JS: Accept some suboptimal alert locations

Not perfect alert locations, but not important enough to fix right now
2026-04-26 09:15:12 +02:00 · 2025-02-25 15:20:52 +01:00
parent dbc079c880
commit 360c76514c
1 changed files with 12 additions and 12 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-614/tst-cleartextCookie.js
+++ b/javascript/ql/test/query-tests/Security/CWE-614/tst-cleartextCookie.js
@@ -6,8 +6,8 @@ app.get('/a', function (req, res, next) {
        {
            maxAge: 9000000000,
            httpOnly: true,
-            secure: false // $ Alert
-        });
+            secure: false
+        }); // $ Alert
    res.end('ok')
 })

@@ -15,9 +15,9 @@ app.get('/b', function (req, res, next) {
    let options = {
        maxAge: 9000000000,
        httpOnly: true,
-        secure: false // $ Alert
+        secure: false
    }
-    res.cookie('authKey', 'value', options);
+    res.cookie('authKey', 'value', options); // $ Alert
    res.end('ok')
 })

@@ -106,8 +106,8 @@ const session = require('express-session')

 app.use(session({
    secret: 'secret',
-    cookie: { secure: false } // $ Alert
-}))
+    cookie: { secure: false }
+})) // $ Alert

 app.use(session({
    secret: 'secret'
@@ -115,15 +115,15 @@ app.use(session({

 app.use(session({
    secret: 'secret',
-    cookie: {} // $ Alert
-}))
+    cookie: {}
+})) // $ Alert

 const sess = {
    secret: 'secret',
-    cookie: { secure: false } // $ Alert
+    cookie: { secure: false }
 }

-app.use(session(sess))
+app.use(session(sess)) // $ Alert


 app.set('trust proxy', 1)
@@ -150,12 +150,12 @@ app.use(session({
 app.use(session({
    name: 'session',
    keys: ['key1', 'key2'],
-    secure: false, // $ Alert
+    secure: false,
    httpOnly: true,
    domain: 'example.com',
    path: 'foo/bar',
    expires: expiryDate
-}))
+})) // $ Alert

 http.createServer((req, res) => {
    res.setHeader('Content-Type', 'text/html');