private void afterExecutionImpl(final String sqlString) { if (JiraSystemProperties.getInstance().isXsrfDiagnostics()) { final String requestURL = MDC.get("jira.request.url"); if (isMutatingSQL(sqlString)) { HttpServletRequest request = ActionContext.getRequest(); if (request != null && request.getAttribute(XSRF_VULNERABILITY_DETECTION_SQLINTERCEPTOR_DONE) == null) { // setting this into the request will make things a lot faster request.setAttribute(XSRF_VULNERABILITY_DETECTION_SQLINTERCEPTOR_DONE, "true"); CallStack callStack = new CallStack(); if (callStack.hasMethodsWeAreInterestedIn() && !callStack.isProtectedAction()) { log.error("XSRF VULNERABILITY DETECTED"); log.error("requestURL: " + requestURL); log.error("sql: " + sqlString); log.error("CallStack:", callStack); } } } } }