Request Forgery: CSRF Get Based¶

Identifier: csrf_get_based

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

GET based CSRF is when an external site tricks a user's browser into making a GET request to another site where the user is authenticated, leveraging the browsers automatic inclusion of credentials like cookies. This means that if your API accepts state-changing actions via GET, an attacker can potentially make changes or reveal sensitive data on behalf of a logged-in user without their consent. Developers often fall into the trap of using GET for actions that should change state, assuming GET is harmless simply because it's meant for retrieving data. If not handled carefully, this vulnerability can lead to unauthorized transactions or data breaches, so it's important to separate safe retrieval actions (GET) from actions that modify data (which should use methods like POST with proper checks).

References:

https://blog.doyensec.com/2021/05/20/graphql-csrf.html

Configuration¶

Example¶

Example configuration:

---
security_tests:
  csrf_get_based:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.