Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity
    • Default Quality Profiles:
      Sonar way
    • Analysis Level:
      Syntactic Analysis

      Description

      Sensitive Code Example

      If you create a security-sensitive cookie in your Kotlin code:

      val c4 = Cookie("admin", "secret")
      c4.setSecure(false)  // Sensitive: a security-sensitive cookie is created with the secure flag set to false
      

      By default the secure flag is set to false:

      val c5 = Cookie("admin", "secret")  // Sensitive: a security-sensitive cookie is created with the secure flag not defined (by default set to false)
      

      Compliant Solution

      val c6 = Cookie("admin", "secret")
      c6.setSecure(true) // Compliant: the sensitive cookie will not be send during an unencrypted HTTP request thanks to the secure flag set to true
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            eric.therond Eric Therond
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: