Module InsecureDirectObjectReferenceQuery

Definitions for the Insecure Direct Object Reference query

Import path

import semmle.code.csharp.security.auth.InsecureDirectObjectReferenceQuery

Imports

ActionMethods	Common definitions for queries checking for access control measures on action methods.
FlowSources	Provides classes representing various flow sources for taint tracking.
Remote	DEPRECATED.
csharp	The default C# QL library.

Predicates

hasInsecureDirectObjectReference

Holds if m is a method that modifies a particular resource based on an ID provided by user input, but does not check anything based on the current user to determine if they should modify this resource.