hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 13:23:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

[DIFF-INFORMED] Java: InsecureCookie

Browse Source 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql#L21
This commit is contained in:
Nora Dimitrijević
2025-07-16 15:30:16 +02:00
parent 19e5c3d805
commit 74b37e71a0
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/lib/semmle/code/java/security/InsecureCookieQuery.qll
View File

@@ -35,6 +35,10 @@ module SecureCookieConfig implements DataFlow::ConfigSig {
sink.asExpr() =
any(MethodCall add | add.getMethod() instanceof ResponseAddCookieMethod).getArgument(0)
}
predicate observeDiffInformedIncrementalMode() {
none() // only used negatively in InsecureCookie.ql
}
}
/** Data flow to reason about the failure to use secure cookies. */