delete the experimental query library for cookie queries

2026-05-02 12:15:17 +02:00 · 2021-10-06 09:39:14 +02:00
parent 6858acc6a9
commit 9193984f1b
3 changed files with 3 additions and 56 deletions
--- a/javascript/ql/src/Security/CWE-1004/CookieWithoutHttpOnly.ql
+++ b/javascript/ql/src/Security/CWE-1004/CookieWithoutHttpOnly.ql
@@ -13,16 +13,11 @@
 */

 import javascript
-import experimental.semmle.javascript.security.InsecureCookie::Cookie as ExperimentalCookie // TODO: Remove.

 from DataFlow::Node node
 where
-// TODO: Only for sensitive cookies? (e.g. auth cookies)
-// TODO: Give all descriptions, qlhelp, qldocs, an overhaul. Consider precisions, severity, cwes. 
-  exists(ExperimentalCookie::CookieWrite cookie | cookie = node |
-    cookie.isSensitive() and not cookie.isHttpOnly()
-  )
-  or
+  // TODO: Only for sensitive cookies? (e.g. auth cookies)
+  // TODO: Give all descriptions, qlhelp, qldocs, an overhaul. Consider precisions, severity, cwes.
  exists(CookieWrites::CookieWrite cookie | cookie = node |
    cookie.isSensitive() and not cookie.isHttpOnly()
  )
--- a/javascript/ql/src/Security/CWE-614/InsecureCookie.ql
+++ b/javascript/ql/src/Security/CWE-614/InsecureCookie.ql
@@ -11,11 +11,7 @@
 */

 import javascript
-import experimental.semmle.javascript.security.InsecureCookie::Cookie as ExperimentalCookie // TODO: Remove

 from DataFlow::Node node
-where
-  exists(ExperimentalCookie::CookieWrite cookie | cookie = node | not cookie.isSecure())
-  or
-  exists(CookieWrites::CookieWrite cookie | cookie = node | not cookie.isSecure())
+where exists(CookieWrites::CookieWrite cookie | cookie = node | not cookie.isSecure())
 select node, "Cookie is added to response without the 'secure' flag being set to true"
--- a/javascript/ql/src/experimental/semmle/javascript/security/InsecureCookie.qll
+++ b/javascript/ql/src/experimental/semmle/javascript/security/InsecureCookie.qll
@@ -1,44 +0,0 @@
-/**
- * Provides classes for reasoning about cookies added to response without the 'secure' or 'httponly' flag being set.
- * - A cookie without the 'secure' flag being set can be intercepted and read by a malicious user.
- * - A cookie without the 'httponly' flag being set can be read by maliciously injected JavaScript.
- */
-
-import javascript
-private import semmle.javascript.security.SensitiveActions
-
-// TODO: Move this entire file into stdlib.
-// TODO: make "session", "auth", a sensitive name.
-// TODO: Have helper predicate that selects the relevant Sensitive Classifications.
-// TODO: Look for more cookie libraries.
-module Cookie {
-  /**
-   * `secure` property of the cookie options.
-   */
-  string secureFlag() { result = "secure" }
-
-  /**
-   * `httpOnly` property of the cookie options.
-   */
-  string httpOnlyFlag() { result = "httpOnly" }
-
-  /**
-   * A write to a cookie.
-   */
-  abstract class CookieWrite extends DataFlow::Node {
-    /**
-     * Holds if this cookie is secure, i.e. only transmitted over SSL.
-     */
-    abstract predicate isSecure();
-
-    /**
-     * Holds if this cookie is HttpOnly, i.e. not accessible by JavaScript.
-     */
-    abstract predicate isHttpOnly();
-
-    /**
-     * Holds if the cookie is likely an authentication cookie or otherwise sensitive.
-     */
-    abstract predicate isSensitive();
-  }
-}