hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.7.5
codeql/csharp/ql/test/query-tests/Security Features/CWE-352/global/MissingAntiForgeryTokenValidation.cs
Tamas Vajk 03d1a3e0ad Trim test files + remove duplicate newlines
2021-07-01 16:09:11 +02:00

37 lines
757 B
C#
Raw Permalink Blame History

using System.Web;
using System.Web.Helpers;
using System.Web.Mvc;
public class HomeController : Controller
{
// This is fine because of the global filter
[HttpPost]
public ActionResult Login()
{
return View();
}
// GOOD: Anti forgery token is validated
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult UpdateDetails()
{
return View();
}
}
public class AntiForgeryFilter : FilterAttribute, IAuthorizationFilter
{
public void OnAuthorization(AuthorizationContext filterContext)
{
AntiForgery.Validate();
}
}
public class UserApplication : HttpApplication
{
public void Application_Start()
{
GlobalFilters.Filters.Add(new AntiForgeryFilter());
}
}
Reference in New Issue View Git Blame Copy Permalink