Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
When a web server is designed to receive a request from a client without any mechanism for verifying that it was intentionally sent, then it might be possible for an attacker to trick a client into making an unintentional request to the web server which will be treated as an authentic request.
この脆弱性の修正方法
3 件の Shoulder 検出ルールに基づく Cross-Site Request Forgery の予防策。
Create HTTP interceptors to centralize authentication tokens and CSRF protection across all requests
- import { HttpClient } from '@angular/common/http'; - import { Injectable } from '@angular/core'; - - @Injectable({ providedIn: 'root' }) - export class UserService { - constructor(private http: HttpClient) {} - - getUsers() { - return this.http.get('/api/users', { - headers: { Authorization: `Bearer ${this.getToken()}` } - }); - } - - updateUser(id: string, data: any) { - // Easy to forget auth header on new endpoints - return this.http.put(`/api/users/${id}`, data); - } - - private getToken(): string { - return localStorage.getItem('token') || ''; - } - } + import { Injectable } from '@angular/core'; + import { HttpInterceptor, HttpRequest, HttpHandler, HTTP_INTERCEPTORS } from '@angular/common/http'; + import { AuthService } from './auth.service'; + + @Injectable() + export class AuthInterceptor implements HttpInterceptor { + constructor(private auth: AuthService) {} + + intercept(req: HttpRequest<any>, next: HttpHandler) { + const token = this.auth.getToken(); + if (token) { + req = req.clone({ + headers: req.headers.set('Authorization', `Bearer ${token}`) + }); + } + return next.handle(req); + } + } + + // In app.module.ts + // providers: [{ provide: HTTP_INTERCEPTORS, useClass: AuthInterceptor, multi: true }]
Ensure CsrfViewMiddleware is enabled and never use @csrf_exempt on state-changing views
- from django.views.decorators.csrf import csrf_exempt - from django.http import JsonResponse - - @csrf_exempt + from django.views.decorators.csrf import csrf_protect + from django.http import JsonResponse + + @csrf_protect def transfer_funds(request): amount = request.POST['amount'] recipient = request.POST['recipient'] process_transfer(request.user, recipient, amount) return JsonResponse({'status': 'transferred'})
Add CSRF middleware to protect state-changing endpoints
package main - import "github.com/gin-gonic/gin" - - func main() { - r := gin.Default() + import ( + "os" + "github.com/gin-gonic/gin" + "github.com/utrack/gin-csrf" + ) + + func main() { + r := gin.Default() + r.Use(csrf.Middleware(csrf.Options{ + Secret: os.Getenv("CSRF_SECRET"), + })) r.POST("/transfer", transferMoney) r.Run(":8080") }
コードの脆弱性を見つける
Shoulderを使用してコードのCross-Site Request Forgery (CSRF)パターンをスキャンしましょう。 3 ルール.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=352 # Or scan entire project npx @shoulderdev/cli trust .
検出ルール (3)
コードレビューで注目すべき点
これらのパターンはCross-Site Request Forgery (CSRF)の潜在的な脆弱性を示しています。コードレビューとセキュリティ監査中に探してください。
コードベースをスキャン: Cross-Site Request Forgery (CSRF)
Shoulder CLI はコードベース全体から脆弱なパターンを見つけます。