Skip to content

Commit c9a559a

Browse files
joefarebrotherjoefarebrother
committed
Restrict Append calls to string arguments
1 parent b813c13 commit c9a559a

File tree

2 files changed

+4
-2
lines changed

2 files changed

+4
-2
lines changed

csharp/ql/src/Security Features/CWE-1004/CookieWithoutHttpOnly.ql

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -82,7 +82,8 @@ predicate nonHttpOnlyCookieCall(Call c) {
8282
or
8383
// IResponseCookies.Append(String, String) was called, `HttpOnly` is set to `false` by default
8484
mc = c and
85-
mc.getNumberOfArguments() < 3
85+
mc.getNumberOfArguments() < 3 and
86+
mc.getTarget().getParameter(0).getType() instanceof StringType
8687
)
8788
)
8889
or

csharp/ql/src/Security Features/CWE-614/CookieWithoutSecure.ql

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,8 @@ predicate insecureCookieAppend(Expr sink) {
5757
exists(MethodCall mc, MicrosoftAspNetCoreHttpResponseCookies iResponse |
5858
mc = sink and
5959
iResponse.getAppendMethod() = mc.getTarget() and
60-
mc.getNumberOfArguments() < 3
60+
mc.getNumberOfArguments() < 3 and
61+
mc.getTarget().getParameter(0).getType() instanceof StringType
6162
)
6263
}
6364

0 commit comments

Comments
 (0)