Python: Model CookieWrites from HeaderWrites #16696

joefarebrother · 2024-06-06T22:27:59Z

Part of https://github.com/github/codeql-python-team/issues/792 promoting #6360; as well as a follow-up to #16105

This PR defines new instances of the CookieWrite concept in terms of the HeaderWrite concept; as is done in experimental with the Cookie concept.

RasmusWL

The only two things I wanted to point out was fixed later on, so LGTM 👍

RasmusWL · 2024-07-11T13:02:35Z

python/ql/lib/semmle/python/Concepts.qll

+    {
+      CookieHeaderWrite() {
+        exists(StringLiteral str |
+          str.getText() = "Set-Cookie" and


~~should this be case sensitive?~~ I see this was fixed later

RasmusWL · 2024-07-11T13:12:04Z

python/ql/lib/semmle/python/Concepts.qll

+      override DataFlow::Node getNameArg() {
+        result = this.(Http::Server::ResponseHeaderWrite).getValueArg()
+      }


~~When getHeaderArg is implemented, I would expect both name+value to be none().~~ I see this was fixed later.

github-actions bot added the Python label Jun 6, 2024

joefarebrother added 10 commits June 24, 2024 17:26

Move Header Write derrived concepts to Concepts

b71ba7c

Add cookie header write concept from experimental.

d11f58f

Update concept tests for header writes

6b8080a

Update tests for new cookie write from headers

a0201e9

Change fastapi raw cookie header models to header write models

7704801

Add django header writes

5ced5c0

Add additional fastapi mheader write models

79c0ed6

Add additional header write models for aiohttp and tornado + added qldoc

c404f00

Update tests for restframework

d0f735a

Add change note

0901b3d

joefarebrother force-pushed the python-cookie-write-headers branch from 8a1998e to 0901b3d Compare June 24, 2024 20:43

github-actions bot added the documentation label Jun 24, 2024

joefarebrother marked this pull request as ready for review June 24, 2024 21:21

joefarebrother requested a review from a team as a code owner June 24, 2024 21:21

joefarebrother changed the title ~~[Draft] Python: Model CookieWrites from HeaderWrites~~ Python: Model CookieWrites from HeaderWrites Jun 24, 2024

joefarebrother added 2 commits June 26, 2024 09:21

Fix tornado model of httheaders.add.

6538d22

Add django header write models for direct subscript write

b81d41b

This was referenced Jul 2, 2024

Python: Promote cookie injection query from experimental #16893

Merged

Python: Promote the insecure cookie query from experimental #16933

Merged

RasmusWL approved these changes Jul 11, 2024

View reviewed changes

joefarebrother merged commit 8152ec7 into github:main Jul 11, 2024
13 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Python: Model CookieWrites from HeaderWrites #16696

Python: Model CookieWrites from HeaderWrites #16696

joefarebrother commented Jun 6, 2024

RasmusWL left a comment

RasmusWL Jul 11, 2024

RasmusWL Jul 11, 2024

Python: Model CookieWrites from HeaderWrites #16696

Python: Model CookieWrites from HeaderWrites #16696

Conversation

joefarebrother commented Jun 6, 2024

RasmusWL left a comment

Choose a reason for hiding this comment

RasmusWL Jul 11, 2024

Choose a reason for hiding this comment

RasmusWL Jul 11, 2024

Choose a reason for hiding this comment