Closed avihayoun closed 1 year ago
Snyk's "WebCookieMissesCallToSetHttpOnly" rule id corresponds to cwe-1004, not to cwe-614, as the mapping to 'CweNumber.INSECURE_COOKIE' would suggest.
You are correct, it was mapped wrong. Thanks for the fix.
Snyk's "WebCookieMissesCallToSetHttpOnly" rule id corresponds to cwe-1004, not to cwe-614, as the mapping to 'CweNumber.INSECURE_COOKIE' would suggest.