github
diff --git a/‎rust/ql/lib/change-notes/2025-11-05-poem.md‎
Lines changed: 4 additions & 0 deletions b/‎rust/ql/lib/change-notes/2025-11-05-poem.md‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎rust/ql/lib/codeql/rust/frameworks/poem.model.yml‎
Lines changed: 22 additions & 0 deletions b/‎rust/ql/lib/codeql/rust/frameworks/poem.model.yml‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎rust/ql/src/queries/security/CWE-614/InsecureCookie.ql‎
Lines changed: 3 additions & 3 deletions b/‎rust/ql/src/queries/security/CWE-614/InsecureCookie.ql‎
Lines changed: 3 additions & 3 deletions
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added models for cookie methods in the `poem` crate.
@@ -0,0 +1,22 @@
+extensions:
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: sinkModel
+    data:
+      - ["<poem::web::cookie::CookieJar>::add", "Argument[0]", "cookie-use", "manual"]
+      - ["<poem::web::cookie::SignedCookieJar>::add", "Argument[0]", "cookie-use", "manual"]
+      - ["<poem::web::cookie::PrivateCookieJar>::add", "Argument[0]", "cookie-use", "manual"]
+      - ["<poem::session::server_session::ServerSession>::new", "Argument[0]", "cookie-use", "manual"]
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: summaryModel
+    data:
+      - ["<poem::web::cookie::Cookie>::set_secure", "Argument[self].OptionalBarrier[cookie-secure-arg0]", "Argument[self]", "taint", "manual"]
+      - ["<poem::session::cookie_config::CookieConfig>::secure", "Argument[self].OptionalBarrier[cookie-secure-arg0]", "ReturnValue", "taint", "manual"]
+      - ["<poem::session::cookie_config::CookieConfig>::partitioned", "Argument[self].OptionalBarrier[cookie-partitioned-arg0]", "ReturnValue", "taint", "manual"]
+      - ["<poem::session::cookie_config::CookieConfig>::name", "Argument[self]", "ReturnValue", "taint", "manual"]
+      - ["<poem::session::cookie_config::CookieConfig>::path", "Argument[self]", "ReturnValue", "taint", "manual"]
+      - ["<poem::session::cookie_config::CookieConfig>::domain", "Argument[self]", "ReturnValue", "taint", "manual"]
+      - ["<poem::session::cookie_config::CookieConfig>::http_only", "Argument[self]", "ReturnValue", "taint", "manual"]
+      - ["<poem::session::cookie_config::CookieConfig>::same_site", "Argument[self]", "ReturnValue", "taint", "manual"]
+      - ["<poem::session::cookie_config::CookieConfig>::max_age", "Argument[self]", "ReturnValue", "taint", "manual"]
@@ -39,9 +39,9 @@ module InsecureCookieConfig implements DataFlow::ConfigSig {
     node instanceof Sink
   }
 
-  predicate isBarrier(DataFlow::Node node) {
-    // setting the 'secure' attribute to true
-    cookieSetNode(node, "secure", true)
+  predicate isBarrierIn(DataFlow::Node node) {
+    // setting the 'secure' attribute
+    cookieSetNode(node, "secure", _)
     or
     node instanceof Barrier
   }
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* Added models for cookie methods in the `poem` crate.
Original file line number	Diff line number	Diff line change
`@@ -39,9 +39,9 @@ module InsecureCookieConfig implements DataFlow::ConfigSig {`
`39`	`39`	`node instanceof Sink`
`40`	`40`	`}`
`41`	`41`
`42`		`- predicate isBarrier(DataFlow::Node node) {`
`43`		`- // setting the 'secure' attribute to true`
`44`		`- cookieSetNode(node, "secure", true)`
	`42`	`+ predicate isBarrierIn(DataFlow::Node node) {`
	`43`	`+ // setting the 'secure' attribute`
	`44`	`+ cookieSetNode(node, "secure", _)`
`45`	`45`	`or`
`46`	`46`	`node instanceof Barrier`
`47`	`47`	`}`