Code reveiw suggestions. correction in changenote + style in example

Co-authored-by: yoff <lerchedahl@gmail.com>
2026-04-27 01:35:13 +02:00 · 2024-07-24 21:37:12 +01:00
parent db27fd934a
commit 8f714c631f
2 changed files with 2 additions and 2 deletions
--- a/python/ql/src/Security/CWE-614/examples/InsecureCookie.py
+++ b/python/ql/src/Security/CWE-614/examples/InsecureCookie.py
@@ -16,5 +16,5 @@ def good2():

@app.route("/bad1")
    resp = make_response()
-    resp.set_cookie("name", value="value", samesite='None') # BAD: the SameSite attribute is set to 'None'; and the 'Secure' and 'HttpOnly' attributes are set to False by default.
+    resp.set_cookie("name", value="value", samesite='None') # BAD: the SameSite attribute is set to 'None' and the 'Secure' and 'HttpOnly' attributes are set to False by default.
    return resp
--- a/python/ql/src/change-notes/2024-07-23-insecure-cookie-promotion.md
+++ b/python/ql/src/change-notes/2024-07-23-insecure-cookie-promotion.md
@@ -1,4 +1,4 @@
 ---
 category: newQuery
 ---
-* The `py/cookie-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack. This query finds instances of securities being set without the `Secure`, `HttpOnly`, or `SameSite` attributes set to secure values.
+* The `py/cookie-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack. This query finds instances of cookies being set without the `Secure`, `HttpOnly`, or `SameSite` attributes set to secure values.