hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply similar changes to httponly

Browse Source
This commit is contained in:
Joe Farebrother
2024-07-29 10:29:59 +01:00
parent 1127b08635
commit c7f9095739
1 changed files with 9 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
python/ql/lib/semmle/python/Concepts.qll
View File

@@ -1268,19 +1268,16 @@ module Http {
* Holds if the `HttpOnly` flag of the cookie is known to have a value of `b`.
*/
predicate hasHttpOnlyFlag(boolean b) {
exists(this.getHeaderArg()) and
(
exists(StringLiteral sl |
sl.getText().regexpMatch("(?i).*;\\s*httponly(;.*|\\s*)") and
TaintTracking::localTaint(DataFlow::exprNode(sl), this.getHeaderArg()) and
b = true
)
exists(StringLiteral sl |
// `sl` is likely a substring of the header
TaintTracking::localTaint(DataFlow::exprNode(sl), this.getHeaderArg()) and
sl.getText().regexpMatch("(?i).*;\\s*httponly(;.*|\\s*)") and
b = true
or
exists(StringLiteral sl |
not sl.getText().regexpMatch("(?i).*;\\s*httponly(;.*|\\s*)") and
DataFlow::localFlow(DataFlow::exprNode(sl), this.getHeaderArg()) and
b = false
)
// `sl` is the entire header
DataFlow::localFlow(DataFlow::exprNode(sl), this.getHeaderArg()) and
not sl.getText().regexpMatch("(?i).*;\\s*httponly(;.*|\\s*)") and
b = false
)
}