Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-2255 Writing cookies is security-sensitive
  3. RSPEC-4555

C#

    Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity

      Description

      Sensitive Code Example

      // === .Net Framework ===

HttpCookie myCookie = new HttpCookie("UserSettings");
myCookie["CreditCardNumber"] = "1234 1234 1234 1234"; // Sensitive; sensitive data stored
myCookie.Values["password"] = "5678"; // Sensitive
myCookie.Value = "mysecret"; // Sensitive
...
Response.Cookies.Add(myCookie);


// === .Net Core ===

Response.Headers.Add("Set-Cookie", ...); // Sensitive
Response.Cookies.Append("mykey", "myValue"); // Sensitive

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              alexandre.gigleux Alexandre Gigleux
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: