prepare move to non-experimental

javascript/ql/src/experimental/Security/CWE-1004/CookieWithoutHttpOnly.ql

@@ -13,8 +13,15 @@
  */
 
 import javascript
-import experimental.semmle.javascript.security.InsecureCookie::Cookie
+import experimental.semmle.javascript.security.InsecureCookie::Cookie as ExperimentalCookie
 
-from CookieWrite cookie
-where cookie.isSensitive() and not cookie.isHttpOnly()
-select cookie, "Cookie attribute 'HttpOnly' is not set to true for this sensitive cookie."
+from DataFlow::Node node
+where
+  exists(ExperimentalCookie::CookieWrite cookie | cookie = node |
+    cookie.isSensitive() and not cookie.isHttpOnly()
+  )
+  or
+  exists(CookieWrites::CookieWrite cookie | cookie = node |
+    cookie.isSensitive() and not cookie.isHttpOnly()
+  )
+select node, "Cookie attribute 'HttpOnly' is not set to true for this sensitive cookie."

javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.ql

@@ -11,8 +11,11 @@
  */
 
 import javascript
-import experimental.semmle.javascript.security.InsecureCookie::Cookie
+import experimental.semmle.javascript.security.InsecureCookie::Cookie as ExperimentalCookie
 
-from CookieWrite cookie
-where not cookie.isSecure()
-select cookie, "Cookie is added to response without the 'secure' flag being set to true"
+from DataFlow::Node node
+where
+  exists(ExperimentalCookie::CookieWrite cookie | cookie = node | not cookie.isSecure())
+  or
+  exists(CookieWrites::CookieWrite cookie | cookie = node | not cookie.isSecure())
+select node, "Cookie is added to response without the 'secure' flag being set to true"