Module CsrfUnprotectedRequestTypeQuery

Provides classes and predicates to reason about CSRF vulnerabilities due to use of unprotected HTTP request types.

Import path

import semmle.code.java.security.CsrfUnprotectedRequestTypeQuery

CallGraph	Provides classes and predicates representing call graph paths.
java	Provides all default Java QL imports.

relevantEdge	Holds if `pred` has a successor node `succ` and this edge is in an `unprotectedStateChange` path.
unprotectedStateChange	Holds if `source` is an unprotected request handler that may change an application’s state.

CsrfUnprotectedMethod	A method that is not protected from CSRF by default.
DatabaseUpdateMethod	A method that updates a database.

Provides classes and predicates representing call graph paths.