From 16d7dc0853fd75b13255285170472cb7b35fe312 Mon Sep 17 00:00:00 2001
From: Mauro Baluda <mbaluda@github.com>
Date: Mon, 5 Dec 2022 11:02:19 +0100
Subject: [PATCH] Restrict DF configuration

---
 java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql b/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql
index f0950e93779..c6aad828896 100644
--- a/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql
+++ b/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql
@@ -29,9 +29,18 @@ predicate isSafeSecureCookieSetting(Expr e) {
 class SecureCookieConfiguration extends DataFlow::Configuration {
   SecureCookieConfiguration() { this = "SecureCookieConfiguration" }
 
-  override predicate isSource(DataFlow::Node source) { any() }
+  override predicate isSource(DataFlow::Node source) {
+    exists(Variable cookie, MethodAccess m |
+      source.asExpr() = cookie.getAnAccess() and
+      cookie.getAnAccess() = m.getQualifier() and
+      m.getMethod().getName() = "setSecure"
+    )
+  }
 
-  override predicate isSink(DataFlow::Node sink) { any() }
+  override predicate isSink(DataFlow::Node sink) {
+    sink.asExpr() =
+      any(MethodAccess add | add.getMethod() instanceof ResponseAddCookieMethod).getArgument(0)
+  }
 }
 
 from MethodAccess add, SecureCookieConfiguration df