Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity
    • Default Quality Profiles:
      Sonar way, Sonar way recommended

      Description

      Sensitive Code Example

      // === Built-in NodeJS modules ===
      const http = require('http');
      const https = require('https');
      
      http.createServer(function(req, res) {
        res.setHeader('Set-Cookie', ['type=ninja', 'lang=js']); // Questionable
      });
      https.createServer(function(req, res) {
        res.setHeader('Set-Cookie', ['type=ninja', 'lang=js']); // Questionable
      });
      
      // === ExpressJS ===
      const express = require('express');
      const app = express();
      app.use(function(req, res, next) {
        res.cookie('name', 'John'); // Questionable
      });
      
      // === In browser ===
      // Set cookie
      document.cookie = "name=John"; // Questionable
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              lars.svensson Lars Svensson (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: