Module CookieWithoutSecure

Provides classes and predicates for identifying HTTP cookies without the Secure attribute.

Import path

import semmle.go.security.CookieWithoutSecure

DataFlow	Provides a library for local (intra-procedural) and global (inter-procedural) data flow analysis: deciding whether data can flow from a source to a sink.
HTTP	Provides classes for working with HTTP-related concepts such as requests and responses.
go	Provides classes for working with Go programs.

isInsecureCookie	Holds if `cw` has the `Secure` attribute set to `false`, either explicitly or by default.
isInsecureDefault	Holds if `cw` has the `Secure` attribute left at its default value of `false`.
isInsecureDirect	Holds if `cw` has the `Secure` attribute explicitly set to `false`, from the expression `boolFalse`.

Tracks flow from boolean expressions to the Secure attribute of HTTP cookie writes.