rspec/rules/S3330/kotlin/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

If you create a security-sensitive cookie in your Kotlin code:

----
val c1 = Cookie("admin", "secret")
c1.setHttpOnly(false)  // Sensitive: this sensitive cookie is created with the httponly flag set to false and so it can be stolen easily in case of XSS vulnerability
----

By default the https://docs.oracle.com/javaee/6/api/javax/servlet/http/Cookie.html#setHttpOnly(boolean)[``++HttpOnly++``] flag is set to _false:_

----
val c2 = Cookie("admin", "secret") // Sensitive: this sensitive cookie is created with the httponly flag not defined (by default set to false) and so it can be stolen easily in case of XSS vulnerability
----

== Compliant Solution

----
val c3 = Cookie("admin", "secret")
c3.setHttpOnly(true) // Compliant: this sensitive cookie is protected against theft (HttpOnly=true)
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]
'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]
Add rules 3000-3999 2020-06-30 12:48:39 +02:00			`include::../description.adoc[]`

			`include::../ask-yourself.adoc[]`

			`include::../recommended.adoc[]`

			`== Sensitive Code Example`

			`If you create a security-sensitive cookie in your Kotlin code:`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add rules 3000-3999 2020-06-30 12:48:39 +02:00			`----`
			`val c1 = Cookie("admin", "secret")`
			`c1.setHttpOnly(false) // Sensitive: this sensitive cookie is created with the httponly flag set to false and so it can be stolen easily in case of XSS vulnerability`
			`----`

make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			By default the https://docs.oracle.com/javaee/6/api/javax/servlet/http/Cookie.html#setHttpOnly(boolean)[``++HttpOnly++``] flag is set to _false:_
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add rules 3000-3999 2020-06-30 12:48:39 +02:00			`----`
			`val c2 = Cookie("admin", "secret") // Sensitive: this sensitive cookie is created with the httponly flag not defined (by default set to false) and so it can be stolen easily in case of XSS vulnerability`
			`----`

			`== Compliant Solution`

			`----`
			`val c3 = Cookie("admin", "secret")`
			`c3.setHttpOnly(true) // Compliant: this sensitive cookie is protected against theft (HttpOnly=true)`
			`----`

			`include::../see.adoc[]`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`ifdef::env-github,rspecator-view[]`
RULEAPI-576: add a horizontal rule between rule description and comments 2021-06-08 15:52:13 +02:00			`'''`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`== Comments And Links`
			`(visible only on this page)`

			`include::../comments-and-links.adoc[]`
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`endif::env-github,rspecator-view[]`