contrib.nodejsscan.good_anti_csrf.anti_csrf_control

returntocorp

Author

Download Count*

GPLv3

License

This application has anti CSRF protection which prevents cross site request forgery attacks.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: anti_csrf_control
    patterns:
      - pattern-inside: |
          $CSRUF = require('csurf');
          ...
      - pattern-either:
          - pattern: $X = csrf(...);
          - pattern: $X = csurf(...);
          - pattern: $APP.use(csrf(...));
          - pattern: $APP.use(csurf(...));
    message: This application has anti CSRF protection which prevents cross site
      request forgery attacks.
    languages:
      - javascript
    severity: WARNING
    metadata:
      category: security
      technology:
        - node.js
        - express
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Short Link: https://sg.run/J9ZR