Merge pull request #16933 from joefarebrother/python-cookie-concept-promote

Python: Promote the insecure cookie query from experimental
2026-05-05 13:45:19 +02:00 · 2024-08-07 09:06:05 +01:00
parent e222b49258 24df54804a
commit 62c2fe6b17
39 changed files with 347 additions and 490 deletions
--- a/python/ql/test/experimental/meta/ConceptsTest.qll
+++ b/python/ql/test/experimental/meta/ConceptsTest.qll
@@ -405,7 +405,10 @@ module HttpServerHttpRedirectResponseTest implements TestSig {

 module HttpServerCookieWriteTest implements TestSig {
  string getARelevantTag() {
-    result in ["CookieWrite", "CookieRawHeader", "CookieName", "CookieValue"]
+    result in [
+        "CookieWrite", "CookieRawHeader", "CookieName", "CookieValue", "CookieSecure",
+        "CookieHttpOnly", "CookieSameSite"
+      ]
  }

  predicate hasActualResult(Location location, string element, string tag, string value) {
@@ -428,6 +431,20 @@ module HttpServerCookieWriteTest implements TestSig {
        element = cookieWrite.toString() and
        value = prettyNodeForInlineTest(cookieWrite.getValueArg()) and
        tag = "CookieValue"
+        or
+        element = cookieWrite.toString() and
+        value = any(boolean b | cookieWrite.hasSecureFlag(b)).toString() and
+        tag = "CookieSecure"
+        or
+        element = cookieWrite.toString() and
+        value = any(boolean b | cookieWrite.hasHttpOnlyFlag(b)).toString() and
+        tag = "CookieHttpOnly"
+        or
+        element = cookieWrite.toString() and
+        value =
+          any(Http::Server::CookieWrite::SameSiteValue v | cookieWrite.hasSameSiteAttribute(v))
+              .toString() and
+        tag = "CookieSameSite"
      )
    )
  }