hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

inline isGinContextCookieFlow

Browse Source
This commit is contained in:
edvraa
2021-05-12 23:24:50 +03:00
committed by Owen Mansel-Chan
parent 4d397d9974
commit 9224a315f1
1 changed files with 1 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql
View File

@@ -34,11 +34,6 @@ predicate isNetHttpCookieFlow(DataFlow::PathNode source, DataFlow::PathNode sink
)
}
/** Holds if `HttpOnly` of `gin-gonic/gin.Context.SetCookie` is set to `false` or not set (default value is used). */
predicate isGinContextCookieFlow(DataFlow::PathNode source, DataFlow::PathNode sink) {
any(BoolToGinSetCookieTrackingConfiguration cfg).hasFlowPath(source, sink)
}
/**
* Holds if there is gorilla cookie store creation to `Save` path and
* `HttpOnly` is set to `false` or not set (default value is used).
@@ -84,6 +79,6 @@ predicate isGorillaSessionsCookieFlow(DataFlow::PathNode source, DataFlow::PathN
from DataFlow::PathNode source, DataFlow::PathNode sink
where
isNetHttpCookieFlow(source, sink) or
isGinContextCookieFlow(source, sink) or
any(BoolToGinSetCookieTrackingConfiguration cfg).hasFlowPath(source, sink) or
isGorillaSessionsCookieFlow(source, sink)
select sink.getNode(), source, sink, "Cookie attribute 'HttpOnly' is not set to true."