hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggestions from code review

Browse Source 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
This commit is contained in:
Edwin
2021-05-03 16:41:09 +03:00
committed by GitHub
parent cef845ac47
commit 27c680e28b
4 changed files with 9 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/src/experimental/Security/CWE-1004/CookieWithoutHttpOnly.qhelp
View File

@@ -8,7 +8,7 @@ Cross-Site Scripting (XSS) vulnerability the cookie can be stolen by malicious s
</overview>
<recommendation>
<p>Protect sensitive cookies, such as related to authentication, by setting <code>HttpOnly</code> to <code>true</code> to make
<p>Protect sensitive cookies, such as those related to authentication, by setting <code>HttpOnly</code> to <code>true</code> to make
them not accessible to JavaScript.</p>
</recommendation>

10
javascript/ql/src/experimental/Security/CWE-1004/CookieWithoutHttpOnly.ql
View File

@@ -1,9 +1,9 @@
/**
* @name 'HttpOnly' attribute is not set to true
* @description Omitting the 'HttpOnly' attribute for security sensitive data allows
* malicious JavaScript to steal it in case of XSS vulnerability. Always set
* 'HttpOnly' to 'true' to authentication related cookie to make it
* not accessible by JavaScript.
* @description Omitting the 'HttpOnly' attribute for security sensitive cookie data allows
* malicious JavaScript to steal it in case of XSS vulnerabilities. Always set
* 'HttpOnly' to 'true' for authentication related cookies to make them
* inaccessible from JavaScript.
* @kind problem
* @problem.severity warning
* @precision high
@@ -17,4 +17,4 @@ import experimental.semmle.javascript.security.InsecureCookie::Cookie
from Cookie cookie
where cookie.isAuthNotHttpOnly()
select cookie, "Cookie attribute 'HttpOnly' is not set to true."
select cookie, "Cookie attribute 'HttpOnly' is not set to true for this sensitive cookie."

6
javascript/ql/src/experimental/semmle/javascript/security/InsecureCookie.qll
View File

@@ -1,7 +1,7 @@
/**
* Provides classes for reasoning about cookies added to response without the 'secure' or 'httponly' flag being set.
* A cookie without the 'secure' flag being set can be intercepted and read by a malicious user.
* A cookie without the 'httponly' flag being set can be read by an injected JavaScript
* - A cookie without the 'secure' flag being set can be intercepted and read by a malicious user.
* - A cookie without the 'httponly' flag being set can be read by maliciously injected JavaScript.
*/
import javascript
@@ -64,7 +64,7 @@ module Cookie {
}
/**
* Holds if the string contains sensitive auth keyword, but not antiforgery token.
* Holds if `val` looks related to authentication, without being an anti-forgery token.
*/
bindingset[val]
private predicate regexpMatchAuth(string val) {

3
javascript/ql/src/semmle/javascript/dataflow/Nodes.qll
View File

@@ -165,9 +165,6 @@ class InvokeNode extends DataFlow::SourceNode {
getOptionsArgument(i).hasPropertyWrite(name, result)
}
/**
* Holds if the `i`th argument of this invocation is an object literal set to `result`.
*/
pragma[noinline]
private ObjectLiteralNode getOptionsArgument(int i) { result.flowsTo(getArgument(i)) }