Python: Fix select of py/insecure-cookie

RasmusWL · RasmusWL · commit cff950f5f73a · 2022-05-11T14:06:30.000+02:00
diff --git a/python/ql/src/experimental/Security/CWE-614/InsecureCookie.ql b/python/ql/src/experimental/Security/CWE-614/InsecureCookie.ql
@@ -27,4 +27,4 @@ where
   or
   not cookie.isSameSite() and
   alert = "samesite"
-select cookie, "Cookie is added without the ", alert, " flag properly set."
+select cookie, "Cookie is added without the '" + alert + "' flag properly set."
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-614/InsecureCookie.expected b/python/ql/test/experimental/query-tests/Security/CWE-614/InsecureCookie.expected
@@ -1,30 +1,30 @@
-| django_bad.py:6:5:7:52 | ControlFlowNode for Attribute() | Cookie is added without the  | httponly |  flag properly set. |
-| django_bad.py:6:5:7:52 | ControlFlowNode for Attribute() | Cookie is added without the  | samesite |  flag properly set. |
-| django_bad.py:6:5:7:52 | ControlFlowNode for Attribute() | Cookie is added without the  | secure |  flag properly set. |
-| django_bad.py:13:5:13:26 | ControlFlowNode for Subscript | Cookie is added without the  | httponly |  flag properly set. |
-| django_bad.py:13:5:13:26 | ControlFlowNode for Subscript | Cookie is added without the  | samesite |  flag properly set. |
-| django_bad.py:13:5:13:26 | ControlFlowNode for Subscript | Cookie is added without the  | secure |  flag properly set. |
-| django_bad.py:19:5:21:66 | ControlFlowNode for Attribute() | Cookie is added without the  | httponly |  flag properly set. |
-| django_bad.py:19:5:21:66 | ControlFlowNode for Attribute() | Cookie is added without the  | samesite |  flag properly set. |
-| django_bad.py:19:5:21:66 | ControlFlowNode for Attribute() | Cookie is added without the  | secure |  flag properly set. |
-| django_bad.py:27:5:27:26 | ControlFlowNode for Subscript | Cookie is added without the  | httponly |  flag properly set. |
-| django_bad.py:27:5:27:26 | ControlFlowNode for Subscript | Cookie is added without the  | samesite |  flag properly set. |
-| django_bad.py:27:5:27:26 | ControlFlowNode for Subscript | Cookie is added without the  | secure |  flag properly set. |
-| django_good.py:19:5:19:44 | ControlFlowNode for Attribute() | Cookie is added without the  | httponly |  flag properly set. |
-| django_good.py:19:5:19:44 | ControlFlowNode for Attribute() | Cookie is added without the  | samesite |  flag properly set. |
-| django_good.py:19:5:19:44 | ControlFlowNode for Attribute() | Cookie is added without the  | secure |  flag properly set. |
-| flask_bad.py:9:5:10:52 | ControlFlowNode for Attribute() | Cookie is added without the  | httponly |  flag properly set. |
-| flask_bad.py:9:5:10:52 | ControlFlowNode for Attribute() | Cookie is added without the  | samesite |  flag properly set. |
-| flask_bad.py:9:5:10:52 | ControlFlowNode for Attribute() | Cookie is added without the  | secure |  flag properly set. |
-| flask_bad.py:17:5:17:30 | ControlFlowNode for Subscript | Cookie is added without the  | httponly |  flag properly set. |
-| flask_bad.py:17:5:17:30 | ControlFlowNode for Subscript | Cookie is added without the  | samesite |  flag properly set. |
-| flask_bad.py:17:5:17:30 | ControlFlowNode for Subscript | Cookie is added without the  | secure |  flag properly set. |
-| flask_bad.py:24:5:25:52 | ControlFlowNode for Attribute() | Cookie is added without the  | httponly |  flag properly set. |
-| flask_bad.py:24:5:25:52 | ControlFlowNode for Attribute() | Cookie is added without the  | samesite |  flag properly set. |
-| flask_bad.py:24:5:25:52 | ControlFlowNode for Attribute() | Cookie is added without the  | secure |  flag properly set. |
-| flask_bad.py:32:5:32:30 | ControlFlowNode for Subscript | Cookie is added without the  | httponly |  flag properly set. |
-| flask_bad.py:32:5:32:30 | ControlFlowNode for Subscript | Cookie is added without the  | samesite |  flag properly set. |
-| flask_bad.py:32:5:32:30 | ControlFlowNode for Subscript | Cookie is added without the  | secure |  flag properly set. |
-| flask_good.py:23:5:23:57 | ControlFlowNode for Attribute() | Cookie is added without the  | httponly |  flag properly set. |
-| flask_good.py:23:5:23:57 | ControlFlowNode for Attribute() | Cookie is added without the  | samesite |  flag properly set. |
-| flask_good.py:23:5:23:57 | ControlFlowNode for Attribute() | Cookie is added without the  | secure |  flag properly set. |
+| django_bad.py:6:5:7:52 | ControlFlowNode for Attribute() | Cookie is added without the 'httponly' flag properly set. |
+| django_bad.py:6:5:7:52 | ControlFlowNode for Attribute() | Cookie is added without the 'samesite' flag properly set. |
+| django_bad.py:6:5:7:52 | ControlFlowNode for Attribute() | Cookie is added without the 'secure' flag properly set. |
+| django_bad.py:13:5:13:26 | ControlFlowNode for Subscript | Cookie is added without the 'httponly' flag properly set. |
+| django_bad.py:13:5:13:26 | ControlFlowNode for Subscript | Cookie is added without the 'samesite' flag properly set. |
+| django_bad.py:13:5:13:26 | ControlFlowNode for Subscript | Cookie is added without the 'secure' flag properly set. |
+| django_bad.py:19:5:21:66 | ControlFlowNode for Attribute() | Cookie is added without the 'httponly' flag properly set. |
+| django_bad.py:19:5:21:66 | ControlFlowNode for Attribute() | Cookie is added without the 'samesite' flag properly set. |
+| django_bad.py:19:5:21:66 | ControlFlowNode for Attribute() | Cookie is added without the 'secure' flag properly set. |
+| django_bad.py:27:5:27:26 | ControlFlowNode for Subscript | Cookie is added without the 'httponly' flag properly set. |
+| django_bad.py:27:5:27:26 | ControlFlowNode for Subscript | Cookie is added without the 'samesite' flag properly set. |
+| django_bad.py:27:5:27:26 | ControlFlowNode for Subscript | Cookie is added without the 'secure' flag properly set. |
+| django_good.py:19:5:19:44 | ControlFlowNode for Attribute() | Cookie is added without the 'httponly' flag properly set. |
+| django_good.py:19:5:19:44 | ControlFlowNode for Attribute() | Cookie is added without the 'samesite' flag properly set. |
+| django_good.py:19:5:19:44 | ControlFlowNode for Attribute() | Cookie is added without the 'secure' flag properly set. |
+| flask_bad.py:9:5:10:52 | ControlFlowNode for Attribute() | Cookie is added without the 'httponly' flag properly set. |
+| flask_bad.py:9:5:10:52 | ControlFlowNode for Attribute() | Cookie is added without the 'samesite' flag properly set. |
+| flask_bad.py:9:5:10:52 | ControlFlowNode for Attribute() | Cookie is added without the 'secure' flag properly set. |
+| flask_bad.py:17:5:17:30 | ControlFlowNode for Subscript | Cookie is added without the 'httponly' flag properly set. |
+| flask_bad.py:17:5:17:30 | ControlFlowNode for Subscript | Cookie is added without the 'samesite' flag properly set. |
+| flask_bad.py:17:5:17:30 | ControlFlowNode for Subscript | Cookie is added without the 'secure' flag properly set. |
+| flask_bad.py:24:5:25:52 | ControlFlowNode for Attribute() | Cookie is added without the 'httponly' flag properly set. |
+| flask_bad.py:24:5:25:52 | ControlFlowNode for Attribute() | Cookie is added without the 'samesite' flag properly set. |
+| flask_bad.py:24:5:25:52 | ControlFlowNode for Attribute() | Cookie is added without the 'secure' flag properly set. |
+| flask_bad.py:32:5:32:30 | ControlFlowNode for Subscript | Cookie is added without the 'httponly' flag properly set. |
+| flask_bad.py:32:5:32:30 | ControlFlowNode for Subscript | Cookie is added without the 'samesite' flag properly set. |
+| flask_bad.py:32:5:32:30 | ControlFlowNode for Subscript | Cookie is added without the 'secure' flag properly set. |
+| flask_good.py:23:5:23:57 | ControlFlowNode for Attribute() | Cookie is added without the 'httponly' flag properly set. |
+| flask_good.py:23:5:23:57 | ControlFlowNode for Attribute() | Cookie is added without the 'samesite' flag properly set. |
+| flask_good.py:23:5:23:57 | ControlFlowNode for Attribute() | Cookie is added without the 'secure' flag properly set. |
