codeql/python/ql/src/experimental/Security/CWE-614/InsecureCookie.ql at 226e4eb8a5c47d1f4845f6e78a84b8e564cb9bef · github/codeql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
/**
 * @name Failure to use secure cookies
 * @description Insecure cookies may be sent in cleartext, which makes them vulnerable to
 *              interception.
 * @kind problem
 * @problem.severity error
 * @security-severity 5.0
 * @precision ???
 * @id py/insecure-cookie
 * @tags security
 *       experimental
 *       external/cwe/cwe-614
 */

// TODO: determine precision above
import python
import semmle.python.dataflow.new.DataFlow
import experimental.semmle.python.Concepts
import semmle.python.Concepts

from Http::Server::CookieWrite cookie, string alert
where
  cookie.hasSecureFlag(false) and
  alert = "secure"
  or
  cookie.hasHttpOnlyFlag(false) and
  alert = "httponly"
  or
  cookie.hasSameSiteAttribute(any(Http::Server::CookieWrite::SameSiteNone v)) and
  alert = "samesite"
select cookie, "Cookie is added without the '" + alert + "' flag properly set."