delete the experimental query library for cookie queries

erik-krogh · erik-krogh · commit 9193984f1b91 · 2021-10-26T13:46:57.000+02:00
diff --git a/javascript/ql/src/Security/CWE-1004/CookieWithoutHttpOnly.ql b/javascript/ql/src/Security/CWE-1004/CookieWithoutHttpOnly.ql
@@ -13,16 +13,11 @@
  */
 
 import javascript
-import experimental.semmle.javascript.security.InsecureCookie::Cookie as ExperimentalCookie // TODO: Remove.
 
 from DataFlow::Node node
 where
-// TODO: Only for sensitive cookies? (e.g. auth cookies)
-// TODO: Give all descriptions, qlhelp, qldocs, an overhaul. Consider precisions, severity, cwes. 
-  exists(ExperimentalCookie::CookieWrite cookie | cookie = node |
-    cookie.isSensitive() and not cookie.isHttpOnly()
-  )
-  or
+  // TODO: Only for sensitive cookies? (e.g. auth cookies)
+  // TODO: Give all descriptions, qlhelp, qldocs, an overhaul. Consider precisions, severity, cwes.
   exists(CookieWrites::CookieWrite cookie | cookie = node |
     cookie.isSensitive() and not cookie.isHttpOnly()
   )
diff --git a/javascript/ql/src/Security/CWE-614/InsecureCookie.ql b/javascript/ql/src/Security/CWE-614/InsecureCookie.ql
@@ -11,11 +11,7 @@
  */
 
 import javascript
-import experimental.semmle.javascript.security.InsecureCookie::Cookie as ExperimentalCookie // TODO: Remove
 
 from DataFlow::Node node
-where
-  exists(ExperimentalCookie::CookieWrite cookie | cookie = node | not cookie.isSecure())
-  or
-  exists(CookieWrites::CookieWrite cookie | cookie = node | not cookie.isSecure())
+where exists(CookieWrites::CookieWrite cookie | cookie = node | not cookie.isSecure())
 select node, "Cookie is added to response without the 'secure' flag being set to true"
diff --git a/javascript/ql/src/experimental/semmle/javascript/security/InsecureCookie.qll b/javascript/ql/src/experimental/semmle/javascript/security/InsecureCookie.qll
