Module CsrfUnprotectedRequestTypeQuery

Provides classes and predicates to reason about CSRF vulnerabilities due to use of unprotected HTTP request types.

Import path

import semmle.code.java.security.CsrfUnprotectedRequestTypeQuery

CallGraph	Provides classes and predicates representing call graph paths.
java	Provides all default Java QL imports.

Holds if source is an unprotected request handler that may change an application’s state.

CsrfUnprotectedMethod	A method that is not protected from CSRF by default.
DatabaseUpdateMethod	A method that updates a database.

Provides classes and predicates representing call graph paths.