Java: add query

Author: Jami Cogswell

java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.ql

@@ -0,0 +1,27 @@
+/**
+ * @name HTTP request type unprotected from CSRF
+ * @description Using an HTTP request type that is not default-protected from CSRF for a
+ *              state-changing action makes the application vulnerable to a Cross-Site
+ *              Request Forgery (CSRF) attack.
+ * @kind path-problem
+ * @problem.severity error
+ * @security-severity 8.8
+ * @precision low
+ * @id java/csrf-unprotected-request-type
+ * @tags security
+ *       external/cwe/cwe-352
+ */
+
+import java
+import semmle.code.java.security.CsrfUnprotectedRequestTypeQuery
+import CallGraph
+
+from PathNode source, PathNode reachable, PathNode callsReachable
+where
+  source.asMethod() instanceof CsrfUnprotectedMethod and
+  reachable.asMethod() instanceof DatabaseUpdateMethod and
+  callsReachable.getASuccessor() = reachable and
+  source.getASuccessor+() = callsReachable
+select source.asMethod(), source, callsReachable,
+  "Potential CSRF vulnerability due to using an HTTP request type which is not default-protected from CSRF for an apparent $@.",
+  callsReachable, "state-changing action"