hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update formatting

Browse Source
This commit is contained in:
Joe Farebrother
2025-11-10 10:25:08 +00:00
parent a25861d8a3
commit 6282c34396
4 changed files with 20 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
go/ql/src/Security/CWE-1004/examples/CookieWithoutHttpOnly.go
View File

@@ -6,8 +6,8 @@ import (
func handlerBad(w http.ResponseWriter, r *http.Request) { func handlerBad(w http.ResponseWriter, r *http.Request) {
c := http.Cookie{ c := http.Cookie{
Name: "session", Name: "session",
Value: "secret", Value: "secret",
} }
http.SetCookie(w, &c) // BAD: The HttpOnly flag is set to false by default. http.SetCookie(w, &c) // BAD: The HttpOnly flag is set to false by default.
} }
@@ -19,4 +19,4 @@ func handlerGood(w http.ResponseWriter, r *http.Request) {
HttpOnly: true, HttpOnly: true,
} }
http.SetCookie(w, &c) // GOOD: The HttpOnly flag is set to true. http.SetCookie(w, &c) // GOOD: The HttpOnly flag is set to true.
} }

10
go/ql/src/Security/CWE-614/examples/CookieWithoutSecure.go
View File

@@ -6,17 +6,17 @@ import (
func handlerBad(w http.ResponseWriter, r *http.Request) { func handlerBad(w http.ResponseWriter, r *http.Request) {
c := http.Cookie{ c := http.Cookie{
Name: "session", Name: "session",
Value: "secret", Value: "secret",
} }
http.SetCookie(w, &c) // BAD: The Secure flag is set to false by default. http.SetCookie(w, &c) // BAD: The Secure flag is set to false by default.
} }
func handlerGood(w http.ResponseWriter, r *http.Request) { func handlerGood(w http.ResponseWriter, r *http.Request) {
c := http.Cookie{ c := http.Cookie{
Name: "session", Name: "session",
Value: "secret", Value: "secret",
Secure: true, Secure: true,
} }
http.SetCookie(w, &c) // GOOD: The Secure flag is set to true. http.SetCookie(w, &c) // GOOD: The Secure flag is set to true.
} }

6
go/ql/test/query-tests/Security/CWE-1004/CookieWithoutHttpOnly.go
View File

@@ -25,7 +25,7 @@ func handler2(w http.ResponseWriter, r *http.Request) {
func handler3(w http.ResponseWriter, r *http.Request) { func handler3(w http.ResponseWriter, r *http.Request) {
c := http.Cookie{ c := http.Cookie{
Name: "session", Name: "session",
Value: "secret", Value: "secret",
HttpOnly: true, HttpOnly: true,
} }
@@ -63,7 +63,7 @@ func handler6(w http.ResponseWriter, r *http.Request) {
func handler7(w http.ResponseWriter, r *http.Request) { func handler7(w http.ResponseWriter, r *http.Request) {
val := true val := true
c := http.Cookie{ c := http.Cookie{
Name: "session", Name: "session",
Value: "secret", Value: "secret",
HttpOnly: val, HttpOnly: val,
} }
@@ -125,7 +125,7 @@ func main() {
router.GET("/cookie", func(c *gin.Context) { router.GET("/cookie", func(c *gin.Context) {
_, err := c.Cookie("session") _, err := c.Cookie("session")
if err != nil { if err != nil {
c.SetCookie("session", "test", 3600, "/", "localhost", false, false) // $ Alert // BAD: httpOnly set to false c.SetCookie("session", "test", 3600, "/", "localhost", false, false) // $ Alert // BAD: httpOnly set to false

18
go/ql/test/query-tests/Security/CWE-614/CookieWithoutSecure.go
View File

@@ -16,8 +16,8 @@ func handler1(w http.ResponseWriter, r *http.Request) {
func handler2(w http.ResponseWriter, r *http.Request) { func handler2(w http.ResponseWriter, r *http.Request) {
c := http.Cookie{ c := http.Cookie{
Name: "session", // $ Source Name: "session", // $ Source
Value: "secret", Value: "secret",
Secure: false, Secure: false,
} }
http.SetCookie(w, &c) // $ Alert // BAD: Secure explicitly set to false http.SetCookie(w, &c) // $ Alert // BAD: Secure explicitly set to false
@@ -25,8 +25,8 @@ func handler2(w http.ResponseWriter, r *http.Request) {
func handler3(w http.ResponseWriter, r *http.Request) { func handler3(w http.ResponseWriter, r *http.Request) {
c := http.Cookie{ c := http.Cookie{
Name: "session", Name: "session",
Value: "secret", Value: "secret",
Secure: true, Secure: true,
} }
http.SetCookie(w, &c) // GOOD: Secure explicitly set to true http.SetCookie(w, &c) // GOOD: Secure explicitly set to true
@@ -53,8 +53,8 @@ func handler5(w http.ResponseWriter, r *http.Request) {
func handler6(w http.ResponseWriter, r *http.Request) { func handler6(w http.ResponseWriter, r *http.Request) {
val := false val := false
c := http.Cookie{ c := http.Cookie{
Name: "session", // $ Source Name: "session", // $ Source
Value: "secret", Value: "secret",
Secure: val, Secure: val,
} }
http.SetCookie(w, &c) // $ Alert // BAD: Secure explicitly set to false http.SetCookie(w, &c) // $ Alert // BAD: Secure explicitly set to false
@@ -63,8 +63,8 @@ func handler6(w http.ResponseWriter, r *http.Request) {
func handler7(w http.ResponseWriter, r *http.Request) { func handler7(w http.ResponseWriter, r *http.Request) {
val := true val := true
c := http.Cookie{ c := http.Cookie{
Name: "session", Name: "session",
Value: "secret", Value: "secret",
Secure: val, Secure: val,
} }
http.SetCookie(w, &c) // GOOD: Secure explicitly set to true http.SetCookie(w, &c) // GOOD: Secure explicitly set to true
@@ -96,7 +96,7 @@ func main() {
router.GET("/cookie", func(c *gin.Context) { router.GET("/cookie", func(c *gin.Context) {
_, err := c.Cookie("session") _, err := c.Cookie("session")
if err != nil { if err != nil {
c.SetCookie("session", "test", 3600, "/", "localhost", false, false) // $ Alert // BAD: Secure set to false c.SetCookie("session", "test", 3600, "/", "localhost", false, false) // $ Alert // BAD: Secure set to false