Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
When a web server is designed to receive a request from a client without any mechanism for verifying that it was intentionally sent, then it might be possible for an attacker to trick a client into making an unintentional request to the web server which will be treated as an authentic request.
이 취약점을 수정하는 방법
3개의 Shoulder 탐지 규칙을 기반으로 한 Cross-Site Request Forgery 예방 전략.
Create HTTP interceptors to centralize authentication tokens and CSRF protection across all requests
- import { HttpClient } from '@angular/common/http'; - import { Injectable } from '@angular/core'; - - @Injectable({ providedIn: 'root' }) - export class UserService { - constructor(private http: HttpClient) {} - - getUsers() { - return this.http.get('/api/users', { - headers: { Authorization: `Bearer ${this.getToken()}` } - }); - } - - updateUser(id: string, data: any) { - // Easy to forget auth header on new endpoints - return this.http.put(`/api/users/${id}`, data); - } - - private getToken(): string { - return localStorage.getItem('token') || ''; - } - } + import { Injectable } from '@angular/core'; + import { HttpInterceptor, HttpRequest, HttpHandler, HTTP_INTERCEPTORS } from '@angular/common/http'; + import { AuthService } from './auth.service'; + + @Injectable() + export class AuthInterceptor implements HttpInterceptor { + constructor(private auth: AuthService) {} + + intercept(req: HttpRequest<any>, next: HttpHandler) { + const token = this.auth.getToken(); + if (token) { + req = req.clone({ + headers: req.headers.set('Authorization', `Bearer ${token}`) + }); + } + return next.handle(req); + } + } + + // In app.module.ts + // providers: [{ provide: HTTP_INTERCEPTORS, useClass: AuthInterceptor, multi: true }]
Ensure CsrfViewMiddleware is enabled and never use @csrf_exempt on state-changing views
- from django.views.decorators.csrf import csrf_exempt - from django.http import JsonResponse - - @csrf_exempt + from django.views.decorators.csrf import csrf_protect + from django.http import JsonResponse + + @csrf_protect def transfer_funds(request): amount = request.POST['amount'] recipient = request.POST['recipient'] process_transfer(request.user, recipient, amount) return JsonResponse({'status': 'transferred'})
Add CSRF middleware to protect state-changing endpoints
package main - import "github.com/gin-gonic/gin" - - func main() { - r := gin.Default() + import ( + "os" + "github.com/gin-gonic/gin" + "github.com/utrack/gin-csrf" + ) + + func main() { + r := gin.Default() + r.Use(csrf.Middleware(csrf.Options{ + Secret: os.Getenv("CSRF_SECRET"), + })) r.POST("/transfer", transferMoney) r.Run(":8080") }
코드에서 취약점 찾기
Shoulder를 사용하여 코드에서 Cross-Site Request Forgery (CSRF) 패턴을 스캔하세요. 3 규칙.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=352 # Or scan entire project npx @shoulderdev/cli trust .
탐지 규칙 (3)
코드 리뷰에서 주의할 점
이 패턴은 잠재적인 Cross-Site Request Forgery (CSRF) 취약점을 나타냅니다. 코드 리뷰와 보안 감사 중에 찾아보세요.
코드베이스를 스캔하세요: Cross-Site Request Forgery (CSRF)
Shoulder CLI는 전체 코드베이스에서 취약한 패턴을 찾아냅니다.