hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Restrict sinks to fix performance

Browse Source
This commit is contained in:
Joe Farebrother
2025-10-29 10:53:00 +00:00
parent 7d5388fb68
commit b813c13462
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
csharp/ql/lib/semmle/code/csharp/security/auth/SecureCookies.qll
View File

@@ -3,6 +3,7 @@
*/ */
import csharp import csharp
private import semmle.code.csharp.frameworks.system.Web
private import semmle.code.csharp.frameworks.microsoft.AspNetCore private import semmle.code.csharp.frameworks.microsoft.AspNetCore
/** /**
@@ -32,7 +33,15 @@ private module AuthCookieNameConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { isAuthVariable(source.asExpr()) } predicate isSource(DataFlow::Node source) { isAuthVariable(source.asExpr()) }
predicate isSink(DataFlow::Node sink) { exists(Call c | sink.asExpr() = c.getAnArgument()) } predicate isSink(DataFlow::Node sink) {
exists(Call c |
sink.asExpr() = c.getAnArgument() and
(
c.getTarget() = any(MicrosoftAspNetCoreHttpResponseCookies cls).getAppendMethod() or
c.(ObjectCreation).getType() instanceof SystemWebHttpCookie
)
)
}
} }
/** /**