(AntiForgeryClass a).getValidateMethod())
}
} }
/** /**