Remove examples

2025-12-20 10:46:30 +01:00 · 2020-08-16 14:58:37 +02:00
parent 2a322976c6
commit 3e9142bf71
14 changed files with 0 additions and 129 deletions
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/cookie-session_bad.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/cookie-session_bad.js
@@ -1,17 +0,0 @@
 const session = require('cookie-session')
 const express = require('express')
 const app = express()
 const expiryDate = new Date(Date.now() + 60 * 60 * 1000)
 app.use(session({
    name: 'session',
    keys: ['key1', 'key2'],
    cookie: {
        secure: false, // BAD
        httpOnly: true,
        domain: 'example.com',
        path: 'foo/bar',
        expires: expiryDate
    }
 }))
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/cookie-session_good.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/cookie-session_good.js
@@ -1,17 +0,0 @@
 const session = require('cookie-session')
 const express = require('express')
 const app = express()
 const expiryDate = new Date(Date.now() + 60 * 60 * 1000)
 app.use(session({
    name: 'session',
    keys: ['key1', 'key2'],
    cookie: {
        secure: true, // GOOD: false by default for HTTP, true by default for HTTPS
        httpOnly: true,
        domain: 'example.com',
        path: 'foo/bar',
        expires: expiryDate
    }
 }))
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/express-session_bad1_false.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/express-session_bad1_false.js
@@ -1,7 +0,0 @@
 const app = express()
 const session = require('express-session')
 app.use(session({
    secret: 'secret',
    cookie: { secure: false } // BAD
 }))
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/express-session_bad2_notSet.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/express-session_bad2_notSet.js
@@ -1,7 +0,0 @@
 const app = express()
 const session = require('express-session')
 app.use(session({
    secret: 'secret'
    // BAD: in this case the default value of `secure` flag is `false`
 }))
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/express-session_bad3_setEmpty.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/express-session_bad3_setEmpty.js
@@ -1,7 +0,0 @@
 const app = express()
 const session = require('express-session')
 app.use(session({
    secret: 'secret',
    cookie: {} // BAD: in this case the default value of `secure` flag is `false`
 }))
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/express-session_bad4.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/express-session_bad4.js
@@ -1,9 +0,0 @@
 const app = express()
 const session = require('express-session')
 const sess = {
    secret: 'secret',
    cookie: { secure: false } // BAD
 }
 app.use(session(sess))
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/express-session_good.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/express-session_good.js
@@ -1,9 +0,0 @@
 const app = express()
 const session = require('express-session')
 app.set('trust proxy', 1)
 app.use(session({
    secret: 'secret',
    cookie: { secure: true } // GOOD
 }))
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/express_response-cookie_bad1.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/express_response-cookie_bad1.js
@@ -1,12 +0,0 @@
 const express = require('express')
 const app = express()
 app.get('/', function (req, res, next) {
    res.cookie('name', 'value',
        {
            maxAge: 9000000000,
            httpOnly: true,
            secure: false // BAD
        });
    res.end('ok')
 })
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/express_response-cookie_bad2.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/express_response-cookie_bad2.js
@@ -1,12 +0,0 @@
 const express = require('express')
 const app = express()
 app.get('/', function (req, res, next) {
    let options = {
        maxAge: 9000000000,
        httpOnly: true,
        secure: false // BAD
    }
    res.cookie('name', 'value', options);
    res.end('ok')
 })
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/express_response-cookie_good1.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/express_response-cookie_good1.js
@@ -1,12 +0,0 @@
 const express = require('express')
 const app = express()
 app.get('/', function (req, res, next) {
    res.cookie('name', 'value',
        {
            maxAge: 9000000000,
            httpOnly: true,
            secure: true // GOOD
        });
    res.end('ok')
 })
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/httpserver_bad.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/httpserver_bad.js
@@ -1,8 +0,0 @@
 const http = require('http');
 const server = http.createServer((req, res) => {
    res.setHeader('Content-Type', 'text/html');
    // BAD
    res.setHeader("Set-Cookie", ["type=ninja", "language=javascript"]);
    res.writeHead(200, { 'Content-Type': 'text/plain' });
    res.end('ok');
 });
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/httpserver_good.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/httpserver_good.js
@@ -1,8 +0,0 @@
 const http = require('http');
 const server = http.createServer((req, res) => {
    res.setHeader('Content-Type', 'text/html');
    // GOOD
    res.setHeader("Set-Cookie", ["type=ninja; Secure", "language=javascript; secure"]);
    res.writeHead(200, { 'Content-Type': 'text/plain' });
    res.end('ok');
 });
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/jsCookie_bad.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/jsCookie_bad.js
@@ -1,2 +0,0 @@
 const js_cookie = require('js-cookie')
 js_cookie.set('key', 'value', { secure: false }); // BAD
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/jsCookie_good.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/jsCookie_good.js
@@ -1,2 +0,0 @@
 const js_cookie = require('js-cookie')
 js_cookie.set('key', 'value', { secure: true });
		`@@ -1,2 +0,0 @@`
			`const js_cookie = require('js-cookie')`
			`js_cookie.set('key', 'value', { secure: false }); // BAD`