hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Disable csrf for ServerHttpSecurity

Browse Source
This commit is contained in:
Mauro Baluda
2024-05-30 23:08:57 +02:00
parent 61593aed7d
commit e2479a7ce2
3 changed files with 52 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
java/ql/test/query-tests/security/CWE-352/SpringCsrfProtectionTest.java
View File

@@ -1,10 +1,15 @@
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.web.server.ServerHttpSecurity;
public class SpringCsrfProtectionTest {
protected void test(HttpSecurity http) throws Exception {
protected void test(HttpSecurity http, final ServerHttpSecurity httpSecurity) throws Exception {
http.csrf(csrf -> csrf.disable()); // $ hasSpringCsrfProtectionDisabled
http.csrf().disable(); // $ hasSpringCsrfProtectionDisabled
http.csrf(AbstractHttpConfigurer::disable); // $ hasSpringCsrfProtectionDisabled
httpSecurity.csrf(csrf -> csrf.disable()); // $ hasSpringCsrfProtectionDisabled
httpSecurity.csrf().disable(); // $ hasSpringCsrfProtectionDisabled
httpSecurity.csrf(ServerHttpSecurity.CsrfSpec::disable); // $ hasSpringCsrfProtectionDisabled
}
}
}