Remove experimental version

2026-04-25 16:55:19 +02:00 · 2024-07-16 16:48:58 +01:00
parent 8d93c3a852
commit 070d67816d
5 changed files with 0 additions and 123 deletions
--- a/python/ql/src/experimental/Security/CWE-614/CookieInjection.py
+++ b/python/ql/src/experimental/Security/CWE-614/CookieInjection.py
@@ -1,16 +0,0 @@
-from flask import request, make_response
-
-
-@app.route("/1")
-def true():
-    resp = make_response()
-    resp.set_cookie(request.args["name"],
-                    value=request.args["name"])
-    return resp
-
-
-@app.route("/2")
-def flask_make_response():
-    resp = make_response("hello")
-    resp.headers['Set-Cookie'] = f"{request.args['name']}={request.args['name']};"
-    return resp
--- a/python/ql/src/experimental/Security/CWE-614/CookieInjection.qhelp
+++ b/python/ql/src/experimental/Security/CWE-614/CookieInjection.qhelp
@@ -1,28 +0,0 @@
-<!DOCTYPE qhelp PUBLIC
-  "-//Semmle//qhelp//EN"
-  "qhelp.dtd">
-<qhelp>
-
-<overview>
-<p>Constructing cookies from user input may allow an attacker to perform a Cookie Poisoning attack. 
-It is possible, however, to perform other parameter-like attacks through cookie poisoning techniques, 
-such as SQL Injection, Directory Traversal, or Stealth Commanding, etc. Additionally, 
-cookie injection may relate to attempts to perform Access of Administrative Interface.
-</p>
-</overview>
-
-<recommendation>
-<p>Do not use raw user input to construct cookies.</p>
-</recommendation>
-
-<example>
-<p>This example shows two ways of adding a cookie to a Flask response. The first way uses <code>set_cookie</code>'s
-and the second sets a cookie's raw value through a header, both using user-supplied input.</p>
-<sample src="CookieInjection.py" />
-</example>
-
-<references>
-<li>Imperva: <a href="https://docs.imperva.com/bundle/on-premises-knowledgebase-reference-guide/page/cookie_injection.htm">Cookie injection</a>.</li>
-</references>
-
-</qhelp>
--- a/python/ql/src/experimental/Security/CWE-614/CookieInjection.ql
+++ b/python/ql/src/experimental/Security/CWE-614/CookieInjection.ql
@@ -1,27 +0,0 @@
-/**
- * @name Construction of a cookie using user-supplied input.
- * @description Constructing cookies from user input may allow an attacker to perform a Cookie Poisoning attack.
- * @kind path-problem
- * @problem.severity error
- * @id py/cookie-injection
- * @tags security
- *       experimental
- *       external/cwe/cwe-614
- */
-
-// determine precision above
-import python
-import semmle.python.dataflow.new.DataFlow
-import experimental.semmle.python.Concepts
-import experimental.semmle.python.CookieHeader
-import experimental.semmle.python.security.injection.CookieInjection
-import CookieInjectionFlow::PathGraph
-
-from CookieInjectionFlow::PathNode source, CookieInjectionFlow::PathNode sink, string insecure
-where
-  CookieInjectionFlow::flowPath(source, sink) and
-  if exists(sink.getNode().(CookieSink))
-  then insecure = ",and its " + sink.getNode().(CookieSink).getFlag() + " flag is not properly set."
-  else insecure = "."
-select sink.getNode(), source, sink, "Cookie is constructed from a $@" + insecure, source.getNode(),
-  "user-supplied input"