hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 04:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

update tests so it's clear which cookies are insecure

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2021-10-06 15:32:28 +02:00
parent 283b8231cb
commit 1e1e549847
2 changed files with 19 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
javascript/ql/test/query-tests/Security/CWE-614/ClearTextCookie.expected
View File

@@ -2,14 +2,14 @@
| tst-cleartextCookie.js:20:5:20:43 | res.coo ... ptions) | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:35:1:35:52 | js_cook ... alse }) | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:44:37:44:51 | "authKey=ninja" | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:64:38:64:52 | "authKey=ninja" | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:94:60:94:72 | "authKey=foo" | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:104:9:107:2 | session ... T OK\\n}) | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:109:9:112:2 | session ... T OK\\n}) | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:114:9:117:2 | session ... T OK\\n}) | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:124:9:124:21 | session(sess) | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:148:9:156:2 | session ... Date\\n}) | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:160:33:160:58 | `authKe ... key()}` | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:173:5:173:19 | document.cookie | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:177:5:177:41 | cookies ... hkey()) | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:182:5:182:46 | cookie. ... hkey()) | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:64:13:64:27 | "authKey=ninja" | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:97:13:97:25 | "authKey=foo" | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:108:9:111:2 | session ... T OK\\n}) | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:113:9:116:2 | session ... T OK\\n}) | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:118:9:121:2 | session ... T OK\\n}) | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:128:9:128:21 | session(sess) | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:152:9:160:2 | session ... Date\\n}) | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:164:33:164:58 | `authKe ... key()}` | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:177:5:177:19 | document.cookie | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:181:5:181:41 | cookies ... hkey()) | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:186:5:186:46 | cookie. ... hkey()) | Sensitive cookie sent without enforcing SSL encryption |

12
javascript/ql/test/query-tests/Security/CWE-614/tst-cleartextCookie.js
View File

@@ -60,8 +60,10 @@ function test2() {
function test3() {
const server = http.createServer((req, res) => {
res.setHeader('Content-Type', 'text/html');
// BAD (and good, TODO: Move to separate lines)
res.setHeader("Set-Cookie", ["authKey=ninja", "language=javascript"]);
res.setHeader("Set-Cookie", [
"authKey=ninja", // NOT OK
"language=javascript" // OK
]);
res.writeHead(200, { 'Content-Type': 'text/plain' });
res.end('ok');
});
@@ -90,8 +92,10 @@ function test5() {
function test6() {
const server = http.createServer((req, res) => {
res.setHeader('Content-Type', 'text/html');
// BAD (and good. TODO: Move to separate lines)
res.setHeader("Set-Cookie", ["type=ninja; secure", "authKey=foo"]);
res.setHeader("Set-Cookie", [
"type=ninja; secure", // OK
"authKey=foo" // NOT OK
]);
res.writeHead(200, { 'Content-Type': 'text/plain' });
res.end('ok');
});