Restrict Append calls to string arguments

2025-12-16 08:43:11 +01:00 · 2025-11-10 09:57:40 +00:00
parent b813c13462
commit c9a559a6d8
2 changed files with 4 additions and 2 deletions
--- a/Features/CWE-1004/CookieWithoutHttpOnly.ql
+++ b/Features/CWE-1004/CookieWithoutHttpOnly.ql
@@ -82,7 +82,8 @@ predicate nonHttpOnlyCookieCall(Call c) {
        or
        // IResponseCookies.Append(String, String) was called, `HttpOnly` is set to `false` by default
        mc = c and
-        mc.getNumberOfArguments() < 3
+        mc.getNumberOfArguments() < 3 and
+        mc.getTarget().getParameter(0).getType() instanceof StringType
      )
    )
    or
--- a/Features/CWE-614/CookieWithoutSecure.ql
+++ b/Features/CWE-614/CookieWithoutSecure.ql
@@ -57,7 +57,8 @@ predicate insecureCookieAppend(Expr sink) {
  exists(MethodCall mc, MicrosoftAspNetCoreHttpResponseCookies iResponse |
    mc = sink and
    iResponse.getAppendMethod() = mc.getTarget() and
-    mc.getNumberOfArguments() < 3
+    mc.getNumberOfArguments() < 3 and
+    mc.getTarget().getParameter(0).getType() instanceof StringType
  )
 }