codeql/python/ql/src/Security/CWE-352/CSRFProtectionDisabled.ql at 3416f074e8365ea250e5b3abcb1dae4e8a10dc96 · github/codeql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
/**
 * @name CSRF protection weakened or disabled
 * @description Disabling or weakening CSRF protection may make the application
 *              vulnerable to a Cross-Site Request Forgery (CSRF) attack.
 * @kind problem
 * @problem.severity warning
 * @security-severity 8.8
 * @precision high
 * @id py/csrf-protection-disabled
 * @tags security
 *       external/cwe/cwe-352
 */

import python
import semmle.python.Concepts

from HTTP::Server::CsrfProtectionSetting s
where
  s.getVerificationSetting() = false and
  not exists(HTTP::Server::CsrfLocalProtectionSetting p | p.csrfEnabled()) and
  // rule out test code as this is a common place to turn off CSRF protection.
  // We don't use normal `TestScope` to find test files, since we also want to match
  // a settings file such as `.../integration-tests/settings.py`
  not s.getLocation().getFile().getAbsolutePath().matches("%test%")
select s, "Potential CSRF vulnerability due to forgery protection being disabled or weakened."