Skip to content

Commit c7b16a0

Browse files
joefarebrotherjoefarebrother
committed
Address reviews - update comments, remove unneeded stubs
1 parent c6110ed commit c7b16a0

File tree

7 files changed

+6
-162
lines changed

7 files changed

+6
-162
lines changed

go/ql/lib/semmle/go/concepts/HTTP.qll

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -427,10 +427,10 @@ module Http {
427427
/** Provides a class for modeling the new APIs for writes to options of an HTTP cookie. */
428428
module CookieOptionWrite {
429429
/**
430-
* A write to an HTTP cookie object.
430+
* A write to an option of an HTTP cookie object.
431431
*
432432
* Extend this class to model new APIs. If you want to refine existing API models,
433-
* extend `HTTP::CookieOptions` instead.
433+
* extend `HTTP::CookieOptionWrite` instead.
434434
*/
435435
abstract class Range extends DataFlow::Node {
436436
/** Gets the node representing the cookie object for the options being set. */
@@ -451,10 +451,10 @@ module Http {
451451
}
452452

453453
/**
454-
* A write to an HTTP cookie object.
454+
* A write to an option of an HTTP cookie object.
455455
*
456456
* Extend this class to refine existing API models. If you want to model new APIs,
457-
* extend `HTTP::CookieOptions::Range` instead.
457+
* extend `HTTP::CookieOptionWrite::Range` instead.
458458
*/
459459
class CookieOptionWrite extends DataFlow::Node instanceof CookieOptionWrite::Range {
460460
/** Gets the node representing the cookie object for the options being set. */

go/ql/lib/semmle/go/security/CookieWithoutHttpOnly.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ module BooleanCookieHttpOnlyFlow = TaintTracking::Global<BooleanCookieHttpOnlyCo
4848

4949
/** Holds if `cw` has the `HttpOnly` attribute left at its default value of `false`. */
5050
predicate isNonHttpOnlyDefault(Http::CookieWrite cw) {
51-
not BooleanCookieHttpOnlyFlow::flow(_, cw.getHttpOnly())
51+
not BooleanCookieHttpOnlyFlow::flowTo(cw.getHttpOnly())
5252
}
5353

5454
/** Holds if `cw` has the `HttpOnly` attribute explicitly set to `false`, from the expression `boolFalse`. */

go/ql/lib/semmle/go/security/CookieWithoutSecure.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ module BooleanCookieSecureFlow = TaintTracking::Global<BooleanCookieSecureConfig
2121

2222
/** Holds if `cw` has the `Secure` attribute left at its default value of `false`. */
2323
predicate isInsecureDefault(Http::CookieWrite cw) {
24-
not BooleanCookieSecureFlow::flow(_, cw.getSecure())
24+
not BooleanCookieSecureFlow::flowTo(cw.getSecure())
2525
}
2626

2727
/** Holds if `cw` has the `Secure` attribute explicitly set to `false`, from the expression `boolFalse`. */

go/ql/test/query-tests/Security/CWE-1004/vendor/github.com/gorilla/sessions/stub.go

Lines changed: 0 additions & 75 deletions
This file was deleted.

go/ql/test/query-tests/Security/CWE-1004/vendor/modules.txt

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,3 @@
11
# github.com/gin-gonic/gin v1.7.1
22
## explicit
33
github.com/gin-gonic/gin
4-
# github.com/gorilla/sessions v1.2.1
5-
## explicit
6-
github.com/gorilla/sessions

go/ql/test/query-tests/Security/CWE-614/vendor/github.com/gorilla/sessions/stub.go

Lines changed: 0 additions & 75 deletions
This file was deleted.

go/ql/test/query-tests/Security/CWE-614/vendor/modules.txt

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,3 @@
11
# github.com/gin-gonic/gin v1.7.1
22
## explicit
33
github.com/gin-gonic/gin
4-
# github.com/gorilla/sessions v1.2.1
5-
## explicit
6-
github.com/gorilla/sessions

0 commit comments

Comments
 (0)