hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add tests and .qlref

Browse Source
This commit is contained in:
jorgectf
2021-07-25 04:06:02 +02:00
parent 0aaa9c13bd
commit 8a3e4f14d1
5 changed files with 101 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
python/ql/test/experimental/query-tests/Security/CWE-614/InsecureCookie.qlref Normal file
View File

@@ -0,0 +1 @@
experimental/Security/CWE-614/InsecureCookie.ql

13
python/ql/test/experimental/query-tests/Security/CWE-614/django_bad.py Normal file
View File

@@ -0,0 +1,13 @@
import django.http
def django_response(request):
resp = django.http.HttpResponse()
resp.set_cookie("name", "value", secure=None)
return resp
def django_response(request):
resp = django.http.HttpResponse()
resp.set_cookie("name", "value")
return resp

19
python/ql/test/experimental/query-tests/Security/CWE-614/django_good.py Normal file
View File

@@ -0,0 +1,19 @@
import django.http
def django_response(request):
resp = django.http.HttpResponse()
resp['Set-Cookie'] = "name=value; Secure;"
return resp
def django_response(request):
resp = django.http.HttpResponse()
resp.set_cookie("name", "value", secure=True)
return resp
def indeterminate(secure):
resp = django.http.HttpResponse()
resp.set_cookie("name", "value", secure)
return resp

34
python/ql/test/experimental/query-tests/Security/CWE-614/flask_bad.py Normal file
View File

@@ -0,0 +1,34 @@
from flask import Flask, request, make_response, Response
app = Flask(__name__)
@app.route("/false")
def false():
resp = make_response()
resp.set_cookie("name", value="value", secure=False)
return resp
@app.route("/none")
def none():
resp = make_response()
resp.set_cookie("name", value="value", secure=None)
return resp
@app.route("/flask_Response")
def flask_Response():
resp = Response()
resp.headers['Set-Cookie'] = "name=value;"
return resp
@app.route("/flask_make_response")
def flask_make_response():
resp = make_response("hello")
resp.headers['Set-Cookie'] = "name=value;"
return resp
# if __name__ == "__main__":
# app.run(debug=True)

34
python/ql/test/experimental/query-tests/Security/CWE-614/flask_good.py Normal file
View File

@@ -0,0 +1,34 @@
from flask import Flask, request, make_response, Response
app = Flask(__name__)
@app.route("/true")
def true():
resp = make_response()
resp.set_cookie("name", value="value", secure=True)
return resp
@app.route("/flask_Response")
def flask_Response():
resp = Response()
resp.headers['Set-Cookie'] = "name=value; Secure;"
return resp
@app.route("/flask_make_response")
def flask_make_response():
resp = make_response("hello")
resp.headers['Set-Cookie'] = "name=value; Secure;"
return resp
def indeterminate(secure):
resp = make_response()
resp.set_cookie("name", value="value", secure=secure)
return resp
# if __name__ == "__main__":
# app.run(debug=True)