CWE-352 Cross-Site Request Forgery
Coverage: 6 rules in the SiteShadow rule registry target this CWE (registry v2.0.0). Regex 5Other-pattern 1 Also: Taint and heuristic analyzers may also detect related flows (see coverage for the authoritative list) Registry tagging shows intent, for sample-level behaviour and benchmarked gaps see known gaps.
What this means
SiteShadow flagged state-changing requests that appear to rely on cookies/session auth but lack CSRF protections.
Why it matters
CSRF can let attackers perform actions on behalf of a user.
- A victim can be tricked into clicking a link or loading a page that triggers a "hidden" request.
- Impact includes password changes, email changes, purchases, or data deletion, depending on the endpoint.
Safer examples
1) Use CSRF tokens for cookie-authenticated sessions
Use your framework's CSRF middleware and rotate tokens appropriately.
2) Use SameSite cookies (defense-in-depth)
Set SameSite=Lax or Strict where possible (see S02 / CWE-614).
3) Prefer "double-submit" or header-based auth for APIs
For pure APIs, prefer Authorization headers (bearer tokens) and avoid browser-sent cookies, when feasible.
How SiteShadow detects it (high level)
- Identifies cookie/session-auth patterns and flags state-changing routes missing CSRF middleware/token checks.
- Prioritizes endpoints that modify user data, permissions, billing, or secrets.
References
- CWE-352: https://cwe.mitre.org/data/definitions/352.html
---
← Back to Vulnerability Library
Catch this with SiteShadow Pro.
This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.