hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 21:25:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Split test cases for insecure cookie queries

Browse Source
This commit is contained in:
Joe Farebrother
2025-09-19 14:41:02 +01:00
parent 04316d306f
commit 2e95c2b3c2
10 changed files with 68 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
python/ql/test/query-tests/Security/CWE-1004-NonHttpOnlyCookie/test.py Normal file
View File

@@ -0,0 +1,18 @@
from flask import Flask, request, make_response
app = Flask(__name__)
@app.route("/test")
def test():
resp = make_response()
resp.set_cookie("key1", "value1") # $Alert[py/client-exposed-cookie]
resp.set_cookie("key2", "value2", secure=True) # $Alert[py/client-exposed-cookie]
resp.set_cookie("key2", "value2", httponly=True)
resp.set_cookie("key2", "value2", samesite="Strict") # $Alert[py/client-exposed-cookie]
resp.set_cookie("key2", "value2", samesite="Lax") # $Alert[py/client-exposed-cookie]
resp.set_cookie("key2", "value2", samesite="None") # $Alert[py/client-exposed-cookie]
resp.set_cookie("key2", "value2", secure=True, samesite="Strict") # $Alert[py/client-exposed-cookie]
resp.set_cookie("key2", "value2", httponly=True, samesite="Strict")
resp.set_cookie("key2", "value2", secure=True, samesite="None") # $Alert[py/client-exposed-cookie]
resp.set_cookie("key2", "value2", httponly=True, samesite="None")
resp.set_cookie("key2", "value2", secure=True, httponly=True, samesite="Strict")