Predicate hasInsecureDirectObjectReference
Holds if m
is a method that modifies a particular resource based on
an ID provided by user input, but does not check anything based on the current user
to determine if they should modify this resource.
Import path
import semmle.code.csharp.security.auth.InsecureDirectObjectReferenceQuery
predicate hasInsecureDirectObjectReference(ActionMethod m)