rspec/rules/S2255/description.adoc

Using cookies is security-sensitive. It has led in the past to the following vulnerabilities:
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11639[CVE-2018-11639]
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6537[CVE-2016-6537]

Attackers can use widely-available tools to read cookies. Any sensitive information they may contain will be exposed.

This rule flags code that writes cookies.
Add rules 2000-2999 2020-06-30 12:48:07 +02:00			`Using cookies is security-sensitive. It has led in the past to the following vulnerabilities:`
			`* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11639[CVE-2018-11639]`
			`* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6537[CVE-2016-6537]`

			`Attackers can use widely-available tools to read cookies. Any sensitive information they may contain will be exposed.`

			`This rule flags code that writes cookies.`