hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rust: Add qhelp and examples.

Browse Source
This commit is contained in:
Geoffrey White
2025-09-19 10:05:11 +01:00
parent 94afc82304
commit bd07350bc3
3 changed files with 50 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
rust/ql/src/queries/security/CWE-614/InsecureCookie.qhelp Normal file
View File

@@ -0,0 +1,33 @@
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>Failing to set the 'Secure' attribute on a cookie allows it to be transmitted over an unencrypted (HTTP) connection. If an attacker can observe a user's network traffic (for example over an insecure WiFi network), they can access sensitive information in the cookie and potentially use it to impersonate the user.</p>
</overview>
<recommendation>
<p>Always set the cookie 'Secure' attribute so that the browser only sends the cookie over HTTPS.</p>
</recommendation>
<example>
<p>The following example creates a cookie using the <code>cookie</code> crate without the 'Secure' attribute:</p>
<sample src="InsecureCookieBad.rs" />
<p>In the fixed example, we either call <code>secure(true)</code> on the <code>CookieBuilder</code> or <code>set_secure(true)</code> on the <code>Cookie</code> itself:</p>
<sample src="InsecureCookieGood.rs" />
</example>
<references>
<li>MDN Web Docs: <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies">Using HTTP cookies</a>.</li>
<li>OWASP Cheat Sheet Series: <a href="https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#transport-layer-security">Session Management Cheat Sheet - Transport Layer Security</a>.</li>
<li>MDN Web Docs: <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#secure">Set-Cookie header - Secure</a>.</li>
</references>
</qhelp>

6
rust/ql/src/queries/security/CWE-614/InsecureCookieBad.rs Normal file
View File

@@ -0,0 +1,6 @@
use cookie::Cookie;
// BAD: creating a cookie without specifying the `secure` attribute
let cookie = Cookie::build("session", "abcd1234").build();
let mut jar = cookie::CookieJar::new();
jar.add(cookie.clone());

11
rust/ql/src/queries/security/CWE-614/InsecureCookieGood.rs Normal file
View File

@@ -0,0 +1,11 @@
use cookie::Cookie;
// GOOD: set the `CookieBuilder` 'Secure' attribute so that the cookie is only sent over HTTPS
let secure_cookie = Cookie::build("session", "abcd1234").secure(true).build();
let mut jar = cookie::CookieJar::new();
jar.add(secure_cookie.clone());
// GOOD: alternatively, set the 'Secure' attribute on an existing `Cookie`
let mut secure_cookie2 = Cookie::new("session", "abcd1234");
secure_cookie2.set_secure(true);
jar.add(secure_cookie2);