gitlab.security_code_scan.SCS0016-1

unknown
Download Count*
License

An attacker could send a link to the victim. By visiting the malicious link, a web page would trigger a POST request (because it is a blind attack - the attacker doesn’t see a response from triggered request and has no use from GET request and GET requests should not change a state on the server by definition) to the website. The victim would not be able to acknowledge that an action is made in the background, but his cookie would be automatically submitted if he is authenticated to the website. This attack does not require special interaction other than visiting a website.

Run Locally

Run in CI

Defintion

rules:
  - id: security_code_scan.SCS0016-1
    patterns:
      - pattern: |
          [HttpPost]
          public $RET $FOO(...) {
            ...
          }
      - pattern-not: |
          [ValidateAntiForgeryToken]
          public $RET $FOO(...) {
            ...
          }
    message: |
      An attacker could send a link to the victim. By visiting the
      malicious link, a web page would trigger a POST request (because it is a
      blind attack - the attacker doesn’t see a response from triggered request
      and has no use from GET request and GET requests should not change a state
      on the server by definition) to the website. The victim would not be able
      to acknowledge that an action is made in the background, but his cookie
      would be automatically submitted if he is authenticated to the website.
      This attack does not require special interaction other than visiting a
      website.
    languages:
      - csharp
    severity: WARNING
    metadata:
      category: security
      cwe: "CWE-352: Cross-Site Request Forgery (CSRF)"
      license: MIT