hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add additional test case for httponly cookies set to true

Browse Source
This commit is contained in:
Joe Farebrother
2025-10-24 16:00:25 +01:00
parent c734e74c76
commit d8eeae781b
9 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
csharp/ql/test/query-tests/Security Features/CWE-1004/HttpOnlyCookie/SystemWeb/CookieWithoutHttpOnly.expected → csharp/ql/test/query-tests/Security Features/CWE-1004/HttpOnlyCookie/SystemWeb/HttpOnlyCookiesFalse/CookieWithoutHttpOnly.expected
View File

0
csharp/ql/test/query-tests/Security Features/CWE-1004/HttpOnlyCookie/SystemWeb/CookieWithoutHttpOnly.qlref → csharp/ql/test/query-tests/Security Features/CWE-1004/HttpOnlyCookie/SystemWeb/HttpOnlyCookiesFalse/CookieWithoutHttpOnly.qlref
View File

0
csharp/ql/test/query-tests/Security Features/CWE-1004/HttpOnlyCookie/SystemWeb/Program.cs → csharp/ql/test/query-tests/Security Features/CWE-1004/HttpOnlyCookie/SystemWeb/HttpOnlyCookiesFalse/Program.cs
View File

0
csharp/ql/test/query-tests/Security Features/CWE-1004/HttpOnlyCookie/SystemWeb/Web.config → csharp/ql/test/query-tests/Security Features/CWE-1004/HttpOnlyCookie/SystemWeb/HttpOnlyCookiesFalse/Web.config
View File

0
csharp/ql/test/query-tests/Security Features/CWE-1004/HttpOnlyCookie/SystemWeb/HttpOnlyCookiesTrue/CookieWithoutHttpOnly.expected Normal file
View File

2
csharp/ql/test/query-tests/Security Features/CWE-1004/HttpOnlyCookie/SystemWeb/HttpOnlyCookiesTrue/CookieWithoutHttpOnly.qlref Normal file
View File

@@ -0,0 +1,2 @@
query: Security Features/CWE-1004/CookieWithoutHttpOnly.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql

7
csharp/ql/test/query-tests/Security Features/CWE-1004/HttpOnlyCookie/SystemWeb/HttpOnlyCookiesTrue/Program.cs Normal file
View File

@@ -0,0 +1,7 @@
class Program
{
void CookieDefault()
{
var cookie = new System.Web.HttpCookie("auth"); // GOOD: httpOnlyCookies is set to true in config
}
}

6
csharp/ql/test/query-tests/Security Features/CWE-1004/HttpOnlyCookie/SystemWeb/HttpOnlyCookiesTrue/Web.config Normal file
View File

@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<httpCookies httpOnlyCookies="true"/>
</system.web>
</configuration>

4
csharp/ql/test/query-tests/Security Features/CWE-1004/HttpOnlyCookie/SystemWeb/options
View File

@@ -1,3 +1,3 @@
semmle-extractor-options: /nostdlib /noconfig
semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj
semmle-extractor-options: ${testdir}/../../../../../resources/stubs/System.Web.cs
semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj
semmle-extractor-options: ${testdir}/../../../../../../resources/stubs/System.Web.cs