Uploaded image for project: 'SonarJava'
  1. SonarJava
  2. SONARJAVA-2767

Rule S2092: support more Cookie types

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.5
    • Component/s: Rules
    • Labels:
      None

      Description

      As of now with SonarJava 5.3, S2092 supports only the javax.servlet.http.Cookie class.

      S2092 should support these other common Cookie classes:

      • java.net.HttpCookie - no relevant constructor; has setSecure method (default is false)
      • javax.ws.rs.core.NewCookie - has multiple constructors with secure argument; no relevant setter;
      • Apache Shiro has SimpleCookie - no relevant constructor; has setSecure method
      • Spring Security SavedCookie - has constructor with secure argument; no relevant setter;
      • Play framework has Cookie (has constructor with secure param; no relevant setter) and CookieBuilder (has withSecure method)

      For all the above classes, the default value for the secure field is false

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              andrei.epure Andrei Epure
              Reporter:
              andrei.epure Andrei Epure
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: