mirror of
https://github.com/github/codeql.git
synced 2026-01-30 06:42:57 +01:00
path tracking
This commit is contained in:
edvraa
@@ -22,50 +22,10 @@ DataFlow::Node getValueForFieldWrite(StructLit sl, string field) {
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Tracks struct creation without `HttpOnly` to `SetCookie`.
|
||||
*/
|
||||
class HttpOnlyCookieTrackingConfiguration extends TaintTracking::Configuration {
|
||||
HttpOnlyCookieTrackingConfiguration() { this = "HttpOnlyCookieTrackingConfiguration" }
|
||||
|
||||
override predicate isSource(DataFlow::Node source) {
|
||||
exists(StructLit sl |
|
||||
source.asExpr() = sl and
|
||||
sl.getType().hasQualifiedName("net/http", "Cookie") and
|
||||
(
|
||||
not exists(DataFlow::Node rhs | rhs = getValueForFieldWrite(sl, "HttpOnly"))
|
||||
or
|
||||
exists(DataFlow::Node rhs |
|
||||
rhs = getValueForFieldWrite(sl, "HttpOnly") and
|
||||
rhs.getAPredecessor*().asExpr().getBoolValue() = false
|
||||
) and
|
||||
exists(DataFlow::Node rhs |
|
||||
rhs = getValueForFieldWrite(sl, "Name") and
|
||||
isAuthVariable(rhs.getAPredecessor*().asExpr())
|
||||
)
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) { sink instanceof SetCookieSink }
|
||||
}
|
||||
|
||||
/**
|
||||
* A cookie passed the second parameter to `SetCookie`.
|
||||
*/
|
||||
class SetCookieSink extends DataFlow::Node {
|
||||
SetCookieSink() {
|
||||
exists(CallExpr c |
|
||||
c.getTarget().hasQualifiedName("net/http", "SetCookie") and
|
||||
this.asExpr() = c.getArgument(1)
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if the expression or its value has a sensitive name
|
||||
*/
|
||||
predicate isAuthVariable(Expr expr) {
|
||||
private predicate isAuthVariable(Expr expr) {
|
||||
exists(string val |
|
||||
(
|
||||
val = expr.getStringValue() or
|
||||
@@ -77,10 +37,132 @@ predicate isAuthVariable(Expr expr) {
|
||||
}
|
||||
|
||||
/**
|
||||
* Tracks from gorilla cookie store creation to session save.
|
||||
* A cookie passed as the second parameter to `net/http.SetCookie`.
|
||||
*/
|
||||
class CookieStoreSaveTrackingConfiguration extends DataFlow::Configuration {
|
||||
CookieStoreSaveTrackingConfiguration() { this = "CookieStoreSaveTrackingConfiguration" }
|
||||
private class SetCookieSink extends DataFlow::Node {
|
||||
SetCookieSink() {
|
||||
exists(CallExpr c |
|
||||
c.getTarget().hasQualifiedName("net/http", "SetCookie") and
|
||||
this.asExpr() = c.getArgument(1)
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Tracks `net/http.Cookie` creation to `net/http.SetCookie`.
|
||||
*/
|
||||
class NetHttpCookieTrackingConfiguration extends TaintTracking::Configuration {
|
||||
NetHttpCookieTrackingConfiguration() { this = "NetHttpCookieTrackingConfiguration" }
|
||||
|
||||
override predicate isSource(DataFlow::Node source) {
|
||||
exists(StructLit sl |
|
||||
source.asExpr() = sl and
|
||||
sl.getType().hasQualifiedName("net/http", "Cookie")
|
||||
)
|
||||
}
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) {
|
||||
sink instanceof SetCookieSink and
|
||||
exists(NameToNetHttpCookieTrackingConfiguration cfg, DataFlow::Node nameArg |
|
||||
cfg.hasFlow(_, nameArg) and
|
||||
sink.asExpr() = nameArg.asExpr()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Tracks sensitive name to `net/http.SetCookie`.
|
||||
*/
|
||||
private class NameToNetHttpCookieTrackingConfiguration extends TaintTracking2::Configuration {
|
||||
NameToNetHttpCookieTrackingConfiguration() { this = "NameToNetHttpCookieTrackingConfiguration" }
|
||||
|
||||
override predicate isSource(DataFlow::Node source) { isAuthVariable(source.asExpr()) }
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) { sink instanceof SetCookieSink }
|
||||
|
||||
override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
|
||||
exists(StructLit sl |
|
||||
sl.getType().hasQualifiedName("net/http", "Cookie") and
|
||||
getValueForFieldWrite(sl, "Name") = pred and
|
||||
sl = succ.asExpr()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Tracks `HttpOnly` set to `false` to `net/http.SetCookie`.
|
||||
*/
|
||||
class BoolToNetHttpCookieTrackingConfiguration extends TaintTracking::Configuration {
|
||||
BoolToNetHttpCookieTrackingConfiguration() { this = "BoolToNetHttpCookieTrackingConfiguration" }
|
||||
|
||||
override predicate isSource(DataFlow::Node source) { source.asExpr().getBoolValue() = false }
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) { sink instanceof SetCookieSink }
|
||||
|
||||
override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
|
||||
exists(StructLit sl |
|
||||
sl.getType().hasQualifiedName("net/http", "Cookie") and
|
||||
getValueForFieldWrite(sl, "HttpOnly") = pred and
|
||||
sl = succ.asExpr()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Tracks `HttpOnly` set to `false` to `gin-gonic/gin.Context.SetCookie`.
|
||||
*/
|
||||
class BoolToGinSetCookieTrackingConfiguration extends DataFlow::Configuration {
|
||||
BoolToGinSetCookieTrackingConfiguration() { this = "BoolToGinSetCookieTrackingConfiguration" }
|
||||
|
||||
override predicate isSource(DataFlow::Node source) { source.asExpr().getBoolValue() = false }
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) {
|
||||
exists(CallExpr c |
|
||||
c.getTarget().getQualifiedName() = "github.com/gin-gonic/gin.Context.SetCookie" and
|
||||
c.getArgument(6) = sink.asExpr() and
|
||||
exists(NameToGinSetCookieTrackingConfiguration cfg, DataFlow::Node nameArg |
|
||||
cfg.hasFlow(_, nameArg) and
|
||||
c.getAnArgument() = nameArg.asExpr()
|
||||
)
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Tracks sensitive name to `gin-gonic/gin.Context.SetCookie`.
|
||||
*/
|
||||
private class NameToGinSetCookieTrackingConfiguration extends DataFlow2::Configuration {
|
||||
NameToGinSetCookieTrackingConfiguration() { this = "NameToGinSetCookieTrackingConfiguration" }
|
||||
|
||||
override predicate isSource(DataFlow::Node source) { isAuthVariable(source.asExpr()) }
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) {
|
||||
exists(CallExpr c |
|
||||
c.getTarget().getQualifiedName() = "github.com/gin-gonic/gin.Context.SetCookie" and
|
||||
c.getArgument(0) = sink.asExpr()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A cookie passed the second parameter to `gorilla/sessions.Session.Save`.
|
||||
*/
|
||||
private class GorillaSessionSaveSink extends DataFlow::Node {
|
||||
GorillaSessionSaveSink() {
|
||||
exists(CallExpr c |
|
||||
this.asExpr() = c.getCalleeExpr().(SelectorExpr).getBase() and
|
||||
c.getTarget().getQualifiedName() = "github.com/gorilla/sessions.Session.Save"
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Tracks from gorilla cookie store creation to `gorilla/sessions.Session.Save`.
|
||||
*/
|
||||
class GorillaCookieStoreSaveTrackingConfiguration extends DataFlow::Configuration {
|
||||
GorillaCookieStoreSaveTrackingConfiguration() {
|
||||
this = "GorillaCookieStoreSaveTrackingConfiguration"
|
||||
}
|
||||
|
||||
override predicate isSource(DataFlow::Node source) {
|
||||
exists(CallExpr c |
|
||||
@@ -89,12 +171,7 @@ class CookieStoreSaveTrackingConfiguration extends DataFlow::Configuration {
|
||||
)
|
||||
}
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) {
|
||||
exists(CallExpr c |
|
||||
sink.asExpr() = c.getCalleeExpr().(SelectorExpr).getBase() and
|
||||
c.getTarget().getQualifiedName() = "github.com/gorilla/sessions.Session.Save"
|
||||
)
|
||||
}
|
||||
override predicate isSink(DataFlow::Node sink) { sink instanceof GorillaSessionSaveSink }
|
||||
|
||||
override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
|
||||
exists(Function f, DataFlow::CallNode cn | cn = f.getACall() |
|
||||
@@ -106,10 +183,12 @@ class CookieStoreSaveTrackingConfiguration extends DataFlow::Configuration {
|
||||
}
|
||||
|
||||
/**
|
||||
* Tracks session options to session save.
|
||||
* Tracks session options to `gorilla/sessions.Session.Save`.
|
||||
*/
|
||||
class SessionOptionsTrackingConfiguration extends TaintTracking::Configuration {
|
||||
SessionOptionsTrackingConfiguration() { this = "SessionOptionsTrackingConfiguration" }
|
||||
class GorillaSessionOptionsTrackingConfiguration extends TaintTracking::Configuration {
|
||||
GorillaSessionOptionsTrackingConfiguration() {
|
||||
this = "GorillaSessionOptionsTrackingConfiguration"
|
||||
}
|
||||
|
||||
override predicate isSource(DataFlow::Node source) {
|
||||
exists(StructLit sl |
|
||||
@@ -118,12 +197,7 @@ class SessionOptionsTrackingConfiguration extends TaintTracking::Configuration {
|
||||
)
|
||||
}
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) {
|
||||
exists(CallExpr c |
|
||||
sink.asExpr() = c.getCalleeExpr().(SelectorExpr).getBase() and
|
||||
c.getTarget().getQualifiedName() = "github.com/gorilla/sessions.Session.Save"
|
||||
)
|
||||
}
|
||||
override predicate isSink(DataFlow::Node sink) { sink instanceof GorillaSessionSaveSink }
|
||||
|
||||
override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
|
||||
exists(Field f, DataFlow::Write w, DataFlow::Node base |
|
||||
@@ -133,3 +207,29 @@ class SessionOptionsTrackingConfiguration extends TaintTracking::Configuration {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Tracks `HttpOnly` set to `false` to `gorilla/sessions.Session.Save`.
|
||||
*/
|
||||
class BoolToGorillaSessionOptionsTrackingConfiguration extends TaintTracking::Configuration {
|
||||
BoolToGorillaSessionOptionsTrackingConfiguration() {
|
||||
this = "BoolToGorillaSessionOptionsTrackingConfiguration"
|
||||
}
|
||||
|
||||
override predicate isSource(DataFlow::Node source) { source.asExpr().getBoolValue() = false }
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) { sink instanceof GorillaSessionSaveSink }
|
||||
|
||||
override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
|
||||
exists(StructLit sl |
|
||||
getValueForFieldWrite(sl, "HttpOnly") = pred and
|
||||
sl = succ.asExpr()
|
||||
)
|
||||
or
|
||||
exists(Field f, DataFlow::Write w, DataFlow::Node base |
|
||||
f.getQualifiedName() = "github.com/gorilla/sessions.Session.Options" and
|
||||
w.writesField(base, f, pred) and
|
||||
succ = base
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
* malicious JavaScript to steal it in case of XSS vulnerability. Always set
|
||||
* 'HttpOnly' to 'true' to authentication related cookie to make it
|
||||
* not accessible by JavaScript.
|
||||
* @kind problem
|
||||
* @kind path-problem
|
||||
* @problem.severity warning
|
||||
* @precision high
|
||||
* @id go/cookie-httponly-not-set
|
||||
@@ -14,46 +14,64 @@
|
||||
|
||||
import go
|
||||
import AuthCookie
|
||||
import DataFlow::PathGraph
|
||||
|
||||
predicate isNetHttpCookieFlow(Expr expr) {
|
||||
exists(
|
||||
HttpOnlyCookieTrackingConfiguration httpOnlyCfg, DataFlow::Node source, SetCookieSink sink
|
||||
|
|
||||
httpOnlyCfg.hasFlow(source, sink) and
|
||||
sink.asExpr() = expr
|
||||
)
|
||||
}
|
||||
|
||||
predicate isGinContextCookieFlow(Expr expr) {
|
||||
exists(CallExpr c |
|
||||
c.getTarget().getQualifiedName() = "github.com/gin-gonic/gin.Context.SetCookie" and
|
||||
c.getArgument(6) = expr and
|
||||
exists(DataFlow::Node httpOnlyArg |
|
||||
httpOnlyArg.asExpr() = c.getArgument(6) and
|
||||
httpOnlyArg.getAPredecessor*().asExpr().getBoolValue() = false
|
||||
) and
|
||||
exists(DataFlow::Node nameArg |
|
||||
nameArg.asExpr() = c.getArgument(0) and
|
||||
isAuthVariable(nameArg.getAPredecessor*().asExpr())
|
||||
predicate isNetHttpCookieFlow(DataFlow::PathNode source, DataFlow::PathNode sink) {
|
||||
exists(DataFlow::PathNode cookieCreate, DataFlow::PathNode setCookieSink |
|
||||
exists(NetHttpCookieTrackingConfiguration cfg | cfg.hasFlowPath(cookieCreate, setCookieSink)) and
|
||||
(
|
||||
not exists(DataFlow::Node rhs |
|
||||
rhs = getValueForFieldWrite(cookieCreate.getNode().asExpr(), "HttpOnly")
|
||||
) and
|
||||
source = cookieCreate and
|
||||
sink = setCookieSink
|
||||
or
|
||||
exists(BoolToNetHttpCookieTrackingConfiguration cfg, DataFlow::PathNode setCookieSink2 |
|
||||
cfg.hasFlowPath(source, setCookieSink2) and
|
||||
setCookieSink2.getNode() = setCookieSink.getNode() and
|
||||
sink = setCookieSink2
|
||||
)
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
predicate isGorillaSessionsCookieFlow(Expr expr) {
|
||||
exists(DataFlow::Node sessionSave |
|
||||
sessionSave.asExpr() = expr and
|
||||
exists(CookieStoreSaveTrackingConfiguration cfg | cfg.hasFlow(_, sessionSave)) and
|
||||
predicate isGinContextCookieFlow(DataFlow::PathNode source, DataFlow::PathNode sink) {
|
||||
exists(BoolToGinSetCookieTrackingConfiguration cfg | cfg.hasFlowPath(source, sink))
|
||||
}
|
||||
|
||||
predicate isGorillaSessionsCookieFlow(DataFlow::PathNode source, DataFlow::PathNode sink) {
|
||||
exists(DataFlow::PathNode cookieStoreCreate, DataFlow::PathNode sessionSave |
|
||||
exists(GorillaCookieStoreSaveTrackingConfiguration cfg |
|
||||
cfg.hasFlowPath(cookieStoreCreate, sessionSave)
|
||||
) and
|
||||
(
|
||||
not exists(SessionOptionsTrackingConfiguration cfg | cfg.hasFlow(_, sessionSave))
|
||||
not exists(GorillaSessionOptionsTrackingConfiguration cfg, DataFlow::PathNode sessionSave2 |
|
||||
sessionSave2.getNode() = sessionSave.getNode() and
|
||||
cfg.hasFlowPath(_, sessionSave2)
|
||||
) and
|
||||
source = cookieStoreCreate and
|
||||
sink = sessionSave
|
||||
or
|
||||
exists(SessionOptionsTrackingConfiguration cfg, DataFlow::Node options |
|
||||
cfg.hasFlow(options, sessionSave) and
|
||||
exists(
|
||||
GorillaSessionOptionsTrackingConfiguration cfg, DataFlow::PathNode options,
|
||||
DataFlow::PathNode sessionSave2
|
||||
|
|
||||
cfg.hasFlowPath(options, sessionSave2) and
|
||||
(
|
||||
not exists(DataFlow::Node rhs | rhs = getValueForFieldWrite(options.asExpr(), "HttpOnly"))
|
||||
not exists(DataFlow::Node rhs |
|
||||
rhs = getValueForFieldWrite(options.getNode().asExpr(), "HttpOnly")
|
||||
) and
|
||||
sessionSave2.getNode() = sessionSave.getNode() and
|
||||
sink = sessionSave2 and
|
||||
source = options
|
||||
or
|
||||
exists(DataFlow::Node rhs |
|
||||
rhs = getValueForFieldWrite(options.asExpr(), "HttpOnly") and
|
||||
rhs.getAPredecessor*().asExpr().getBoolValue() = false
|
||||
exists(
|
||||
BoolToGorillaSessionOptionsTrackingConfiguration boolCfg,
|
||||
DataFlow::PathNode sessionSave3
|
||||
|
|
||||
boolCfg.hasFlowPath(source, sessionSave3) and
|
||||
sessionSave3.getNode() = sessionSave.getNode() and
|
||||
sink = sessionSave3
|
||||
)
|
||||
)
|
||||
)
|
||||
@@ -61,9 +79,9 @@ predicate isGorillaSessionsCookieFlow(Expr expr) {
|
||||
)
|
||||
}
|
||||
|
||||
from Expr expr
|
||||
from DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where
|
||||
isNetHttpCookieFlow(expr) or
|
||||
isGinContextCookieFlow(expr) or
|
||||
isGorillaSessionsCookieFlow(expr)
|
||||
select expr, "Cookie attribute 'HttpOnly' is not set to true."
|
||||
isNetHttpCookieFlow(source, sink) or
|
||||
isGinContextCookieFlow(source, sink) or
|
||||
isGorillaSessionsCookieFlow(source, sink)
|
||||
select sink.getNode(), source, sink, "Cookie attribute 'HttpOnly' is not set to true."
|
||||
|
||||
@@ -1,11 +1,272 @@
|
||||
| CookieWithoutHttpOnly.go:14:20:14:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
|
||||
| CookieWithoutHttpOnly.go:23:20:23:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
|
||||
| CookieWithoutHttpOnly.go:50:20:50:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
|
||||
| CookieWithoutHttpOnly.go:60:20:60:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
|
||||
| CookieWithoutHttpOnly.go:90:20:90:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
|
||||
| CookieWithoutHttpOnly.go:109:20:109:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
|
||||
| CookieWithoutHttpOnly.go:119:20:119:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
|
||||
| CookieWithoutHttpOnly.go:128:2:128:8 | session | Cookie attribute 'HttpOnly' is not set to true. |
|
||||
| CookieWithoutHttpOnly.go:141:2:141:8 | session | Cookie attribute 'HttpOnly' is not set to true. |
|
||||
| CookieWithoutHttpOnly.go:152:2:152:8 | session | Cookie attribute 'HttpOnly' is not set to true. |
|
||||
| CookieWithoutHttpOnly.go:189:75:189:79 | false | Cookie attribute 'HttpOnly' is not set to true. |
|
||||
edges
|
||||
| CookieWithoutHttpOnly.go:10:7:13:2 | struct literal : Cookie | CookieWithoutHttpOnly.go:14:20:14:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:10:7:13:2 | struct literal : Cookie | CookieWithoutHttpOnly.go:14:20:14:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:14:20:14:21 | &... : pointer type | CookieWithoutHttpOnly.go:14:20:14:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:14:20:14:21 | &... : pointer type | CookieWithoutHttpOnly.go:14:20:14:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:18:7:22:2 | struct literal : Cookie | CookieWithoutHttpOnly.go:23:20:23:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:18:7:22:2 | struct literal : Cookie | CookieWithoutHttpOnly.go:23:20:23:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:21:13:21:17 | false : bool | CookieWithoutHttpOnly.go:23:20:23:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:21:13:21:17 | false : bool | CookieWithoutHttpOnly.go:23:20:23:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:23:20:23:21 | &... : pointer type | CookieWithoutHttpOnly.go:23:20:23:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:23:20:23:21 | &... : pointer type | CookieWithoutHttpOnly.go:23:20:23:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:23:20:23:21 | &... : pointer type | CookieWithoutHttpOnly.go:23:20:23:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:23:20:23:21 | &... : pointer type | CookieWithoutHttpOnly.go:23:20:23:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:27:7:31:2 | struct literal : Cookie | CookieWithoutHttpOnly.go:32:20:32:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:27:7:31:2 | struct literal : Cookie | CookieWithoutHttpOnly.go:32:20:32:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:32:20:32:21 | &... : pointer type | CookieWithoutHttpOnly.go:32:20:32:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:32:20:32:21 | &... : pointer type | CookieWithoutHttpOnly.go:32:20:32:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:36:7:39:2 | struct literal : Cookie | CookieWithoutHttpOnly.go:41:20:41:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:36:7:39:2 | struct literal : Cookie | CookieWithoutHttpOnly.go:41:20:41:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:41:20:41:21 | &... : pointer type | CookieWithoutHttpOnly.go:41:20:41:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:41:20:41:21 | &... : pointer type | CookieWithoutHttpOnly.go:41:20:41:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:45:7:48:2 | struct literal : Cookie | CookieWithoutHttpOnly.go:50:20:50:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:45:7:48:2 | struct literal : Cookie | CookieWithoutHttpOnly.go:50:20:50:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:49:15:49:19 | false : bool | CookieWithoutHttpOnly.go:50:20:50:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:49:15:49:19 | false : bool | CookieWithoutHttpOnly.go:50:20:50:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:50:20:50:21 | &... : pointer type | CookieWithoutHttpOnly.go:50:20:50:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:50:20:50:21 | &... : pointer type | CookieWithoutHttpOnly.go:50:20:50:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:50:20:50:21 | &... : pointer type | CookieWithoutHttpOnly.go:50:20:50:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:50:20:50:21 | &... : pointer type | CookieWithoutHttpOnly.go:50:20:50:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:54:9:54:13 | false : bool | CookieWithoutHttpOnly.go:60:20:60:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:54:9:54:13 | false : bool | CookieWithoutHttpOnly.go:60:20:60:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:55:7:59:2 | struct literal : Cookie | CookieWithoutHttpOnly.go:60:20:60:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:55:7:59:2 | struct literal : Cookie | CookieWithoutHttpOnly.go:60:20:60:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:60:20:60:21 | &... : pointer type | CookieWithoutHttpOnly.go:60:20:60:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:60:20:60:21 | &... : pointer type | CookieWithoutHttpOnly.go:60:20:60:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:60:20:60:21 | &... : pointer type | CookieWithoutHttpOnly.go:60:20:60:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:60:20:60:21 | &... : pointer type | CookieWithoutHttpOnly.go:60:20:60:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:65:7:69:2 | struct literal : Cookie | CookieWithoutHttpOnly.go:70:20:70:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:65:7:69:2 | struct literal : Cookie | CookieWithoutHttpOnly.go:70:20:70:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:70:20:70:21 | &... : pointer type | CookieWithoutHttpOnly.go:70:20:70:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:70:20:70:21 | &... : pointer type | CookieWithoutHttpOnly.go:70:20:70:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:75:7:78:2 | struct literal : Cookie | CookieWithoutHttpOnly.go:80:20:80:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:75:7:78:2 | struct literal : Cookie | CookieWithoutHttpOnly.go:80:20:80:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:80:20:80:21 | &... : pointer type | CookieWithoutHttpOnly.go:80:20:80:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:80:20:80:21 | &... : pointer type | CookieWithoutHttpOnly.go:80:20:80:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:84:9:84:13 | false : bool | CookieWithoutHttpOnly.go:90:20:90:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:84:9:84:13 | false : bool | CookieWithoutHttpOnly.go:90:20:90:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:85:7:88:2 | struct literal : Cookie | CookieWithoutHttpOnly.go:90:20:90:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:85:7:88:2 | struct literal : Cookie | CookieWithoutHttpOnly.go:90:20:90:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:90:20:90:21 | &... : pointer type | CookieWithoutHttpOnly.go:90:20:90:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:90:20:90:21 | &... : pointer type | CookieWithoutHttpOnly.go:90:20:90:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:90:20:90:21 | &... : pointer type | CookieWithoutHttpOnly.go:90:20:90:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:90:20:90:21 | &... : pointer type | CookieWithoutHttpOnly.go:90:20:90:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:98:15:98:19 | false : bool | CookieWithoutHttpOnly.go:99:20:99:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:98:15:98:19 | false : bool | CookieWithoutHttpOnly.go:99:20:99:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:99:20:99:21 | &... : pointer type | CookieWithoutHttpOnly.go:99:20:99:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:99:20:99:21 | &... : pointer type | CookieWithoutHttpOnly.go:99:20:99:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:104:7:107:2 | struct literal : Cookie | CookieWithoutHttpOnly.go:109:20:109:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:104:7:107:2 | struct literal : Cookie | CookieWithoutHttpOnly.go:109:20:109:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:108:15:108:19 | false : bool | CookieWithoutHttpOnly.go:109:20:109:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:108:15:108:19 | false : bool | CookieWithoutHttpOnly.go:109:20:109:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:109:20:109:21 | &... : pointer type | CookieWithoutHttpOnly.go:109:20:109:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:109:20:109:21 | &... : pointer type | CookieWithoutHttpOnly.go:109:20:109:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:109:20:109:21 | &... : pointer type | CookieWithoutHttpOnly.go:109:20:109:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:109:20:109:21 | &... : pointer type | CookieWithoutHttpOnly.go:109:20:109:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:114:7:117:2 | struct literal : Cookie | CookieWithoutHttpOnly.go:119:20:119:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:114:7:117:2 | struct literal : Cookie | CookieWithoutHttpOnly.go:119:20:119:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:118:15:118:19 | false : bool | CookieWithoutHttpOnly.go:119:20:119:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:118:15:118:19 | false : bool | CookieWithoutHttpOnly.go:119:20:119:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:119:20:119:21 | &... : pointer type | CookieWithoutHttpOnly.go:119:20:119:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:119:20:119:21 | &... : pointer type | CookieWithoutHttpOnly.go:119:20:119:21 | &... |
|
||||
| CookieWithoutHttpOnly.go:119:20:119:21 | &... : pointer type | CookieWithoutHttpOnly.go:119:20:119:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:119:20:119:21 | &... : pointer type | CookieWithoutHttpOnly.go:119:20:119:21 | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:122:13:122:49 | call to NewCookieStore : pointer type | CookieWithoutHttpOnly.go:125:16:125:20 | store : pointer type |
|
||||
| CookieWithoutHttpOnly.go:122:13:122:49 | call to NewCookieStore : pointer type | CookieWithoutHttpOnly.go:133:16:133:20 | store : pointer type |
|
||||
| CookieWithoutHttpOnly.go:122:13:122:49 | call to NewCookieStore : pointer type | CookieWithoutHttpOnly.go:145:16:145:20 | store : pointer type |
|
||||
| CookieWithoutHttpOnly.go:122:13:122:49 | call to NewCookieStore : pointer type | CookieWithoutHttpOnly.go:157:16:157:20 | store : pointer type |
|
||||
| CookieWithoutHttpOnly.go:122:13:122:49 | call to NewCookieStore : pointer type | CookieWithoutHttpOnly.go:169:16:169:20 | store : pointer type |
|
||||
| CookieWithoutHttpOnly.go:125:16:125:20 | store : pointer type | CookieWithoutHttpOnly.go:128:2:128:8 | session |
|
||||
| CookieWithoutHttpOnly.go:132:14:132:18 | false : bool | CookieWithoutHttpOnly.go:134:2:134:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:132:14:132:18 | false : bool | CookieWithoutHttpOnly.go:136:2:136:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:132:14:132:18 | false : bool | CookieWithoutHttpOnly.go:141:2:141:8 | session |
|
||||
| CookieWithoutHttpOnly.go:133:2:133:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:134:2:134:8 | session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:133:2:133:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:134:2:134:8 | session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:133:2:133:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:136:2:136:8 | session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:133:2:133:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:136:2:136:8 | session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:133:16:133:20 | store : pointer type | CookieWithoutHttpOnly.go:141:2:141:8 | session |
|
||||
| CookieWithoutHttpOnly.go:134:2:134:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:133:2:133:8 | definition of session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:134:2:134:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:133:2:133:8 | definition of session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:134:2:134:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:134:2:134:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:134:2:134:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:134:2:134:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:134:2:134:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:136:2:136:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:134:2:134:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:136:2:136:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:134:2:134:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:141:2:141:8 | session |
|
||||
| CookieWithoutHttpOnly.go:134:2:134:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:141:2:141:8 | session |
|
||||
| CookieWithoutHttpOnly.go:134:2:134:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:134:2:134:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:134:2:134:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:134:2:134:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:136:2:136:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:133:2:133:8 | definition of session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:136:2:136:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:133:2:133:8 | definition of session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:136:2:136:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:134:2:134:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:136:2:136:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:134:2:134:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:136:2:136:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:136:2:136:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:136:2:136:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:136:2:136:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:136:2:136:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:141:2:141:8 | session |
|
||||
| CookieWithoutHttpOnly.go:136:2:136:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:141:2:141:8 | session |
|
||||
| CookieWithoutHttpOnly.go:136:2:136:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:136:2:136:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:136:2:136:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:136:2:136:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:136:21:139:2 | struct literal : Options | CookieWithoutHttpOnly.go:134:2:134:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:136:21:139:2 | struct literal : Options | CookieWithoutHttpOnly.go:136:2:136:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:136:21:139:2 | struct literal : Options | CookieWithoutHttpOnly.go:141:2:141:8 | session |
|
||||
| CookieWithoutHttpOnly.go:145:2:145:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:146:2:146:8 | session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:145:2:145:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:148:2:148:8 | session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:145:16:145:20 | store : pointer type | CookieWithoutHttpOnly.go:152:2:152:8 | session |
|
||||
| CookieWithoutHttpOnly.go:146:2:146:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:145:2:145:8 | definition of session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:146:2:146:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:146:2:146:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:146:2:146:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:148:2:148:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:146:2:146:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:152:2:152:8 | session |
|
||||
| CookieWithoutHttpOnly.go:146:2:146:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:146:2:146:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:148:2:148:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:145:2:145:8 | definition of session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:148:2:148:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:146:2:146:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:148:2:148:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:148:2:148:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:148:2:148:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:152:2:152:8 | session |
|
||||
| CookieWithoutHttpOnly.go:148:2:148:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:148:2:148:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:148:21:150:2 | struct literal : Options | CookieWithoutHttpOnly.go:146:2:146:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:148:21:150:2 | struct literal : Options | CookieWithoutHttpOnly.go:148:2:148:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:148:21:150:2 | struct literal : Options | CookieWithoutHttpOnly.go:152:2:152:8 | session |
|
||||
| CookieWithoutHttpOnly.go:157:2:157:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:158:2:158:8 | session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:157:2:157:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:160:2:160:8 | session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:157:16:157:20 | store : pointer type | CookieWithoutHttpOnly.go:165:2:165:8 | session |
|
||||
| CookieWithoutHttpOnly.go:158:2:158:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:157:2:157:8 | definition of session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:158:2:158:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:158:2:158:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:158:2:158:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:160:2:160:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:158:2:158:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:165:2:165:8 | session |
|
||||
| CookieWithoutHttpOnly.go:158:2:158:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:158:2:158:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:160:2:160:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:157:2:157:8 | definition of session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:160:2:160:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:158:2:158:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:160:2:160:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:160:2:160:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:160:2:160:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:165:2:165:8 | session |
|
||||
| CookieWithoutHttpOnly.go:160:2:160:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:160:2:160:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:160:21:163:2 | struct literal : Options | CookieWithoutHttpOnly.go:158:2:158:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:160:21:163:2 | struct literal : Options | CookieWithoutHttpOnly.go:160:2:160:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:160:21:163:2 | struct literal : Options | CookieWithoutHttpOnly.go:165:2:165:8 | session |
|
||||
| CookieWithoutHttpOnly.go:169:2:169:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:170:2:170:8 | session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:169:2:169:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:172:2:172:8 | session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:169:16:169:20 | store : pointer type | CookieWithoutHttpOnly.go:177:2:177:8 | session |
|
||||
| CookieWithoutHttpOnly.go:170:2:170:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:169:2:169:8 | definition of session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:170:2:170:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:170:2:170:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:170:2:170:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:172:2:172:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:170:2:170:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:177:2:177:8 | session |
|
||||
| CookieWithoutHttpOnly.go:170:2:170:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:170:2:170:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:172:2:172:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:169:2:169:8 | definition of session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:172:2:172:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:170:2:170:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:172:2:172:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:172:2:172:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:172:2:172:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:177:2:177:8 | session |
|
||||
| CookieWithoutHttpOnly.go:172:2:172:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:172:2:172:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:172:21:175:2 | struct literal : Options | CookieWithoutHttpOnly.go:170:2:170:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:172:21:175:2 | struct literal : Options | CookieWithoutHttpOnly.go:172:2:172:8 | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:172:21:175:2 | struct literal : Options | CookieWithoutHttpOnly.go:177:2:177:8 | session |
|
||||
nodes
|
||||
| CookieWithoutHttpOnly.go:10:7:13:2 | struct literal : Cookie | semmle.label | struct literal : Cookie |
|
||||
| CookieWithoutHttpOnly.go:14:20:14:21 | &... | semmle.label | &... |
|
||||
| CookieWithoutHttpOnly.go:14:20:14:21 | &... : pointer type | semmle.label | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:18:7:22:2 | struct literal : Cookie | semmle.label | struct literal : Cookie |
|
||||
| CookieWithoutHttpOnly.go:21:13:21:17 | false : bool | semmle.label | false : bool |
|
||||
| CookieWithoutHttpOnly.go:23:20:23:21 | &... | semmle.label | &... |
|
||||
| CookieWithoutHttpOnly.go:23:20:23:21 | &... | semmle.label | &... |
|
||||
| CookieWithoutHttpOnly.go:23:20:23:21 | &... : pointer type | semmle.label | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:23:20:23:21 | &... : pointer type | semmle.label | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:27:7:31:2 | struct literal : Cookie | semmle.label | struct literal : Cookie |
|
||||
| CookieWithoutHttpOnly.go:32:20:32:21 | &... | semmle.label | &... |
|
||||
| CookieWithoutHttpOnly.go:32:20:32:21 | &... : pointer type | semmle.label | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:36:7:39:2 | struct literal : Cookie | semmle.label | struct literal : Cookie |
|
||||
| CookieWithoutHttpOnly.go:41:20:41:21 | &... | semmle.label | &... |
|
||||
| CookieWithoutHttpOnly.go:41:20:41:21 | &... : pointer type | semmle.label | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:45:7:48:2 | struct literal : Cookie | semmle.label | struct literal : Cookie |
|
||||
| CookieWithoutHttpOnly.go:49:15:49:19 | false : bool | semmle.label | false : bool |
|
||||
| CookieWithoutHttpOnly.go:50:20:50:21 | &... | semmle.label | &... |
|
||||
| CookieWithoutHttpOnly.go:50:20:50:21 | &... | semmle.label | &... |
|
||||
| CookieWithoutHttpOnly.go:50:20:50:21 | &... : pointer type | semmle.label | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:50:20:50:21 | &... : pointer type | semmle.label | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:54:9:54:13 | false : bool | semmle.label | false : bool |
|
||||
| CookieWithoutHttpOnly.go:55:7:59:2 | struct literal : Cookie | semmle.label | struct literal : Cookie |
|
||||
| CookieWithoutHttpOnly.go:60:20:60:21 | &... | semmle.label | &... |
|
||||
| CookieWithoutHttpOnly.go:60:20:60:21 | &... | semmle.label | &... |
|
||||
| CookieWithoutHttpOnly.go:60:20:60:21 | &... : pointer type | semmle.label | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:60:20:60:21 | &... : pointer type | semmle.label | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:65:7:69:2 | struct literal : Cookie | semmle.label | struct literal : Cookie |
|
||||
| CookieWithoutHttpOnly.go:70:20:70:21 | &... | semmle.label | &... |
|
||||
| CookieWithoutHttpOnly.go:70:20:70:21 | &... : pointer type | semmle.label | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:75:7:78:2 | struct literal : Cookie | semmle.label | struct literal : Cookie |
|
||||
| CookieWithoutHttpOnly.go:80:20:80:21 | &... | semmle.label | &... |
|
||||
| CookieWithoutHttpOnly.go:80:20:80:21 | &... : pointer type | semmle.label | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:84:9:84:13 | false : bool | semmle.label | false : bool |
|
||||
| CookieWithoutHttpOnly.go:85:7:88:2 | struct literal : Cookie | semmle.label | struct literal : Cookie |
|
||||
| CookieWithoutHttpOnly.go:90:20:90:21 | &... | semmle.label | &... |
|
||||
| CookieWithoutHttpOnly.go:90:20:90:21 | &... | semmle.label | &... |
|
||||
| CookieWithoutHttpOnly.go:90:20:90:21 | &... : pointer type | semmle.label | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:90:20:90:21 | &... : pointer type | semmle.label | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:98:15:98:19 | false : bool | semmle.label | false : bool |
|
||||
| CookieWithoutHttpOnly.go:99:20:99:21 | &... | semmle.label | &... |
|
||||
| CookieWithoutHttpOnly.go:99:20:99:21 | &... : pointer type | semmle.label | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:104:7:107:2 | struct literal : Cookie | semmle.label | struct literal : Cookie |
|
||||
| CookieWithoutHttpOnly.go:108:15:108:19 | false : bool | semmle.label | false : bool |
|
||||
| CookieWithoutHttpOnly.go:109:20:109:21 | &... | semmle.label | &... |
|
||||
| CookieWithoutHttpOnly.go:109:20:109:21 | &... | semmle.label | &... |
|
||||
| CookieWithoutHttpOnly.go:109:20:109:21 | &... : pointer type | semmle.label | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:109:20:109:21 | &... : pointer type | semmle.label | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:114:7:117:2 | struct literal : Cookie | semmle.label | struct literal : Cookie |
|
||||
| CookieWithoutHttpOnly.go:118:15:118:19 | false : bool | semmle.label | false : bool |
|
||||
| CookieWithoutHttpOnly.go:119:20:119:21 | &... | semmle.label | &... |
|
||||
| CookieWithoutHttpOnly.go:119:20:119:21 | &... | semmle.label | &... |
|
||||
| CookieWithoutHttpOnly.go:119:20:119:21 | &... : pointer type | semmle.label | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:119:20:119:21 | &... : pointer type | semmle.label | &... : pointer type |
|
||||
| CookieWithoutHttpOnly.go:122:13:122:49 | call to NewCookieStore : pointer type | semmle.label | call to NewCookieStore : pointer type |
|
||||
| CookieWithoutHttpOnly.go:125:16:125:20 | store : pointer type | semmle.label | store : pointer type |
|
||||
| CookieWithoutHttpOnly.go:128:2:128:8 | session | semmle.label | session |
|
||||
| CookieWithoutHttpOnly.go:132:14:132:18 | false : bool | semmle.label | false : bool |
|
||||
| CookieWithoutHttpOnly.go:133:2:133:8 | definition of session [pointer] : Session | semmle.label | definition of session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:133:2:133:8 | definition of session [pointer] : Session | semmle.label | definition of session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:133:16:133:20 | store : pointer type | semmle.label | store : pointer type |
|
||||
| CookieWithoutHttpOnly.go:134:2:134:8 | implicit dereference : Session | semmle.label | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:134:2:134:8 | implicit dereference : Session | semmle.label | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:134:2:134:8 | session [pointer] : Session | semmle.label | session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:134:2:134:8 | session [pointer] : Session | semmle.label | session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:136:2:136:8 | implicit dereference : Session | semmle.label | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:136:2:136:8 | implicit dereference : Session | semmle.label | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:136:2:136:8 | session [pointer] : Session | semmle.label | session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:136:2:136:8 | session [pointer] : Session | semmle.label | session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:136:21:139:2 | struct literal : Options | semmle.label | struct literal : Options |
|
||||
| CookieWithoutHttpOnly.go:141:2:141:8 | session | semmle.label | session |
|
||||
| CookieWithoutHttpOnly.go:141:2:141:8 | session | semmle.label | session |
|
||||
| CookieWithoutHttpOnly.go:141:2:141:8 | session | semmle.label | session |
|
||||
| CookieWithoutHttpOnly.go:145:2:145:8 | definition of session [pointer] : Session | semmle.label | definition of session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:145:16:145:20 | store : pointer type | semmle.label | store : pointer type |
|
||||
| CookieWithoutHttpOnly.go:146:2:146:8 | implicit dereference : Session | semmle.label | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:146:2:146:8 | session [pointer] : Session | semmle.label | session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:148:2:148:8 | implicit dereference : Session | semmle.label | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:148:2:148:8 | session [pointer] : Session | semmle.label | session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:148:21:150:2 | struct literal : Options | semmle.label | struct literal : Options |
|
||||
| CookieWithoutHttpOnly.go:152:2:152:8 | session | semmle.label | session |
|
||||
| CookieWithoutHttpOnly.go:152:2:152:8 | session | semmle.label | session |
|
||||
| CookieWithoutHttpOnly.go:157:2:157:8 | definition of session [pointer] : Session | semmle.label | definition of session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:157:16:157:20 | store : pointer type | semmle.label | store : pointer type |
|
||||
| CookieWithoutHttpOnly.go:158:2:158:8 | implicit dereference : Session | semmle.label | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:158:2:158:8 | session [pointer] : Session | semmle.label | session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:160:2:160:8 | implicit dereference : Session | semmle.label | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:160:2:160:8 | session [pointer] : Session | semmle.label | session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:160:21:163:2 | struct literal : Options | semmle.label | struct literal : Options |
|
||||
| CookieWithoutHttpOnly.go:165:2:165:8 | session | semmle.label | session |
|
||||
| CookieWithoutHttpOnly.go:165:2:165:8 | session | semmle.label | session |
|
||||
| CookieWithoutHttpOnly.go:169:2:169:8 | definition of session [pointer] : Session | semmle.label | definition of session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:169:16:169:20 | store : pointer type | semmle.label | store : pointer type |
|
||||
| CookieWithoutHttpOnly.go:170:2:170:8 | implicit dereference : Session | semmle.label | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:170:2:170:8 | session [pointer] : Session | semmle.label | session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:172:2:172:8 | implicit dereference : Session | semmle.label | implicit dereference : Session |
|
||||
| CookieWithoutHttpOnly.go:172:2:172:8 | session [pointer] : Session | semmle.label | session [pointer] : Session |
|
||||
| CookieWithoutHttpOnly.go:172:21:175:2 | struct literal : Options | semmle.label | struct literal : Options |
|
||||
| CookieWithoutHttpOnly.go:177:2:177:8 | session | semmle.label | session |
|
||||
| CookieWithoutHttpOnly.go:177:2:177:8 | session | semmle.label | session |
|
||||
| CookieWithoutHttpOnly.go:189:75:189:79 | false | semmle.label | false |
|
||||
#select
|
||||
| CookieWithoutHttpOnly.go:14:20:14:21 | &... | CookieWithoutHttpOnly.go:10:7:13:2 | struct literal : Cookie | CookieWithoutHttpOnly.go:14:20:14:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
|
||||
| CookieWithoutHttpOnly.go:23:20:23:21 | &... | CookieWithoutHttpOnly.go:21:13:21:17 | false : bool | CookieWithoutHttpOnly.go:23:20:23:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
|
||||
| CookieWithoutHttpOnly.go:50:20:50:21 | &... | CookieWithoutHttpOnly.go:49:15:49:19 | false : bool | CookieWithoutHttpOnly.go:50:20:50:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
|
||||
| CookieWithoutHttpOnly.go:60:20:60:21 | &... | CookieWithoutHttpOnly.go:54:9:54:13 | false : bool | CookieWithoutHttpOnly.go:60:20:60:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
|
||||
| CookieWithoutHttpOnly.go:90:20:90:21 | &... | CookieWithoutHttpOnly.go:84:9:84:13 | false : bool | CookieWithoutHttpOnly.go:90:20:90:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
|
||||
| CookieWithoutHttpOnly.go:109:20:109:21 | &... | CookieWithoutHttpOnly.go:108:15:108:19 | false : bool | CookieWithoutHttpOnly.go:109:20:109:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
|
||||
| CookieWithoutHttpOnly.go:119:20:119:21 | &... | CookieWithoutHttpOnly.go:118:15:118:19 | false : bool | CookieWithoutHttpOnly.go:119:20:119:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
|
||||
| CookieWithoutHttpOnly.go:128:2:128:8 | session | CookieWithoutHttpOnly.go:122:13:122:49 | call to NewCookieStore : pointer type | CookieWithoutHttpOnly.go:128:2:128:8 | session | Cookie attribute 'HttpOnly' is not set to true. |
|
||||
| CookieWithoutHttpOnly.go:141:2:141:8 | session | CookieWithoutHttpOnly.go:132:14:132:18 | false : bool | CookieWithoutHttpOnly.go:141:2:141:8 | session | Cookie attribute 'HttpOnly' is not set to true. |
|
||||
| CookieWithoutHttpOnly.go:152:2:152:8 | session | CookieWithoutHttpOnly.go:148:21:150:2 | struct literal : Options | CookieWithoutHttpOnly.go:152:2:152:8 | session | Cookie attribute 'HttpOnly' is not set to true. |
|
||||
| CookieWithoutHttpOnly.go:189:75:189:79 | false | CookieWithoutHttpOnly.go:189:75:189:79 | false | CookieWithoutHttpOnly.go:189:75:189:79 | false | Cookie attribute 'HttpOnly' is not set to true. |
|
||||
|
||||
Reference in New Issue
Block a user