MetaCredo.
View Source
Detects state-changing endpoints without CSRF protection (CWE-352).
Identifies code patterns where state-changing HTTP operations (POST, PUT, PATCH, DELETE) are handled without CSRF token validation.
Category: Security / Priority: high