hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
remove-javascript
codeql/csharp/ql/test/experimental/Security Features/CWE-1004/CookieHttpOnlyFalseSystemWeb/Program.cs
edvraa 89c4102462 HttpOnly and Secure cookie queries
2021-07-12 01:13:39 +03:00

59 lines
1.6 KiB
C#
Raw Permalink Blame History

// semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll
class Program
{
void CookieDirectTrue()
{
var cookie = new System.Web.HttpCookie("sessionID");
cookie.HttpOnly = true; // GOOD
}
void CookieDirectTrueInitializer()
{
var cookie = new System.Web.HttpCookie("sessionID") { HttpOnly = true }; // GOOD
}
void CookieForgeryDirectFalse()
{
var cookie = new System.Web.HttpCookie("antiforgerytoken");
cookie.HttpOnly = false; // GOOD: not an auth cookie
}
void CookieDirectFalse()
{
var cookie = new System.Web.HttpCookie("sessionID");
cookie.HttpOnly = false; // BAD
}
void CookieDirectFalseInitializer()
{
var cookie = new System.Web.HttpCookie("sessionID") { HttpOnly = false }; // BAD
}
void CookieIntermediateTrue()
{
var cookie = new System.Web.HttpCookie("sessionID");
bool v = true;
cookie.HttpOnly = v; // GOOD: should track local data flow
}
void CookieIntermediateTrueInitializer()
{
bool v = true;
var cookie = new System.Web.HttpCookie("sessionID") { HttpOnly = v }; // GOOD: should track local data flow
}
void CookieIntermediateFalse()
{
var cookie = new System.Web.HttpCookie("sessionID");
bool v = false;
cookie.HttpOnly = v; // BAD
}
void CookieIntermediateFalseInitializer()
{
bool v = false;
var cookie = new System.Web.HttpCookie("sessionID") { HttpOnly = v }; // BAD
}
}
Reference in New Issue View Git Blame Copy Permalink