hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix naming in SensitiveCookieNotHttpOnly

Browse Source
This commit is contained in:
Ed Minnix
2023-04-12 20:39:18 -04:00
parent c49bf01dc8
commit c756bdbc30
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/src/experimental/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql
View File

@@ -126,7 +126,7 @@ predicate isTestMethod(MethodAccess ma) {
* A taint configuration tracking flow of a method that sets the `HttpOnly` flag,
* or one that removes a cookie, to a `ServletResponse.addCookie` call.
*/
module SetHttpOnlyOrRemovesCookieConfiguration implements DataFlow::ConfigSig {
module SetHttpOnlyOrRemovesCookieConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
source.asExpr() =
any(MethodAccess ma | setsCookieHttpOnly(ma) or removesCookie(ma)).getQualifier()
@@ -138,8 +138,7 @@ module SetHttpOnlyOrRemovesCookieConfiguration implements DataFlow::ConfigSig {
}
}
module SetHttpOnlyOrRemovesCookieFlow =
TaintTracking::Global<SetHttpOnlyOrRemovesCookieConfiguration>;
module SetHttpOnlyOrRemovesCookieFlow = TaintTracking::Global<SetHttpOnlyOrRemovesCookieConfig>;
/**
* A cookie that is added to an HTTP response and which doesn't have `httpOnly` set, used as a sink