CodeQL library for Go
codeql/go-all 6.0.1-dev (changelog, source)
Index
Search

Module CookieWithoutHttpOnly

Provides classes and predicates for identifying HTTP cookies without the HttpOnly attribute.

Import path

import semmle.go.security.CookieWithoutHttpOnly

Imports

DataFlow

Provides a library for local (intra-procedural) and global (inter-procedural) data flow analysis: deciding whether data can flow from a source to a sink.

HTTP

Provides classes for working with HTTP-related concepts such as requests and responses.

go

Provides classes for working with Go programs.

Predicates

isNonHttpOnlyCookie

Holds if cw has the HttpOnly attribute set to false, either explicitly or by default.

isNonHttpOnlyDefault

Holds if cw has the HttpOnly attribute left at its default value of false.

isNonHttpOnlyDirect

Holds if cw has the HttpOnly attribute explicitly set to false, from the expression boolFalse.

isSensitiveCookie

Holds if cw has the sensitive name name, from the expression nameExpr. source and sink represent the data flow path from the sensitive name expression to the cookie write.

Aliases

BooleanCookieHttpOnlyFlow

Tracks flow from boolean expressions to the HttpOnly attribute of HTTP cookie writes.

SensitiveCookieNameFlow

Tracks flow from sensitive names to HTTP cookie writes.