Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll

dellalibera · esbena · web-flow · commit ab20beba565c · 2020-08-16T14:32:51.000+02:00
Co-authored-by: Esben Sparre Andreasen &lt;esbena@github.com&gt;
diff --git a/javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll b/javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll
@@ -115,8 +115,8 @@ module InsecureCookie {
       result.asExpr() = this.asExpr().(ArrayExpr).getAnElement()
     }
 
-    // A cookie is insecure if the 'secure' flag is not specified in the cookie definition.
     override predicate isInsecure() {
+        // A cookie is insecure if the 'secure' flag is not specified in the cookie definition.
       not exists(string s |
         getCookieOptionsArgument().mayHaveStringValue(s) and
         s.matches("%; secure%")

Original file line number	Diff line number	Diff line change
`@@ -115,8 +115,8 @@ module InsecureCookie {`
`115`	`115`	`result.asExpr() = this.asExpr().(ArrayExpr).getAnElement()`
`116`	`116`	`}`
`117`	`117`
`118`		`- // A cookie is insecure if the 'secure' flag is not specified in the cookie definition.`
`119`	`118`	`override predicate isInsecure() {`
	`119`	`+ // A cookie is insecure if the 'secure' flag is not specified in the cookie definition.`
`120`	`120`	`not exists(string s \|`
`121`	`121`	`getCookieOptionsArgument().mayHaveStringValue(s) and`
`122`	`122`	`s.matches("%; secure%")`