Update formatting

Author: joefarebrother

go/ql/src/Security/CWE-1004/examples/CookieWithoutHttpOnly.go

@@ -6,8 +6,8 @@ import (
 
 func handlerBad(w http.ResponseWriter, r *http.Request) {
 	c := http.Cookie{
-		Name:     "session",
-		Value:    "secret",
+		Name:  "session",
+		Value: "secret",
 	}
 	http.SetCookie(w, &c) // BAD: The HttpOnly flag is set to false by default.
 }
@@ -19,4 +19,4 @@ func handlerGood(w http.ResponseWriter, r *http.Request) {
 		HttpOnly: true,
 	}
 	http.SetCookie(w, &c) // GOOD: The HttpOnly flag is set to true.
-}
+}

go/ql/src/Security/CWE-614/examples/CookieWithoutSecure.go

@@ -6,17 +6,17 @@ import (
 
 func handlerBad(w http.ResponseWriter, r *http.Request) {
 	c := http.Cookie{
-		Name:     "session",
-		Value:    "secret",
+		Name:  "session",
+		Value: "secret",
 	}
 	http.SetCookie(w, &c) // BAD: The Secure flag is set to false by default.
 }
 
 func handlerGood(w http.ResponseWriter, r *http.Request) {
 	c := http.Cookie{
-		Name:     "session",
-		Value:    "secret",
+		Name:   "session",
+		Value:  "secret",
 		Secure: true,
 	}
 	http.SetCookie(w, &c) // GOOD: The Secure flag is set to true.
-}
+}

go/ql/test/query-tests/Security/CWE-1004/CookieWithoutHttpOnly.go

@@ -25,7 +25,7 @@ func handler2(w http.ResponseWriter, r *http.Request) {
 
 func handler3(w http.ResponseWriter, r *http.Request) {
 	c := http.Cookie{
-		Name:     "session", 
+		Name:     "session",
 		Value:    "secret",
 		HttpOnly: true,
 	}
@@ -63,7 +63,7 @@ func handler6(w http.ResponseWriter, r *http.Request) {
 func handler7(w http.ResponseWriter, r *http.Request) {
 	val := true
 	c := http.Cookie{
-		Name:     "session", 
+		Name:     "session",
 		Value:    "secret",
 		HttpOnly: val,
 	}
@@ -125,7 +125,7 @@ func main() {
 
 	router.GET("/cookie", func(c *gin.Context) {
 
-		_, err := c.Cookie("session") 
+		_, err := c.Cookie("session")
 
 		if err != nil {
 			c.SetCookie("session", "test", 3600, "/", "localhost", false, false) // $ Alert // BAD: httpOnly set to false

go/ql/test/query-tests/Security/CWE-614/CookieWithoutSecure.go

@@ -16,17 +16,17 @@ func handler1(w http.ResponseWriter, r *http.Request) {
 
 func handler2(w http.ResponseWriter, r *http.Request) {
 	c := http.Cookie{
-		Name:     "session", // $ Source
-		Value:    "secret",
+		Name:   "session", // $ Source
+		Value:  "secret",
 		Secure: false,
 	}
 	http.SetCookie(w, &c) // $ Alert // BAD: Secure explicitly set to false
 }
 
 func handler3(w http.ResponseWriter, r *http.Request) {
 	c := http.Cookie{
-		Name:     "session", 
-		Value:    "secret",
+		Name:   "session",
+		Value:  "secret",
 		Secure: true,
 	}
 	http.SetCookie(w, &c) // GOOD: Secure explicitly set to true
@@ -53,8 +53,8 @@ func handler5(w http.ResponseWriter, r *http.Request) {
 func handler6(w http.ResponseWriter, r *http.Request) {
 	val := false
 	c := http.Cookie{
-		Name:     "session", // $ Source
-		Value:    "secret",
+		Name:   "session", // $ Source
+		Value:  "secret",
 		Secure: val,
 	}
 	http.SetCookie(w, &c) // $ Alert // BAD: Secure explicitly set to false
@@ -63,8 +63,8 @@ func handler6(w http.ResponseWriter, r *http.Request) {
 func handler7(w http.ResponseWriter, r *http.Request) {
 	val := true
 	c := http.Cookie{
-		Name:     "session", 
-		Value:    "secret",
+		Name:   "session",
+		Value:  "secret",
 		Secure: val,
 	}
 	http.SetCookie(w, &c) // GOOD: Secure explicitly set to true
@@ -96,7 +96,7 @@ func main() {
 
 	router.GET("/cookie", func(c *gin.Context) {
 
-		_, err := c.Cookie("session") 
+		_, err := c.Cookie("session")
 
 		if err != nil {
 			c.SetCookie("session", "test", 3600, "/", "localhost", false, false) // $ Alert // BAD: Secure set to false