AWS logo
Amazon QDetector Library

Cross-site request forgery High

Insecure configuration can lead to a cross-site request forgery (CRSF) vulnerability. This can enable an attacker to trick end users into performing unwanted actions while authenticated.

Detector ID
java/cross-site-request-forgery@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1public void configureCsrfNoncompliant(HttpSecurity security) throws Exception {
2    // Noncompliant: disables CSRF protection.
3    security.csrf().disable();
4}

Compliant example

1public void configureCsrfCompliant(HttpSecurity security) throws Exception {
2    // Compliant: enables CSRF protection.
3    security.csrf();
4}