hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

C#: Fix another bad join

Browse Source
This commit is contained in:
Tom Hvitved
2024-04-23 15:39:59 +02:00
parent 6aa4c5c187
commit d8d7688f88
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
csharp/ql/src/Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql
View File

@@ -27,6 +27,12 @@ class AntiForgeryAuthorizationFilter extends AuthorizationFilter {
AntiForgeryAuthorizationFilter() { this.getOnAuthorizationMethod() = getAValidatingMethod() }
}
private Method getAStartedMethod() {
result = any(WebApplication wa).getApplication_StartMethod()
or
getAStartedMethod().calls(result)
}
/**
* Holds if the project has a global anti forgery filter.
*/
@@ -38,9 +44,7 @@ predicate hasGlobalAntiForgeryFilter() {
// The filter is an antiforgery filter
addGlobalFilter.getArgumentForName("filter").getType() instanceof AntiForgeryAuthorizationFilter and
// The filter is added by the Application_Start() method
any(WebApplication wa)
.getApplication_StartMethod()
.calls*(addGlobalFilter.getEnclosingCallable())
getAStartedMethod() = addGlobalFilter.getEnclosingCallable()
)
}