ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S2092/java/rule.adoc

30 lines
923 B
Plaintext
Raw Normal View History

Add rules 2000-2999
2020-06-30 12:48:07 +02:00
include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
If you create a security-sensitive cookie in your JAVA code:
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space
2020-06-30 14:49:38 +02:00
Add rules 2000-2999
2020-06-30 12:48:07 +02:00
----
Cookie c = new Cookie(COOKIENAME, sensitivedata);
c.setSecure(false); // Sensitive: a security-ensitive cookie is created with the secure flag set to false
----
make in-line code blocks verbatim
2021-01-27 13:42:22 +01:00
By default the https://docs.oracle.com/javaee/6/api/javax/servlet/http/Cookie.html#setSecure(boolean)[``++secure++``] flag is set to _false:_
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space
2020-06-30 14:49:38 +02:00
Add rules 2000-2999
2020-06-30 12:48:07 +02:00
----
Cookie c = new Cookie(COOKIENAME, sensitivedata); // Sensitive: a security-sensitive cookie is created with the secure flag not defined (by default set to false)
----
== Compliant Solution
----
Cookie c = new Cookie(COOKIENAME, sensitivedata);
c.setSecure(true); // Compliant: the sensitive cookie will not be send during an unencrypted HTTP request thanks to the secure flag set to true
----
include::../see.adoc[]
Reference in New Issue Copy Permalink