Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-2092

Creating cookies without the "secure" flag is security-sensitive

    Details

    • Message:
      Make sure creating this cookie without the "secure" flag is safe here.
    • Default Severity:
      Minor
    • Impact:
      Low
    • Likelihood:
      Low
    • Default Quality Profiles:
      Sonar way
    • Targeted languages:
      C++, Objective-C, Python, VB.Net
    • Covered Languages:
      C#, Java, PHP
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      5min
    • Analysis Level:
      Semantic Analysis
    • Analysis Scope:
      Main Sources
    • Common Rule:
      Yes
    • CWE:
      CWE-614, CWE-311, CWE-315
    • OWASP:
      A2, A3
    • SANS Top 25:
      Porous Defenses
    • FindSecBugs:
      INSECURE_COOKIE

      Description

      See

        Attachments

          Issue Links

          is implemented by

          New Feature - A new feature of the product, which has yet to be developed. SONARJAVA-780 Rule: Cookies should be secure

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. SONARPHP-635 Rule S2092: Cookies should be "secure"

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SONARJAVA-2768 FN S2092: new Cookie("name", "value")

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SONARJAVA-3100 FN on Rule S2092: Update the implementation to raise on cookie instantiation and setSecure

          • Major - Major loss of function.
          • Closed

          MMF - Minimum Marketable Feature MMF-1269 Pack of C# Rules targeting Security Hotspots

          • Major - Major loss of function.
          • Closed
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. SONARJAVA-3096 S2068, S2092, S2115 and S3330 are not able to resolve variable latest assigned values anymore

          • Major - Major loss of function.
          • Closed
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. SONARJAVA-2767 Rule S2092: support more Cookie types

          • Major - Major loss of function.
          • Closed
          links to

          Web Link is implemented by sonar-csharp/issues/1292

          1.
          		 PHP RSPEC-3761 Language-Specification Active Unassigned
          2.
          		 C# RSPEC-4556 Language-Specification Active Unassigned
          3.
          		 Java RSPEC-4557 Language-Specification Active Unassigned

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                ann.campbell.2 Ann Campbell
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: