hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rust: It turns out Poem defaults 'secure' to true.

Browse Source
This commit is contained in:
Geoffrey White
2025-11-04 18:33:13 +00:00
parent 7383e4ff23
commit 5fed5a278e
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
rust/ql/test/query-tests/security/CWE-614/main.rs
View File

@@ -233,9 +233,9 @@ fn test_poem() {
cookie2.set_secure(true); // good
jar.add(cookie2.clone());
// secure left as default
let cookie3 = PoemCookie::new_with_str("name", "value"); // $ MISSING: Source
jar.add(cookie3.clone()); // $ MISSING: Alert[rust/insecure-cookie]
// secure left as default (which is `true` for Poem)
let cookie3 = PoemCookie::new_with_str("name", "value");
jar.add(cookie3.clone()); // good
// set secure via CookieConfig
let cookie_config_bad = poem::session::CookieConfig::new().secure(false);
@@ -248,7 +248,7 @@ fn test_poem() {
_ = poem::session::ServerSession::new(cookie_config_good, ()); // good
let cookie_config_default = poem::session::CookieConfig::new();
_ = poem::session::ServerSession::new(cookie_config_default, ()); // $ MISSING: Alert[rust/insecure-cookie]
_ = poem::session::ServerSession::new(cookie_config_default, ()); // good
}
fn test_http_types() {