hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 20:58:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

add test for the cookie npm package

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2021-10-11 13:36:08 +02:00
parent 92d59aa11c
commit 311df4d2b7
2 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
javascript/ql/test/query-tests/Security/CWE-614/ClearTextCookie.expected
View File

@@ -13,3 +13,4 @@
| tst-cleartextCookie.js:177:5:177:19 | document.cookie | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:181:5:181:41 | cookies ... hkey()) | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:186:5:186:46 | cookie. ... hkey()) | Sensitive cookie sent without enforcing SSL encryption |
| tst-cleartextCookie.js:195:33:195:74 | cookie. ... hkey()) | Sensitive cookie sent without enforcing SSL encryption |

12
javascript/ql/test/query-tests/Security/CWE-614/tst-cleartextCookie.js
View File

@@ -185,4 +185,14 @@ function clientCookies() {
cookie.serialize('authKey', makeAuthkey()); // NOT OK
cookie.serialize('authKey', makeAuthkey(), { secure: true, expires: 7 }); // OK
}
}
const cookie = require('cookie');
http.createServer((req, res) => {
res.setHeader('Content-Type', 'text/html');
res.setHeader("Set-Cookie", cookie.serialize("authKey", makeAuthkey(), {secure: true,httpOnly: true})); // OK
res.setHeader("Set-Cookie", cookie.serialize("authKey", makeAuthkey())); // NOT OK
res.writeHead(200, { 'Content-Type': 'text/plain' });
res.end('ok');
});