hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update formatting

Browse Source
This commit is contained in:
Joe Farebrother
2025-11-10 10:25:08 +00:00
parent a25861d8a3
commit 6282c34396
4 changed files with 20 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
go/ql/src/Security/CWE-1004/examples/CookieWithoutHttpOnly.go
View File

@@ -6,8 +6,8 @@ import (
func handlerBad(w http.ResponseWriter, r *http.Request) { func handlerBad(w http.ResponseWriter, r *http.Request) {
c := http.Cookie{ c := http.Cookie{
Name: "session", Name: "session",
Value: "secret", Value: "secret",
} }
http.SetCookie(w, &c) // BAD: The HttpOnly flag is set to false by default. http.SetCookie(w, &c) // BAD: The HttpOnly flag is set to false by default.
} }

8
go/ql/src/Security/CWE-614/examples/CookieWithoutSecure.go
View File

@@ -6,16 +6,16 @@ import (
func handlerBad(w http.ResponseWriter, r *http.Request) { func handlerBad(w http.ResponseWriter, r *http.Request) {
c := http.Cookie{ c := http.Cookie{
Name: "session", Name: "session",
Value: "secret", Value: "secret",
} }
http.SetCookie(w, &c) // BAD: The Secure flag is set to false by default. http.SetCookie(w, &c) // BAD: The Secure flag is set to false by default.
} }
func handlerGood(w http.ResponseWriter, r *http.Request) { func handlerGood(w http.ResponseWriter, r *http.Request) {
c := http.Cookie{ c := http.Cookie{
Name: "session", Name: "session",
Value: "secret", Value: "secret",
Secure: true, Secure: true,
} }
http.SetCookie(w, &c) // GOOD: The Secure flag is set to true. http.SetCookie(w, &c) // GOOD: The Secure flag is set to true.

16
go/ql/test/query-tests/Security/CWE-614/CookieWithoutSecure.go
View File

@@ -16,8 +16,8 @@ func handler1(w http.ResponseWriter, r *http.Request) {
func handler2(w http.ResponseWriter, r *http.Request) { func handler2(w http.ResponseWriter, r *http.Request) {
c := http.Cookie{ c := http.Cookie{
Name: "session", // $ Source Name: "session", // $ Source
Value: "secret", Value: "secret",
Secure: false, Secure: false,
} }
http.SetCookie(w, &c) // $ Alert // BAD: Secure explicitly set to false http.SetCookie(w, &c) // $ Alert // BAD: Secure explicitly set to false
@@ -25,8 +25,8 @@ func handler2(w http.ResponseWriter, r *http.Request) {
func handler3(w http.ResponseWriter, r *http.Request) { func handler3(w http.ResponseWriter, r *http.Request) {
c := http.Cookie{ c := http.Cookie{
Name: "session", Name: "session",
Value: "secret", Value: "secret",
Secure: true, Secure: true,
} }
http.SetCookie(w, &c) // GOOD: Secure explicitly set to true http.SetCookie(w, &c) // GOOD: Secure explicitly set to true
@@ -53,8 +53,8 @@ func handler5(w http.ResponseWriter, r *http.Request) {
func handler6(w http.ResponseWriter, r *http.Request) { func handler6(w http.ResponseWriter, r *http.Request) {
val := false val := false
c := http.Cookie{ c := http.Cookie{
Name: "session", // $ Source Name: "session", // $ Source
Value: "secret", Value: "secret",
Secure: val, Secure: val,
} }
http.SetCookie(w, &c) // $ Alert // BAD: Secure explicitly set to false http.SetCookie(w, &c) // $ Alert // BAD: Secure explicitly set to false
@@ -63,8 +63,8 @@ func handler6(w http.ResponseWriter, r *http.Request) {
func handler7(w http.ResponseWriter, r *http.Request) { func handler7(w http.ResponseWriter, r *http.Request) {
val := true val := true
c := http.Cookie{ c := http.Cookie{
Name: "session", Name: "session",
Value: "secret", Value: "secret",
Secure: val, Secure: val,
} }
http.SetCookie(w, &c) // GOOD: Secure explicitly set to true http.SetCookie(w, &c) // GOOD: Secure explicitly set to true