hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Restrict Append calls to string arguments

Browse Source
This commit is contained in:
Joe Farebrother
2025-11-10 09:57:40 +00:00
parent b813c13462
commit c9a559a6d8
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
csharp/ql/src/Security Features/CWE-1004/CookieWithoutHttpOnly.ql
View File

@@ -82,7 +82,8 @@ predicate nonHttpOnlyCookieCall(Call c) {
or or
// IResponseCookies.Append(String, String) was called, `HttpOnly` is set to `false` by default // IResponseCookies.Append(String, String) was called, `HttpOnly` is set to `false` by default
mc = c and mc = c and
mc.getNumberOfArguments() < 3 mc.getNumberOfArguments() < 3 and
mc.getTarget().getParameter(0).getType() instanceof StringType
) )
) )
or or

3
csharp/ql/src/Security Features/CWE-614/CookieWithoutSecure.ql
View File

@@ -57,7 +57,8 @@ predicate insecureCookieAppend(Expr sink) {
exists(MethodCall mc, MicrosoftAspNetCoreHttpResponseCookies iResponse | exists(MethodCall mc, MicrosoftAspNetCoreHttpResponseCookies iResponse |
mc = sink and mc = sink and
iResponse.getAppendMethod() = mc.getTarget() and iResponse.getAppendMethod() = mc.getTarget() and
mc.getNumberOfArguments() < 3 mc.getNumberOfArguments() < 3 and
mc.getTarget().getParameter(0).getType() instanceof StringType
) )
} }