Skip to content

Commit 5d6e6be

Browse files
dellaliberadellalibera
committed
Add query-tests
1 parent 3e9142b commit 5d6e6be

File tree

7 files changed

+129
-0
lines changed

7 files changed

+129
-0
lines changed

javascript/ql/test/query-tests/Security/CWE-614/InsecureCookies.expected

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
| Cookie is added to response without the 'secure' flag being set to true (using cookie-session). | test_cookie-session.js:18:9:28:2 | session ... }\\n}) |
2+
| Cookie is added to response without the 'secure' flag being set to true (using express-session). | test_express-session.js:5:9:8:2 | session ... T OK\\n}) |
3+
| Cookie is added to response without the 'secure' flag being set to true (using express-session). | test_express-session.js:10:9:13:2 | session ... T OK\\n}) |
4+
| Cookie is added to response without the 'secure' flag being set to true (using express-session). | test_express-session.js:15:9:18:2 | session ... T OK\\n}) |
5+
| Cookie is added to response without the 'secure' flag being set to true (using express-session). | test_express-session.js:25:9:25:21 | session(sess) |
6+
| Cookie is added to response without the 'secure' flag being set to true (using js-cookie). | test_jscookie.js:2:1:2:48 | js_cook ... alse }) |
7+
| Cookie is added to response without the 'secure' flag being set to true (using response.cookie). | test_responseCookie.js:5:5:10:10 | res.coo ... }) |
8+
| Cookie is added to response without the 'secure' flag being set to true (using response.cookie). | test_responseCookie.js:20:5:20:40 | res.coo ... ptions) |
9+
| Cookie is added to response without the 'secure' flag being set to true (using set-cookie header). | test_httpserver.js:7:37:7:73 | ["type= ... cript"] |

javascript/ql/test/query-tests/Security/CWE-614/InsecureCookies.qlref

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
experimental/Security/CWE-614/InsecureCookie.ql

javascript/ql/test/query-tests/Security/CWE-614/test_cookie-session.js

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
const express = require('express')
2+
const app = express()
3+
const session = require('cookie-session')
4+
const expiryDate = new Date(Date.now() + 60 * 60 * 1000)
5+
6+
app.use(session({
7+
name: 'session',
8+
keys: ['key1', 'key2'],
9+
cookie: {
10+
secure: true, // OK
11+
httpOnly: true,
12+
domain: 'example.com',
13+
path: 'foo/bar',
14+
expires: expiryDate
15+
}
16+
}))
17+
18+
app.use(session({
19+
name: 'session',
20+
keys: ['key1', 'key2'],
21+
cookie: {
22+
secure: false, // NOT OK
23+
httpOnly: true,
24+
domain: 'example.com',
25+
path: 'foo/bar',
26+
expires: expiryDate
27+
}
28+
}))

javascript/ql/test/query-tests/Security/CWE-614/test_express-session.js

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
const express = require('express')
2+
const app = express()
3+
const session = require('express-session')
4+
5+
app.use(session({
6+
secret: 'secret',
7+
cookie: { secure: false } // NOT OK
8+
}))
9+
10+
app.use(session({
11+
secret: 'secret'
12+
// NOT OK
13+
}))
14+
15+
app.use(session({
16+
secret: 'secret',
17+
cookie: {} // NOT OK
18+
}))
19+
20+
const sess = {
21+
secret: 'secret',
22+
cookie: { secure: false } // NOT OK
23+
}
24+
25+
app.use(session(sess))
26+
27+
28+
app.set('trust proxy', 1)
29+
app.use(session({
30+
secret: 'secret',
31+
cookie: { secure: true } // OK
32+
}))
33+

javascript/ql/test/query-tests/Security/CWE-614/test_httpserver.js

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
const http = require('http');
2+
3+
function test1() {
4+
const server = http.createServer((req, res) => {
5+
res.setHeader('Content-Type', 'text/html');
6+
// NOT OK
7+
res.setHeader("Set-Cookie", ["type=ninja", "language=javascript"]);
8+
res.writeHead(200, { 'Content-Type': 'text/plain' });
9+
res.end('ok');
10+
});
11+
}
12+
13+
14+
function test2() {
15+
const server = http.createServer((req, res) => {
16+
res.setHeader('Content-Type', 'text/html');
17+
// OK
18+
res.setHeader("Set-Cookie", ["type=ninja; Secure", "language=javascript; secure"]);
19+
res.writeHead(200, { 'Content-Type': 'text/plain' });
20+
res.end('ok');
21+
});
22+
}

javascript/ql/test/query-tests/Security/CWE-614/test_jscookie.js

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
const js_cookie = require('js-cookie')
2+
js_cookie.set('key', 'value', { secure: false }); // NOT OK
3+
js_cookie.set('key', 'value', { secure: true }); // OK

javascript/ql/test/query-tests/Security/CWE-614/test_responseCookie.js

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
const express = require('express')
2+
const app = express()
3+
4+
app.get('/a', function (req, res, next) {
5+
res.cookie('name', 'value',
6+
{
7+
maxAge: 9000000000,
8+
httpOnly: true,
9+
secure: false // NOT OK
10+
});
11+
res.end('ok')
12+
})
13+
14+
app.get('/b', function (req, res, next) {
15+
let options = {
16+
maxAge: 9000000000,
17+
httpOnly: true,
18+
secure: false // NOT OK
19+
}
20+
res.cookie('name', 'value', options);
21+
res.end('ok')
22+
})
23+
24+
app.get('/c', function (req, res, next) {
25+
res.cookie('name', 'value',
26+
{
27+
maxAge: 9000000000,
28+
httpOnly: true,
29+
secure: true // OK
30+
});
31+
res.end('ok')
32+
})
33+

0 commit comments

Comments
 (0)