hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Improve tests

Browse Source
This commit is contained in:
jorgectf
2021-11-05 20:08:52 +01:00
parent 4cb78ac654
commit d7a79469e6
3 changed files with 31 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
python/ql/test/experimental/query-tests/Security/CWE-614/django_bad.py
View File

@@ -8,8 +8,21 @@ def django_response(request):
return resp
def django_response():
response = django.http.HttpResponse()
response['Set-Cookie'] = "name=value; SameSite=None;"
return response
def django_response(request):
resp = django.http.HttpResponse()
resp.set_cookie("name", "value", secure=False,
httponly=False, samesite='None')
resp.set_cookie(django.http.request.GET.get("name"),
django.http.request.GET.get("value"),
secure=False, httponly=False, samesite='None')
return resp
def django_response():
response = django.http.HttpResponse()
response['Set-Cookie'] = f"{django.http.request.GET.get('name')}={django.http.request.GET.get('value')}; SameSite=None;"
return response

23
python/ql/test/experimental/query-tests/Security/CWE-614/flask_bad.py
View File

@@ -3,6 +3,21 @@ from flask import Flask, request, make_response, Response
app = Flask(__name__)
@app.route("/false")
def false():
resp = make_response()
resp.set_cookie("name", value="value", secure=False,
httponly=False, samesite='None')
return resp
@app.route("/flask_Response")
def flask_Response():
resp = Response()
resp.headers['Set-Cookie'] = "name=value; SameSite=None;"
return resp
@app.route("/false")
def false():
resp = make_response()
@@ -14,15 +29,9 @@ def false():
@app.route("/flask_Response")
def flask_Response():
resp = Response()
resp.headers['Set-Cookie'] = "name=value;"
resp.headers['Set-Cookie'] = f"{request.args['name']}={request.args['value']}; SameSite=None;"
return resp
@app.route("/flask_make_response")
def flask_make_response():
resp = make_response("hello")
resp.headers['Set-Cookie'] = "name=value; SameSite=None;"
return resp
# if __name__ == "__main__":
# app.run(debug=True)

7
python/ql/test/experimental/query-tests/Security/CWE-614/flask_good.py
View File

@@ -18,13 +18,6 @@ def flask_Response():
return resp
@app.route("/flask_make_response")
def flask_make_response():
resp = make_response("hello")
resp.headers['Set-Cookie'] = "name=value; Secure; HttpOnly; SameSite=Lax;"
return resp
def indeterminate(secure):
resp = make_response()
resp.set_cookie("name", value="value", secure=secure)