private void afterExecutionImpl(final String sqlString) {
if (JiraSystemProperties.getInstance().isXsrfDiagnostics()) {
final String requestURL = MDC.get("jira.request.url");
if (isMutatingSQL(sqlString)) {
HttpServletRequest request = ActionContext.getRequest();
if (request != null
&& request.getAttribute(XSRF_VULNERABILITY_DETECTION_SQLINTERCEPTOR_DONE) == null) {
// setting this into the request will make things a lot faster
request.setAttribute(XSRF_VULNERABILITY_DETECTION_SQLINTERCEPTOR_DONE, "true");
CallStack callStack = new CallStack();
if (callStack.hasMethodsWeAreInterestedIn() && !callStack.isProtectedAction()) {
log.error("XSRF VULNERABILITY DETECTED");
log.error("requestURL: " + requestURL);
log.error("sql: " + sqlString);
log.error("CallStack:", callStack);
}
}
}
}
}
