From 253abc55d94fd2e087af4acc0cc855c44baa08c7 Mon Sep 17 00:00:00 2001
From: edvraa <80588099+edvraa@users.noreply.github.com>
Date: Thu, 29 Apr 2021 15:01:06 +0300
Subject: [PATCH] get rid of AuthCookieNameConfiguration

---
 ql/src/experimental/CWE-1004/AuthCookie.qll   | 24 ++++---------------
 .../CWE-1004/CookieWithoutHttpOnly.ql         |  4 +---
 2 files changed, 5 insertions(+), 23 deletions(-)

diff --git a/ql/src/experimental/CWE-1004/AuthCookie.qll b/ql/src/experimental/CWE-1004/AuthCookie.qll
index 331de790927..8169fa6c831 100644
--- a/ql/src/experimental/CWE-1004/AuthCookie.qll
+++ b/ql/src/experimental/CWE-1004/AuthCookie.qll
@@ -38,6 +38,10 @@ class HttpOnlyCookieTrackingConfiguration extends TaintTracking::Configuration {
         exists(DataFlow::Node rhs |
           rhs = getValueForFieldWrite(sl, "HttpOnly") and
           rhs.getAPredecessor*().asExpr().getBoolValue() = false
+        ) and
+        exists(DataFlow::Node rhs |
+          rhs = getValueForFieldWrite(sl, "Name") and
+          isAuthVariable(rhs.getAPredecessor*().asExpr())
         )
       )
     )
@@ -72,26 +76,6 @@ predicate isAuthVariable(Expr expr) {
   )
 }
 
-/**
- * Tracks if a variable with a sensitive name is used as a cookie name.
- */
-class AuthCookieNameConfiguration extends TaintTracking::Configuration {
-  AuthCookieNameConfiguration() { this = "AuthCookieNameConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) {
-    exists(StructLit sl |
-      source.asExpr() = sl and
-      sl.getType().hasQualifiedName("net/http", "Cookie") and
-      exists(DataFlow::Node rhs |
-        rhs = getValueForFieldWrite(sl, "Name") and
-        isAuthVariable(rhs.getAPredecessor*().asExpr())
-      )
-    )
-  }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof SetCookieSink }
-}
-
 /**
  * Tracks from gorilla cookie store creation to session save.
  */
diff --git a/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql b/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql
index 159cfcf8752..5b88e9ae83a 100644
--- a/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql
+++ b/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql
@@ -17,11 +17,9 @@ import AuthCookie
 
 predicate isNetHttpCookieFlow(Expr expr) {
   exists(
-    HttpOnlyCookieTrackingConfiguration httpOnlyCfg, AuthCookieNameConfiguration cookieNameCfg,
-    SetCookieSink sink, DataFlow::Node source
+    HttpOnlyCookieTrackingConfiguration httpOnlyCfg, DataFlow::Node source, SetCookieSink sink
   |
     httpOnlyCfg.hasFlow(source, sink) and
-    cookieNameCfg.hasFlow(source, sink) and
     sink.asExpr() = expr
   )
 }