Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity
    • Default Quality Profiles:
      Sonar way

      Description

      Sensitive Code Example

      If you create a security-sensitive cookie in your Kotlin code:

      val c1 = Cookie("admin", "secret")
      c1.setHttpOnly(false)  // Sensitive: this sensitive cookie is created with the httponly flag set to false and so it can be stolen easily in case of XSS vulnerability
      

      By default the HttpOnly flag is set to false:

      val c2 = Cookie("admin", "secret") // Sensitive: this sensitive cookie is created with the httponly flag not defined (by default set to false) and so it can be stolen easily in case of XSS vulnerability
      

      Compliant Solution

      val c3 = Cookie("admin", "secret")
      c3.setHttpOnly(true) // Compliant: this sensitive cookie is protected against theft (HttpOnly=true)
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            eric.therond Eric Therond
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: