hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix path tracking

Browse Source
This commit is contained in:
edvraa
2021-05-24 18:45:37 +03:00
committed by Owen Mansel-Chan
parent 4576b16f30
commit 0456d4793a
1 changed files with 13 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql
View File

@@ -27,10 +27,11 @@ predicate isNetHttpCookieFlow(DataFlow::PathNode source, DataFlow::PathNode sink
source = sensitiveName and
sink = setCookieSink
or
exists(BoolToNetHttpCookieTrackingConfiguration cfg |
cfg.hasFlow(source.getNode(), setCookieSink.getNode()) and
exists(BoolToNetHttpCookieTrackingConfiguration cfg, DataFlow::PathNode setCookieSink2 |
cfg.hasFlowPath(source, setCookieSink2) and
source.getNode().getBoolValue() = false and
sink = setCookieSink
sink = setCookieSink2 and
setCookieSink.getNode() = setCookieSink2.getNode()
)
)
)
@@ -48,18 +49,20 @@ predicate isGorillaSessionsCookieFlow(DataFlow::PathNode source, DataFlow::PathN
source = cookieStoreCreate and
sink = sessionSave
or
exists(GorillaSessionOptionsTrackingConfiguration cfg, DataFlow::PathNode options |
cfg.hasFlow(options.getNode(), sessionSave.getNode()) and
exists(GorillaSessionOptionsTrackingConfiguration cfg, DataFlow::PathNode options, DataFlow::PathNode sessionSave2 |
cfg.hasFlowPath(options, sessionSave2) and
(
not any(BoolToGorillaSessionOptionsTrackingConfiguration boolCfg)
.hasFlowTo(sessionSave.getNode()) and
sink = sessionSave and
source = options
sink = sessionSave2 and
source = options and
sessionSave.getNode() = sessionSave2.getNode()
or
exists(BoolToGorillaSessionOptionsTrackingConfiguration boolCfg |
boolCfg.hasFlow(source.getNode(), sessionSave.getNode()) and
exists(BoolToGorillaSessionOptionsTrackingConfiguration boolCfg, DataFlow::PathNode sessionSave3 |
boolCfg.hasFlowPath(source, sessionSave3) and
source.getNode().getBoolValue() = false and
sink = sessionSave
sink = sessionSave3 and
sessionSave.getNode() = sessionSave3.getNode()
)
)
)