sdk/python/HTTP Clients/PyHttpCookies
HTTP Clients

PyHttpCookies

The http.cookies module for cookie parsing. SimpleCookie accepts raw Cookie headers — the parsed morsels carry user input. Setting a cookie without Secure / HttpOnly / SameSite is a common hardening finding.

1 source
Taint flow1 source 0 sinks
Sources — untrusted input
.SimpleCookie()

Sources

.SimpleCookie()Source
#
Signature
http.cookies.SimpleCookie(input=None) -> SimpleCookie

Parses a Cookie header. Parsed morsels are sources.

tracks:return

Other Methods

.Morsel()Neutral
#
Signature
http.cookies.Morsel() -> Morsel

Represents one cookie. Finding when secure/httponly/samesite flags are not set.

Fully-Qualified Names

FQNField
http.cookiesfqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

rule.py
from codepathfinder.go_rule import PyHttpCookies
Next →PyHttpServer