Remove examples

2025-12-20 18:56:32 +01:00 · 2020-08-16 14:58:37 +02:00
parent 2a322976c6
commit 3e9142bf71
14 changed files with 0 additions and 129 deletions
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/cookie-session_bad.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/cookie-session_bad.js
@@ -1,17 +0,0 @@
-const session = require('cookie-session')
-const express = require('express')
-const app = express()
-
-const expiryDate = new Date(Date.now() + 60 * 60 * 1000)
-
-app.use(session({
-    name: 'session',
-    keys: ['key1', 'key2'],
-    cookie: {
-        secure: false, // BAD
-        httpOnly: true,
-        domain: 'example.com',
-        path: 'foo/bar',
-        expires: expiryDate
-    }
-}))
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/cookie-session_good.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/cookie-session_good.js
@@ -1,17 +0,0 @@
-const session = require('cookie-session')
-const express = require('express')
-const app = express()
-
-const expiryDate = new Date(Date.now() + 60 * 60 * 1000)
-
-app.use(session({
-    name: 'session',
-    keys: ['key1', 'key2'],
-    cookie: {
-        secure: true, // GOOD: false by default for HTTP, true by default for HTTPS
-        httpOnly: true,
-        domain: 'example.com',
-        path: 'foo/bar',
-        expires: expiryDate
-    }
-}))
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/express-session_bad1_false.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/express-session_bad1_false.js
@@ -1,7 +0,0 @@
-const app = express()
-const session = require('express-session')
-
-app.use(session({
-    secret: 'secret',
-    cookie: { secure: false } // BAD
-}))
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/express-session_bad2_notSet.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/express-session_bad2_notSet.js
@@ -1,7 +0,0 @@
-const app = express()
-const session = require('express-session')
-
-app.use(session({
-    secret: 'secret'
-    // BAD: in this case the default value of `secure` flag is `false`
-}))
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/express-session_bad3_setEmpty.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/express-session_bad3_setEmpty.js
@@ -1,7 +0,0 @@
-const app = express()
-const session = require('express-session')
-
-app.use(session({
-    secret: 'secret',
-    cookie: {} // BAD: in this case the default value of `secure` flag is `false`
-}))
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/express-session_bad4.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/express-session_bad4.js
@@ -1,9 +0,0 @@
-const app = express()
-const session = require('express-session')
-
-const sess = {
-    secret: 'secret',
-    cookie: { secure: false } // BAD
-}
-
-app.use(session(sess))
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/express-session_good.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/express-session_good.js
@@ -1,9 +0,0 @@
-const app = express()
-const session = require('express-session')
-
-app.set('trust proxy', 1)
-
-app.use(session({
-    secret: 'secret',
-    cookie: { secure: true } // GOOD
-}))
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/express_response-cookie_bad1.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/express_response-cookie_bad1.js
@@ -1,12 +0,0 @@
-const express = require('express')
-const app = express()
-
-app.get('/', function (req, res, next) {
-    res.cookie('name', 'value',
-        {
-            maxAge: 9000000000,
-            httpOnly: true,
-            secure: false // BAD
-        });
-    res.end('ok')
-})
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/express_response-cookie_bad2.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/express_response-cookie_bad2.js
@@ -1,12 +0,0 @@
-const express = require('express')
-const app = express()
-
-app.get('/', function (req, res, next) {
-    let options = {
-        maxAge: 9000000000,
-        httpOnly: true,
-        secure: false // BAD
-    }
-    res.cookie('name', 'value', options);
-    res.end('ok')
-})
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/express_response-cookie_good1.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/express_response-cookie_good1.js
@@ -1,12 +0,0 @@
-const express = require('express')
-const app = express()
-
-app.get('/', function (req, res, next) {
-    res.cookie('name', 'value',
-        {
-            maxAge: 9000000000,
-            httpOnly: true,
-            secure: true // GOOD
-        });
-    res.end('ok')
-})
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/httpserver_bad.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/httpserver_bad.js
@@ -1,8 +0,0 @@
-const http = require('http');
-const server = http.createServer((req, res) => {
-    res.setHeader('Content-Type', 'text/html');
-    // BAD
-    res.setHeader("Set-Cookie", ["type=ninja", "language=javascript"]);
-    res.writeHead(200, { 'Content-Type': 'text/plain' });
-    res.end('ok');
-});
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/httpserver_good.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/httpserver_good.js
@@ -1,8 +0,0 @@
-const http = require('http');
-const server = http.createServer((req, res) => {
-    res.setHeader('Content-Type', 'text/html');
-    // GOOD
-    res.setHeader("Set-Cookie", ["type=ninja; Secure", "language=javascript; secure"]);
-    res.writeHead(200, { 'Content-Type': 'text/plain' });
-    res.end('ok');
-});
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/jsCookie_bad.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/jsCookie_bad.js
@@ -1,2 +0,0 @@
-const js_cookie = require('js-cookie')
-js_cookie.set('key', 'value', { secure: false }); // BAD
--- a/javascript/ql/src/experimental/Security/CWE-614/examples/jsCookie_good.js
+++ b/javascript/ql/src/experimental/Security/CWE-614/examples/jsCookie_good.js
@@ -1,2 +0,0 @@
-const js_cookie = require('js-cookie')
-js_cookie.set('key', 'value', { secure: true });