Polish tests

jorgectf · jorgectf · commit 0f2b81e0d2ae · 2021-10-28T09:24:47.000+02:00
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-614/django_bad.py b/python/ql/test/experimental/query-tests/Security/CWE-614/django_bad.py
@@ -3,11 +3,13 @@
 
 def django_response(request):
     resp = django.http.HttpResponse()
-    resp.set_cookie("name", "value", secure=None)
+    resp.set_cookie("name", "value", secure=False,
+                    httponly=False, samesite='None')
     return resp
 
 
 def django_response(request):
     resp = django.http.HttpResponse()
-    resp.set_cookie("name", "value", secure=False)
+    resp.set_cookie("name", "value", secure=False,
+                    httponly=False, samesite='None')
     return resp
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-614/django_good.py b/python/ql/test/experimental/query-tests/Security/CWE-614/django_good.py
@@ -3,13 +3,14 @@
 
 def django_response(request):
     resp = django.http.HttpResponse()
-    resp['Set-Cookie'] = "name=value; Secure;"
+    resp['Set-Cookie'] = "name=value; Secure; HttpOnly; SameSite=Lax;"
     return resp
 
 
 def django_response(request):
     resp = django.http.HttpResponse()
-    resp.set_cookie("name", "value", secure=True)
+    resp.set_cookie("name", "value", secure=True,
+                    httponly=True, samesite='Lax')
     return resp
 
 
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-614/flask_bad.py b/python/ql/test/experimental/query-tests/Security/CWE-614/flask_bad.py
@@ -6,14 +6,8 @@
 @app.route("/false")
 def false():
     resp = make_response()
-    resp.set_cookie("name", value="value", secure=False)
-    return resp
-
-
-@app.route("/none")
-def none():
-    resp = make_response()
-    resp.set_cookie("name", value="value", secure=None)
+    resp.set_cookie("name", value="value", secure=False,
+                    httponly=False, samesite='None')
     return resp
 
 
@@ -27,7 +21,7 @@ def flask_Response():
 @app.route("/flask_make_response")
 def flask_make_response():
     resp = make_response("hello")
-    resp.headers['Set-Cookie'] = "name=value;"
+    resp.headers['Set-Cookie'] = "name=value; SameSite=None;"
     return resp
 
 # if __name__ == "__main__":
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-614/flask_good.py b/python/ql/test/experimental/query-tests/Security/CWE-614/flask_good.py
@@ -6,21 +6,22 @@
 @app.route("/true")
 def true():
     resp = make_response()
-    resp.set_cookie("name", value="value", secure=True)
+    resp.set_cookie("name", value="value", secure=True,
+                    httponly=True, samesite='Lax')
     return resp
 
 
 @app.route("/flask_Response")
 def flask_Response():
     resp = Response()
-    resp.headers['Set-Cookie'] = "name=value; Secure;"
+    resp.headers['Set-Cookie'] = "name=value; Secure; HttpOnly; SameSite=Lax;"
     return resp
 
 
 @app.route("/flask_make_response")
 def flask_make_response():
     resp = make_response("hello")
-    resp.headers['Set-Cookie'] = "name=value; Secure;"
+    resp.headers['Set-Cookie'] = "name=value; Secure; HttpOnly; SameSite=Lax;"
     return resp
 
 
