diff --git a/go/ql/integration-tests/query-suite/go-security-and-quality.qls.expected b/go/ql/integration-tests/query-suite/go-security-and-quality.qls.expected
index ee0ec8f42ba7..19fa7e6a5aaa 100644
--- a/go/ql/integration-tests/query-suite/go-security-and-quality.qls.expected
+++ b/go/ql/integration-tests/query-suite/go-security-and-quality.qls.expected
@@ -34,6 +34,7 @@ ql/go/ql/src/Security/CWE-079/HtmlTemplateEscapingBypassXss.ql
 ql/go/ql/src/Security/CWE-079/ReflectedXss.ql
 ql/go/ql/src/Security/CWE-089/SqlInjection.ql
 ql/go/ql/src/Security/CWE-089/StringBreak.ql
+ql/go/ql/src/Security/CWE-1004/CookieWithoutHttpOnly.ql
 ql/go/ql/src/Security/CWE-117/LogInjection.ql
 ql/go/ql/src/Security/CWE-190/AllocationSizeOverflow.ql
 ql/go/ql/src/Security/CWE-209/StackTraceExposure.ql
@@ -47,6 +48,7 @@ ql/go/ql/src/Security/CWE-347/MissingJwtSignatureCheck.ql
 ql/go/ql/src/Security/CWE-352/ConstantOauth2State.ql
 ql/go/ql/src/Security/CWE-601/BadRedirectCheck.ql
 ql/go/ql/src/Security/CWE-601/OpenUrlRedirect.ql
+ql/go/ql/src/Security/CWE-614/CookieWithoutSecure.ql
 ql/go/ql/src/Security/CWE-640/EmailInjection.ql
 ql/go/ql/src/Security/CWE-643/XPathInjection.ql
 ql/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql
diff --git a/go/ql/integration-tests/query-suite/go-security-extended.qls.expected b/go/ql/integration-tests/query-suite/go-security-extended.qls.expected
index 9116f7b7ebf6..cc2d176279a0 100644
--- a/go/ql/integration-tests/query-suite/go-security-extended.qls.expected
+++ b/go/ql/integration-tests/query-suite/go-security-extended.qls.expected
@@ -12,6 +12,7 @@ ql/go/ql/src/Security/CWE-079/HtmlTemplateEscapingBypassXss.ql
 ql/go/ql/src/Security/CWE-079/ReflectedXss.ql
 ql/go/ql/src/Security/CWE-089/SqlInjection.ql
 ql/go/ql/src/Security/CWE-089/StringBreak.ql
+ql/go/ql/src/Security/CWE-1004/CookieWithoutHttpOnly.ql
 ql/go/ql/src/Security/CWE-117/LogInjection.ql
 ql/go/ql/src/Security/CWE-190/AllocationSizeOverflow.ql
 ql/go/ql/src/Security/CWE-209/StackTraceExposure.ql
@@ -25,6 +26,7 @@ ql/go/ql/src/Security/CWE-347/MissingJwtSignatureCheck.ql
 ql/go/ql/src/Security/CWE-352/ConstantOauth2State.ql
 ql/go/ql/src/Security/CWE-601/BadRedirectCheck.ql
 ql/go/ql/src/Security/CWE-601/OpenUrlRedirect.ql
+ql/go/ql/src/Security/CWE-614/CookieWithoutSecure.ql
 ql/go/ql/src/Security/CWE-640/EmailInjection.ql
 ql/go/ql/src/Security/CWE-643/XPathInjection.ql
 ql/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql
diff --git a/go/ql/integration-tests/query-suite/not_included_in_qls.expected b/go/ql/integration-tests/query-suite/not_included_in_qls.expected
index 3b79e47da44f..d182688b166f 100644
--- a/go/ql/integration-tests/query-suite/not_included_in_qls.expected
+++ b/go/ql/integration-tests/query-suite/not_included_in_qls.expected
@@ -9,7 +9,6 @@ ql/go/ql/src/Security/CWE-079/StoredXss.ql
 ql/go/ql/src/Security/CWE-798/HardcodedCredentials.ql
 ql/go/ql/src/definitions.ql
 ql/go/ql/src/experimental/CWE-090/LDAPInjection.ql
-ql/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql
 ql/go/ql/src/experimental/CWE-203/Timing.ql
 ql/go/ql/src/experimental/CWE-285/PamAuthBypass.ql
 ql/go/ql/src/experimental/CWE-287/ImproperLdapAuth.ql
diff --git a/go/ql/lib/go.qll b/go/ql/lib/go.qll
index 16f2f1702faa..682342aad95a 100644
--- a/go/ql/lib/go.qll
+++ b/go/ql/lib/go.qll
@@ -40,6 +40,7 @@ import semmle.go.frameworks.ElazarlGoproxy
 import semmle.go.frameworks.Email
 import semmle.go.frameworks.Encoding
 import semmle.go.frameworks.Fasthttp
+import semmle.go.frameworks.Gin
 import semmle.go.frameworks.GinCors
 import semmle.go.frameworks.Glog
 import semmle.go.frameworks.GoJose
diff --git a/go/ql/lib/semmle/go/concepts/HTTP.qll b/go/ql/lib/semmle/go/concepts/HTTP.qll
index 9bf5b6a7ad84..41f3caec03d8 100644
--- a/go/ql/lib/semmle/go/concepts/HTTP.qll
+++ b/go/ql/lib/semmle/go/concepts/HTTP.qll
@@ -380,4 +380,96 @@ module Http {
     /** Gets a node that is used in a check that is tested before this handler is run. */
     predicate guardedBy(DataFlow::Node check) { super.guardedBy(check) }
   }
+
+  /** Provides a class for modeling HTTP response cookie writes. */
+  module CookieWrite {
+    /**
+     * An write of an HTTP Cookie to an HTTP response.
+     *
+     * Extend this class to model new APIs. If you want to refine existing API models,
+     * extend `HTTP::CookieWrite` instead.
+     */
+    abstract class Range extends DataFlow::Node {
+      /** Gets the name of the cookie written. */
+      abstract DataFlow::Node getName();
+
+      /** Gets the value of the cookie written. */
+      abstract DataFlow::Node getValue();
+
+      /** Gets the `Secure` attribute of the cookie written. */
+      abstract DataFlow::Node getSecure();
+
+      /** Gets the `HttpOnly` attribute of the cookie written. */
+      abstract DataFlow::Node getHttpOnly();
+    }
+  }
+
+  /**
+   * An write of an HTTP Cookie to an HTTP response.
+   *
+   * Extend this class to refine existing API models. If you want to model new APIs,
+   * extend `HTTP::CookieWrite::Range` instead.
+   */
+  class CookieWrite extends DataFlow::Node instanceof CookieWrite::Range {
+    /** Gets the name of the cookie written. */
+    DataFlow::Node getName() { result = super.getName() }
+
+    /** Gets the value of the cookie written. */
+    DataFlow::Node getValue() { result = super.getValue() }
+
+    /** Gets the `Secure` attribute of the cookie written. */
+    DataFlow::Node getSecure() { result = super.getSecure() }
+
+    /** Gets the `HttpOnly` attribute of the cookie written. */
+    DataFlow::Node getHttpOnly() { result = super.getHttpOnly() }
+  }
+
+  /** Provides a class for modeling the options of an HTTP cookie. */
+  module CookieOptions {
+    /**
+     * An HTTP Cookie object.
+     *
+     * Extend this class to model new APIs. If you want to refine existing API models,
+     * extend `HTTP::CookieOptions` instead.
+     */
+    abstract class Range extends DataFlow::Node {
+      /** Gets the node representing the cookie object for the options being set. */
+      abstract DataFlow::Node getCookieOutput();
+
+      /** Gets the name of the cookie represented. */
+      abstract DataFlow::Node getName();
+
+      /** Gets the value of the cookie represented. */
+      abstract DataFlow::Node getValue();
+
+      /** Gets the `Secure` attribute of the cookie represented. */
+      abstract DataFlow::Node getSecure();
+
+      /** Gets the `HttpOnly` attribute of the cookie represented. */
+      abstract DataFlow::Node getHttpOnly();
+    }
+  }
+
+  /**
+   * An HTTP Cookie.
+   *
+   * Extend this class to refine existing API models. If you want to model new APIs,
+   * extend `HTTP::CookieOptions::Range` instead.
+   */
+  class CookieOptions extends DataFlow::Node instanceof CookieOptions::Range {
+    /** Gets the node representing the cookie object for the options being set. */
+    DataFlow::Node getCookieOutput() { result = super.getCookieOutput() }
+
+    /** Gets the name of the cookie represented. */
+    DataFlow::Node getName() { result = super.getName() }
+
+    /** Gets the value of the cookie represented. */
+    DataFlow::Node getValue() { result = super.getValue() }
+
+    /** Gets the `Secure` attribute of the cookie represented. */
+    DataFlow::Node getSecure() { result = super.getSecure() }
+
+    /** Gets the `HttpOnly` attribute of the cookie represented. */
+    DataFlow::Node getHttpOnly() { result = super.getHttpOnly() }
+  }
 }
diff --git a/go/ql/lib/semmle/go/frameworks/Gin.qll b/go/ql/lib/semmle/go/frameworks/Gin.qll
new file mode 100644
index 000000000000..71ed5d931fa3
--- /dev/null
+++ b/go/ql/lib/semmle/go/frameworks/Gin.qll
@@ -0,0 +1,24 @@
+/**
+ * Provides classes for modeling the `github.com/gin-gonic/gin` package.
+ */
+
+import go
+import semmle.go.concepts.HTTP
+
+/** Provides models for the `gin-gonic/gin` package. */
+module Gin {
+  /** Gets the package name `github.com/gin-gonic/gin`. */
+  string packagePath() { result = package("github.com/gin-gonic/gin", "") }
+
+  private class GinCookieWrite extends Http::CookieWrite::Range, DataFlow::MethodCallNode {
+    GinCookieWrite() { this.getTarget().hasQualifiedName(packagePath(), "Context", "SetCookie") }
+
+    override DataFlow::Node getName() { result = this.getArgument(0) }
+
+    override DataFlow::Node getValue() { result = this.getArgument(1) }
+
+    override DataFlow::Node getSecure() { result = this.getArgument(5) }
+
+    override DataFlow::Node getHttpOnly() { result = this.getArgument(6) }
+  }
+}
diff --git a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll
index 88c9605502f6..fd86effa9754 100644
--- a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll
+++ b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll
@@ -293,4 +293,38 @@ module NetHttp {
 
     override DataFlow::Node getAPathArgument() { result = this.getArgument(2) }
   }
+
+  private class CookieWrite extends Http::CookieWrite::Range, DataFlow::CallNode {
+    CookieWrite() { this.getTarget().hasQualifiedName(package("net/http", ""), "SetCookie") }
+
+    override DataFlow::Node getName() { result = this.getArgument(1) }
+
+    override DataFlow::Node getValue() { result = this.getArgument(1) }
+
+    override DataFlow::Node getSecure() { result = this.getArgument(1) }
+
+    override DataFlow::Node getHttpOnly() { result = this.getArgument(1) }
+  }
+
+  private class CookieFieldWrite extends Http::CookieOptions::Range {
+    Write w;
+    Field f;
+    DataFlow::Node written;
+    string fieldName;
+
+    CookieFieldWrite() {
+      f.hasQualifiedName(package("net/http", ""), "Cookie", fieldName) and
+      w.writesField(this, f, written)
+    }
+
+    override DataFlow::Node getCookieOutput() { result = this }
+
+    override DataFlow::Node getName() { fieldName = "Name" and result = written }
+
+    override DataFlow::Node getValue() { fieldName = "Value" and result = written }
+
+    override DataFlow::Node getSecure() { fieldName = "Secure" and result = written }
+
+    override DataFlow::Node getHttpOnly() { fieldName = "HttpOnly" and result = written }
+  }
 }
diff --git a/go/ql/lib/semmle/go/security/SecureCookies.qll b/go/ql/lib/semmle/go/security/SecureCookies.qll
new file mode 100644
index 000000000000..f700c0303371
--- /dev/null
+++ b/go/ql/lib/semmle/go/security/SecureCookies.qll
@@ -0,0 +1,108 @@
+/** Provides classes and predicates for identifying HTTP cookies with insecure attributes. */
+
+import go
+import semmle.go.concepts.HTTP
+import semmle.go.dataflow.DataFlow
+
+/**
+ * Holds if the expression or its value has a sensitive name
+ */
+private predicate isSensitiveExpr(Expr expr, string val) {
+  (
+    val = expr.getStringValue() or
+    val = expr.(Name).getTarget().getName()
+  ) and
+  val.regexpMatch("(?i).*(session|login|token|user|auth|credential).*") and
+  not val.regexpMatch("(?i).*(xsrf|csrf|forgery).*")
+}
+
+private module SensitiveCookieNameConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { isSensitiveExpr(source.asExpr(), _) }
+
+  predicate isSink(DataFlow::Node sink) { exists(Http::CookieWrite cw | sink = cw.getName()) }
+
+  predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
+    exists(Http::CookieOptions co | co.getName() = pred and co.getCookieOutput() = succ)
+  }
+}
+
+/** Tracks flow from sensitive names to HTTP cookie writes. */
+module SensitiveCookieNameFlow = TaintTracking::Global<SensitiveCookieNameConfig>;
+
+private module BooleanCookieSecureConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
+    source.getType().getUnderlyingType() instanceof BoolType
+  }
+
+  predicate isSink(DataFlow::Node sink) { exists(Http::CookieWrite cw | sink = cw.getSecure()) }
+
+  predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
+    exists(Http::CookieOptions co | co.getSecure() = pred and co.getCookieOutput() = succ)
+  }
+}
+
+/** Tracks flow from boolean expressions to the `Secure` attribute of HTTP cookie writes. */
+module BooleanCookieSecureFlow = TaintTracking::Global<BooleanCookieSecureConfig>;
+
+private module BooleanCookieHttpOnlyConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
+    source.getType().getUnderlyingType() instanceof BoolType
+  }
+
+  predicate isSink(DataFlow::Node sink) { exists(Http::CookieWrite cw | sink = cw.getHttpOnly()) }
+
+  predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
+    exists(Http::CookieOptions co | co.getHttpOnly() = pred and co.getCookieOutput() = succ)
+  }
+}
+
+/** Tracks flow from boolean expressions to the `HttpOnly` attribute of HTTP cookie writes. */
+module BooleanCookieHttpOnlyFlow = TaintTracking::Global<BooleanCookieHttpOnlyConfig>;
+
+/** Holds if `cw` has the `Secure` attribute left at its default value of `false`. */
+predicate isInsecureDefault(Http::CookieWrite cw) {
+  not BooleanCookieSecureFlow::flow(_, cw.getSecure())
+}
+
+/** Holds if `cw` has the `Secure` attribute explicitly set to `false`, from the expression `boolFalse`. */
+predicate isInsecureDirect(Http::CookieWrite cw, Expr boolFalse) {
+  BooleanCookieSecureFlow::flow(DataFlow::exprNode(boolFalse), cw.getSecure()) and
+  boolFalse.getBoolValue() = false
+}
+
+/** Holds if `cw` has the `Secure` attribute set to `false`, either explicitly or by default. */
+predicate isInsecureCookie(Http::CookieWrite cw) {
+  isInsecureDefault(cw) or
+  isInsecureDirect(cw, _)
+}
+
+/** Holds if `cw` has the `HttpOnly` attribute left at its default value of `false`. */
+predicate isNonHttpOnlyDefault(Http::CookieWrite cw) {
+  not BooleanCookieHttpOnlyFlow::flow(_, cw.getHttpOnly())
+}
+
+/** Holds if `cw` has the `HttpOnly` attribute explicitly set to `false`, from the expression `boolFalse`. */
+predicate isNonHttpOnlyDirect(Http::CookieWrite cw, Expr boolFalse) {
+  BooleanCookieHttpOnlyFlow::flow(DataFlow::exprNode(boolFalse), cw.getHttpOnly()) and
+  boolFalse.getBoolValue() = false
+}
+
+/** Holds if `cw` has the `HttpOnly` attribute set to `false`, either explicitly or by default. */
+predicate isNonHttpOnlyCookie(Http::CookieWrite cw) {
+  isNonHttpOnlyDefault(cw) or
+  isNonHttpOnlyDirect(cw, _)
+}
+
+/**
+ * Holds if `cw` has the sensitive name `name`, from the expression `nameExpr`.
+ * `source` and `sink` represent the data flow path from the sensitive name expression to the cookie write.
+ */
+predicate isSensitiveCookie(
+  Http::CookieWrite cw, Expr nameExpr, string name, SensitiveCookieNameFlow::PathNode source,
+  SensitiveCookieNameFlow::PathNode sink
+) {
+  SensitiveCookieNameFlow::flowPath(source, sink) and
+  source.getNode().asExpr() = nameExpr and
+  sink.getNode() = cw.getName() and
+  isSensitiveExpr(nameExpr, name)
+}
diff --git a/go/ql/src/Security/CWE-1004/CookieWithoutHttpOnly.qhelp b/go/ql/src/Security/CWE-1004/CookieWithoutHttpOnly.qhelp
new file mode 100644
index 000000000000..a9614e2a6974
--- /dev/null
+++ b/go/ql/src/Security/CWE-1004/CookieWithoutHttpOnly.qhelp
@@ -0,0 +1,34 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+
+<overview>
+<p>Cookies without the <code>HttpOnly</code> flag set are accessible to client-side scripts such as JavaScript running in the same origin. 
+In case of a Cross-Site Scripting (XSS) vulnerability, the cookie can be stolen by a malicious script.
+If a sensitive cookie does not need to be accessed directly by client-side JS, the <code>HttpOnly</code> flag should be set.</p>
+</overview>
+
+<recommendation>
+<p>
+Set the <code>HttpOnly</code> flag to <code>true</code> for authentication cookies to ensure they are not accessible to client-side scripts.
+</p> 
+</recommendation>
+
+<example>
+<p>
+In the following example, in the case marked BAD, the <code>HttpOnly</code> flag is not set, so the default value of <code>false</code> is used.
+In the case marked GOOD, the <code>HttpOnly</code> flag is set to <code>true</code>.
+</p>
+<sample src="examples/CookieWithoutHttpOnly.go"/>
+
+
+</example>
+
+<references>
+
+<li>MDN: <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie">Set-Cookie</a> Header.</li>
+<li>PortSwigger: <a href="https://portswigger.net/kb/issues/00500600_cookie-without-httponly-flag-set">Cookie without HttpOnly flag set</a></li>
+
+</references>
+</qhelp>
\ No newline at end of file
diff --git a/go/ql/src/Security/CWE-1004/CookieWithoutHttpOnly.ql b/go/ql/src/Security/CWE-1004/CookieWithoutHttpOnly.ql
new file mode 100644
index 000000000000..59881da8aa7a
--- /dev/null
+++ b/go/ql/src/Security/CWE-1004/CookieWithoutHttpOnly.ql
@@ -0,0 +1,25 @@
+/**
+ * @name Cookie 'HttpOnly' attribute is not set to true
+ * @description Sensitive cookies without the `HttpOnly` property set are accessible by client-side scripts such as JavaScript.
+ *              This makes them more vulnerable to being stolen by an XSS attack.
+ * @kind path-problem
+ * @problem.severity warning
+ * @precision high
+ * @security-severity 5.0
+ * @id go/cookie-httponly-not-set
+ * @tags security
+ *       external/cwe/cwe-1004
+ */
+
+import go
+import semmle.go.security.SecureCookies
+import SensitiveCookieNameFlow::PathGraph
+
+from
+  Http::CookieWrite cw, Expr sensitiveNameExpr, string name,
+  SensitiveCookieNameFlow::PathNode source, SensitiveCookieNameFlow::PathNode sink
+where
+  isSensitiveCookie(cw, sensitiveNameExpr, name, source, sink) and
+  isNonHttpOnlyCookie(cw)
+select cw, source, sink, "Sensitive cookie $@ does not set HttpOnly attribute to true.",
+  sensitiveNameExpr, name
diff --git a/go/ql/src/Security/CWE-1004/examples/CookieWithoutHttpOnly.go b/go/ql/src/Security/CWE-1004/examples/CookieWithoutHttpOnly.go
new file mode 100644
index 000000000000..cacb952e8522
--- /dev/null
+++ b/go/ql/src/Security/CWE-1004/examples/CookieWithoutHttpOnly.go
@@ -0,0 +1,22 @@
+package main
+
+import (
+	"net/http"
+)
+
+func handlerBad(w http.ResponseWriter, r *http.Request) {
+	c := http.Cookie{
+		Name:     "session",
+		Value:    "secret",
+	}
+	http.SetCookie(w, &c) // BAD: The HttpOnly flag is set to false by default.
+}
+
+func handlerGood(w http.ResponseWriter, r *http.Request) {
+	c := http.Cookie{
+		Name:     "session",
+		Value:    "secret",
+		HttpOnly: true,
+	}
+	http.SetCookie(w, &c) // GOOD: The HttpOnly flag is set to true.
+}
\ No newline at end of file
diff --git a/go/ql/src/Security/CWE-614/CookieWithoutSecure.qhelp b/go/ql/src/Security/CWE-614/CookieWithoutSecure.qhelp
new file mode 100644
index 000000000000..4ee969e475cc
--- /dev/null
+++ b/go/ql/src/Security/CWE-614/CookieWithoutSecure.qhelp
@@ -0,0 +1,35 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+
+<overview>
+<p>Cookies without the <code>Secure</code> flag set may be transmitted using HTTP instead of HTTPS.
+This leaves them vulnerable to being read by a third party attacker. If a sensitive cookie such as a session
+key is intercepted this way, it would allow the attacker to perform actions on a user's behalf.</p>
+</overview>
+
+<recommendation>
+<p>
+Set the <code>Secure</code> flag to <code>true</code> to ensure cookies are only transmitted over secure HTTPS connections.
+</p>
+</recommendation>
+
+<example>
+<p>
+In the following example, in the case marked BAD, the <code>Secure</code> flag is set to <code>false</code> by default.
+In the case marked GOOD, the <code>Secure</code> flag is set to <code>true</code>.
+</p>
+<sample src="examples/CookieWithoutSecure.go"/>
+
+
+</example>
+
+<references>
+
+<li>MDN: <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie">Set-Cookie</a> Header.</li>
+<li>Detectify: <a href="https://support.detectify.com/support/solutions/articles/48001048982-cookie-lack-secure-flag">Cookie lack Secure flag</a>.</li>
+<li>PortSwigger: <a href="https://portswigger.net/kb/issues/00500200_tls-cookie-without-secure-flag-set">TLS cookie without secure flag set</a>.</li>
+
+</references>
+</qhelp>
\ No newline at end of file
diff --git a/go/ql/src/Security/CWE-614/CookieWithoutSecure.ql b/go/ql/src/Security/CWE-614/CookieWithoutSecure.ql
new file mode 100644
index 000000000000..481ed149a244
--- /dev/null
+++ b/go/ql/src/Security/CWE-614/CookieWithoutSecure.ql
@@ -0,0 +1,19 @@
+/**
+ * @name Cookie 'Secure' attribute is not set to true
+ * @description Cookies without the `Secure` flag may be sent in cleartext.
+ *              This makes them vulnerable to be intercepted by an attacker.
+ * @kind problem
+ * @problem.severity warning
+ * @precision high
+ * @security-severity 5.0
+ * @id go/cookie-secure-not-set
+ * @tags security
+ *       external/cwe/cwe-1004
+ */
+
+import go
+import semmle.go.security.SecureCookies
+
+from Http::CookieWrite cw
+where isInsecureCookie(cw)
+select cw, "Cookie does not set Secure attribute to true."
diff --git a/go/ql/src/Security/CWE-614/examples/CookieWithoutSecure.go b/go/ql/src/Security/CWE-614/examples/CookieWithoutSecure.go
new file mode 100644
index 000000000000..ca502b44b3b6
--- /dev/null
+++ b/go/ql/src/Security/CWE-614/examples/CookieWithoutSecure.go
@@ -0,0 +1,22 @@
+package main
+
+import (
+	"net/http"
+)
+
+func handlerBad(w http.ResponseWriter, r *http.Request) {
+	c := http.Cookie{
+		Name:     "session",
+		Value:    "secret",
+	}
+	http.SetCookie(w, &c) // BAD: The Secure flag is set to false by default.
+}
+
+func handlerGood(w http.ResponseWriter, r *http.Request) {
+	c := http.Cookie{
+		Name:     "session",
+		Value:    "secret",
+		Secure: true,
+	}
+	http.SetCookie(w, &c) // GOOD: The Secure flag is set to true.
+}
\ No newline at end of file
diff --git a/go/ql/src/change-notes/2025-11-10-inseucre-cookie.md b/go/ql/src/change-notes/2025-11-10-inseucre-cookie.md
new file mode 100644
index 000000000000..89430c39ebec
--- /dev/null
+++ b/go/ql/src/change-notes/2025-11-10-inseucre-cookie.md
@@ -0,0 +1,5 @@
+---
+category: newQuery
+---
+* The `go/cookie-http-only-not-set` query has been promoted from the experimental query pack. This query was originally contributed to the experimental query pack by @edvraa.
+* A new query `go/cookie-secure-not-set` has been added to detect cookies without the `Secure` flag set.
\ No newline at end of file
diff --git a/go/ql/src/experimental/CWE-1004/AuthCookie.qll b/go/ql/src/experimental/CWE-1004/AuthCookie.qll
deleted file mode 100644
index 58c9f8642b3f..000000000000
--- a/go/ql/src/experimental/CWE-1004/AuthCookie.qll
+++ /dev/null
@@ -1,245 +0,0 @@
-import go
-
-private class NetHttpCookieType extends Type {
-  NetHttpCookieType() { this.hasQualifiedName(package("net/http", ""), "Cookie") }
-}
-
-private class GinContextSetCookieMethod extends Method {
-  GinContextSetCookieMethod() {
-    this.hasQualifiedName(package("github.com/gin-gonic/gin", ""), "Context", "SetCookie")
-  }
-}
-
-private class GorillaSessionOptionsField extends Field {
-  GorillaSessionOptionsField() {
-    this.hasQualifiedName(package("github.com/gorilla/sessions", ""), "Session", "Options")
-  }
-}
-
-/**
- * A simplistic points-to alternative: given a struct creation and a field name, get the values that field can be assigned.
- *
- * Assumptions:
- *    - we don't reassign the variable that the creation is stored in
- *    - we always access the creation through the same variable it is initially assigned to
- *
- * This should cover most typical patterns...
- */
-private DataFlow::Node getValueForFieldWrite(StructLit sl, string field) {
-  exists(Write w, DataFlow::Node base, Field f |
-    f.getName() = field and
-    w.writesFieldPreUpdate(base, f, result) and
-    (
-      sl = base.asExpr()
-      or
-      base.asExpr() instanceof VariableName and
-      base.getAPredecessor*().asExpr() = sl
-    )
-  )
-}
-
-/**
- * Holds if the expression or its value has a sensitive name
- */
-private predicate isAuthVariable(Expr expr) {
-  exists(string val |
-    (
-      val = expr.getStringValue() or
-      val = expr.(Name).getTarget().getName()
-    ) and
-    val.regexpMatch("(?i).*(session|login|token|user|auth|credential).*") and
-    not val.regexpMatch("(?i).*(xsrf|csrf|forgery).*")
-  )
-}
-
-/**
- * A cookie passed as the second parameter to `net/http.SetCookie`.
- */
-private class SetCookieSink extends DataFlow::Node {
-  SetCookieSink() {
-    exists(DataFlow::CallNode cn |
-      cn.getTarget().hasQualifiedName(package("net/http", ""), "SetCookie") and
-      this = cn.getArgument(1)
-    )
-  }
-}
-
-private module NameToNetHttpCookieTrackingConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { isAuthVariable(source.asExpr()) }
-
-  predicate isSink(DataFlow::Node sink) { sink instanceof SetCookieSink }
-
-  predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
-    exists(StructLit sl |
-      sl.getType() instanceof NetHttpCookieType and
-      getValueForFieldWrite(sl, "Name") = pred and
-      sl = succ.asExpr()
-    )
-  }
-}
-
-/** Tracks taint flow from sensitive names to `net/http.SetCookie`. */
-module NameToNetHttpCookieTrackingFlow = TaintTracking::Global<NameToNetHttpCookieTrackingConfig>;
-
-private module BoolToNetHttpCookieTrackingConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) {
-    source.getType().getUnderlyingType() instanceof BoolType
-  }
-
-  predicate isSink(DataFlow::Node sink) { sink instanceof SetCookieSink }
-
-  predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
-    exists(StructLit sl |
-      sl.getType() instanceof NetHttpCookieType and
-      getValueForFieldWrite(sl, "HttpOnly") = pred and
-      sl = succ.asExpr()
-    )
-  }
-}
-
-/**
- * Tracks taint flow from a `bool` assigned to `HttpOnly` to
- * `net/http.SetCookie`.
- */
-module BoolToNetHttpCookieTrackingFlow = TaintTracking::Global<BoolToNetHttpCookieTrackingConfig>;
-
-private module BoolToGinSetCookieTrackingConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source.getBoolValue() = false }
-
-  predicate isSink(DataFlow::Node sink) {
-    exists(DataFlow::MethodCallNode mcn |
-      mcn.getTarget() instanceof GinContextSetCookieMethod and
-      mcn.getArgument(6) = sink and
-      exists(DataFlow::Node nameArg |
-        NameToGinSetCookieTrackingFlow::flowTo(nameArg) and
-        mcn.getArgument(0) = nameArg
-      )
-    )
-  }
-
-  predicate observeDiffInformedIncrementalMode() {
-    any() // Merged with other flows in CookieWithoutHttpOnly.ql
-  }
-
-  Location getASelectedSourceLocation(DataFlow::Node source) { none() }
-}
-
-/**
- * Tracks data flow from `HttpOnly` set to `false` to
- * `gin-gonic/gin.Context.SetCookie`.
- */
-module BoolToGinSetCookieTrackingFlow = DataFlow::Global<BoolToGinSetCookieTrackingConfig>;
-
-private module NameToGinSetCookieTrackingConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { isAuthVariable(source.asExpr()) }
-
-  predicate isSink(DataFlow::Node sink) {
-    exists(DataFlow::MethodCallNode mcn |
-      mcn.getTarget() instanceof GinContextSetCookieMethod and
-      mcn.getArgument(0) = sink
-    )
-  }
-}
-
-/**
- * Tracks taint flow from sensitive names to `gin-gonic/gin.Context.SetCookie`.
- */
-private module NameToGinSetCookieTrackingFlow = DataFlow::Global<NameToGinSetCookieTrackingConfig>;
-
-/**
- * The receiver of `gorilla/sessions.Session.Save` call.
- */
-private class GorillaSessionSaveSink extends DataFlow::Node {
-  GorillaSessionSaveSink() {
-    exists(DataFlow::MethodCallNode mcn |
-      this = mcn.getReceiver() and
-      mcn.getTarget()
-          .hasQualifiedName(package("github.com/gorilla/sessions", ""), "Session", "Save")
-    )
-  }
-}
-
-private class GorillaStoreSaveSink extends DataFlow::Node {
-  GorillaStoreSaveSink() {
-    exists(DataFlow::MethodCallNode mcn |
-      this = mcn.getArgument(2) and
-      mcn.getTarget()
-          .hasQualifiedName(package("github.com/gorilla/sessions", ""), "CookieStore", "Save")
-    )
-  }
-}
-
-private module GorillaCookieStoreSaveTrackingConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) {
-    source
-        .(DataFlow::CallNode)
-        .getTarget()
-        .hasQualifiedName(package("github.com/gorilla/sessions", ""), "NewCookieStore")
-  }
-
-  predicate isSink(DataFlow::Node sink) {
-    sink instanceof GorillaSessionSaveSink or
-    sink instanceof GorillaStoreSaveSink
-  }
-
-  predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
-    exists(DataFlow::MethodCallNode cn |
-      cn.getTarget()
-          .hasQualifiedName(package("github.com/gorilla/sessions", ""), "CookieStore", "Get") and
-      pred = cn.getReceiver() and
-      succ = cn.getResult(0)
-    )
-  }
-}
-
-/**
- * Tracks data flow from gorilla cookie store creation to
- * `gorilla/sessions.Session.Save`.
- */
-module GorillaCookieStoreSaveTrackingFlow = DataFlow::Global<GorillaCookieStoreSaveTrackingConfig>;
-
-private module GorillaSessionOptionsTrackingConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) {
-    exists(StructLit sl |
-      sl.getType().hasQualifiedName(package("github.com/gorilla/sessions", ""), "Options") and
-      source.asExpr() = sl
-    )
-  }
-
-  predicate isSink(DataFlow::Node sink) { sink instanceof GorillaSessionSaveSink }
-
-  predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
-    exists(GorillaSessionOptionsField f, DataFlow::Write w | w.writesField(succ, f, pred))
-  }
-}
-
-/**
- * Tracks taint flow from session options to
- * `gorilla/sessions.Session.Save`.
- */
-module GorillaSessionOptionsTrackingFlow =
-  TaintTracking::Global<GorillaSessionOptionsTrackingConfig>;
-
-private module BoolToGorillaSessionOptionsTrackingConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) {
-    source.getType().getUnderlyingType() instanceof BoolType
-  }
-
-  predicate isSink(DataFlow::Node sink) { sink instanceof GorillaSessionSaveSink }
-
-  predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
-    exists(StructLit sl |
-      getValueForFieldWrite(sl, "HttpOnly") = pred and
-      sl = succ.asExpr()
-    )
-    or
-    exists(GorillaSessionOptionsField f, DataFlow::Write w | w.writesField(succ, f, pred))
-  }
-}
-
-/**
- * Tracks taint flow from a `bool` assigned to `HttpOnly` to
- * `gorilla/sessions.Session.Save`.
- */
-module BoolToGorillaSessionOptionsTrackingFlow =
-  TaintTracking::Global<BoolToGorillaSessionOptionsTrackingConfig>;
diff --git a/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.qhelp b/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.qhelp
deleted file mode 100644
index 2e88a610c9d8..000000000000
--- a/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.qhelp
+++ /dev/null
@@ -1,42 +0,0 @@
-<!DOCTYPE qhelp PUBLIC
-  "-//Semmle//qhelp//EN"
-  "qhelp.dtd">
-<qhelp>
-
-<overview>
-<p>
-Cookies without <code>HttpOnly</code> attribute are accessible to JavaScript running in the same origin. In case of
-Cross-Site Scripting (XSS) vulnerability the cookie can be stolen by malicious script.
-</p>
-</overview>
-
-<recommendation>
-<p>
-Protect sensitive cookies, such as related to authentication, by setting <code>HttpOnly</code> to <code>true</code> to make
-them not accessible to JavaScript.
-</p>
-</recommendation>
-
-<example>
-
-<p>
-In the following example the default <code>HttpOnly</code> value is <code>false</code>.
-</p>
-
-<sample src="CookieWithoutHttpOnlyBad.go" />
-
-<p>
-In the example below <code>HttpOnly</code> is set to <code>true</code>.
-</p>
-
-<sample src="CookieWithoutHttpOnlyGood.go" />
-
-</example>
-
-<references>
-
-<li><a href="https://golang.org/pkg/net/http/#Cookie">type Cookie,</a></li>
-<li><a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie">Set-Cookie</a> Header,</li>
-
-</references>
-</qhelp>
\ No newline at end of file
diff --git a/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql b/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql
deleted file mode 100644
index 1b135ae87f95..000000000000
--- a/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql
+++ /dev/null
@@ -1,99 +0,0 @@
-/**
- * @name 'HttpOnly' attribute is not set to true
- * @description Omitting the 'HttpOnly' attribute for security sensitive data allows
- *              malicious JavaScript to steal it in case of XSS vulnerability. Always set
- *              'HttpOnly' to 'true' to authentication related cookie to make it
- *              not accessible by JavaScript.
- * @kind path-problem
- * @problem.severity warning
- * @precision high
- * @id go/cookie-httponly-not-set
- * @tags security
- *       experimental
- *       external/cwe/cwe-1004
- */
-
-import go
-import AuthCookie
-
-module NetHttpCookieTrackingFlow =
-  DataFlow::MergePathGraph<NameToNetHttpCookieTrackingFlow::PathNode,
-    BoolToNetHttpCookieTrackingFlow::PathNode, NameToNetHttpCookieTrackingFlow::PathGraph,
-    BoolToNetHttpCookieTrackingFlow::PathGraph>;
-
-module GorillaTrackingFlow =
-  DataFlow::MergePathGraph3<GorillaCookieStoreSaveTrackingFlow::PathNode,
-    GorillaSessionOptionsTrackingFlow::PathNode, BoolToGorillaSessionOptionsTrackingFlow::PathNode,
-    GorillaCookieStoreSaveTrackingFlow::PathGraph, GorillaSessionOptionsTrackingFlow::PathGraph,
-    BoolToGorillaSessionOptionsTrackingFlow::PathGraph>;
-
-module MergedFlow =
-  DataFlow::MergePathGraph3<NetHttpCookieTrackingFlow::PathNode,
-    BoolToGinSetCookieTrackingFlow::PathNode, GorillaTrackingFlow::PathNode,
-    NetHttpCookieTrackingFlow::PathGraph, BoolToGinSetCookieTrackingFlow::PathGraph,
-    GorillaTrackingFlow::PathGraph>;
-
-import MergedFlow::PathGraph
-
-/** Holds if `HttpOnly` of `net/http.SetCookie` is set to `false` or not set (default value is used). */
-predicate isNetHttpCookieFlow(
-  NetHttpCookieTrackingFlow::PathNode source, NetHttpCookieTrackingFlow::PathNode sink
-) {
-  exists(
-    NameToNetHttpCookieTrackingFlow::PathNode sensitiveName,
-    NameToNetHttpCookieTrackingFlow::PathNode setCookieSink
-  |
-    NameToNetHttpCookieTrackingFlow::flowPath(sensitiveName, setCookieSink) and
-    (
-      not BoolToNetHttpCookieTrackingFlow::flowTo(sink.getNode()) and
-      source.asPathNode1() = sensitiveName and
-      sink.asPathNode1() = setCookieSink
-      or
-      BoolToNetHttpCookieTrackingFlow::flowPath(source.asPathNode2(), sink.asPathNode2()) and
-      source.getNode().getBoolValue() = false and
-      setCookieSink.getNode() = sink.getNode()
-    )
-  )
-}
-
-/**
- * Holds if there is gorilla cookie store creation to `Save` path and
- * `HttpOnly` is set to `false` or not set (default value is used).
- */
-predicate isGorillaSessionsCookieFlow(
-  GorillaTrackingFlow::PathNode source, GorillaTrackingFlow::PathNode sink
-) {
-  exists(
-    GorillaCookieStoreSaveTrackingFlow::PathNode cookieStoreCreate,
-    GorillaCookieStoreSaveTrackingFlow::PathNode sessionSave
-  |
-    GorillaCookieStoreSaveTrackingFlow::flowPath(cookieStoreCreate, sessionSave) and
-    (
-      not GorillaSessionOptionsTrackingFlow::flowTo(sink.getNode()) and
-      source.asPathNode1() = cookieStoreCreate and
-      sink.asPathNode1() = sessionSave
-      or
-      exists(GorillaTrackingFlow::PathNode options, GorillaTrackingFlow::PathNode sessionSave2 |
-        GorillaSessionOptionsTrackingFlow::flowPath(options.asPathNode2(),
-          sessionSave2.asPathNode2()) and
-        (
-          not BoolToGorillaSessionOptionsTrackingFlow::flowTo(sink.getNode()) and
-          sink = sessionSave2 and
-          source = options and
-          sessionSave.getNode() = sessionSave2.getNode()
-          or
-          BoolToGorillaSessionOptionsTrackingFlow::flowPath(source.asPathNode3(), sink.asPathNode3()) and
-          source.getNode().getBoolValue() = false and
-          sink.getNode() = sessionSave.getNode()
-        )
-      )
-    )
-  )
-}
-
-from MergedFlow::PathNode source, MergedFlow::PathNode sink
-where
-  isNetHttpCookieFlow(source.asPathNode1(), sink.asPathNode1()) or
-  BoolToGinSetCookieTrackingFlow::flowPath(source.asPathNode2(), sink.asPathNode2()) or
-  isGorillaSessionsCookieFlow(source.asPathNode3(), sink.asPathNode3())
-select sink.getNode(), source, sink, "Cookie attribute 'HttpOnly' is not set to true."
diff --git a/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnlyBad.go b/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnlyBad.go
deleted file mode 100644
index 852e2f3f3db5..000000000000
--- a/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnlyBad.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package main
-
-import (
-	"net/http"
-)
-
-func handler(w http.ResponseWriter, r *http.Request) {
-	c := http.Cookie{
-		Name:  "session",
-		Value: "secret",
-	}
-	http.SetCookie(w, &c)
-}
-
-func main() {
-	http.HandleFunc("/", handler)
-}
diff --git a/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnlyGood.go b/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnlyGood.go
deleted file mode 100644
index b0b505e2007d..000000000000
--- a/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnlyGood.go
+++ /dev/null
@@ -1,18 +0,0 @@
-package main
-
-import (
-	"net/http"
-)
-
-func handler(w http.ResponseWriter, r *http.Request) {
-	c := http.Cookie{
-		Name:     "session",
-		Value:    "secret",
-		HttpOnly: true,
-	}
-	http.SetCookie(w, &c)
-}
-
-func main() {
-	http.HandleFunc("/", handler)
-}
diff --git a/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected b/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected
deleted file mode 100644
index 355c0a62b1b7..000000000000
--- a/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected
+++ /dev/null
@@ -1,432 +0,0 @@
-edges
-| CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | CookieWithoutHttpOnly.go:15:21:15:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:12:10:12:18 | "session" | CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:15:21:15:21 | c | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:15:21:15:21 | c | CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:20:13:20:21 | "session" | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:22:13:22:17 | false | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:24:21:24:21 | c | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:24:21:24:21 | c | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:24:21:24:21 | c | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:24:21:24:21 | c | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:29:13:29:21 | "session" | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:31:13:31:16 | true | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:33:21:33:21 | c | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:33:21:33:21 | c | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:33:21:33:21 | c | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:33:21:33:21 | c | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:38:10:38:18 | "session" | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:41:15:41:18 | true | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:42:21:42:21 | c | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:42:21:42:21 | c | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:42:21:42:21 | c | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:42:21:42:21 | c | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:47:10:47:18 | "session" | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:50:15:50:19 | false | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:51:21:51:21 | c | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:51:21:51:21 | c | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:51:21:51:21 | c | CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:51:21:51:21 | c | CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:55:2:55:4 | definition of val | CookieWithoutHttpOnly.go:59:13:59:15 | val | provenance |  |
-| CookieWithoutHttpOnly.go:55:9:55:13 | false | CookieWithoutHttpOnly.go:59:13:59:15 | val | provenance |  |
-| CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:57:13:57:21 | "session" | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:59:13:59:15 | val | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:61:21:61:21 | c | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:61:21:61:21 | c | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:61:21:61:21 | c | CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:61:21:61:21 | c | CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:65:2:65:4 | definition of val | CookieWithoutHttpOnly.go:69:13:69:15 | val | provenance |  |
-| CookieWithoutHttpOnly.go:65:9:65:12 | true | CookieWithoutHttpOnly.go:69:13:69:15 | val | provenance |  |
-| CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:67:13:67:21 | "session" | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:69:13:69:15 | val | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:71:21:71:21 | c | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:71:21:71:21 | c | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:71:21:71:21 | c | CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:71:21:71:21 | c | CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:75:2:75:4 | definition of val | CookieWithoutHttpOnly.go:80:15:80:17 | val | provenance |  |
-| CookieWithoutHttpOnly.go:75:9:75:12 | true | CookieWithoutHttpOnly.go:80:15:80:17 | val | provenance |  |
-| CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:77:10:77:18 | "session" | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:80:15:80:17 | val | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:81:21:81:21 | c | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:81:21:81:21 | c | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:81:21:81:21 | c | CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:81:21:81:21 | c | CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:85:2:85:4 | definition of val | CookieWithoutHttpOnly.go:90:15:90:17 | val | provenance |  |
-| CookieWithoutHttpOnly.go:85:9:85:13 | false | CookieWithoutHttpOnly.go:90:15:90:17 | val | provenance |  |
-| CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:87:10:87:18 | "session" | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:90:15:90:17 | val | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:91:21:91:21 | c | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:91:21:91:21 | c | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:91:21:91:21 | c | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:91:21:91:21 | c | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | CookieWithoutHttpOnly.go:100:21:100:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:99:15:99:19 | false | CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:100:21:100:21 | c | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:100:21:100:21 | c | CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:104:10:104:18 | "session" | CookieWithoutHttpOnly.go:106:10:106:13 | name | provenance |  |
-| CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:106:10:106:13 | name | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:109:15:109:19 | false | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:110:21:110:21 | c | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:110:21:110:21 | c | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:110:21:110:21 | c | CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:110:21:110:21 | c | CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:114:13:114:24 | "login_name" | CookieWithoutHttpOnly.go:116:10:116:16 | session | provenance |  |
-| CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:116:10:116:16 | session | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:119:15:119:19 | false | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:120:21:120:21 | c | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:120:21:120:21 | c | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:120:21:120:21 | c | CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:120:21:120:21 | c | CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:126:2:126:43 | ... := ...[0] | CookieWithoutHttpOnly.go:129:2:129:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:126:2:126:43 | ... := ...[0] | provenance | Config |
-| CookieWithoutHttpOnly.go:133:2:133:9 | definition of httpOnly | CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | provenance |  |
-| CookieWithoutHttpOnly.go:133:14:133:18 | false | CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | provenance |  |
-| CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | provenance | Config |
-| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | provenance |  |
-| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | provenance |  |
-| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | provenance | Config |
-| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | provenance | Config |
-| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | provenance | Config |
-| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | provenance | Config |
-| CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | CookieWithoutHttpOnly.go:137:20:140:2 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | CookieWithoutHttpOnly.go:137:20:140:2 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:146:2:146:43 | ... := ...[0] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:146:2:146:43 | ... := ...[0] | provenance | Config |
-| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] | provenance |  |
-| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference [postupdate] | provenance | Config |
-| CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] | provenance | Config |
-| CookieWithoutHttpOnly.go:149:21:151:2 | struct literal | CookieWithoutHttpOnly.go:149:20:151:2 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:157:2:157:9 | definition of httpOnly | CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | provenance |  |
-| CookieWithoutHttpOnly.go:157:14:157:17 | true | CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | provenance |  |
-| CookieWithoutHttpOnly.go:158:2:158:43 | ... := ...[0] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:158:2:158:43 | ... := ...[0] | provenance | Config |
-| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | provenance |  |
-| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | provenance |  |
-| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | provenance | Config |
-| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | provenance | Config |
-| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | provenance | Config |
-| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | provenance | Config |
-| CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | CookieWithoutHttpOnly.go:161:20:164:2 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | CookieWithoutHttpOnly.go:161:20:164:2 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:169:56:169:63 | argument corresponding to httpOnly | CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | provenance |  |
-| CookieWithoutHttpOnly.go:169:56:169:63 | definition of httpOnly | CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | provenance |  |
-| CookieWithoutHttpOnly.go:170:2:170:43 | ... := ...[0] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:170:2:170:43 | ... := ...[0] | provenance | Config |
-| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | provenance |  |
-| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | provenance |  |
-| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | provenance | Config |
-| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | provenance | Config |
-| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | provenance | Config |
-| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | provenance | Config |
-| CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | CookieWithoutHttpOnly.go:173:20:176:2 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | CookieWithoutHttpOnly.go:173:20:176:2 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:183:2:183:43 | ... := ...[0] | CookieWithoutHttpOnly.go:191:19:191:25 | session | provenance |  |
-| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:183:2:183:43 | ... := ...[0] | provenance | Config |
-| CookieWithoutHttpOnly.go:195:2:195:43 | ... := ...[0] | CookieWithoutHttpOnly.go:202:19:202:25 | session | provenance |  |
-| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:195:2:195:43 | ... := ...[0] | provenance | Config |
-nodes
-| CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:12:10:12:18 | "session" | semmle.label | "session" |
-| CookieWithoutHttpOnly.go:15:20:15:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | semmle.label | &... [pointer] |
-| CookieWithoutHttpOnly.go:15:21:15:21 | c | semmle.label | c |
-| CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:20:13:20:21 | "session" | semmle.label | "session" |
-| CookieWithoutHttpOnly.go:22:13:22:17 | false | semmle.label | false |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | semmle.label | &... [pointer] |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | semmle.label | &... [pointer] |
-| CookieWithoutHttpOnly.go:24:21:24:21 | c | semmle.label | c |
-| CookieWithoutHttpOnly.go:24:21:24:21 | c | semmle.label | c |
-| CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:29:13:29:21 | "session" | semmle.label | "session" |
-| CookieWithoutHttpOnly.go:31:13:31:16 | true | semmle.label | true |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | semmle.label | &... [pointer] |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | semmle.label | &... [pointer] |
-| CookieWithoutHttpOnly.go:33:21:33:21 | c | semmle.label | c |
-| CookieWithoutHttpOnly.go:33:21:33:21 | c | semmle.label | c |
-| CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:38:10:38:18 | "session" | semmle.label | "session" |
-| CookieWithoutHttpOnly.go:41:15:41:18 | true | semmle.label | true |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | semmle.label | &... [pointer] |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | semmle.label | &... [pointer] |
-| CookieWithoutHttpOnly.go:42:21:42:21 | c | semmle.label | c |
-| CookieWithoutHttpOnly.go:42:21:42:21 | c | semmle.label | c |
-| CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:47:10:47:18 | "session" | semmle.label | "session" |
-| CookieWithoutHttpOnly.go:50:15:50:19 | false | semmle.label | false |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | semmle.label | &... [pointer] |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | semmle.label | &... [pointer] |
-| CookieWithoutHttpOnly.go:51:21:51:21 | c | semmle.label | c |
-| CookieWithoutHttpOnly.go:51:21:51:21 | c | semmle.label | c |
-| CookieWithoutHttpOnly.go:55:2:55:4 | definition of val | semmle.label | definition of val |
-| CookieWithoutHttpOnly.go:55:9:55:13 | false | semmle.label | false |
-| CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:57:13:57:21 | "session" | semmle.label | "session" |
-| CookieWithoutHttpOnly.go:59:13:59:15 | val | semmle.label | val |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | semmle.label | &... [pointer] |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | semmle.label | &... [pointer] |
-| CookieWithoutHttpOnly.go:61:21:61:21 | c | semmle.label | c |
-| CookieWithoutHttpOnly.go:61:21:61:21 | c | semmle.label | c |
-| CookieWithoutHttpOnly.go:65:2:65:4 | definition of val | semmle.label | definition of val |
-| CookieWithoutHttpOnly.go:65:9:65:12 | true | semmle.label | true |
-| CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:67:13:67:21 | "session" | semmle.label | "session" |
-| CookieWithoutHttpOnly.go:69:13:69:15 | val | semmle.label | val |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | semmle.label | &... [pointer] |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | semmle.label | &... [pointer] |
-| CookieWithoutHttpOnly.go:71:21:71:21 | c | semmle.label | c |
-| CookieWithoutHttpOnly.go:71:21:71:21 | c | semmle.label | c |
-| CookieWithoutHttpOnly.go:75:2:75:4 | definition of val | semmle.label | definition of val |
-| CookieWithoutHttpOnly.go:75:9:75:12 | true | semmle.label | true |
-| CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:77:10:77:18 | "session" | semmle.label | "session" |
-| CookieWithoutHttpOnly.go:80:15:80:17 | val | semmle.label | val |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | semmle.label | &... [pointer] |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | semmle.label | &... [pointer] |
-| CookieWithoutHttpOnly.go:81:21:81:21 | c | semmle.label | c |
-| CookieWithoutHttpOnly.go:81:21:81:21 | c | semmle.label | c |
-| CookieWithoutHttpOnly.go:85:2:85:4 | definition of val | semmle.label | definition of val |
-| CookieWithoutHttpOnly.go:85:9:85:13 | false | semmle.label | false |
-| CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:87:10:87:18 | "session" | semmle.label | "session" |
-| CookieWithoutHttpOnly.go:90:15:90:17 | val | semmle.label | val |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | semmle.label | &... [pointer] |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | semmle.label | &... [pointer] |
-| CookieWithoutHttpOnly.go:91:21:91:21 | c | semmle.label | c |
-| CookieWithoutHttpOnly.go:91:21:91:21 | c | semmle.label | c |
-| CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:99:15:99:19 | false | semmle.label | false |
-| CookieWithoutHttpOnly.go:100:20:100:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | semmle.label | &... [pointer] |
-| CookieWithoutHttpOnly.go:100:21:100:21 | c | semmle.label | c |
-| CookieWithoutHttpOnly.go:104:10:104:18 | "session" | semmle.label | "session" |
-| CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:106:10:106:13 | name | semmle.label | name |
-| CookieWithoutHttpOnly.go:109:15:109:19 | false | semmle.label | false |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | semmle.label | &... [pointer] |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | semmle.label | &... [pointer] |
-| CookieWithoutHttpOnly.go:110:21:110:21 | c | semmle.label | c |
-| CookieWithoutHttpOnly.go:110:21:110:21 | c | semmle.label | c |
-| CookieWithoutHttpOnly.go:114:13:114:24 | "login_name" | semmle.label | "login_name" |
-| CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:116:10:116:16 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:119:15:119:19 | false | semmle.label | false |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | semmle.label | &... [pointer] |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | semmle.label | &... [pointer] |
-| CookieWithoutHttpOnly.go:120:21:120:21 | c | semmle.label | c |
-| CookieWithoutHttpOnly.go:120:21:120:21 | c | semmle.label | c |
-| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | semmle.label | call to NewCookieStore |
-| CookieWithoutHttpOnly.go:126:2:126:43 | ... := ...[0] | semmle.label | ... := ...[0] |
-| CookieWithoutHttpOnly.go:126:16:126:20 | store | semmle.label | store |
-| CookieWithoutHttpOnly.go:129:2:129:8 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:133:2:133:9 | definition of httpOnly | semmle.label | definition of httpOnly |
-| CookieWithoutHttpOnly.go:133:14:133:18 | false | semmle.label | false |
-| CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | semmle.label | ... := ...[0] |
-| CookieWithoutHttpOnly.go:134:16:134:20 | store | semmle.label | store |
-| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
-| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
-| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | semmle.label | session [postupdate] |
-| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | semmle.label | session [postupdate] |
-| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] |
-| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] |
-| CookieWithoutHttpOnly.go:137:20:140:2 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:137:20:140:2 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | semmle.label | httpOnly |
-| CookieWithoutHttpOnly.go:142:2:142:8 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:142:2:142:8 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:142:2:142:8 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:146:2:146:43 | ... := ...[0] | semmle.label | ... := ...[0] |
-| CookieWithoutHttpOnly.go:146:16:146:20 | store | semmle.label | store |
-| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
-| CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] | semmle.label | session [postupdate] |
-| CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] |
-| CookieWithoutHttpOnly.go:149:20:151:2 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:149:21:151:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:153:2:153:8 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:153:2:153:8 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:157:2:157:9 | definition of httpOnly | semmle.label | definition of httpOnly |
-| CookieWithoutHttpOnly.go:157:14:157:17 | true | semmle.label | true |
-| CookieWithoutHttpOnly.go:158:2:158:43 | ... := ...[0] | semmle.label | ... := ...[0] |
-| CookieWithoutHttpOnly.go:158:16:158:20 | store | semmle.label | store |
-| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
-| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
-| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | semmle.label | session [postupdate] |
-| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | semmle.label | session [postupdate] |
-| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] |
-| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] |
-| CookieWithoutHttpOnly.go:161:20:164:2 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:161:20:164:2 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | semmle.label | httpOnly |
-| CookieWithoutHttpOnly.go:166:2:166:8 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:166:2:166:8 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:166:2:166:8 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:169:56:169:63 | argument corresponding to httpOnly | semmle.label | argument corresponding to httpOnly |
-| CookieWithoutHttpOnly.go:169:56:169:63 | definition of httpOnly | semmle.label | definition of httpOnly |
-| CookieWithoutHttpOnly.go:170:2:170:43 | ... := ...[0] | semmle.label | ... := ...[0] |
-| CookieWithoutHttpOnly.go:170:16:170:20 | store | semmle.label | store |
-| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
-| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
-| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | semmle.label | session [postupdate] |
-| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | semmle.label | session [postupdate] |
-| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] |
-| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] |
-| CookieWithoutHttpOnly.go:173:20:176:2 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:173:20:176:2 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | semmle.label | struct literal |
-| CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | semmle.label | httpOnly |
-| CookieWithoutHttpOnly.go:178:2:178:8 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:178:2:178:8 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:178:2:178:8 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:183:2:183:43 | ... := ...[0] | semmle.label | ... := ...[0] |
-| CookieWithoutHttpOnly.go:183:16:183:20 | store | semmle.label | store |
-| CookieWithoutHttpOnly.go:191:19:191:25 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:195:2:195:43 | ... := ...[0] | semmle.label | ... := ...[0] |
-| CookieWithoutHttpOnly.go:195:16:195:20 | store | semmle.label | store |
-| CookieWithoutHttpOnly.go:202:19:202:25 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:214:66:214:70 | false | semmle.label | false |
-subpaths
-#select
-| CookieWithoutHttpOnly.go:15:20:15:21 | &... | CookieWithoutHttpOnly.go:12:10:12:18 | "session" | CookieWithoutHttpOnly.go:15:20:15:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... | CookieWithoutHttpOnly.go:22:13:22:17 | false | CookieWithoutHttpOnly.go:24:20:24:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... | CookieWithoutHttpOnly.go:50:15:50:19 | false | CookieWithoutHttpOnly.go:51:20:51:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... | CookieWithoutHttpOnly.go:55:9:55:13 | false | CookieWithoutHttpOnly.go:61:20:61:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... | CookieWithoutHttpOnly.go:85:9:85:13 | false | CookieWithoutHttpOnly.go:91:20:91:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... | CookieWithoutHttpOnly.go:109:15:109:19 | false | CookieWithoutHttpOnly.go:110:20:110:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... | CookieWithoutHttpOnly.go:119:15:119:19 | false | CookieWithoutHttpOnly.go:120:20:120:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
-| CookieWithoutHttpOnly.go:129:2:129:8 | session | CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:129:2:129:8 | session | Cookie attribute 'HttpOnly' is not set to true. |
-| CookieWithoutHttpOnly.go:142:2:142:8 | session | CookieWithoutHttpOnly.go:133:14:133:18 | false | CookieWithoutHttpOnly.go:142:2:142:8 | session | Cookie attribute 'HttpOnly' is not set to true. |
-| CookieWithoutHttpOnly.go:153:2:153:8 | session | CookieWithoutHttpOnly.go:149:21:151:2 | struct literal | CookieWithoutHttpOnly.go:153:2:153:8 | session | Cookie attribute 'HttpOnly' is not set to true. |
-| CookieWithoutHttpOnly.go:191:19:191:25 | session | CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:191:19:191:25 | session | Cookie attribute 'HttpOnly' is not set to true. |
-| CookieWithoutHttpOnly.go:202:19:202:25 | session | CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:202:19:202:25 | session | Cookie attribute 'HttpOnly' is not set to true. |
-| CookieWithoutHttpOnly.go:214:66:214:70 | false | CookieWithoutHttpOnly.go:214:66:214:70 | false | CookieWithoutHttpOnly.go:214:66:214:70 | false | Cookie attribute 'HttpOnly' is not set to true. |
diff --git a/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.go b/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.go
deleted file mode 100644
index 00be0bbf44aa..000000000000
--- a/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.go
+++ /dev/null
@@ -1,219 +0,0 @@
-package main
-
-import (
-	"net/http"
-
-	"github.com/gin-gonic/gin"
-	"github.com/gorilla/sessions"
-)
-
-func handler1(w http.ResponseWriter, r *http.Request) {
-	c := http.Cookie{
-		Name:  "session",
-		Value: "secret",
-	}
-	http.SetCookie(w, &c) // BAD: HttpOnly set to false by default
-}
-
-func handler2(w http.ResponseWriter, r *http.Request) {
-	c := http.Cookie{
-		Name:     "session",
-		Value:    "secret",
-		HttpOnly: false,
-	}
-	http.SetCookie(w, &c) // BAD: HttpOnly explicitly set to false
-}
-
-func handler3(w http.ResponseWriter, r *http.Request) {
-	c := http.Cookie{
-		Name:     "session",
-		Value:    "secret",
-		HttpOnly: true,
-	}
-	http.SetCookie(w, &c) // GOOD: HttpOnly explicitly set to true
-}
-
-func handler4(w http.ResponseWriter, r *http.Request) {
-	c := http.Cookie{
-		Name:  "session",
-		Value: "secret",
-	}
-	c.HttpOnly = true
-	http.SetCookie(w, &c) // GOOD: HttpOnly explicitly set to true
-}
-
-func handler5(w http.ResponseWriter, r *http.Request) {
-	c := http.Cookie{
-		Name:  "session",
-		Value: "secret",
-	}
-	c.HttpOnly = false
-	http.SetCookie(w, &c) // BAD: HttpOnly explicitly set to false
-}
-
-func handler6(w http.ResponseWriter, r *http.Request) {
-	val := false
-	c := http.Cookie{
-		Name:     "session",
-		Value:    "secret",
-		HttpOnly: val,
-	}
-	http.SetCookie(w, &c) // BAD: HttpOnly explicitly set to false
-}
-
-func handler7(w http.ResponseWriter, r *http.Request) {
-	val := true
-	c := http.Cookie{
-		Name:     "session",
-		Value:    "secret",
-		HttpOnly: val,
-	}
-	http.SetCookie(w, &c) // GOOD: HttpOnly explicitly set to true
-}
-
-func handler8(w http.ResponseWriter, r *http.Request) {
-	val := true
-	c := http.Cookie{
-		Name:  "session",
-		Value: "secret",
-	}
-	c.HttpOnly = val
-	http.SetCookie(w, &c) // GOOD: HttpOnly explicitly set to true
-}
-
-func handler9(w http.ResponseWriter, r *http.Request) {
-	val := false
-	c := http.Cookie{
-		Name:  "session",
-		Value: "secret",
-	}
-	c.HttpOnly = val
-	http.SetCookie(w, &c) // BAD: HttpOnly explicitly set to false
-}
-
-func handler10(w http.ResponseWriter, r *http.Request) {
-	c := http.Cookie{
-		Name:  "consent",
-		Value: "1",
-	}
-	c.HttpOnly = false
-	http.SetCookie(w, &c) // GOOD: Name is not auth related
-}
-
-func handler11(w http.ResponseWriter, r *http.Request) {
-	name := "session"
-	c := http.Cookie{
-		Name:  name,
-		Value: "secret",
-	}
-	c.HttpOnly = false
-	http.SetCookie(w, &c) // BAD: auth related name
-}
-
-func handler12(w http.ResponseWriter, r *http.Request) {
-	session := "login_name"
-	c := http.Cookie{
-		Name:  session,
-		Value: "secret",
-	}
-	c.HttpOnly = false
-	http.SetCookie(w, &c) // BAD: auth related name
-}
-
-var store = sessions.NewCookieStore([]byte("aa"))
-
-func handler13(w http.ResponseWriter, r *http.Request) {
-	session, _ := store.Get(r, "session-name")
-	session.Values["foo"] = "secret"
-
-	session.Save(r, w) // BAD: Default options are set (false)
-}
-
-func handler14(w http.ResponseWriter, r *http.Request) {
-	httpOnly := false
-	session, _ := store.Get(r, "session-name")
-	session.Values["foo"] = "secret"
-
-	session.Options = &sessions.Options{
-		MaxAge:   -1,
-		HttpOnly: httpOnly,
-	}
-
-	session.Save(r, w) // BAD: Explicitly set to false
-}
-
-func handler15(w http.ResponseWriter, r *http.Request) {
-	session, _ := store.Get(r, "session-name")
-	session.Values["foo"] = "secret"
-
-	session.Options = &sessions.Options{
-		MaxAge: -1,
-	}
-
-	session.Save(r, w) // BAD: default (false) is used
-}
-
-func handler16(w http.ResponseWriter, r *http.Request) {
-	httpOnly := true
-	session, _ := store.Get(r, "session-name")
-	session.Values["foo"] = "secret"
-
-	session.Options = &sessions.Options{
-		MaxAge:   -1,
-		HttpOnly: httpOnly,
-	}
-
-	session.Save(r, w) // GOOD: value is true
-}
-
-func handler17(w http.ResponseWriter, r *http.Request, httpOnly bool) {
-	session, _ := store.Get(r, "session-name")
-	session.Values["foo"] = "secret"
-
-	session.Options = &sessions.Options{
-		MaxAge:   -1,
-		HttpOnly: httpOnly,
-	}
-
-	session.Save(r, w) // GOOD: value is unknown
-}
-
-func handler18(w http.ResponseWriter, r *http.Request) {
-	httpOnly := false
-	session, _ := store.Get(r, "session-name")
-	session.Values["foo"] = "secret"
-
-	session.Options = &sessions.Options{
-		MaxAge:   -1,
-		HttpOnly: httpOnly,
-	}
-
-	store.Save(r, w, session) // BAD: Explicitly set to false
-}
-
-func handler19(w http.ResponseWriter, r *http.Request) {
-	session, _ := store.Get(r, "session-name")
-	session.Values["foo"] = "secret"
-
-	session.Options = &sessions.Options{
-		MaxAge: -1,
-	}
-
-	store.Save(r, w, session) // BAD: default (false) is used
-}
-
-func main() {
-
-	router := gin.Default()
-
-	router.GET("/cookie", func(c *gin.Context) {
-
-		_, err := c.Cookie("session")
-
-		if err != nil {
-			c.SetCookie("session", "test", 3600, "/", "localhost", false, false) // BAD: httpOnly set to false
-		}
-	})
-
-	router.Run()
-}
diff --git a/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.qlref b/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.qlref
deleted file mode 100644
index ca6a153038cf..000000000000
--- a/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.qlref
+++ /dev/null
@@ -1 +0,0 @@
-experimental/CWE-1004/CookieWithoutHttpOnly.ql
diff --git a/go/ql/test/query-tests/Security/CWE-1004/CookieWithoutHttpOnly.expected b/go/ql/test/query-tests/Security/CWE-1004/CookieWithoutHttpOnly.expected
new file mode 100644
index 000000000000..93988411db21
--- /dev/null
+++ b/go/ql/test/query-tests/Security/CWE-1004/CookieWithoutHttpOnly.expected
@@ -0,0 +1,139 @@
+#select
+| CookieWithoutHttpOnly.go:14:2:14:22 | call to SetCookie | CookieWithoutHttpOnly.go:11:10:11:18 | "session" | CookieWithoutHttpOnly.go:14:20:14:21 | &... | Sensitive cookie $@ does not set HttpOnly attribute to true. | CookieWithoutHttpOnly.go:11:10:11:18 | "session" | session |
+| CookieWithoutHttpOnly.go:23:2:23:22 | call to SetCookie | CookieWithoutHttpOnly.go:19:13:19:21 | "session" | CookieWithoutHttpOnly.go:23:20:23:21 | &... | Sensitive cookie $@ does not set HttpOnly attribute to true. | CookieWithoutHttpOnly.go:19:13:19:21 | "session" | session |
+| CookieWithoutHttpOnly.go:50:2:50:22 | call to SetCookie | CookieWithoutHttpOnly.go:46:10:46:18 | "session" | CookieWithoutHttpOnly.go:50:20:50:21 | &... | Sensitive cookie $@ does not set HttpOnly attribute to true. | CookieWithoutHttpOnly.go:46:10:46:18 | "session" | session |
+| CookieWithoutHttpOnly.go:60:2:60:22 | call to SetCookie | CookieWithoutHttpOnly.go:56:13:56:21 | "session" | CookieWithoutHttpOnly.go:60:20:60:21 | &... | Sensitive cookie $@ does not set HttpOnly attribute to true. | CookieWithoutHttpOnly.go:56:13:56:21 | "session" | session |
+| CookieWithoutHttpOnly.go:90:2:90:22 | call to SetCookie | CookieWithoutHttpOnly.go:86:10:86:18 | "session" | CookieWithoutHttpOnly.go:90:20:90:21 | &... | Sensitive cookie $@ does not set HttpOnly attribute to true. | CookieWithoutHttpOnly.go:86:10:86:18 | "session" | session |
+| CookieWithoutHttpOnly.go:109:2:109:22 | call to SetCookie | CookieWithoutHttpOnly.go:103:10:103:18 | "session" | CookieWithoutHttpOnly.go:109:20:109:21 | &... | Sensitive cookie $@ does not set HttpOnly attribute to true. | CookieWithoutHttpOnly.go:103:10:103:18 | "session" | session |
+| CookieWithoutHttpOnly.go:119:2:119:22 | call to SetCookie | CookieWithoutHttpOnly.go:113:13:113:24 | "login_name" | CookieWithoutHttpOnly.go:119:20:119:21 | &... | Sensitive cookie $@ does not set HttpOnly attribute to true. | CookieWithoutHttpOnly.go:113:13:113:24 | "login_name" | login_name |
+| CookieWithoutHttpOnly.go:119:2:119:22 | call to SetCookie | CookieWithoutHttpOnly.go:115:10:115:16 | session | CookieWithoutHttpOnly.go:119:20:119:21 | &... | Sensitive cookie $@ does not set HttpOnly attribute to true. | CookieWithoutHttpOnly.go:115:10:115:16 | session | session |
+| CookieWithoutHttpOnly.go:131:4:131:71 | call to SetCookie | CookieWithoutHttpOnly.go:131:16:131:24 | "session" | CookieWithoutHttpOnly.go:131:16:131:24 | "session" | Sensitive cookie $@ does not set HttpOnly attribute to true. | CookieWithoutHttpOnly.go:131:16:131:24 | "session" | session |
+edges
+| CookieWithoutHttpOnly.go:10:7:13:2 | struct literal | CookieWithoutHttpOnly.go:14:20:14:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:10:7:13:2 | struct literal | CookieWithoutHttpOnly.go:14:21:14:21 | c | provenance |  |
+| CookieWithoutHttpOnly.go:11:10:11:18 | "session" | CookieWithoutHttpOnly.go:10:7:13:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:14:20:14:21 | &... [pointer] | CookieWithoutHttpOnly.go:14:20:14:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:14:21:14:21 | c | CookieWithoutHttpOnly.go:14:20:14:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:14:21:14:21 | c | CookieWithoutHttpOnly.go:14:20:14:21 | &... [pointer] | provenance |  |
+| CookieWithoutHttpOnly.go:18:7:22:2 | struct literal | CookieWithoutHttpOnly.go:23:20:23:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:18:7:22:2 | struct literal | CookieWithoutHttpOnly.go:23:21:23:21 | c | provenance |  |
+| CookieWithoutHttpOnly.go:19:13:19:21 | "session" | CookieWithoutHttpOnly.go:18:7:22:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:23:20:23:21 | &... [pointer] | CookieWithoutHttpOnly.go:23:20:23:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:23:21:23:21 | c | CookieWithoutHttpOnly.go:23:20:23:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:23:21:23:21 | c | CookieWithoutHttpOnly.go:23:20:23:21 | &... [pointer] | provenance |  |
+| CookieWithoutHttpOnly.go:27:7:31:2 | struct literal | CookieWithoutHttpOnly.go:32:20:32:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:27:7:31:2 | struct literal | CookieWithoutHttpOnly.go:32:21:32:21 | c | provenance |  |
+| CookieWithoutHttpOnly.go:28:13:28:21 | "session" | CookieWithoutHttpOnly.go:27:7:31:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:32:20:32:21 | &... [pointer] | CookieWithoutHttpOnly.go:32:20:32:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:32:21:32:21 | c | CookieWithoutHttpOnly.go:32:20:32:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:32:21:32:21 | c | CookieWithoutHttpOnly.go:32:20:32:21 | &... [pointer] | provenance |  |
+| CookieWithoutHttpOnly.go:36:7:39:2 | struct literal | CookieWithoutHttpOnly.go:41:20:41:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:36:7:39:2 | struct literal | CookieWithoutHttpOnly.go:41:21:41:21 | c | provenance |  |
+| CookieWithoutHttpOnly.go:37:10:37:18 | "session" | CookieWithoutHttpOnly.go:36:7:39:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:41:20:41:21 | &... [pointer] | CookieWithoutHttpOnly.go:41:20:41:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:41:21:41:21 | c | CookieWithoutHttpOnly.go:41:20:41:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:41:21:41:21 | c | CookieWithoutHttpOnly.go:41:20:41:21 | &... [pointer] | provenance |  |
+| CookieWithoutHttpOnly.go:45:7:48:2 | struct literal | CookieWithoutHttpOnly.go:50:20:50:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:45:7:48:2 | struct literal | CookieWithoutHttpOnly.go:50:21:50:21 | c | provenance |  |
+| CookieWithoutHttpOnly.go:46:10:46:18 | "session" | CookieWithoutHttpOnly.go:45:7:48:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:50:20:50:21 | &... [pointer] | CookieWithoutHttpOnly.go:50:20:50:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:50:21:50:21 | c | CookieWithoutHttpOnly.go:50:20:50:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:50:21:50:21 | c | CookieWithoutHttpOnly.go:50:20:50:21 | &... [pointer] | provenance |  |
+| CookieWithoutHttpOnly.go:55:7:59:2 | struct literal | CookieWithoutHttpOnly.go:60:20:60:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:55:7:59:2 | struct literal | CookieWithoutHttpOnly.go:60:21:60:21 | c | provenance |  |
+| CookieWithoutHttpOnly.go:56:13:56:21 | "session" | CookieWithoutHttpOnly.go:55:7:59:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:60:20:60:21 | &... [pointer] | CookieWithoutHttpOnly.go:60:20:60:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:60:21:60:21 | c | CookieWithoutHttpOnly.go:60:20:60:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:60:21:60:21 | c | CookieWithoutHttpOnly.go:60:20:60:21 | &... [pointer] | provenance |  |
+| CookieWithoutHttpOnly.go:65:7:69:2 | struct literal | CookieWithoutHttpOnly.go:70:20:70:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:65:7:69:2 | struct literal | CookieWithoutHttpOnly.go:70:21:70:21 | c | provenance |  |
+| CookieWithoutHttpOnly.go:66:13:66:21 | "session" | CookieWithoutHttpOnly.go:65:7:69:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:70:20:70:21 | &... [pointer] | CookieWithoutHttpOnly.go:70:20:70:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:70:21:70:21 | c | CookieWithoutHttpOnly.go:70:20:70:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:70:21:70:21 | c | CookieWithoutHttpOnly.go:70:20:70:21 | &... [pointer] | provenance |  |
+| CookieWithoutHttpOnly.go:75:7:78:2 | struct literal | CookieWithoutHttpOnly.go:80:20:80:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:75:7:78:2 | struct literal | CookieWithoutHttpOnly.go:80:21:80:21 | c | provenance |  |
+| CookieWithoutHttpOnly.go:76:10:76:18 | "session" | CookieWithoutHttpOnly.go:75:7:78:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:80:20:80:21 | &... [pointer] | CookieWithoutHttpOnly.go:80:20:80:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:80:21:80:21 | c | CookieWithoutHttpOnly.go:80:20:80:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:80:21:80:21 | c | CookieWithoutHttpOnly.go:80:20:80:21 | &... [pointer] | provenance |  |
+| CookieWithoutHttpOnly.go:85:7:88:2 | struct literal | CookieWithoutHttpOnly.go:90:20:90:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:85:7:88:2 | struct literal | CookieWithoutHttpOnly.go:90:21:90:21 | c | provenance |  |
+| CookieWithoutHttpOnly.go:86:10:86:18 | "session" | CookieWithoutHttpOnly.go:85:7:88:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:90:20:90:21 | &... [pointer] | CookieWithoutHttpOnly.go:90:20:90:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:90:21:90:21 | c | CookieWithoutHttpOnly.go:90:20:90:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:90:21:90:21 | c | CookieWithoutHttpOnly.go:90:20:90:21 | &... [pointer] | provenance |  |
+| CookieWithoutHttpOnly.go:103:10:103:18 | "session" | CookieWithoutHttpOnly.go:105:10:105:13 | name | provenance |  |
+| CookieWithoutHttpOnly.go:104:7:107:2 | struct literal | CookieWithoutHttpOnly.go:109:20:109:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:104:7:107:2 | struct literal | CookieWithoutHttpOnly.go:109:21:109:21 | c | provenance |  |
+| CookieWithoutHttpOnly.go:105:10:105:13 | name | CookieWithoutHttpOnly.go:104:7:107:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:109:20:109:21 | &... [pointer] | CookieWithoutHttpOnly.go:109:20:109:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:109:21:109:21 | c | CookieWithoutHttpOnly.go:109:20:109:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:109:21:109:21 | c | CookieWithoutHttpOnly.go:109:20:109:21 | &... [pointer] | provenance |  |
+| CookieWithoutHttpOnly.go:113:13:113:24 | "login_name" | CookieWithoutHttpOnly.go:115:10:115:16 | session | provenance |  |
+| CookieWithoutHttpOnly.go:114:7:117:2 | struct literal | CookieWithoutHttpOnly.go:119:20:119:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:114:7:117:2 | struct literal | CookieWithoutHttpOnly.go:119:21:119:21 | c | provenance |  |
+| CookieWithoutHttpOnly.go:115:10:115:16 | session | CookieWithoutHttpOnly.go:114:7:117:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:119:20:119:21 | &... [pointer] | CookieWithoutHttpOnly.go:119:20:119:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:119:21:119:21 | c | CookieWithoutHttpOnly.go:119:20:119:21 | &... | provenance |  |
+| CookieWithoutHttpOnly.go:119:21:119:21 | c | CookieWithoutHttpOnly.go:119:20:119:21 | &... [pointer] | provenance |  |
+nodes
+| CookieWithoutHttpOnly.go:10:7:13:2 | struct literal | semmle.label | struct literal |
+| CookieWithoutHttpOnly.go:11:10:11:18 | "session" | semmle.label | "session" |
+| CookieWithoutHttpOnly.go:14:20:14:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:14:20:14:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:14:21:14:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:18:7:22:2 | struct literal | semmle.label | struct literal |
+| CookieWithoutHttpOnly.go:19:13:19:21 | "session" | semmle.label | "session" |
+| CookieWithoutHttpOnly.go:23:20:23:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:23:20:23:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:23:21:23:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:27:7:31:2 | struct literal | semmle.label | struct literal |
+| CookieWithoutHttpOnly.go:28:13:28:21 | "session" | semmle.label | "session" |
+| CookieWithoutHttpOnly.go:32:20:32:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:32:20:32:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:32:21:32:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:36:7:39:2 | struct literal | semmle.label | struct literal |
+| CookieWithoutHttpOnly.go:37:10:37:18 | "session" | semmle.label | "session" |
+| CookieWithoutHttpOnly.go:41:20:41:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:41:20:41:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:41:21:41:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:45:7:48:2 | struct literal | semmle.label | struct literal |
+| CookieWithoutHttpOnly.go:46:10:46:18 | "session" | semmle.label | "session" |
+| CookieWithoutHttpOnly.go:50:20:50:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:50:20:50:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:50:21:50:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:55:7:59:2 | struct literal | semmle.label | struct literal |
+| CookieWithoutHttpOnly.go:56:13:56:21 | "session" | semmle.label | "session" |
+| CookieWithoutHttpOnly.go:60:20:60:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:60:20:60:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:60:21:60:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:65:7:69:2 | struct literal | semmle.label | struct literal |
+| CookieWithoutHttpOnly.go:66:13:66:21 | "session" | semmle.label | "session" |
+| CookieWithoutHttpOnly.go:70:20:70:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:70:20:70:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:70:21:70:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:75:7:78:2 | struct literal | semmle.label | struct literal |
+| CookieWithoutHttpOnly.go:76:10:76:18 | "session" | semmle.label | "session" |
+| CookieWithoutHttpOnly.go:80:20:80:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:80:20:80:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:80:21:80:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:85:7:88:2 | struct literal | semmle.label | struct literal |
+| CookieWithoutHttpOnly.go:86:10:86:18 | "session" | semmle.label | "session" |
+| CookieWithoutHttpOnly.go:90:20:90:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:90:20:90:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:90:21:90:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:103:10:103:18 | "session" | semmle.label | "session" |
+| CookieWithoutHttpOnly.go:104:7:107:2 | struct literal | semmle.label | struct literal |
+| CookieWithoutHttpOnly.go:105:10:105:13 | name | semmle.label | name |
+| CookieWithoutHttpOnly.go:109:20:109:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:109:20:109:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:109:21:109:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:113:13:113:24 | "login_name" | semmle.label | "login_name" |
+| CookieWithoutHttpOnly.go:114:7:117:2 | struct literal | semmle.label | struct literal |
+| CookieWithoutHttpOnly.go:115:10:115:16 | session | semmle.label | session |
+| CookieWithoutHttpOnly.go:119:20:119:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:119:20:119:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:119:21:119:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:131:16:131:24 | "session" | semmle.label | "session" |
+subpaths
diff --git a/go/ql/test/query-tests/Security/CWE-1004/CookieWithoutHttpOnly.go b/go/ql/test/query-tests/Security/CWE-1004/CookieWithoutHttpOnly.go
new file mode 100644
index 000000000000..0e3958aca2e5
--- /dev/null
+++ b/go/ql/test/query-tests/Security/CWE-1004/CookieWithoutHttpOnly.go
@@ -0,0 +1,136 @@
+package main
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+)
+
+func handler1(w http.ResponseWriter, r *http.Request) {
+	c := http.Cookie{
+		Name:  "session", // $ Source
+		Value: "secret",
+	}
+	http.SetCookie(w, &c) // $ Alert // BAD: HttpOnly set to false by default
+}
+
+func handler2(w http.ResponseWriter, r *http.Request) {
+	c := http.Cookie{
+		Name:     "session", // $ Source
+		Value:    "secret",
+		HttpOnly: false,
+	}
+	http.SetCookie(w, &c) // $ Alert // BAD: HttpOnly explicitly set to false
+}
+
+func handler3(w http.ResponseWriter, r *http.Request) {
+	c := http.Cookie{
+		Name:     "session", 
+		Value:    "secret",
+		HttpOnly: true,
+	}
+	http.SetCookie(w, &c) // GOOD: HttpOnly explicitly set to true
+}
+
+func handler4(w http.ResponseWriter, r *http.Request) {
+	c := http.Cookie{
+		Name:  "session",
+		Value: "secret",
+	}
+	c.HttpOnly = true
+	http.SetCookie(w, &c) // GOOD: HttpOnly explicitly set to true
+}
+
+func handler5(w http.ResponseWriter, r *http.Request) {
+	c := http.Cookie{
+		Name:  "session", // $ Source
+		Value: "secret",
+	}
+	c.HttpOnly = false
+	http.SetCookie(w, &c) // $ Alert // BAD: HttpOnly explicitly set to false
+}
+
+func handler6(w http.ResponseWriter, r *http.Request) {
+	val := false
+	c := http.Cookie{
+		Name:     "session", // $ Source
+		Value:    "secret",
+		HttpOnly: val,
+	}
+	http.SetCookie(w, &c) // $ Alert // BAD: HttpOnly explicitly set to false
+}
+
+func handler7(w http.ResponseWriter, r *http.Request) {
+	val := true
+	c := http.Cookie{
+		Name:     "session", 
+		Value:    "secret",
+		HttpOnly: val,
+	}
+	http.SetCookie(w, &c) // GOOD: HttpOnly explicitly set to true
+}
+
+func handler8(w http.ResponseWriter, r *http.Request) {
+	val := true
+	c := http.Cookie{
+		Name:  "session",
+		Value: "secret",
+	}
+	c.HttpOnly = val
+	http.SetCookie(w, &c) // GOOD: HttpOnly explicitly set to true
+}
+
+func handler9(w http.ResponseWriter, r *http.Request) {
+	val := false
+	c := http.Cookie{
+		Name:  "session", // $ Source
+		Value: "secret",
+	}
+	c.HttpOnly = val
+	http.SetCookie(w, &c) // $ Alert //BAD: HttpOnly explicitly set to false
+}
+
+func handler10(w http.ResponseWriter, r *http.Request) {
+	c := http.Cookie{
+		Name:  "consent",
+		Value: "1",
+	}
+	c.HttpOnly = false
+	http.SetCookie(w, &c) // GOOD: Name is not auth related
+}
+
+func handler11(w http.ResponseWriter, r *http.Request) {
+	name := "session" // $ Source
+	c := http.Cookie{
+		Name:  name,
+		Value: "secret",
+	}
+	c.HttpOnly = false
+	http.SetCookie(w, &c) // $ Alert // BAD: auth related name
+}
+
+func handler12(w http.ResponseWriter, r *http.Request) {
+	session := "login_name" // $ Source
+	c := http.Cookie{
+		Name:  session, // $ Source
+		Value: "secret",
+	}
+	c.HttpOnly = false
+	http.SetCookie(w, &c) // $ Alert // BAD: auth related name
+}
+
+func main() {
+
+	router := gin.Default()
+
+	router.GET("/cookie", func(c *gin.Context) {
+
+		_, err := c.Cookie("session") 
+
+		if err != nil {
+			c.SetCookie("session", "test", 3600, "/", "localhost", false, false) // $ Alert // BAD: httpOnly set to false
+		}
+	})
+
+	router.Run()
+}
diff --git a/go/ql/test/query-tests/Security/CWE-1004/CookieWithoutHttpOnly.qlref b/go/ql/test/query-tests/Security/CWE-1004/CookieWithoutHttpOnly.qlref
new file mode 100644
index 000000000000..399174134bb2
--- /dev/null
+++ b/go/ql/test/query-tests/Security/CWE-1004/CookieWithoutHttpOnly.qlref
@@ -0,0 +1,2 @@
+query: Security/CWE-1004/CookieWithoutHttpOnly.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql
diff --git a/go/ql/test/experimental/CWE-1004/go.mod b/go/ql/test/query-tests/Security/CWE-1004/go.mod
similarity index 100%
rename from go/ql/test/experimental/CWE-1004/go.mod
rename to go/ql/test/query-tests/Security/CWE-1004/go.mod
diff --git a/go/ql/test/experimental/CWE-1004/vendor/github.com/gin-gonic/gin/LICENSE b/go/ql/test/query-tests/Security/CWE-1004/vendor/github.com/gin-gonic/gin/LICENSE
similarity index 100%
rename from go/ql/test/experimental/CWE-1004/vendor/github.com/gin-gonic/gin/LICENSE
rename to go/ql/test/query-tests/Security/CWE-1004/vendor/github.com/gin-gonic/gin/LICENSE
diff --git a/go/ql/test/experimental/CWE-1004/vendor/github.com/gin-gonic/gin/binding/stub.go b/go/ql/test/query-tests/Security/CWE-1004/vendor/github.com/gin-gonic/gin/binding/stub.go
similarity index 100%
rename from go/ql/test/experimental/CWE-1004/vendor/github.com/gin-gonic/gin/binding/stub.go
rename to go/ql/test/query-tests/Security/CWE-1004/vendor/github.com/gin-gonic/gin/binding/stub.go
diff --git a/go/ql/test/experimental/CWE-1004/vendor/github.com/gin-gonic/gin/stub.go b/go/ql/test/query-tests/Security/CWE-1004/vendor/github.com/gin-gonic/gin/stub.go
similarity index 100%
rename from go/ql/test/experimental/CWE-1004/vendor/github.com/gin-gonic/gin/stub.go
rename to go/ql/test/query-tests/Security/CWE-1004/vendor/github.com/gin-gonic/gin/stub.go
diff --git a/go/ql/test/experimental/CWE-1004/vendor/github.com/gorilla/sessions/stub.go b/go/ql/test/query-tests/Security/CWE-1004/vendor/github.com/gorilla/sessions/stub.go
similarity index 100%
rename from go/ql/test/experimental/CWE-1004/vendor/github.com/gorilla/sessions/stub.go
rename to go/ql/test/query-tests/Security/CWE-1004/vendor/github.com/gorilla/sessions/stub.go
diff --git a/go/ql/test/experimental/CWE-1004/vendor/modules.txt b/go/ql/test/query-tests/Security/CWE-1004/vendor/modules.txt
similarity index 100%
rename from go/ql/test/experimental/CWE-1004/vendor/modules.txt
rename to go/ql/test/query-tests/Security/CWE-1004/vendor/modules.txt
diff --git a/go/ql/test/query-tests/Security/CWE-614/CookieWithoutSecure.expected b/go/ql/test/query-tests/Security/CWE-614/CookieWithoutSecure.expected
new file mode 100644
index 000000000000..1695d82a4f75
--- /dev/null
+++ b/go/ql/test/query-tests/Security/CWE-614/CookieWithoutSecure.expected
@@ -0,0 +1,6 @@
+| CookieWithoutSecure.go:14:2:14:22 | call to SetCookie | Cookie does not set Secure attribute to true. |
+| CookieWithoutSecure.go:23:2:23:22 | call to SetCookie | Cookie does not set Secure attribute to true. |
+| CookieWithoutSecure.go:50:2:50:22 | call to SetCookie | Cookie does not set Secure attribute to true. |
+| CookieWithoutSecure.go:60:2:60:22 | call to SetCookie | Cookie does not set Secure attribute to true. |
+| CookieWithoutSecure.go:90:2:90:22 | call to SetCookie | Cookie does not set Secure attribute to true. |
+| CookieWithoutSecure.go:102:4:102:71 | call to SetCookie | Cookie does not set Secure attribute to true. |
diff --git a/go/ql/test/query-tests/Security/CWE-614/CookieWithoutSecure.go b/go/ql/test/query-tests/Security/CWE-614/CookieWithoutSecure.go
new file mode 100644
index 000000000000..a066babb6e29
--- /dev/null
+++ b/go/ql/test/query-tests/Security/CWE-614/CookieWithoutSecure.go
@@ -0,0 +1,107 @@
+package main
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+)
+
+func handler1(w http.ResponseWriter, r *http.Request) {
+	c := http.Cookie{
+		Name:  "session", // $ Source
+		Value: "secret",
+	}
+	http.SetCookie(w, &c) // $ Alert // BAD: Secure set to false by default
+}
+
+func handler2(w http.ResponseWriter, r *http.Request) {
+	c := http.Cookie{
+		Name:     "session", // $ Source
+		Value:    "secret",
+		Secure: false,
+	}
+	http.SetCookie(w, &c) // $ Alert // BAD: Secure explicitly set to false
+}
+
+func handler3(w http.ResponseWriter, r *http.Request) {
+	c := http.Cookie{
+		Name:     "session", 
+		Value:    "secret",
+		Secure: true,
+	}
+	http.SetCookie(w, &c) // GOOD: Secure explicitly set to true
+}
+
+func handler4(w http.ResponseWriter, r *http.Request) {
+	c := http.Cookie{
+		Name:  "session",
+		Value: "secret",
+	}
+	c.Secure = true
+	http.SetCookie(w, &c) // GOOD: Secure explicitly set to true
+}
+
+func handler5(w http.ResponseWriter, r *http.Request) {
+	c := http.Cookie{
+		Name:  "session", // $ Source
+		Value: "secret",
+	}
+	c.Secure = false
+	http.SetCookie(w, &c) // $ Alert // BAD: Secure explicitly set to false
+}
+
+func handler6(w http.ResponseWriter, r *http.Request) {
+	val := false
+	c := http.Cookie{
+		Name:     "session", // $ Source
+		Value:    "secret",
+		Secure: val,
+	}
+	http.SetCookie(w, &c) // $ Alert // BAD: Secure explicitly set to false
+}
+
+func handler7(w http.ResponseWriter, r *http.Request) {
+	val := true
+	c := http.Cookie{
+		Name:     "session", 
+		Value:    "secret",
+		Secure: val,
+	}
+	http.SetCookie(w, &c) // GOOD: Secure explicitly set to true
+}
+
+func handler8(w http.ResponseWriter, r *http.Request) {
+	val := true
+	c := http.Cookie{
+		Name:  "session",
+		Value: "secret",
+	}
+	c.Secure = val
+	http.SetCookie(w, &c) // GOOD: Secure explicitly set to true
+}
+
+func handler9(w http.ResponseWriter, r *http.Request) {
+	val := false
+	c := http.Cookie{
+		Name:  "session", // $ Source
+		Value: "secret",
+	}
+	c.Secure = val
+	http.SetCookie(w, &c) // $ Alert //BAD: Secure explicitly set to false
+}
+
+func main() {
+
+	router := gin.Default()
+
+	router.GET("/cookie", func(c *gin.Context) {
+
+		_, err := c.Cookie("session") 
+
+		if err != nil {
+			c.SetCookie("session", "test", 3600, "/", "localhost", false, false) // $ Alert // BAD: Secure set to false
+		}
+	})
+
+	router.Run()
+}
diff --git a/go/ql/test/query-tests/Security/CWE-614/CookieWithoutSecure.qlref b/go/ql/test/query-tests/Security/CWE-614/CookieWithoutSecure.qlref
new file mode 100644
index 000000000000..9b6762358be3
--- /dev/null
+++ b/go/ql/test/query-tests/Security/CWE-614/CookieWithoutSecure.qlref
@@ -0,0 +1,2 @@
+query: Security/CWE-614/CookieWithoutSecure.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql
diff --git a/go/ql/test/query-tests/Security/CWE-614/go.mod b/go/ql/test/query-tests/Security/CWE-614/go.mod
new file mode 100644
index 000000000000..5ab32129a9b9
--- /dev/null
+++ b/go/ql/test/query-tests/Security/CWE-614/go.mod
@@ -0,0 +1,8 @@
+module example.com/m
+
+go 1.14
+
+require (
+    github.com/gin-gonic/gin v1.7.1
+    github.com/gorilla/sessions v1.2.1
+    )
diff --git a/go/ql/test/query-tests/Security/CWE-614/vendor/github.com/gin-gonic/gin/LICENSE b/go/ql/test/query-tests/Security/CWE-614/vendor/github.com/gin-gonic/gin/LICENSE
new file mode 100644
index 000000000000..1ff7f3706055
--- /dev/null
+++ b/go/ql/test/query-tests/Security/CWE-614/vendor/github.com/gin-gonic/gin/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 Manuel Martínez-Almeida
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/go/ql/test/query-tests/Security/CWE-614/vendor/github.com/gin-gonic/gin/binding/stub.go b/go/ql/test/query-tests/Security/CWE-614/vendor/github.com/gin-gonic/gin/binding/stub.go
new file mode 100644
index 000000000000..43fd634edcd3
--- /dev/null
+++ b/go/ql/test/query-tests/Security/CWE-614/vendor/github.com/gin-gonic/gin/binding/stub.go
@@ -0,0 +1,12 @@
+// Code generated by depstubber. DO NOT EDIT.
+// This is a simple stub for github.com/gin-gonic/gin/binding, strictly for use in testing.
+
+// See the LICENSE file for information about the licensing of the original library.
+// Source: github.com/gin-gonic/gin/binding (exports: ; functions: YAML)
+
+// Package binding is a stub of github.com/gin-gonic/gin/binding, generated by depstubber.
+package binding
+
+import ()
+
+var YAML interface{} = nil
diff --git a/go/ql/test/query-tests/Security/CWE-614/vendor/github.com/gin-gonic/gin/stub.go b/go/ql/test/query-tests/Security/CWE-614/vendor/github.com/gin-gonic/gin/stub.go
new file mode 100644
index 000000000000..e343d5f2aa08
--- /dev/null
+++ b/go/ql/test/query-tests/Security/CWE-614/vendor/github.com/gin-gonic/gin/stub.go
@@ -0,0 +1,677 @@
+// Code generated by depstubber. DO NOT EDIT.
+// This is a simple stub for github.com/gin-gonic/gin, strictly for use in testing.
+
+// See the LICENSE file for information about the licensing of the original library.
+// Source: github.com/gin-gonic/gin (exports: Context; functions: Default)
+
+// Package gin is a stub of github.com/gin-gonic/gin, generated by depstubber.
+package gin
+
+import (
+	bufio "bufio"
+	template "html/template"
+	io "io"
+	multipart "mime/multipart"
+	net "net"
+	http "net/http"
+	time "time"
+)
+
+type Context struct {
+	Request  *http.Request
+	Writer   ResponseWriter
+	Params   Params
+	Keys     map[string]interface{}
+	Errors   interface{}
+	Accepted []string
+}
+
+func (_ *Context) Abort() {}
+
+func (_ *Context) AbortWithError(_ int, _ error) *Error {
+	return nil
+}
+
+func (_ *Context) AbortWithStatus(_ int) {}
+
+func (_ *Context) AbortWithStatusJSON(_ int, _ interface{}) {}
+
+func (_ *Context) AsciiJSON(_ int, _ interface{}) {}
+
+func (_ *Context) Bind(_ interface{}) error {
+	return nil
+}
+
+func (_ *Context) BindHeader(_ interface{}) error {
+	return nil
+}
+
+func (_ *Context) BindJSON(_ interface{}) error {
+	return nil
+}
+
+func (_ *Context) BindQuery(_ interface{}) error {
+	return nil
+}
+
+func (_ *Context) BindUri(_ interface{}) error {
+	return nil
+}
+
+func (_ *Context) BindWith(_ interface{}, _ interface{}) error {
+	return nil
+}
+
+func (_ *Context) BindXML(_ interface{}) error {
+	return nil
+}
+
+func (_ *Context) BindYAML(_ interface{}) error {
+	return nil
+}
+
+func (_ *Context) ClientIP() string {
+	return ""
+}
+
+func (_ *Context) ContentType() string {
+	return ""
+}
+
+func (_ *Context) Cookie(_ string) (string, error) {
+	return "", nil
+}
+
+func (_ *Context) Copy() *Context {
+	return nil
+}
+
+func (_ *Context) Data(_ int, _ string, _ []byte) {}
+
+func (_ *Context) DataFromReader(_ int, _ int64, _ string, _ io.Reader, _ map[string]string) {}
+
+func (_ *Context) Deadline() (time.Time, bool) {
+	return time.Time{}, false
+}
+
+func (_ *Context) DefaultPostForm(_ string, _ string) string {
+	return ""
+}
+
+func (_ *Context) DefaultQuery(_ string, _ string) string {
+	return ""
+}
+
+func (_ *Context) Done() <-chan struct{} {
+	return nil
+}
+
+func (_ *Context) Err() error {
+	return nil
+}
+
+func (_ *Context) Error(_ error) *Error {
+	return nil
+}
+
+func (_ *Context) File(_ string) {}
+
+func (_ *Context) FileAttachment(_ string, _ string) {}
+
+func (_ *Context) FileFromFS(_ string, _ http.FileSystem) {}
+
+func (_ *Context) FormFile(_ string) (*multipart.FileHeader, error) {
+	return nil, nil
+}
+
+func (_ *Context) FullPath() string {
+	return ""
+}
+
+func (_ *Context) Get(_ string) (interface{}, bool) {
+	return nil, false
+}
+
+func (_ *Context) GetBool(_ string) bool {
+	return false
+}
+
+func (_ *Context) GetDuration(_ string) time.Duration {
+	return 0
+}
+
+func (_ *Context) GetFloat64(_ string) float64 {
+	return 0
+}
+
+func (_ *Context) GetHeader(_ string) string {
+	return ""
+}
+
+func (_ *Context) GetInt(_ string) int {
+	return 0
+}
+
+func (_ *Context) GetInt64(_ string) int64 {
+	return 0
+}
+
+func (_ *Context) GetPostForm(_ string) (string, bool) {
+	return "", false
+}
+
+func (_ *Context) GetPostFormArray(_ string) ([]string, bool) {
+	return nil, false
+}
+
+func (_ *Context) GetPostFormMap(_ string) (map[string]string, bool) {
+	return nil, false
+}
+
+func (_ *Context) GetQuery(_ string) (string, bool) {
+	return "", false
+}
+
+func (_ *Context) GetQueryArray(_ string) ([]string, bool) {
+	return nil, false
+}
+
+func (_ *Context) GetQueryMap(_ string) (map[string]string, bool) {
+	return nil, false
+}
+
+func (_ *Context) GetRawData() ([]byte, error) {
+	return nil, nil
+}
+
+func (_ *Context) GetString(_ string) string {
+	return ""
+}
+
+func (_ *Context) GetStringMap(_ string) map[string]interface{} {
+	return nil
+}
+
+func (_ *Context) GetStringMapString(_ string) map[string]string {
+	return nil
+}
+
+func (_ *Context) GetStringMapStringSlice(_ string) map[string][]string {
+	return nil
+}
+
+func (_ *Context) GetStringSlice(_ string) []string {
+	return nil
+}
+
+func (_ *Context) GetTime(_ string) time.Time {
+	return time.Time{}
+}
+
+func (_ *Context) GetUint(_ string) uint {
+	return 0
+}
+
+func (_ *Context) GetUint64(_ string) uint64 {
+	return 0
+}
+
+func (_ *Context) HTML(_ int, _ string, _ interface{}) {}
+
+func (_ *Context) Handler() HandlerFunc {
+	return nil
+}
+
+func (_ *Context) HandlerName() string {
+	return ""
+}
+
+func (_ *Context) HandlerNames() []string {
+	return nil
+}
+
+func (_ *Context) Header(_ string, _ string) {}
+
+func (_ *Context) IndentedJSON(_ int, _ interface{}) {}
+
+func (_ *Context) IsAborted() bool {
+	return false
+}
+
+func (_ *Context) IsWebsocket() bool {
+	return false
+}
+
+func (_ *Context) JSON(_ int, _ interface{}) {}
+
+func (_ *Context) JSONP(_ int, _ interface{}) {}
+
+func (_ *Context) MultipartForm() (*multipart.Form, error) {
+	return nil, nil
+}
+
+func (_ *Context) MustBindWith(_ interface{}, _ interface{}) error {
+	return nil
+}
+
+func (_ *Context) MustGet(_ string) interface{} {
+	return nil
+}
+
+func (_ *Context) Negotiate(_ int, _ Negotiate) {}
+
+func (_ *Context) NegotiateFormat(_ ...string) string {
+	return ""
+}
+
+func (_ *Context) Next() {}
+
+func (_ *Context) Param(_ string) string {
+	return ""
+}
+
+func (_ *Context) PostForm(_ string) string {
+	return ""
+}
+
+func (_ *Context) PostFormArray(_ string) []string {
+	return nil
+}
+
+func (_ *Context) PostFormMap(_ string) map[string]string {
+	return nil
+}
+
+func (_ *Context) ProtoBuf(_ int, _ interface{}) {}
+
+func (_ *Context) PureJSON(_ int, _ interface{}) {}
+
+func (_ *Context) Query(_ string) string {
+	return ""
+}
+
+func (_ *Context) QueryArray(_ string) []string {
+	return nil
+}
+
+func (_ *Context) QueryMap(_ string) map[string]string {
+	return nil
+}
+
+func (_ *Context) Redirect(_ int, _ string) {}
+
+func (_ *Context) RemoteIP() (net.IP, bool) {
+	return nil, false
+}
+
+func (_ *Context) Render(_ int, _ interface{}) {}
+
+func (_ *Context) SSEvent(_ string, _ interface{}) {}
+
+func (_ *Context) SaveUploadedFile(_ *multipart.FileHeader, _ string) error {
+	return nil
+}
+
+func (_ *Context) SecureJSON(_ int, _ interface{}) {}
+
+func (_ *Context) Set(_ string, _ interface{}) {}
+
+func (_ *Context) SetAccepted(_ ...string) {}
+
+func (_ *Context) SetCookie(_ string, _ string, _ int, _ string, _ string, _ bool, _ bool) {}
+
+func (_ *Context) SetSameSite(_ http.SameSite) {}
+
+func (_ *Context) ShouldBind(_ interface{}) error {
+	return nil
+}
+
+func (_ *Context) ShouldBindBodyWith(_ interface{}, _ interface{}) error {
+	return nil
+}
+
+func (_ *Context) ShouldBindHeader(_ interface{}) error {
+	return nil
+}
+
+func (_ *Context) ShouldBindJSON(_ interface{}) error {
+	return nil
+}
+
+func (_ *Context) ShouldBindQuery(_ interface{}) error {
+	return nil
+}
+
+func (_ *Context) ShouldBindUri(_ interface{}) error {
+	return nil
+}
+
+func (_ *Context) ShouldBindWith(_ interface{}, _ interface{}) error {
+	return nil
+}
+
+func (_ *Context) ShouldBindXML(_ interface{}) error {
+	return nil
+}
+
+func (_ *Context) ShouldBindYAML(_ interface{}) error {
+	return nil
+}
+
+func (_ *Context) Status(_ int) {}
+
+func (_ *Context) Stream(_ func(io.Writer) bool) bool {
+	return false
+}
+
+func (_ *Context) String(_ int, _ string, _ ...interface{}) {}
+
+func (_ *Context) Value(_ interface{}) interface{} {
+	return nil
+}
+
+func (_ *Context) XML(_ int, _ interface{}) {}
+
+func (_ *Context) YAML(_ int, _ interface{}) {}
+
+func Default() *Engine {
+	return nil
+}
+
+type Engine struct {
+	RouterGroup            RouterGroup
+	RedirectTrailingSlash  bool
+	RedirectFixedPath      bool
+	HandleMethodNotAllowed bool
+	ForwardedByClientIP    bool
+	RemoteIPHeaders        []string
+	TrustedProxies         []string
+	AppEngine              bool
+	UseRawPath             bool
+	UnescapePathValues     bool
+	MaxMultipartMemory     int64
+	RemoveExtraSlash       bool
+	HTMLRender             interface{}
+	FuncMap                template.FuncMap
+}
+
+func (_ *Engine) Any(_ string, _ ...HandlerFunc) IRoutes {
+	return nil
+}
+
+func (_ *Engine) BasePath() string {
+	return ""
+}
+
+func (_ *Engine) DELETE(_ string, _ ...HandlerFunc) IRoutes {
+	return nil
+}
+
+func (_ *Engine) Delims(_ string, _ string) *Engine {
+	return nil
+}
+
+func (_ *Engine) GET(_ string, _ ...HandlerFunc) IRoutes {
+	return nil
+}
+
+func (_ *Engine) Group(_ string, _ ...HandlerFunc) *RouterGroup {
+	return nil
+}
+
+func (_ *Engine) HEAD(_ string, _ ...HandlerFunc) IRoutes {
+	return nil
+}
+
+func (_ *Engine) Handle(_ string, _ string, _ ...HandlerFunc) IRoutes {
+	return nil
+}
+
+func (_ *Engine) HandleContext(_ *Context) {}
+
+func (_ *Engine) LoadHTMLFiles(_ ...string) {}
+
+func (_ *Engine) LoadHTMLGlob(_ string) {}
+
+func (_ *Engine) NoMethod(_ ...HandlerFunc) {}
+
+func (_ *Engine) NoRoute(_ ...HandlerFunc) {}
+
+func (_ *Engine) OPTIONS(_ string, _ ...HandlerFunc) IRoutes {
+	return nil
+}
+
+func (_ *Engine) PATCH(_ string, _ ...HandlerFunc) IRoutes {
+	return nil
+}
+
+func (_ *Engine) POST(_ string, _ ...HandlerFunc) IRoutes {
+	return nil
+}
+
+func (_ *Engine) PUT(_ string, _ ...HandlerFunc) IRoutes {
+	return nil
+}
+
+func (_ *Engine) Routes() RoutesInfo {
+	return nil
+}
+
+func (_ *Engine) Run(_ ...string) error {
+	return nil
+}
+
+func (_ *Engine) RunFd(_ int) error {
+	return nil
+}
+
+func (_ *Engine) RunListener(_ net.Listener) error {
+	return nil
+}
+
+func (_ *Engine) RunTLS(_ string, _ string, _ string) error {
+	return nil
+}
+
+func (_ *Engine) RunUnix(_ string) error {
+	return nil
+}
+
+func (_ *Engine) SecureJsonPrefix(_ string) *Engine {
+	return nil
+}
+
+func (_ *Engine) ServeHTTP(_ http.ResponseWriter, _ *http.Request) {}
+
+func (_ *Engine) SetFuncMap(_ template.FuncMap) {}
+
+func (_ *Engine) SetHTMLTemplate(_ *template.Template) {}
+
+func (_ *Engine) Static(_ string, _ string) IRoutes {
+	return nil
+}
+
+func (_ *Engine) StaticFS(_ string, _ http.FileSystem) IRoutes {
+	return nil
+}
+
+func (_ *Engine) StaticFile(_ string, _ string) IRoutes {
+	return nil
+}
+
+func (_ *Engine) Use(_ ...HandlerFunc) IRoutes {
+	return nil
+}
+
+type Error struct {
+	Err  error
+	Type ErrorType
+	Meta interface{}
+}
+
+func (_ Error) Error() string {
+	return ""
+}
+
+func (_ *Error) IsType(_ ErrorType) bool {
+	return false
+}
+
+func (_ *Error) JSON() interface{} {
+	return nil
+}
+
+func (_ *Error) MarshalJSON() ([]byte, error) {
+	return nil, nil
+}
+
+func (_ *Error) SetMeta(_ interface{}) *Error {
+	return nil
+}
+
+func (_ *Error) SetType(_ ErrorType) *Error {
+	return nil
+}
+
+func (_ *Error) Unwrap() error {
+	return nil
+}
+
+type ErrorType uint64
+
+type HandlerFunc func(*Context)
+
+type HandlersChain []HandlerFunc
+
+func (_ HandlersChain) Last() HandlerFunc {
+	return nil
+}
+
+type IRoutes interface {
+	Any(_ string, _ ...HandlerFunc) IRoutes
+	DELETE(_ string, _ ...HandlerFunc) IRoutes
+	GET(_ string, _ ...HandlerFunc) IRoutes
+	HEAD(_ string, _ ...HandlerFunc) IRoutes
+	Handle(_ string, _ string, _ ...HandlerFunc) IRoutes
+	OPTIONS(_ string, _ ...HandlerFunc) IRoutes
+	PATCH(_ string, _ ...HandlerFunc) IRoutes
+	POST(_ string, _ ...HandlerFunc) IRoutes
+	PUT(_ string, _ ...HandlerFunc) IRoutes
+	Static(_ string, _ string) IRoutes
+	StaticFS(_ string, _ http.FileSystem) IRoutes
+	StaticFile(_ string, _ string) IRoutes
+	Use(_ ...HandlerFunc) IRoutes
+}
+
+type Negotiate struct {
+	Offered  []string
+	HTMLName string
+	HTMLData interface{}
+	JSONData interface{}
+	XMLData  interface{}
+	YAMLData interface{}
+	Data     interface{}
+}
+
+type Param struct {
+	Key   string
+	Value string
+}
+
+type Params []Param
+
+func (_ Params) ByName(_ string) string {
+	return ""
+}
+
+func (_ Params) Get(_ string) (string, bool) {
+	return "", false
+}
+
+type ResponseWriter interface {
+	CloseNotify() <-chan bool
+	Flush()
+	Header() http.Header
+	Hijack() (net.Conn, *bufio.ReadWriter, error)
+	Pusher() http.Pusher
+	Size() int
+	Status() int
+	Write(_ []byte) (int, error)
+	WriteHeader(_ int)
+	WriteHeaderNow()
+	WriteString(_ string) (int, error)
+	Written() bool
+}
+
+type RouteInfo struct {
+	Method      string
+	Path        string
+	Handler     string
+	HandlerFunc HandlerFunc
+}
+
+type RouterGroup struct {
+	Handlers HandlersChain
+}
+
+func (_ *RouterGroup) Any(_ string, _ ...HandlerFunc) IRoutes {
+	return nil
+}
+
+func (_ *RouterGroup) BasePath() string {
+	return ""
+}
+
+func (_ *RouterGroup) DELETE(_ string, _ ...HandlerFunc) IRoutes {
+	return nil
+}
+
+func (_ *RouterGroup) GET(_ string, _ ...HandlerFunc) IRoutes {
+	return nil
+}
+
+func (_ *RouterGroup) Group(_ string, _ ...HandlerFunc) *RouterGroup {
+	return nil
+}
+
+func (_ *RouterGroup) HEAD(_ string, _ ...HandlerFunc) IRoutes {
+	return nil
+}
+
+func (_ *RouterGroup) Handle(_ string, _ string, _ ...HandlerFunc) IRoutes {
+	return nil
+}
+
+func (_ *RouterGroup) OPTIONS(_ string, _ ...HandlerFunc) IRoutes {
+	return nil
+}
+
+func (_ *RouterGroup) PATCH(_ string, _ ...HandlerFunc) IRoutes {
+	return nil
+}
+
+func (_ *RouterGroup) POST(_ string, _ ...HandlerFunc) IRoutes {
+	return nil
+}
+
+func (_ *RouterGroup) PUT(_ string, _ ...HandlerFunc) IRoutes {
+	return nil
+}
+
+func (_ *RouterGroup) Static(_ string, _ string) IRoutes {
+	return nil
+}
+
+func (_ *RouterGroup) StaticFS(_ string, _ http.FileSystem) IRoutes {
+	return nil
+}
+
+func (_ *RouterGroup) StaticFile(_ string, _ string) IRoutes {
+	return nil
+}
+
+func (_ *RouterGroup) Use(_ ...HandlerFunc) IRoutes {
+	return nil
+}
+
+type RoutesInfo []RouteInfo
diff --git a/go/ql/test/query-tests/Security/CWE-614/vendor/github.com/gorilla/sessions/stub.go b/go/ql/test/query-tests/Security/CWE-614/vendor/github.com/gorilla/sessions/stub.go
new file mode 100644
index 000000000000..2ebc3858163f
--- /dev/null
+++ b/go/ql/test/query-tests/Security/CWE-614/vendor/github.com/gorilla/sessions/stub.go
@@ -0,0 +1,75 @@
+// Code generated by depstubber. DO NOT EDIT.
+// This is a simple stub for github.com/gorilla/sessions, strictly for use in testing.
+
+// See the LICENSE file for information about the licensing of the original library.
+// Source: github.com/gorilla/sessions (exports: CookieStore; functions: NewCookieStore)
+
+// Package sessions is a stub of github.com/gorilla/sessions, generated by depstubber.
+package sessions
+
+import (
+	http "net/http"
+)
+
+type CookieStore struct {
+	Codecs  []interface{}
+	Options *Options
+}
+
+func (_ *CookieStore) Get(_ *http.Request, _ string) (*Session, error) {
+	return nil, nil
+}
+
+func (_ *CookieStore) MaxAge(_ int) {}
+
+func (_ *CookieStore) New(_ *http.Request, _ string) (*Session, error) {
+	return nil, nil
+}
+
+func (_ *CookieStore) Save(_ *http.Request, _ http.ResponseWriter, _ *Session) error {
+	return nil
+}
+
+func NewCookieStore(_ ...[]byte) *CookieStore {
+	return nil
+}
+
+type Options struct {
+	Path     string
+	Domain   string
+	MaxAge   int
+	Secure   bool
+	HttpOnly bool
+	SameSite http.SameSite
+}
+
+type Session struct {
+	ID      string
+	Values  map[interface{}]interface{}
+	Options *Options
+	IsNew   bool
+}
+
+func (_ *Session) AddFlash(_ interface{}, _ ...string) {}
+
+func (_ *Session) Flashes(_ ...string) []interface{} {
+	return nil
+}
+
+func (_ *Session) Name() string {
+	return ""
+}
+
+func (_ *Session) Save(_ *http.Request, _ http.ResponseWriter) error {
+	return nil
+}
+
+func (_ *Session) Store() Store {
+	return nil
+}
+
+type Store interface {
+	Get(_ *http.Request, _ string) (*Session, error)
+	New(_ *http.Request, _ string) (*Session, error)
+	Save(_ *http.Request, _ http.ResponseWriter, _ *Session) error
+}
diff --git a/go/ql/test/query-tests/Security/CWE-614/vendor/modules.txt b/go/ql/test/query-tests/Security/CWE-614/vendor/modules.txt
new file mode 100644
index 000000000000..f38695b1ffcb
--- /dev/null
+++ b/go/ql/test/query-tests/Security/CWE-614/vendor/modules.txt
@@ -0,0 +1,6 @@
+# github.com/gin-gonic/gin v1.7.1
+## explicit
+github.com/gin-gonic/gin
+# github.com/gorilla/sessions v1.2.1
+## explicit
+github.com/gorilla/sessions