Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity
    • Default Quality Profiles:
      Sonar way, Sonar way recommended

      Description

      Sensitive Code Example

      cookie-session module:

      let session = cookieSession({
        secure: false,// Sensitive
      });  // Sensitive
      

      express-session module:

      const express = require('express');
      const session = require('express-session');
      
      let app = express();
      app.use(session({
        cookie: 
        { 
          secure: false // Sensitive
        }
      }));
      

      cookies module:

      let cookies = new Cookies(req, res, { keys: keys });
      
      cookies.set('LastVisit', new Date().toISOString(), { 
        secure: false // Sensitive
      }); // Sensitive
      

      csurf module:

      const cookieParser = require('cookie-parser');
      const csrf = require('csurf');
      const express = require('express');
      
      let csrfProtection = csrf({ cookie: { secure: false }}); // Sensitive
      

      Compliant Solution

      cookie-session module:

      let session = cookieSession({
        secure: true,// Compliant
      });  // Compliant
      

      express-session module:

      const express = require('express');
      const session = require('express-session');
      
      let app = express();
      app.use(session({
        cookie: 
        { 
          secure: true // Compliant
        }
      }));
      

      cookies module:

      let cookies = new Cookies(req, res, { keys: keys });
      
      cookies.set('LastVisit', new Date().toISOString(), { 
        secure: true // Compliant
      }); // Compliant
      

      csurf module:

      const cookieParser = require('cookie-parser');
      const csrf = require('csurf');
      const express = require('express');
      
      let csrfProtection = csrf({ cookie: { secure: true }}); // Compliant
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            eric.therond Eric Therond
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: