@@ -106,7 +106,8 @@ module FileSystemWriteAccess {
106106}
107107
108108/**
109- * A data-flow node that may set or unset Cross-site request forgery protection.
109+ * A data-flow node that may set or unset Cross-site request forgery protection
110+ * in a global manner.
110111 *
111112 * Extend this class to refine existing API models. If you want to model new APIs,
112113 * extend `CSRFProtectionSetting::Range` instead.
@@ -122,7 +123,8 @@ class CSRFProtectionSetting extends DataFlow::Node instanceof CSRFProtectionSett
122123/** Provides a class for modeling new CSRF protection setting APIs. */
123124module CSRFProtectionSetting {
124125 /**
125- * A data-flow node that may set or unset Cross-site request forgery protection.
126+ * A data-flow node that may set or unset Cross-site request forgery protection
127+ * in a global manner.
126128 *
127129 * Extend this class to model new APIs. If you want to refine existing API models,
128130 * extend `CSRFProtectionSetting` instead.
@@ -136,6 +138,39 @@ module CSRFProtectionSetting {
136138 }
137139}
138140
141+ /**
142+ * A data-flow node that provides Cross-site request forgery protection
143+ * for a specific part of an application.
144+ *
145+ * Extend this class to refine existing API models. If you want to model new APIs,
146+ * extend `CSRFProtection::Range` instead.
147+ */
148+ class CSRFProtection extends DataFlow:: Node instanceof CSRFProtection:: Range {
149+ /**
150+ * Gets a `Function` representing the protected interaction
151+ * (probably a request handler).
152+ */
153+ Function getProtected ( ) { result = super .getProtected ( ) }
154+ }
155+
156+ /** Provides a class for modeling new CSRF protection setting APIs. */
157+ module CSRFProtection {
158+ /**
159+ * A data-flow node that provides Cross-site request forgery protection
160+ * for a specific part of an application.
161+ *
162+ * Extend this class to model new APIs. If you want to refine existing API models,
163+ * extend `CSRFProtection` instead.
164+ */
165+ abstract class Range extends DataFlow:: Node {
166+ /**
167+ * Gets a `Function` representing the protected interaction
168+ * (probably a request handler).
169+ */
170+ abstract Function getProtected ( ) ;
171+ }
172+ }
173+
139174/** Provides classes for modeling path-related APIs. */
140175module Path {
141176 /**
0 commit comments