hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add check for kwargs in cookie attribute predicates

Browse Source
This commit is contained in:
Joe Farebrother
2024-07-29 11:17:42 +01:00
parent 90e87a1752
commit ef3bbeacd6
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
python/ql/lib/semmle/python/Concepts.qll
View File

@@ -1234,6 +1234,7 @@ module Http {
)
or
not exists(this.getArgByName("secure")) and
not exists(this.getKwargs()) and
b = false
}
@@ -1246,6 +1247,7 @@ module Http {
)
or
not exists(this.getArgByName("httponly")) and
not exists(this.getKwargs()) and
b = false
}
@@ -1267,6 +1269,7 @@ module Http {
)
or
not exists(this.getArgByName("samesite")) and
not exists(this.getKwargs()) and
v instanceof CookieWrite::SameSiteLax // Lax is the default
}
}