mirror of
https://github.com/github/codeql.git
synced 2026-04-25 16:55:19 +02:00
Add cookie models to each framework
This commit is contained in:
Joe Farebrother
@@ -664,6 +664,51 @@ module AiohttpWebModel {
|
||||
override DataFlow::Node getNameArg() { result in [this.getArg(0), this.getArgByName("name")] }
|
||||
|
||||
override DataFlow::Node getValueArg() { result in [this.getArg(1), this.getArgByName("value")] }
|
||||
|
||||
override predicate hasSecureFlag(boolean b) {
|
||||
super.hasSecureFlag(b)
|
||||
or
|
||||
exists(DataFlow::Node arg, BooleanLiteral bool | arg = this.getArgByName("secure") |
|
||||
DataFlow::localFlow(DataFlow::exprNode(bool), arg) and
|
||||
b = bool.booleanValue()
|
||||
)
|
||||
or
|
||||
not exists(this.getArgByName("secure")) and
|
||||
b = false
|
||||
}
|
||||
|
||||
override predicate hasHttpOnlyFlag(boolean b) {
|
||||
super.hasHttpOnlyFlag(b)
|
||||
or
|
||||
exists(DataFlow::Node arg, BooleanLiteral bool | arg = this.getArgByName("httponly") |
|
||||
DataFlow::localFlow(DataFlow::exprNode(bool), arg) and
|
||||
b = bool.booleanValue()
|
||||
)
|
||||
or
|
||||
not exists(this.getArgByName("httponly")) and
|
||||
b = false
|
||||
}
|
||||
|
||||
override predicate hasSameSiteAttribute(Http::Server::CookieWrite::SameSiteValue v) {
|
||||
super.hasSameSiteAttribute(v)
|
||||
or
|
||||
exists(DataFlow::Node arg, StringLiteral str | arg = this.getArgByName("samesite") |
|
||||
DataFlow::localFlow(DataFlow::exprNode(str), arg) and
|
||||
(
|
||||
str.getText().toLowerCase() = "strict" and
|
||||
v instanceof Http::Server::CookieWrite::SameSiteStrict
|
||||
or
|
||||
str.getText().toLowerCase() = "lax" and
|
||||
v instanceof Http::Server::CookieWrite::SameSiteLax
|
||||
or
|
||||
str.getText().toLowerCase() = "none" and
|
||||
v instanceof Http::Server::CookieWrite::SameSiteNone
|
||||
)
|
||||
)
|
||||
or
|
||||
not exists(this.getArgByName("samesite")) and
|
||||
v instanceof Http::Server::CookieWrite::SameSiteLax // Lax is the default
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -2220,7 +2220,7 @@ module PrivateDjango {
|
||||
str.getText().toLowerCase() = "strict" and
|
||||
v instanceof Http::Server::CookieWrite::SameSiteStrict
|
||||
or
|
||||
str.getText().toLowerCase() = "strict" and
|
||||
str.getText().toLowerCase() = "lax" and
|
||||
v instanceof Http::Server::CookieWrite::SameSiteLax
|
||||
or
|
||||
str.getText().toLowerCase() = "none" and
|
||||
|
||||
@@ -358,6 +358,51 @@ module FastApi {
|
||||
override DataFlow::Node getValueArg() {
|
||||
result in [this.getArg(1), this.getArgByName("value")]
|
||||
}
|
||||
|
||||
override predicate hasSecureFlag(boolean b) {
|
||||
super.hasSecureFlag(b)
|
||||
or
|
||||
exists(DataFlow::Node arg, BooleanLiteral bool | arg = this.getArgByName("secure") |
|
||||
DataFlow::localFlow(DataFlow::exprNode(bool), arg) and
|
||||
b = bool.booleanValue()
|
||||
)
|
||||
or
|
||||
not exists(this.getArgByName("secure")) and
|
||||
b = false
|
||||
}
|
||||
|
||||
override predicate hasHttpOnlyFlag(boolean b) {
|
||||
super.hasHttpOnlyFlag(b)
|
||||
or
|
||||
exists(DataFlow::Node arg, BooleanLiteral bool | arg = this.getArgByName("httponly") |
|
||||
DataFlow::localFlow(DataFlow::exprNode(bool), arg) and
|
||||
b = bool.booleanValue()
|
||||
)
|
||||
or
|
||||
not exists(this.getArgByName("httponly")) and
|
||||
b = false
|
||||
}
|
||||
|
||||
override predicate hasSameSiteAttribute(Http::Server::CookieWrite::SameSiteValue v) {
|
||||
super.hasSameSiteAttribute(v)
|
||||
or
|
||||
exists(DataFlow::Node arg, StringLiteral str | arg = this.getArgByName("samesite") |
|
||||
DataFlow::localFlow(DataFlow::exprNode(str), arg) and
|
||||
(
|
||||
str.getText().toLowerCase() = "strict" and
|
||||
v instanceof Http::Server::CookieWrite::SameSiteStrict
|
||||
or
|
||||
str.getText().toLowerCase() = "lax" and
|
||||
v instanceof Http::Server::CookieWrite::SameSiteLax
|
||||
or
|
||||
str.getText().toLowerCase() = "none" and
|
||||
v instanceof Http::Server::CookieWrite::SameSiteNone
|
||||
)
|
||||
)
|
||||
or
|
||||
not exists(this.getArgByName("samesite")) and
|
||||
v instanceof Http::Server::CookieWrite::SameSiteLax // Lax is the default
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -627,7 +627,7 @@ module Flask {
|
||||
str.getText().toLowerCase() = "strict" and
|
||||
v instanceof Http::Server::CookieWrite::SameSiteStrict
|
||||
or
|
||||
str.getText().toLowerCase() = "strict" and
|
||||
str.getText().toLowerCase() = "lax" and
|
||||
v instanceof Http::Server::CookieWrite::SameSiteLax
|
||||
or
|
||||
str.getText().toLowerCase() = "none" and
|
||||
|
||||
@@ -265,6 +265,51 @@ module Pyramid {
|
||||
override DataFlow::Node getValueArg() {
|
||||
result = [this.getArg(1), this.getArgByName("value")]
|
||||
}
|
||||
|
||||
override predicate hasSecureFlag(boolean b) {
|
||||
super.hasSecureFlag(b)
|
||||
or
|
||||
exists(DataFlow::Node arg, BooleanLiteral bool | arg = this.getArgByName("secure") |
|
||||
DataFlow::localFlow(DataFlow::exprNode(bool), arg) and
|
||||
b = bool.booleanValue()
|
||||
)
|
||||
or
|
||||
not exists(this.getArgByName("secure")) and
|
||||
b = false
|
||||
}
|
||||
|
||||
override predicate hasHttpOnlyFlag(boolean b) {
|
||||
super.hasHttpOnlyFlag(b)
|
||||
or
|
||||
exists(DataFlow::Node arg, BooleanLiteral bool | arg = this.getArgByName("httponly") |
|
||||
DataFlow::localFlow(DataFlow::exprNode(bool), arg) and
|
||||
b = bool.booleanValue()
|
||||
)
|
||||
or
|
||||
not exists(this.getArgByName("httponly")) and
|
||||
b = false
|
||||
}
|
||||
|
||||
override predicate hasSameSiteAttribute(Http::Server::CookieWrite::SameSiteValue v) {
|
||||
super.hasSameSiteAttribute(v)
|
||||
or
|
||||
exists(DataFlow::Node arg, StringLiteral str | arg = this.getArgByName("samesite") |
|
||||
DataFlow::localFlow(DataFlow::exprNode(str), arg) and
|
||||
(
|
||||
str.getText().toLowerCase() = "strict" and
|
||||
v instanceof Http::Server::CookieWrite::SameSiteStrict
|
||||
or
|
||||
str.getText().toLowerCase() = "lax" and
|
||||
v instanceof Http::Server::CookieWrite::SameSiteLax
|
||||
or
|
||||
str.getText().toLowerCase() = "none" and
|
||||
v instanceof Http::Server::CookieWrite::SameSiteNone
|
||||
)
|
||||
)
|
||||
or
|
||||
not exists(this.getArgByName("samesite")) and
|
||||
v instanceof Http::Server::CookieWrite::SameSiteLax // Lax is the default
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -604,5 +604,50 @@ module Tornado {
|
||||
override DataFlow::Node getNameArg() { result in [this.getArg(0), this.getArgByName("name")] }
|
||||
|
||||
override DataFlow::Node getValueArg() { result in [this.getArg(1), this.getArgByName("value")] }
|
||||
|
||||
override predicate hasSecureFlag(boolean b) {
|
||||
super.hasSecureFlag(b)
|
||||
or
|
||||
exists(DataFlow::Node arg, BooleanLiteral bool | arg = this.getArgByName("secure") |
|
||||
DataFlow::localFlow(DataFlow::exprNode(bool), arg) and
|
||||
b = bool.booleanValue()
|
||||
)
|
||||
or
|
||||
not exists(this.getArgByName("secure")) and
|
||||
b = false
|
||||
}
|
||||
|
||||
override predicate hasHttpOnlyFlag(boolean b) {
|
||||
super.hasHttpOnlyFlag(b)
|
||||
or
|
||||
exists(DataFlow::Node arg, BooleanLiteral bool | arg = this.getArgByName("httponly") |
|
||||
DataFlow::localFlow(DataFlow::exprNode(bool), arg) and
|
||||
b = bool.booleanValue()
|
||||
)
|
||||
or
|
||||
not exists(this.getArgByName("httponly")) and
|
||||
b = false
|
||||
}
|
||||
|
||||
override predicate hasSameSiteAttribute(Http::Server::CookieWrite::SameSiteValue v) {
|
||||
super.hasSameSiteAttribute(v)
|
||||
or
|
||||
exists(DataFlow::Node arg, StringLiteral str | arg = this.getArgByName("samesite") |
|
||||
DataFlow::localFlow(DataFlow::exprNode(str), arg) and
|
||||
(
|
||||
str.getText().toLowerCase() = "strict" and
|
||||
v instanceof Http::Server::CookieWrite::SameSiteStrict
|
||||
or
|
||||
str.getText().toLowerCase() = "lax" and
|
||||
v instanceof Http::Server::CookieWrite::SameSiteLax
|
||||
or
|
||||
str.getText().toLowerCase() = "none" and
|
||||
v instanceof Http::Server::CookieWrite::SameSiteNone
|
||||
)
|
||||
)
|
||||
or
|
||||
not exists(this.getArgByName("samesite")) and
|
||||
v instanceof Http::Server::CookieWrite::SameSiteLax // Lax is the default
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -245,6 +245,49 @@ private module Twisted {
|
||||
override DataFlow::Node getNameArg() { result in [this.getArg(0), this.getArgByName("k")] }
|
||||
|
||||
override DataFlow::Node getValueArg() { result in [this.getArg(1), this.getArgByName("v")] }
|
||||
|
||||
override predicate hasSecureFlag(boolean b) {
|
||||
super.hasSecureFlag(b)
|
||||
or
|
||||
exists(DataFlow::Node arg, BooleanLiteral bool | arg = this.getArgByName("secure") |
|
||||
DataFlow::localFlow(DataFlow::exprNode(bool), arg) and
|
||||
b = bool.booleanValue()
|
||||
)
|
||||
or
|
||||
not exists(this.getArgByName("secure")) and
|
||||
b = false
|
||||
}
|
||||
|
||||
override predicate hasHttpOnlyFlag(boolean b) {
|
||||
super.hasHttpOnlyFlag(b)
|
||||
or
|
||||
exists(DataFlow::Node arg, BooleanLiteral bool | arg = this.getArgByName("httponly") |
|
||||
DataFlow::localFlow(DataFlow::exprNode(bool), arg) and
|
||||
b = bool.booleanValue()
|
||||
)
|
||||
or
|
||||
not exists(this.getArgByName("httponly")) and
|
||||
b = false
|
||||
}
|
||||
|
||||
override predicate hasSameSiteAttribute(Http::Server::CookieWrite::SameSiteValue v) {
|
||||
super.hasSameSiteAttribute(v)
|
||||
or
|
||||
exists(DataFlow::Node arg, StringLiteral str | arg = this.getArgByName("samesite") |
|
||||
DataFlow::localFlow(DataFlow::exprNode(str), arg) and
|
||||
(
|
||||
str.getText().toLowerCase() = "strict" and
|
||||
v instanceof Http::Server::CookieWrite::SameSiteStrict
|
||||
or
|
||||
str.getText().toLowerCase() = "lax" and
|
||||
v instanceof Http::Server::CookieWrite::SameSiteLax
|
||||
// sting "none" is not accepted
|
||||
)
|
||||
)
|
||||
or
|
||||
not exists(this.getArgByName("samesite")) and
|
||||
v instanceof Http::Server::CookieWrite::SameSiteLax // Lax is the default
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user