Security

Compliance
Anti-Patterns
Code Governance
Infrastructure Security Database
Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
  - Android
  - Aws-lambda
  - Castor
  - Java-jwt
  - Jax-rs
  - Jboss
  - Jdo
  - Jedis
  - Jjwt
  - Jsch
  - Kryo
  - Lang
  - Micronaut
  - Mongo
  - Mongodb
  - Mysql
  - Okhttp
  - Rmi
  - Servlets
  - Spring
    - Log-http-headers
    - Security
    - Security
    - Simple-command-injection-direct-input
    - Spring-tainted-path-traversal
    - Tainted-html-string-responsebody
  - Thymeleaf
  - Xstream
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml

unrestricted-request-mapping

Detected a method annotated with ‘RequestMapping’ that does not specify the HTTP method. CSRF protections are not enabled for GET, HEAD, TRACE, or OPTIONS, and by default all HTTP methods are allowed when the HTTP method is not explicitly specified. This means that a method that performs state changes could be vulnerable to CSRF attacks. To mitigate, add the ‘method’ field and specify the HTTP method (such as ‘RequestMethod.POST’).
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-352: Cross-Site Request Forgery (CSRF)
OWASP:
- A01:2021 - Broken Access Control

Log request headers Audit

Start Here

Setup

Pull Request Review

Scan center

Integrations

IDE

Rule Reference

Resources