hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-24 10:53:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
2793f28428567060b66819525a5a045f52f2228d
codeql/java/ql/lib/semmle/code/java/security/SpringCsrfProtection.qll
Chris Smowton f552a15aae Mass-rename MethodAccess -> MethodCall
2023-10-24 10:30:26 +01:00

21 lines
768 B
Plaintext
Raw Blame History

/** Provides predicates to reason about disabling CSRF protection in Spring. */
import java
/** Holds if `call` disables CSRF protection in Spring. */
predicate disablesSpringCsrfProtection(MethodCall call) {
call.getMethod().hasName("disable") and
call.getReceiverType()
.hasQualifiedName("org.springframework.security.config.annotation.web.configurers",
"CsrfConfigurer<HttpSecurity>")
or
call.getMethod()
.hasQualifiedName("org.springframework.security.config.annotation.web.builders",
"HttpSecurity", "csrf") and
call.getArgument(0)
.(MemberRefExpr)
.getReferencedCallable()
.hasQualifiedName("org.springframework.security.config.annotation.web.configurers",
"AbstractHttpConfigurer", "disable")
}
Reference in New Issue View Git Blame Copy Permalink