Skip to content

[javascript] CodeQL query to detect if cookies are sent without the flag secure being set #3978

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
codeql-ci merged 37 commits into from
Aug 28, 2020
Merged

[javascript] CodeQL query to detect if cookies are sent without the flag secure being set #3978

Changes from 1 commit
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
c469f71
Add Codeql query to detect if cookies are sent without the flag bein…
dellalibera Jul 26, 2020
2cec8f7
Update .qhelp
dellalibera Jul 26, 2020
ac7c511
Update .qhelp
dellalibera Jul 26, 2020
8dee3da
Update .qhelp
dellalibera Jul 26, 2020
67fccac
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie…
dellalibera Aug 16, 2020
0c12106
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie…
dellalibera Aug 16, 2020
8d26b81
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie…
dellalibera Aug 16, 2020
10bd745
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie…
dellalibera Aug 16, 2020
5cae300
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie…
dellalibera Aug 16, 2020
e463014
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie…
dellalibera Aug 16, 2020
fb3ffb8
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie…
dellalibera Aug 16, 2020
97f039a
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie…
dellalibera Aug 16, 2020
40e101d
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie…
dellalibera Aug 16, 2020
ab128f7
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie…
dellalibera Aug 16, 2020
9292e3b
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie…
dellalibera Aug 16, 2020
275b8df
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie…
dellalibera Aug 16, 2020
14c8e4c
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie…
dellalibera Aug 16, 2020
a2e9456
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie…
dellalibera Aug 16, 2020
bfef84e
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie…
dellalibera Aug 16, 2020
ab20beb
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie…
dellalibera Aug 16, 2020
05ffd67
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie…
dellalibera Aug 16, 2020
1ba39e4
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie…
dellalibera Aug 16, 2020
e290802
Remove redundancy
dellalibera Aug 16, 2020
d4b231b
Replace regex
dellalibera Aug 16, 2020
91d4485
Replace class and module name
dellalibera Aug 16, 2020
2a32297
Changed .qhelp
dellalibera Aug 16, 2020
3e9142b
Remove examples
dellalibera Aug 16, 2020
5d6e6be
Add query-tests
dellalibera Aug 16, 2020
8ec91ef
Change polarity predicate isInsecure
dellalibera Aug 16, 2020
22f5ae4
Format code
dellalibera Aug 24, 2020
57cf447
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie…
dellalibera Aug 25, 2020
3bd7615
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie…
dellalibera Aug 25, 2020
a1f64e2
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie…
dellalibera Aug 25, 2020
e027c8c
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie…
dellalibera Aug 25, 2020
dcf51c7
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.ql
dellalibera Aug 26, 2020
cd1d50b
Update expected output
dellalibera Aug 26, 2020
9aa1404
JS: fix formatting of InsecureCookie.qll
esbena Aug 27, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie… 
….qll

Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
  • Loading branch information
@dellalibera @esbena
dellalibera and esbena authored Aug 25, 2020
commit 3bd7615a75167fc75c899197b80ca4bc1b35ea01
2 changes: 1 addition & 1 deletion javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ module Cookie {
/**
* A cookie set using `response.cookie` from `express` module (https://expressjs.com/en/api.html#res.cookie).
*/
class InsecureExpressCookieResponse extends Cookie {
class InsecureExpressCookieResponse extends Cookie, DataFlow::MethodCallNode {
InsecureExpressCookieResponse() {
this.calls(any(Express::ResponseExpr r).flow(), "cookie")
}
Expand Down