Add rule to use of Cookie with secure flag false

securesauce / precli

Precaution CLI - command line static application security testing tool

https://precli.readthedocs.io/

Other

13 stars 3 forks source link

Add rule to use of Cookie with secure flag false #430

Closed ericwb closed 4 months ago

ericwb commented 4 months ago

When using session cookies, the secure flag should be set to true for sensitive data to ensure the data is protected. It's also good practice to always set it to true.

This rule checks for a servlet cookie with a call to method setSecure with value false.