@@ -109,6 +109,23 @@ private string getCookieValue(string s, string attribute) {
109109 result = s .regexpCapture ( "(?i).*;\\s*" + attribute + "=(\\w+)\\b\\s*;?.*$" , 1 )
110110}
111111
112+ /**
113+ * Gets the "SameSite" value for a given `node`.
114+ * Converts boolean values to the corresponding string value.
115+ *
116+ * Not all libraries support boolean values for the `SameSite` attribute,
117+ * but here we assume that they do.
118+ */
119+ private string getSameSiteValue ( DataFlow:: Node node ) {
120+ node .mayHaveStringValue ( result )
121+ or
122+ node .mayHaveBooleanValue ( true ) and
123+ result = "Strict"
124+ or
125+ node .mayHaveBooleanValue ( false ) and
126+ result = "Lax"
127+ }
128+
112129/**
113130 * A model of the `js-cookie` library (https://github.com/js-cookie/js-cookie).
114131 */
@@ -150,7 +167,7 @@ private module JsCookie {
150167 override predicate isSensitive ( ) { canHaveSensitiveCookie ( this .getArgument ( 0 ) ) }
151168
152169 override string getSameSite ( ) {
153- this .getOptionArgument ( 2 , "sameSite" ) . mayHaveStringValue ( result )
170+ result = getSameSiteValue ( this .getOptionArgument ( 2 , "sameSite" ) )
154171 }
155172 }
156173}
@@ -195,7 +212,7 @@ private module BrowserCookies {
195212 override predicate isSensitive ( ) { canHaveSensitiveCookie ( this .getArgument ( 0 ) ) }
196213
197214 override string getSameSite ( ) {
198- this .getOptionArgument ( 2 , "samesite" ) . mayHaveStringValue ( result )
215+ result = getSameSiteValue ( this .getOptionArgument ( 2 , "samesite" ) )
199216 or
200217 // or, an explicit default has been set
201218 DataFlow:: moduleMember ( "browser-cookies" , "defaults" )
@@ -242,10 +259,7 @@ private module LibCookie {
242259 override predicate isSensitive ( ) { canHaveSensitiveCookie ( this .getArgument ( 0 ) ) }
243260
244261 override string getSameSite ( ) {
245- this .getOptionArgument ( 2 , "sameSite" ) .mayHaveStringValue ( result )
246- or
247- this .getOptionArgument ( 2 , "sameSite" ) .mayHaveBooleanValue ( true ) and
248- result = "Strict"
262+ result = getSameSiteValue ( this .getOptionArgument ( 2 , "sameSite" ) )
249263 }
250264 }
251265}
@@ -280,10 +294,7 @@ private module ExpressCookies {
280294 }
281295
282296 override string getSameSite ( ) {
283- this .getOptionArgument ( 2 , "sameSite" ) .mayHaveStringValue ( result )
284- or
285- this .getOptionArgument ( 2 , "sameSite" ) .mayHaveBooleanValue ( true ) and
286- result = "Strict"
297+ result = getSameSiteValue ( this .getOptionArgument ( 2 , "sameSite" ) )
287298 }
288299 }
289300
@@ -312,12 +323,7 @@ private module ExpressCookies {
312323 not this .getCookieFlagValue ( CookieWrites:: httpOnly ( ) ) .mayHaveBooleanValue ( false )
313324 }
314325
315- override string getSameSite ( ) {
316- this .getCookieFlagValue ( "sameSite" ) .mayHaveStringValue ( result )
317- or
318- this .getCookieFlagValue ( "sameSite" ) .mayHaveBooleanValue ( true ) and
319- result = "Strict"
320- }
326+ override string getSameSite ( ) { result = getSameSiteValue ( this .getCookieFlagValue ( "sameSite" ) ) }
321327 }
322328
323329 /**
@@ -348,12 +354,7 @@ private module ExpressCookies {
348354 not this .getCookieFlagValue ( CookieWrites:: httpOnly ( ) ) .mayHaveBooleanValue ( false )
349355 }
350356
351- override string getSameSite ( ) {
352- this .getCookieFlagValue ( "sameSite" ) .mayHaveStringValue ( result )
353- or
354- this .getCookieFlagValue ( "sameSite" ) .mayHaveBooleanValue ( true ) and
355- result = "Strict"
356- }
357+ override string getSameSite ( ) { result = getSameSiteValue ( this .getCookieFlagValue ( "sameSite" ) ) }
357358 }
358359}
359360
0 commit comments