hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactor CWE-614/InsecureCookie

Browse Source
This commit is contained in:
Ed Minnix
2023-03-15 16:47:51 -04:00
parent de6959c688
commit 8856730843
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql
View File

@@ -26,10 +26,8 @@ predicate isSafeSecureCookieSetting(Expr e) {
)
}
class SecureCookieConfiguration extends DataFlow::Configuration {
SecureCookieConfiguration() { this = "SecureCookieConfiguration" }
override predicate isSource(DataFlow::Node source) {
private module SecureCookieConfiguration implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
exists(MethodAccess ma, Method m | ma.getMethod() = m |
m.getDeclaringType() instanceof TypeCookie and
m.getName() = "setSecure" and
@@ -43,14 +41,16 @@ class SecureCookieConfiguration extends DataFlow::Configuration {
)
}
override predicate isSink(DataFlow::Node sink) {
predicate isSink(DataFlow::Node sink) {
sink.asExpr() =
any(MethodAccess add | add.getMethod() instanceof ResponseAddCookieMethod).getArgument(0)
}
}
module SecureCookieFlow = DataFlow::Make<SecureCookieConfiguration>;
from MethodAccess add
where
add.getMethod() instanceof ResponseAddCookieMethod and
not any(SecureCookieConfiguration df).hasFlowToExpr(add.getArgument(0))
not SecureCookieFlow::hasFlowToExpr(add.getArgument(0))
select add, "Cookie is added to response without the 'secure' flag being set."