Description

This detector identifies AJAX requests that lack proper CSRF (Cross-Site Request Forgery) protection mechanisms. AJAX calls without CSRF tokens are vulnerable to cross-site request forgery attacks where malicious sites can trigger unauthorized actions on behalf of authenticated users.

Detection Strategy

• Analyzes TypeScript/JavaScript code for AJAX request implementations

• Examines AJAX calls to check for CSRF token inclusion

• Reports vulnerability when AJAX requests are made without proper CSRF token headers or parameters

• Focuses on state-changing HTTP methods (POST, PUT, DELETE, PATCH) that require CSRF protection

Vulnerable code example

// VULNERABLE: CSRF token extracted from URL referrer
const token = document.referrer.split('csrfToken=')[1];
$.ajax({
    url: '/api/create-post',
    method: 'POST',
    headers: {
        'X-CSRF-Token': token // Attacker-controlled token from referrer
    }...

✅ Secure code example

// SECURE: CSRF token from server-provided meta tag or function parameter
const token = document.querySelector('meta[name="csrf-token"]')?.getAttribute('content');
if (token) {
    $.ajax({
        url: '/api/create-post',
        method: 'POST',
        headers: {
            'X-CSRF-Token': token // Token from trusted server source...