Add CookieInjection sample and .qhelp

python/ql/src/experimental/Security/CWE-614/CookieInjection.py

@@ -0,0 +1,16 @@
+from flask import request, make_response
+
+
+@app.route("/1")
+def true():
+    resp = make_response()
+    resp.set_cookie(request.args["name"],
+                    value=request.args["name"])
+    return resp
+
+
+@app.route("/2")
+def flask_make_response():
+    resp = make_response("hello")
+    resp.headers['Set-Cookie'] = f"{request.args['name']}={request.args['name']};"
+    return resp

python/ql/src/experimental/Security/CWE-614/CookieInjection.qhelp

@@ -0,0 +1,28 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+
+<overview>
+<p>Constructing cookies from user input may allow an attacker to perform a Cookie Poisoning attack. 
+It is possible, however, to perform other parameter-like attacks through cookie poisoning techniques, 
+such as SQL Injection, Directory Traversal, or Stealth Commanding, etc. Additionally, 
+cookie injection may relate to attempts to perform Access of Administrative Interface.
+</p>
+</overview>
+
+<recommendation>
+<p>Do not use raw user input to construct cookies.</p>
+</recommendation>
+
+<example>
+<p>This example shows two ways of adding a cookie to a Flask response. The first way uses <code>set_cookie</code>'s
+and the second sets a cookie's raw value through a header, both using user-supplied input.</p>
+<sample src="CookieInjection.py" />
+</example>
+
+<references>
+<li>Imperva: <a href="https://docs.imperva.com/bundle/on-premises-knowledgebase-reference-guide/page/cookie_injection.htm">Cookie injection</a>.</li>
+</references>
+
+</qhelp>