mirror of
https://github.com/github/codeql.git
synced 2026-06-19 03:41:07 +02:00
23 lines
676 B
Plaintext
23 lines
676 B
Plaintext
/**
|
|
* @name Disabled Spring CSRF protection
|
|
* @description Disabling CSRF protection makes the application vulnerable to
|
|
* a Cross-Site Request Forgery (CSRF) attack.
|
|
* @kind problem
|
|
* @problem.severity error
|
|
* @security-severity 8.8
|
|
* @precision high
|
|
* @id java/spring-disabled-csrf-protection
|
|
* @tags security
|
|
* external/cwe/cwe-352
|
|
*/
|
|
|
|
import java
|
|
|
|
from MethodAccess call
|
|
where
|
|
call.getMethod().hasName("disable") and
|
|
call.getReceiverType()
|
|
.hasQualifiedName("org.springframework.security.config.annotation.web.configurers",
|
|
"CsrfConfigurer<HttpSecurity>")
|
|
select call, "CSRF vulnerability due to protection being disabled."
|