38 lines
1.2 KiB
JSON
38 lines
1.2 KiB
JSON
|
|
{
|
||
|
|
"task_id": "2026-04-24-action-csrf-centralization-step4",
|
||
|
|
"verdict": "pass",
|
||
|
|
"checked_criterion_ids": [
|
||
|
|
"SC-001",
|
||
|
|
"SC-002",
|
||
|
|
"SC-003",
|
||
|
|
"SC-004"
|
||
|
|
],
|
||
|
|
"checks": [
|
||
|
|
{
|
||
|
|
"criterion_id": "SC-001",
|
||
|
|
"criterion": "Remaining non-admin method checks use helper-compatible patterns (no direct requestInput()->method()).",
|
||
|
|
"result": "pass",
|
||
|
|
"evidence": "Direct requestInput()->method() usage in non-admin pages reduced to 0."
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"criterion_id": "SC-002",
|
||
|
|
"criterion": "Remaining non-admin CSRF checks use actionRequireCsrf (no direct Session::checkCsrfToken()).",
|
||
|
|
"result": "pass",
|
||
|
|
"evidence": "Direct Session::checkCsrfToken() usage in non-admin pages reduced to 0."
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"criterion_id": "SC-003",
|
||
|
|
"criterion": "New CorePageRequestGuardContractTest prevents regression in non-admin core pages.",
|
||
|
|
"result": "pass",
|
||
|
|
"evidence": "CorePageRequestGuardContractTest added and passing."
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"criterion_id": "SC-004",
|
||
|
|
"criterion": "Architecture + required gate set remains green.",
|
||
|
|
"result": "pass",
|
||
|
|
"evidence": "All required gates and targeted architecture tests passed."
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"missing_or_wrong": []
|
||
|
|
}
|