only report clear-text cookies for sensitive cookies

2026-05-05 05:35:13 +02:00 · 2021-10-06 10:08:11 +02:00
parent 53b4337795
commit f36accf3e6
4 changed files with 24 additions and 18 deletions
--- a/javascript/ql/lib/semmle/javascript/frameworks/CookieLibraries.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/CookieLibraries.qll
@@ -73,7 +73,11 @@ private module JsCookie {
      this.getOptionArgument(2, CookieWrites::secure()).mayHaveBooleanValue(true)
    }

-    override predicate isSensitive() { none() } // TODO: Maybe it can be sensitive?
+    override predicate isSensitive() {
+      HeuristicNames::nameIndicatesSensitiveData(any(string s |
+          this.getArgument(0).mayHaveStringValue(s)
+        ), _)
+    }

    override predicate isHttpOnly() { none() } // js-cookie is browser side library and doesn't support HttpOnly
  }