Add Java rule for insecure java.net.HttpCookie

securesauce / precli

Precaution CLI - command line static application security testing tool

https://precli.readthedocs.io/

Other

13 stars 3 forks source link

Add Java rule for insecure java.net.HttpCookie #432

Closed ericwb closed 4 months ago

ericwb commented 4 months ago

Similar to javax.servlet.http.Cookie, the java.net.HttpCookie is also a class whether the contents of the cookie can be marked secure. This rule advises to always set secure to true.