hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 04:39:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add tests for secure cookie using aspnetcore

Browse Source
This commit is contained in:
Joe Farebrother
2025-10-23 21:46:38 +01:00
parent 3cdfa8e0ac
commit bb010fee6b
17 changed files with 216 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
csharp/ql/src/Security Features/CWE-614/CookieWithoutSecure.ql
View File

@@ -104,14 +104,12 @@ predicate insecureSecurePolicyAssignment(Assignment a, Expr val) {
)
}
from Expr secureSink, string msg
from Expr secureSink
where
insecureCookieCall(secureSink) and
msg = "Cookie attribute 'Secure' is not set to true."
insecureCookieCall(secureSink)
or
exists(Assignment a |
secureSink = a.getRValue() and
insecureSecurePolicyAssignment(a, _)
) and
msg = "Cookie security policy sets cookies as insecure by default."
select secureSink, msg
)
select secureSink, "Cookie attribute 'Secure' is not set to true."