Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll

dellalibera · esbena · web-flow · commit 1ba39e4130e6 · 2020-08-16T14:34:19.000+02:00
Co-authored-by: Esben Sparre Andreasen &lt;esbena@github.com&gt;
diff --git a/javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll b/javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll
@@ -146,10 +146,7 @@ module InsecureCookie {
 
     override predicate isInsecure() {
         // A cookie is insecure if there are not cookie options with the `secure` flag set to `true`.
-      not exists(DataFlow::SourceNode cookieOptions |
-        cookieOptions = this.getCookieOptionsArgument() and
-        getCookieFlagValue(flag()).mayHaveBooleanValue(true)
-      )
+      not getCookieFlagValue(flag()).mayHaveBooleanValue(true)
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -146,10 +146,7 @@ module InsecureCookie {`
`146`	`146`
`147`	`147`	`override predicate isInsecure() {`
`148`	`148`	// A cookie is insecure if there are not cookie options with the `secure` flag set to `true`.
`149`		`- not exists(DataFlow::SourceNode cookieOptions \|`
`150`		`- cookieOptions = this.getCookieOptionsArgument() and`
`151`		`- getCookieFlagValue(flag()).mayHaveBooleanValue(true)`
`152`		`- )`
	`149`	`+ not getCookieFlagValue(flag()).mayHaveBooleanValue(true)`
`153`	`150`	`}`
`154`	`151`	`}`
`155`	`152`	`}`