In this post, I’ll show you how I used Semgrep’s taint mode to write small and accurate Semgrep rules that detect CSRF and CORS misconfigurations in Apollo GraphQL servers. Try them out with semgrep --config p/trailofbits!
semgrep --config p/trailofbits
