Update and fix tests

python/ql/src/Security/CWE-1004/NonHttpOnlyCookie.ql

@@ -15,5 +15,7 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.Concepts
 
 from Http::Server::CookieWrite cookie
-where cookie.hasHttpOnlyFlag(false)
+where
+  cookie.hasHttpOnlyFlag(false) and
+  cookie.isSensitive()
 select cookie, "Cookie is added without the HttpOnly attribute properly set."

python/ql/src/Security/CWE-1275/SameSiteNoneCookie.ql

@@ -3,7 +3,7 @@
  * @description Cookies with `SameSite` set to `None` can allow for Cross-Site Request Forgery (CSRF) attacks.
  * @kind problem
  * @problem.severity warning
- * @security-severity 3.5
+ * @security-severity 4.0
  * @precision high
  * @id py/samesite-none-cookie
  * @tags security
@@ -15,5 +15,7 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.Concepts
 
 from Http::Server::CookieWrite cookie
-where cookie.hasSameSiteAttribute(any(Http::Server::CookieWrite::SameSiteNone v))
+where
+  cookie.hasSameSiteAttribute(any(Http::Server::CookieWrite::SameSiteNone v)) and
+  cookie.isSensitive()
 select cookie, "Cookie is added with the SameSite attribute set to None."

python/ql/src/Security/CWE-614/InsecureCookie.ql

@@ -16,6 +16,7 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.Concepts
 
 from Http::Server::CookieWrite cookie
-where cookie.hasSecureFlag(false) //and
-//cookie.isSensitive()
+where
+  cookie.hasSecureFlag(false) and
+  cookie.isSensitive()
 select cookie, "Cookie is added without the Secure attribute properly set."