Issue with setcookie - Githubissues

designsecurity / progpilot

A static analysis tool for security

MIT License

331 stars 61 forks source link

Issue with setcookie #18

Closed NicolasCARPi closed 4 years ago

NicolasCARPi commented 4 years ago

With the new released version, I can now try this software :)

There is an issue with setcookie() because it can also take an array of options as a third parameter, and the code is only taking into account the other way to specify options.

This code: 2020-03-22-144947_384x134_scrot

Should not trigger this warning:

2020-03-22-145018_668x174_scrot

Cheers :) ~Nico

eric-therond commented 4 years ago

I have updated custom rules definition with two new parameters:

the rule will not raise a vulnerability if the number of arguments in the function call is less than min_nb_args parameter or greater than max_nb_args parameter.

You can check here how the 4 custom rules related to setcookie() are now defined.

Should be ok now? Eric

NicolasCARPi commented 4 years ago

Yes, I can confirm that it works now! :+1: