hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update formatting

Browse Source
This commit is contained in:
Joe Farebrother
2025-11-10 10:25:08 +00:00
parent a25861d8a3
commit 6282c34396
4 changed files with 20 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
go/ql/src/Security/CWE-1004/examples/CookieWithoutHttpOnly.go
View File

@@ -6,8 +6,8 @@ import (
func handlerBad(w http.ResponseWriter, r *http.Request) {
c := http.Cookie{
Name: "session",
Value: "secret",
Name: "session",
Value: "secret",
}
http.SetCookie(w, &c) // BAD: The HttpOnly flag is set to false by default.
}
@@ -19,4 +19,4 @@ func handlerGood(w http.ResponseWriter, r *http.Request) {
HttpOnly: true,
}
http.SetCookie(w, &c) // GOOD: The HttpOnly flag is set to true.
}
}

10
go/ql/src/Security/CWE-614/examples/CookieWithoutSecure.go
View File

@@ -6,17 +6,17 @@ import (
func handlerBad(w http.ResponseWriter, r *http.Request) {
c := http.Cookie{
Name: "session",
Value: "secret",
Name: "session",
Value: "secret",
}
http.SetCookie(w, &c) // BAD: The Secure flag is set to false by default.
}
func handlerGood(w http.ResponseWriter, r *http.Request) {
c := http.Cookie{
Name: "session",
Value: "secret",
Name: "session",
Value: "secret",
Secure: true,
}
http.SetCookie(w, &c) // GOOD: The Secure flag is set to true.
}
}

6
go/ql/test/query-tests/Security/CWE-1004/CookieWithoutHttpOnly.go
View File

@@ -25,7 +25,7 @@ func handler2(w http.ResponseWriter, r *http.Request) {
func handler3(w http.ResponseWriter, r *http.Request) {
c := http.Cookie{
Name: "session",
Name: "session",
Value: "secret",
HttpOnly: true,
}
@@ -63,7 +63,7 @@ func handler6(w http.ResponseWriter, r *http.Request) {
func handler7(w http.ResponseWriter, r *http.Request) {
val := true
c := http.Cookie{
Name: "session",
Name: "session",
Value: "secret",
HttpOnly: val,
}
@@ -125,7 +125,7 @@ func main() {
router.GET("/cookie", func(c *gin.Context) {
_, err := c.Cookie("session")
_, err := c.Cookie("session")
if err != nil {
c.SetCookie("session", "test", 3600, "/", "localhost", false, false) // $ Alert // BAD: httpOnly set to false

18
go/ql/test/query-tests/Security/CWE-614/CookieWithoutSecure.go
View File

@@ -16,8 +16,8 @@ func handler1(w http.ResponseWriter, r *http.Request) {
func handler2(w http.ResponseWriter, r *http.Request) {
c := http.Cookie{
Name: "session", // $ Source
Value: "secret",
Name: "session", // $ Source
Value: "secret",
Secure: false,
}
http.SetCookie(w, &c) // $ Alert // BAD: Secure explicitly set to false
@@ -25,8 +25,8 @@ func handler2(w http.ResponseWriter, r *http.Request) {
func handler3(w http.ResponseWriter, r *http.Request) {
c := http.Cookie{
Name: "session",
Value: "secret",
Name: "session",
Value: "secret",
Secure: true,
}
http.SetCookie(w, &c) // GOOD: Secure explicitly set to true
@@ -53,8 +53,8 @@ func handler5(w http.ResponseWriter, r *http.Request) {
func handler6(w http.ResponseWriter, r *http.Request) {
val := false
c := http.Cookie{
Name: "session", // $ Source
Value: "secret",
Name: "session", // $ Source
Value: "secret",
Secure: val,
}
http.SetCookie(w, &c) // $ Alert // BAD: Secure explicitly set to false
@@ -63,8 +63,8 @@ func handler6(w http.ResponseWriter, r *http.Request) {
func handler7(w http.ResponseWriter, r *http.Request) {
val := true
c := http.Cookie{
Name: "session",
Value: "secret",
Name: "session",
Value: "secret",
Secure: val,
}
http.SetCookie(w, &c) // GOOD: Secure explicitly set to true
@@ -96,7 +96,7 @@ func main() {
router.GET("/cookie", func(c *gin.Context) {
_, err := c.Cookie("session")
_, err := c.Cookie("session")
if err != nil {
c.SetCookie("session", "test", 3600, "/", "localhost", false, false) // $ Alert // BAD: Secure set to false