Add check for kwargs in cookie attribute predicates

2026-01-07 11:40:27 +01:00 · 2024-07-29 11:17:42 +01:00
parent 90e87a1752
commit ef3bbeacd6
2 changed files with 9 additions and 0 deletions
--- a/python/ql/lib/semmle/python/Concepts.qll
+++ b/python/ql/lib/semmle/python/Concepts.qll
@@ -1234,6 +1234,7 @@ module Http {
        )
        or
        not exists(this.getArgByName("secure")) and
+        not exists(this.getKwargs()) and
        b = false
      }

@@ -1246,6 +1247,7 @@ module Http {
        )
        or
        not exists(this.getArgByName("httponly")) and
+        not exists(this.getKwargs()) and
        b = false
      }

@@ -1267,6 +1269,7 @@ module Http {
        )
        or
        not exists(this.getArgByName("samesite")) and
+        not exists(this.getKwargs()) and
        v instanceof CookieWrite::SameSiteLax // Lax is the default
      }
    }
--- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
@@ -219,6 +219,12 @@ class CallCfgNode extends CfgNode, LocalSourceNode {

  /** Gets the data-flow node corresponding to the named argument of the call corresponding to this data-flow node */
  Node getArgByName(string name) { result.asCfgNode() = node.getArgByName(name) }
+
+  /** Gets the data-flow node corresponding to the first tuple (*) argument of the call corresponding to this data-flow node, if any. */
+  Node getStarArg() { result.asCfgNode() = node.getStarArg() }
+
+  /** Gets tje data-flow node corresponding to a dictionary (**) argument of the call corresponding to this data-flow node, if any. */
+  Node getKwargs() { result.asCfgNode() = node.getKwargs() }
 }

 /**