Change flag predicates to boolean parameters rather than boolean results

Author: joefarebrother

python/ql/lib/semmle/python/Concepts.qll

@@ -1205,19 +1205,19 @@ module Http {
       DataFlow::Node getValueArg() { result = super.getValueArg() }
 
       /**
-       * Gets the value of the `Secure` flag of the cookie, if known.
+       * Holds if the `Secure` flag of the cookie is known to have a value of `b`.
        */
-      boolean getSecureFlag() { result = super.getSecureFlag() }
+      predicate hasSecureFlag(boolean b) { super.hasSecureFlag(b) }
 
       /**
-       * Gets the value of the `HttpOnly` flag of the cookie, if known
+       * Holds if the `HttpOnly` flag of the cookie is known to have a value of `b`.
        */
-      boolean getHttpOnlyFlag() { result = super.getHttpOnlyFlag() }
+      predicate hasHttpOnlyFlag(boolean b) { super.hasHttpOnlyFlag(b) }
 
       /**
-       * Gets the value of the `SameSite` flag of the cookie, if known.
+       * Holds if the `SameSite` flag of the cookie is known to have a value of `b`.
        */
-      boolean getSameSiteFlag() { result = super.getSameSiteFlag() }
+      predicate hasSameSiteFlag(boolean b) { super.hasSameSiteFlag(b) }
     }
 
     /** Provides a class for modeling new cookie writes on HTTP responses. */
@@ -1248,19 +1248,19 @@ module Http {
         abstract DataFlow::Node getValueArg();
 
         /**
-         * Gets the value of the `Secure` flag of the cookie, if known.
+         * Holds if the `Secure` flag of the cookie is known to have a value of `b`.
          */
-        boolean getSecureFlag() { none() }
+        predicate hasSecureFlag(boolean b) { none() }
 
         /**
-         * Gets the value of the `HttpOnly` flag of the cookie, if known
+         * Holds if the `HttpOnly` flag of the cookie is known to have a value of `b`.
          */
-        boolean getHttpOnlyFlag() { none() }
+        predicate hasHttpOnlyFlag(boolean b) { none() }
 
         /**
-         * Gets the value of the `SameSite` flag of the cookie, if known.
+         * Holds if the `SameSite` flag of the cookie is known to have a value of `b`.
          */
-        boolean getSameSiteFlag() { none() }
+        predicate hasSameSiteFlag(boolean b) { none() }
       }
     }
 

python/ql/src/experimental/Security/CWE-614/InsecureCookie.ql

@@ -21,12 +21,12 @@ import experimental.semmle.python.CookieHeader
 
 from Http::Server::CookieWrite cookie, string alert
 where
-  cookie.getSecureFlag() = false and
+  cookie.hasSecureFlag(false) and
   alert = "secure"
   or
-  cookie.getHttpOnlyFlag() = false and
+  cookie.hasHttpOnlyFlag(false) and
   alert = "httponly"
   or
-  cookie.getSameSiteFlag() = false and
+  cookie.hasSameSiteFlag(false) and
   alert = "samesite"
 select cookie, "Cookie is added without the '" + alert + "' flag properly set."

python/ql/src/experimental/semmle/python/CookieHeader.qll

@@ -38,40 +38,40 @@ class CookieHeader extends Http::Server::CookieWrite::Range instanceof Http::Ser
     )
   }
 
-  override boolean getSecureFlag() {
+  override predicate hasSecureFlag(boolean b) {
     if
       exists(StringLiteral str |
         str.getText().regexpMatch(".*; *Secure;.*") and
         DataFlow::exprNode(str)
             .(DataFlow::LocalSourceNode)
             .flowsTo(this.(Http::Server::ResponseHeaderWrite).getValueArg())
       )
-    then result = true
-    else result = false
+    then b = true
+    else b = false
   }
 
-  override boolean getHttpOnlyFlag() {
+  override predicate hasHttpOnlyFlag(boolean b) {
     if
       exists(StringLiteral str |
         str.getText().regexpMatch(".*; *HttpOnly;.*") and
         DataFlow::exprNode(str)
             .(DataFlow::LocalSourceNode)
             .flowsTo(this.(Http::Server::ResponseHeaderWrite).getValueArg())
       )
-    then result = true
-    else result = false
+    then b = true
+    else b = false
   }
 
-  override boolean getSameSiteFlag() {
+  override predicate hasSameSiteFlag(boolean b) {
     if
       exists(StringLiteral str |
         str.getText().regexpMatch(".*; *SameSite=(Strict|Lax);.*") and
         DataFlow::exprNode(str)
             .(DataFlow::LocalSourceNode)
             .flowsTo(this.(Http::Server::ResponseHeaderWrite).getValueArg())
       )
-    then result = true
-    else result = false
+    then b = true
+    else b = false
   }
 
   override DataFlow::Node getNameArg() {

python/ql/src/experimental/semmle/python/frameworks/Django.qll

@@ -123,34 +123,34 @@ private module ExperimentalPrivateDjango {
               result in [this.getArg(1), this.getArgByName("value")]
             }
 
-            override boolean getSecureFlag() {
+            override predicate hasSecureFlag(boolean b) {
               if
                 DataFlow::exprNode(any(True t))
                     .(DataFlow::LocalSourceNode)
                     .flowsTo(this.(DataFlow::CallCfgNode).getArgByName("secure"))
-              then result = true
-              else result = false
+              then b = true
+              else b = false
             }
 
-            override boolean getHttpOnlyFlag() {
+            override predicate hasHttpOnlyFlag(boolean b) {
               if
                 DataFlow::exprNode(any(True t))
                     .(DataFlow::LocalSourceNode)
                     .flowsTo(this.(DataFlow::CallCfgNode).getArgByName("httponly"))
-              then result = true
-              else result = false
+              then b = true
+              else b = false
             }
 
-            override boolean getSameSiteFlag() {
+            override predicate hasSameSiteFlag(boolean b) {
               if
                 exists(StringLiteral str |
                   str.getText() in ["Strict", "Lax"] and
                   DataFlow::exprNode(str)
                       .(DataFlow::LocalSourceNode)
                       .flowsTo(this.(DataFlow::CallCfgNode).getArgByName("samesite"))
                 )
-              then result = true
-              else result = false
+              then b = true
+              else b = false
             }
 
             override DataFlow::Node getHeaderArg() { none() }

python/ql/src/experimental/semmle/python/frameworks/Flask.qll

@@ -38,34 +38,34 @@ module ExperimentalFlask {
 
     override DataFlow::Node getValueArg() { result = this.getValueArg() }
 
-    override boolean getSecureFlag() {
+    override predicate hasSecureFlag(boolean b) {
       if
         DataFlow::exprNode(any(True t))
             .(DataFlow::LocalSourceNode)
             .flowsTo(this.(DataFlow::CallCfgNode).getArgByName("secure"))
-      then result = true
-      else result = false
+      then b = true
+      else b = false
     }
 
-    override boolean getHttpOnlyFlag() {
+    override predicate hasHttpOnlyFlag(boolean b) {
       if
         DataFlow::exprNode(any(True t))
             .(DataFlow::LocalSourceNode)
             .flowsTo(this.(DataFlow::CallCfgNode).getArgByName("httponly"))
-      then result = true
-      else result = false
+      then b = true
+      else b = false
     }
 
-    override boolean getSameSiteFlag() {
+    override predicate hasSameSiteFlag(boolean b) {
       if
         exists(StringLiteral str |
           str.getText() in ["Strict", "Lax"] and
           DataFlow::exprNode(str)
               .(DataFlow::LocalSourceNode)
               .flowsTo(this.(DataFlow::CallCfgNode).getArgByName("samesite"))
         )
-      then result = true
-      else result = false
+      then b = true
+      else b = false
     }
 
     override DataFlow::Node getHeaderArg() { none() }

python/ql/src/experimental/semmle/python/security/injection/CookieInjection.qll

@@ -12,13 +12,13 @@ class CookieSink extends DataFlow::Node {
     exists(Http::Server::CookieWrite cookie |
       this in [cookie.getNameArg(), cookie.getValueArg(), cookie.getHeaderArg()] and
       (
-        cookie.getSecureFlag() = false and
+        cookie.hasSecureFlag(false) and
         flag = "secure"
         or
-        cookie.getHttpOnlyFlag() = false and
+        cookie.hasHttpOnlyFlag(false) and
         flag = "httponly"
         or
-        cookie.getSameSiteFlag() = false and
+        cookie.hasSameSiteFlag(false) and
         flag = "samesite"
       )
     )