Query module MissingCsrfMiddleware

name
Missing CSRF middleware
description
Using cookies without CSRF protection may allow malicious websites to submit requests on behalf of the user.
kind
problem
problem.severity
error
precision
high
id
js/missing-token-validation
tags
security external/cwe/cwe-352

Imports

javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Predicates

csrfMiddlewareCreation

Gets an expression that creates a route handler which protects against CSRF attacks.

hasCookieMiddleware

Checks if expr is preceded by the cookie middleware cookie.

hasCsrfMiddleware

Holds if the given route handler is protected by CSRF middleware.