Query module MissingAntiForgeryTokenValidation

name
Missing cross-site request forgery token validation
description
Handling a POST request without verifying that the request came from the user allows a malicious attacker to submit a request on behalf of the user.
kind
problem
problem.severity
error
precision
high
id
cs/web/missing-token-validation
tags
security external/cwe/cwe-352

Imports

Helpers

Provides definitions related to the namespace System.Web.Helpers.

Mvc

Provides definitions related to the namespace System.Web.Mvc.

Web

Provides definitions related to the namespace System.Web.

csharp

The default C# QL library.

Predicates

hasGlobalAntiForgeryFilter

Holds if the project has a global anti forgery filter.

Classes

AntiForgeryAuthorizationFilter

An AuthorizationFilter that calls the AntiForgery.Validate method.