Skip to content

Commit a68b7ca

Browse files
joefarebrotherjoefarebrother
committed
Add tests
1 parent 849361c commit a68b7ca

File tree

18 files changed

+1990
-0
lines changed

18 files changed

+1990
-0
lines changed

go/ql/test/query-tests/Security/CWE-1004/CookieWithoutHttpOnly.expected

Lines changed: 139 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,139 @@
1+
#select
2+
| CookieWithoutHttpOnly.go:14:2:14:22 | call to SetCookie | CookieWithoutHttpOnly.go:11:10:11:18 | "session" | CookieWithoutHttpOnly.go:14:20:14:21 | &... | Sensitive cookie $@ does not set HttpOnly attribute to true. | CookieWithoutHttpOnly.go:11:10:11:18 | "session" | session |
3+
| CookieWithoutHttpOnly.go:23:2:23:22 | call to SetCookie | CookieWithoutHttpOnly.go:19:13:19:21 | "session" | CookieWithoutHttpOnly.go:23:20:23:21 | &... | Sensitive cookie $@ does not set HttpOnly attribute to true. | CookieWithoutHttpOnly.go:19:13:19:21 | "session" | session |
4+
| CookieWithoutHttpOnly.go:50:2:50:22 | call to SetCookie | CookieWithoutHttpOnly.go:46:10:46:18 | "session" | CookieWithoutHttpOnly.go:50:20:50:21 | &... | Sensitive cookie $@ does not set HttpOnly attribute to true. | CookieWithoutHttpOnly.go:46:10:46:18 | "session" | session |
5+
| CookieWithoutHttpOnly.go:60:2:60:22 | call to SetCookie | CookieWithoutHttpOnly.go:56:13:56:21 | "session" | CookieWithoutHttpOnly.go:60:20:60:21 | &... | Sensitive cookie $@ does not set HttpOnly attribute to true. | CookieWithoutHttpOnly.go:56:13:56:21 | "session" | session |
6+
| CookieWithoutHttpOnly.go:90:2:90:22 | call to SetCookie | CookieWithoutHttpOnly.go:86:10:86:18 | "session" | CookieWithoutHttpOnly.go:90:20:90:21 | &... | Sensitive cookie $@ does not set HttpOnly attribute to true. | CookieWithoutHttpOnly.go:86:10:86:18 | "session" | session |
7+
| CookieWithoutHttpOnly.go:109:2:109:22 | call to SetCookie | CookieWithoutHttpOnly.go:103:10:103:18 | "session" | CookieWithoutHttpOnly.go:109:20:109:21 | &... | Sensitive cookie $@ does not set HttpOnly attribute to true. | CookieWithoutHttpOnly.go:103:10:103:18 | "session" | session |
8+
| CookieWithoutHttpOnly.go:119:2:119:22 | call to SetCookie | CookieWithoutHttpOnly.go:113:13:113:24 | "login_name" | CookieWithoutHttpOnly.go:119:20:119:21 | &... | Sensitive cookie $@ does not set HttpOnly attribute to true. | CookieWithoutHttpOnly.go:113:13:113:24 | "login_name" | login_name |
9+
| CookieWithoutHttpOnly.go:119:2:119:22 | call to SetCookie | CookieWithoutHttpOnly.go:115:10:115:16 | session | CookieWithoutHttpOnly.go:119:20:119:21 | &... | Sensitive cookie $@ does not set HttpOnly attribute to true. | CookieWithoutHttpOnly.go:115:10:115:16 | session | session |
10+
| CookieWithoutHttpOnly.go:131:4:131:71 | call to SetCookie | CookieWithoutHttpOnly.go:131:16:131:24 | "session" | CookieWithoutHttpOnly.go:131:16:131:24 | "session" | Sensitive cookie $@ does not set HttpOnly attribute to true. | CookieWithoutHttpOnly.go:131:16:131:24 | "session" | session |
11+
edges
12+
| CookieWithoutHttpOnly.go:10:7:13:2 | struct literal | CookieWithoutHttpOnly.go:14:20:14:21 | &... | provenance | |
13+
| CookieWithoutHttpOnly.go:10:7:13:2 | struct literal | CookieWithoutHttpOnly.go:14:21:14:21 | c | provenance | |
14+
| CookieWithoutHttpOnly.go:11:10:11:18 | "session" | CookieWithoutHttpOnly.go:10:7:13:2 | struct literal | provenance | Config |
15+
| CookieWithoutHttpOnly.go:14:20:14:21 | &... [pointer] | CookieWithoutHttpOnly.go:14:20:14:21 | &... | provenance | |
16+
| CookieWithoutHttpOnly.go:14:21:14:21 | c | CookieWithoutHttpOnly.go:14:20:14:21 | &... | provenance | |
17+
| CookieWithoutHttpOnly.go:14:21:14:21 | c | CookieWithoutHttpOnly.go:14:20:14:21 | &... [pointer] | provenance | |
18+
| CookieWithoutHttpOnly.go:18:7:22:2 | struct literal | CookieWithoutHttpOnly.go:23:20:23:21 | &... | provenance | |
19+
| CookieWithoutHttpOnly.go:18:7:22:2 | struct literal | CookieWithoutHttpOnly.go:23:21:23:21 | c | provenance | |
20+
| CookieWithoutHttpOnly.go:19:13:19:21 | "session" | CookieWithoutHttpOnly.go:18:7:22:2 | struct literal | provenance | Config |
21+
| CookieWithoutHttpOnly.go:23:20:23:21 | &... [pointer] | CookieWithoutHttpOnly.go:23:20:23:21 | &... | provenance | |
22+
| CookieWithoutHttpOnly.go:23:21:23:21 | c | CookieWithoutHttpOnly.go:23:20:23:21 | &... | provenance | |
23+
| CookieWithoutHttpOnly.go:23:21:23:21 | c | CookieWithoutHttpOnly.go:23:20:23:21 | &... [pointer] | provenance | |
24+
| CookieWithoutHttpOnly.go:27:7:31:2 | struct literal | CookieWithoutHttpOnly.go:32:20:32:21 | &... | provenance | |
25+
| CookieWithoutHttpOnly.go:27:7:31:2 | struct literal | CookieWithoutHttpOnly.go:32:21:32:21 | c | provenance | |
26+
| CookieWithoutHttpOnly.go:28:13:28:21 | "session" | CookieWithoutHttpOnly.go:27:7:31:2 | struct literal | provenance | Config |
27+
| CookieWithoutHttpOnly.go:32:20:32:21 | &... [pointer] | CookieWithoutHttpOnly.go:32:20:32:21 | &... | provenance | |
28+
| CookieWithoutHttpOnly.go:32:21:32:21 | c | CookieWithoutHttpOnly.go:32:20:32:21 | &... | provenance | |
29+
| CookieWithoutHttpOnly.go:32:21:32:21 | c | CookieWithoutHttpOnly.go:32:20:32:21 | &... [pointer] | provenance | |
30+
| CookieWithoutHttpOnly.go:36:7:39:2 | struct literal | CookieWithoutHttpOnly.go:41:20:41:21 | &... | provenance | |
31+
| CookieWithoutHttpOnly.go:36:7:39:2 | struct literal | CookieWithoutHttpOnly.go:41:21:41:21 | c | provenance | |
32+
| CookieWithoutHttpOnly.go:37:10:37:18 | "session" | CookieWithoutHttpOnly.go:36:7:39:2 | struct literal | provenance | Config |
33+
| CookieWithoutHttpOnly.go:41:20:41:21 | &... [pointer] | CookieWithoutHttpOnly.go:41:20:41:21 | &... | provenance | |
34+
| CookieWithoutHttpOnly.go:41:21:41:21 | c | CookieWithoutHttpOnly.go:41:20:41:21 | &... | provenance | |
35+
| CookieWithoutHttpOnly.go:41:21:41:21 | c | CookieWithoutHttpOnly.go:41:20:41:21 | &... [pointer] | provenance | |
36+
| CookieWithoutHttpOnly.go:45:7:48:2 | struct literal | CookieWithoutHttpOnly.go:50:20:50:21 | &... | provenance | |
37+
| CookieWithoutHttpOnly.go:45:7:48:2 | struct literal | CookieWithoutHttpOnly.go:50:21:50:21 | c | provenance | |
38+
| CookieWithoutHttpOnly.go:46:10:46:18 | "session" | CookieWithoutHttpOnly.go:45:7:48:2 | struct literal | provenance | Config |
39+
| CookieWithoutHttpOnly.go:50:20:50:21 | &... [pointer] | CookieWithoutHttpOnly.go:50:20:50:21 | &... | provenance | |
40+
| CookieWithoutHttpOnly.go:50:21:50:21 | c | CookieWithoutHttpOnly.go:50:20:50:21 | &... | provenance | |
41+
| CookieWithoutHttpOnly.go:50:21:50:21 | c | CookieWithoutHttpOnly.go:50:20:50:21 | &... [pointer] | provenance | |
42+
| CookieWithoutHttpOnly.go:55:7:59:2 | struct literal | CookieWithoutHttpOnly.go:60:20:60:21 | &... | provenance | |
43+
| CookieWithoutHttpOnly.go:55:7:59:2 | struct literal | CookieWithoutHttpOnly.go:60:21:60:21 | c | provenance | |
44+
| CookieWithoutHttpOnly.go:56:13:56:21 | "session" | CookieWithoutHttpOnly.go:55:7:59:2 | struct literal | provenance | Config |
45+
| CookieWithoutHttpOnly.go:60:20:60:21 | &... [pointer] | CookieWithoutHttpOnly.go:60:20:60:21 | &... | provenance | |
46+
| CookieWithoutHttpOnly.go:60:21:60:21 | c | CookieWithoutHttpOnly.go:60:20:60:21 | &... | provenance | |
47+
| CookieWithoutHttpOnly.go:60:21:60:21 | c | CookieWithoutHttpOnly.go:60:20:60:21 | &... [pointer] | provenance | |
48+
| CookieWithoutHttpOnly.go:65:7:69:2 | struct literal | CookieWithoutHttpOnly.go:70:20:70:21 | &... | provenance | |
49+
| CookieWithoutHttpOnly.go:65:7:69:2 | struct literal | CookieWithoutHttpOnly.go:70:21:70:21 | c | provenance | |
50+
| CookieWithoutHttpOnly.go:66:13:66:21 | "session" | CookieWithoutHttpOnly.go:65:7:69:2 | struct literal | provenance | Config |
51+
| CookieWithoutHttpOnly.go:70:20:70:21 | &... [pointer] | CookieWithoutHttpOnly.go:70:20:70:21 | &... | provenance | |
52+
| CookieWithoutHttpOnly.go:70:21:70:21 | c | CookieWithoutHttpOnly.go:70:20:70:21 | &... | provenance | |
53+
| CookieWithoutHttpOnly.go:70:21:70:21 | c | CookieWithoutHttpOnly.go:70:20:70:21 | &... [pointer] | provenance | |
54+
| CookieWithoutHttpOnly.go:75:7:78:2 | struct literal | CookieWithoutHttpOnly.go:80:20:80:21 | &... | provenance | |
55+
| CookieWithoutHttpOnly.go:75:7:78:2 | struct literal | CookieWithoutHttpOnly.go:80:21:80:21 | c | provenance | |
56+
| CookieWithoutHttpOnly.go:76:10:76:18 | "session" | CookieWithoutHttpOnly.go:75:7:78:2 | struct literal | provenance | Config |
57+
| CookieWithoutHttpOnly.go:80:20:80:21 | &... [pointer] | CookieWithoutHttpOnly.go:80:20:80:21 | &... | provenance | |
58+
| CookieWithoutHttpOnly.go:80:21:80:21 | c | CookieWithoutHttpOnly.go:80:20:80:21 | &... | provenance | |
59+
| CookieWithoutHttpOnly.go:80:21:80:21 | c | CookieWithoutHttpOnly.go:80:20:80:21 | &... [pointer] | provenance | |
60+
| CookieWithoutHttpOnly.go:85:7:88:2 | struct literal | CookieWithoutHttpOnly.go:90:20:90:21 | &... | provenance | |
61+
| CookieWithoutHttpOnly.go:85:7:88:2 | struct literal | CookieWithoutHttpOnly.go:90:21:90:21 | c | provenance | |
62+
| CookieWithoutHttpOnly.go:86:10:86:18 | "session" | CookieWithoutHttpOnly.go:85:7:88:2 | struct literal | provenance | Config |
63+
| CookieWithoutHttpOnly.go:90:20:90:21 | &... [pointer] | CookieWithoutHttpOnly.go:90:20:90:21 | &... | provenance | |
64+
| CookieWithoutHttpOnly.go:90:21:90:21 | c | CookieWithoutHttpOnly.go:90:20:90:21 | &... | provenance | |
65+
| CookieWithoutHttpOnly.go:90:21:90:21 | c | CookieWithoutHttpOnly.go:90:20:90:21 | &... [pointer] | provenance | |
66+
| CookieWithoutHttpOnly.go:103:10:103:18 | "session" | CookieWithoutHttpOnly.go:105:10:105:13 | name | provenance | |
67+
| CookieWithoutHttpOnly.go:104:7:107:2 | struct literal | CookieWithoutHttpOnly.go:109:20:109:21 | &... | provenance | |
68+
| CookieWithoutHttpOnly.go:104:7:107:2 | struct literal | CookieWithoutHttpOnly.go:109:21:109:21 | c | provenance | |
69+
| CookieWithoutHttpOnly.go:105:10:105:13 | name | CookieWithoutHttpOnly.go:104:7:107:2 | struct literal | provenance | Config |
70+
| CookieWithoutHttpOnly.go:109:20:109:21 | &... [pointer] | CookieWithoutHttpOnly.go:109:20:109:21 | &... | provenance | |
71+
| CookieWithoutHttpOnly.go:109:21:109:21 | c | CookieWithoutHttpOnly.go:109:20:109:21 | &... | provenance | |
72+
| CookieWithoutHttpOnly.go:109:21:109:21 | c | CookieWithoutHttpOnly.go:109:20:109:21 | &... [pointer] | provenance | |
73+
| CookieWithoutHttpOnly.go:113:13:113:24 | "login_name" | CookieWithoutHttpOnly.go:115:10:115:16 | session | provenance | |
74+
| CookieWithoutHttpOnly.go:114:7:117:2 | struct literal | CookieWithoutHttpOnly.go:119:20:119:21 | &... | provenance | |
75+
| CookieWithoutHttpOnly.go:114:7:117:2 | struct literal | CookieWithoutHttpOnly.go:119:21:119:21 | c | provenance | |
76+
| CookieWithoutHttpOnly.go:115:10:115:16 | session | CookieWithoutHttpOnly.go:114:7:117:2 | struct literal | provenance | Config |
77+
| CookieWithoutHttpOnly.go:119:20:119:21 | &... [pointer] | CookieWithoutHttpOnly.go:119:20:119:21 | &... | provenance | |
78+
| CookieWithoutHttpOnly.go:119:21:119:21 | c | CookieWithoutHttpOnly.go:119:20:119:21 | &... | provenance | |
79+
| CookieWithoutHttpOnly.go:119:21:119:21 | c | CookieWithoutHttpOnly.go:119:20:119:21 | &... [pointer] | provenance | |
80+
nodes
81+
| CookieWithoutHttpOnly.go:10:7:13:2 | struct literal | semmle.label | struct literal |
82+
| CookieWithoutHttpOnly.go:11:10:11:18 | "session" | semmle.label | "session" |
83+
| CookieWithoutHttpOnly.go:14:20:14:21 | &... | semmle.label | &... |
84+
| CookieWithoutHttpOnly.go:14:20:14:21 | &... [pointer] | semmle.label | &... [pointer] |
85+
| CookieWithoutHttpOnly.go:14:21:14:21 | c | semmle.label | c |
86+
| CookieWithoutHttpOnly.go:18:7:22:2 | struct literal | semmle.label | struct literal |
87+
| CookieWithoutHttpOnly.go:19:13:19:21 | "session" | semmle.label | "session" |
88+
| CookieWithoutHttpOnly.go:23:20:23:21 | &... | semmle.label | &... |
89+
| CookieWithoutHttpOnly.go:23:20:23:21 | &... [pointer] | semmle.label | &... [pointer] |
90+
| CookieWithoutHttpOnly.go:23:21:23:21 | c | semmle.label | c |
91+
| CookieWithoutHttpOnly.go:27:7:31:2 | struct literal | semmle.label | struct literal |
92+
| CookieWithoutHttpOnly.go:28:13:28:21 | "session" | semmle.label | "session" |
93+
| CookieWithoutHttpOnly.go:32:20:32:21 | &... | semmle.label | &... |
94+
| CookieWithoutHttpOnly.go:32:20:32:21 | &... [pointer] | semmle.label | &... [pointer] |
95+
| CookieWithoutHttpOnly.go:32:21:32:21 | c | semmle.label | c |
96+
| CookieWithoutHttpOnly.go:36:7:39:2 | struct literal | semmle.label | struct literal |
97+
| CookieWithoutHttpOnly.go:37:10:37:18 | "session" | semmle.label | "session" |
98+
| CookieWithoutHttpOnly.go:41:20:41:21 | &... | semmle.label | &... |
99+
| CookieWithoutHttpOnly.go:41:20:41:21 | &... [pointer] | semmle.label | &... [pointer] |
100+
| CookieWithoutHttpOnly.go:41:21:41:21 | c | semmle.label | c |
101+
| CookieWithoutHttpOnly.go:45:7:48:2 | struct literal | semmle.label | struct literal |
102+
| CookieWithoutHttpOnly.go:46:10:46:18 | "session" | semmle.label | "session" |
103+
| CookieWithoutHttpOnly.go:50:20:50:21 | &... | semmle.label | &... |
104+
| CookieWithoutHttpOnly.go:50:20:50:21 | &... [pointer] | semmle.label | &... [pointer] |
105+
| CookieWithoutHttpOnly.go:50:21:50:21 | c | semmle.label | c |
106+
| CookieWithoutHttpOnly.go:55:7:59:2 | struct literal | semmle.label | struct literal |
107+
| CookieWithoutHttpOnly.go:56:13:56:21 | "session" | semmle.label | "session" |
108+
| CookieWithoutHttpOnly.go:60:20:60:21 | &... | semmle.label | &... |
109+
| CookieWithoutHttpOnly.go:60:20:60:21 | &... [pointer] | semmle.label | &... [pointer] |
110+
| CookieWithoutHttpOnly.go:60:21:60:21 | c | semmle.label | c |
111+
| CookieWithoutHttpOnly.go:65:7:69:2 | struct literal | semmle.label | struct literal |
112+
| CookieWithoutHttpOnly.go:66:13:66:21 | "session" | semmle.label | "session" |
113+
| CookieWithoutHttpOnly.go:70:20:70:21 | &... | semmle.label | &... |
114+
| CookieWithoutHttpOnly.go:70:20:70:21 | &... [pointer] | semmle.label | &... [pointer] |
115+
| CookieWithoutHttpOnly.go:70:21:70:21 | c | semmle.label | c |
116+
| CookieWithoutHttpOnly.go:75:7:78:2 | struct literal | semmle.label | struct literal |
117+
| CookieWithoutHttpOnly.go:76:10:76:18 | "session" | semmle.label | "session" |
118+
| CookieWithoutHttpOnly.go:80:20:80:21 | &... | semmle.label | &... |
119+
| CookieWithoutHttpOnly.go:80:20:80:21 | &... [pointer] | semmle.label | &... [pointer] |
120+
| CookieWithoutHttpOnly.go:80:21:80:21 | c | semmle.label | c |
121+
| CookieWithoutHttpOnly.go:85:7:88:2 | struct literal | semmle.label | struct literal |
122+
| CookieWithoutHttpOnly.go:86:10:86:18 | "session" | semmle.label | "session" |
123+
| CookieWithoutHttpOnly.go:90:20:90:21 | &... | semmle.label | &... |
124+
| CookieWithoutHttpOnly.go:90:20:90:21 | &... [pointer] | semmle.label | &... [pointer] |
125+
| CookieWithoutHttpOnly.go:90:21:90:21 | c | semmle.label | c |
126+
| CookieWithoutHttpOnly.go:103:10:103:18 | "session" | semmle.label | "session" |
127+
| CookieWithoutHttpOnly.go:104:7:107:2 | struct literal | semmle.label | struct literal |
128+
| CookieWithoutHttpOnly.go:105:10:105:13 | name | semmle.label | name |
129+
| CookieWithoutHttpOnly.go:109:20:109:21 | &... | semmle.label | &... |
130+
| CookieWithoutHttpOnly.go:109:20:109:21 | &... [pointer] | semmle.label | &... [pointer] |
131+
| CookieWithoutHttpOnly.go:109:21:109:21 | c | semmle.label | c |
132+
| CookieWithoutHttpOnly.go:113:13:113:24 | "login_name" | semmle.label | "login_name" |
133+
| CookieWithoutHttpOnly.go:114:7:117:2 | struct literal | semmle.label | struct literal |
134+
| CookieWithoutHttpOnly.go:115:10:115:16 | session | semmle.label | session |
135+
| CookieWithoutHttpOnly.go:119:20:119:21 | &... | semmle.label | &... |
136+
| CookieWithoutHttpOnly.go:119:20:119:21 | &... [pointer] | semmle.label | &... [pointer] |
137+
| CookieWithoutHttpOnly.go:119:21:119:21 | c | semmle.label | c |
138+
| CookieWithoutHttpOnly.go:131:16:131:24 | "session" | semmle.label | "session" |
139+
subpaths

go/ql/test/query-tests/Security/CWE-1004/CookieWithoutHttpOnly.go

Lines changed: 136 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,136 @@
1+
package main
2+
3+
import (
4+
"net/http"
5+
6+
"github.com/gin-gonic/gin"
7+
)
8+
9+
func handler1(w http.ResponseWriter, r *http.Request) {
10+
c := http.Cookie{
11+
Name: "session", // $ Source
12+
Value: "secret",
13+
}
14+
http.SetCookie(w, &c) // $ Alert // BAD: HttpOnly set to false by default
15+
}
16+
17+
func handler2(w http.ResponseWriter, r *http.Request) {
18+
c := http.Cookie{
19+
Name: "session", // $ Source
20+
Value: "secret",
21+
HttpOnly: false,
22+
}
23+
http.SetCookie(w, &c) // $ Alert // BAD: HttpOnly explicitly set to false
24+
}
25+
26+
func handler3(w http.ResponseWriter, r *http.Request) {
27+
c := http.Cookie{
28+
Name: "session",
29+
Value: "secret",
30+
HttpOnly: true,
31+
}
32+
http.SetCookie(w, &c) // GOOD: HttpOnly explicitly set to true
33+
}
34+
35+
func handler4(w http.ResponseWriter, r *http.Request) {
36+
c := http.Cookie{
37+
Name: "session",
38+
Value: "secret",
39+
}
40+
c.HttpOnly = true
41+
http.SetCookie(w, &c) // GOOD: HttpOnly explicitly set to true
42+
}
43+
44+
func handler5(w http.ResponseWriter, r *http.Request) {
45+
c := http.Cookie{
46+
Name: "session", // $ Source
47+
Value: "secret",
48+
}
49+
c.HttpOnly = false
50+
http.SetCookie(w, &c) // $ Alert // BAD: HttpOnly explicitly set to false
51+
}
52+
53+
func handler6(w http.ResponseWriter, r *http.Request) {
54+
val := false
55+
c := http.Cookie{
56+
Name: "session", // $ Source
57+
Value: "secret",
58+
HttpOnly: val,
59+
}
60+
http.SetCookie(w, &c) // $ Alert // BAD: HttpOnly explicitly set to false
61+
}
62+
63+
func handler7(w http.ResponseWriter, r *http.Request) {
64+
val := true
65+
c := http.Cookie{
66+
Name: "session",
67+
Value: "secret",
68+
HttpOnly: val,
69+
}
70+
http.SetCookie(w, &c) // GOOD: HttpOnly explicitly set to true
71+
}
72+
73+
func handler8(w http.ResponseWriter, r *http.Request) {
74+
val := true
75+
c := http.Cookie{
76+
Name: "session",
77+
Value: "secret",
78+
}
79+
c.HttpOnly = val
80+
http.SetCookie(w, &c) // GOOD: HttpOnly explicitly set to true
81+
}
82+
83+
func handler9(w http.ResponseWriter, r *http.Request) {
84+
val := false
85+
c := http.Cookie{
86+
Name: "session", // $ Source
87+
Value: "secret",
88+
}
89+
c.HttpOnly = val
90+
http.SetCookie(w, &c) // $ Alert //BAD: HttpOnly explicitly set to false
91+
}
92+
93+
func handler10(w http.ResponseWriter, r *http.Request) {
94+
c := http.Cookie{
95+
Name: "consent",
96+
Value: "1",
97+
}
98+
c.HttpOnly = false
99+
http.SetCookie(w, &c) // GOOD: Name is not auth related
100+
}
101+
102+
func handler11(w http.ResponseWriter, r *http.Request) {
103+
name := "session" // $ Source
104+
c := http.Cookie{
105+
Name: name,
106+
Value: "secret",
107+
}
108+
c.HttpOnly = false
109+
http.SetCookie(w, &c) // $ Alert // BAD: auth related name
110+
}
111+
112+
func handler12(w http.ResponseWriter, r *http.Request) {
113+
session := "login_name" // $ Source
114+
c := http.Cookie{
115+
Name: session, // $ Source
116+
Value: "secret",
117+
}
118+
c.HttpOnly = false
119+
http.SetCookie(w, &c) // $ Alert // BAD: auth related name
120+
}
121+
122+
func main() {
123+
124+
router := gin.Default()
125+
126+
router.GET("/cookie", func(c *gin.Context) {
127+
128+
_, err := c.Cookie("session")
129+
130+
if err != nil {
131+
c.SetCookie("session", "test", 3600, "/", "localhost", false, false) // $ Alert // BAD: httpOnly set to false
132+
}
133+
})
134+
135+
router.Run()
136+
}

go/ql/test/query-tests/Security/CWE-1004/CookieWithoutHttpOnly.qlref

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
query: security/CWE-1004/CookieWithoutHttpOnly.ql
2+
postprocess: utils/test/InlineExpectationsTestQuery.ql

go/ql/test/query-tests/Security/CWE-1004/go.mod

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
module example.com/m
2+
3+
go 1.14
4+
5+
require (
6+
github.com/gin-gonic/gin v1.7.1
7+
github.com/gorilla/sessions v1.2.1
8+
)

go/ql/test/query-tests/Security/CWE-1004/vendor/github.com/gin-gonic/gin/LICENSE

Lines changed: 21 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

go/ql/test/query-tests/Security/CWE-1004/vendor/github.com/gin-gonic/gin/binding/stub.go

Lines changed: 12 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)