rspec/rules/S3330/javascript/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

https://www.npmjs.com/package/cookie-session[cookie-session] module:

----
let session = cookieSession({
  httpOnly: false,// Sensitive
});  // Sensitive
----

https://www.npmjs.com/package/express-session[express-session] module:

----
const express = require('express'),
const session = require('express-session'),

let app = express()
app.use(session({
  cookie: 
  { 
    httpOnly: false // Sensitive
  }
})),
----

https://www.npmjs.com/package/cookies[cookies] module:

----
let cookies = new Cookies(req, res, { keys: keys });

cookies.set('LastVisit', new Date().toISOString(), { 
  httpOnly: false // Sensitive
}); // Sensitive
----

https://www.npmjs.com/package/csurf[csurf] module:

----
const cookieParser = require('cookie-parser');
const csrf = require('csurf');
const express = require('express');

let csrfProtection = csrf({ cookie: { httpOnly: false }}); // Sensitive
----

== Compliant Solution

https://www.npmjs.com/package/cookie-session[cookie-session] module:

----
let session = cookieSession({
  httpOnly: true,// Compliant
});  // Compliant
----

https://www.npmjs.com/package/express-session[express-session] module:

----
const express = require('express');
const session = require('express-session');

let app = express();
app.use(session({
  cookie: 
  { 
    httpOnly: true // Compliant
  }
}));
----

https://www.npmjs.com/package/cookies[cookies] module:

----
let cookies = new Cookies(req, res, { keys: keys });

cookies.set('LastVisit', new Date().toISOString(), { 
  httpOnly: true // Compliant
}); // Compliant
----

https://www.npmjs.com/package/csurf[csurf] module:

----
const cookieParser = require('cookie-parser');
const csrf = require('csurf');
const express = require('express');

let csrfProtection = csrf({ cookie: { httpOnly: true }}); // Compliant
----

include::../see.adoc[]
Add rules 3000-3999 2020-06-30 12:48:39 +02:00			`include::../description.adoc[]`

			`include::../ask-yourself.adoc[]`

			`include::../recommended.adoc[]`

			`== Sensitive Code Example`

			`https://www.npmjs.com/package/cookie-session[cookie-session] module:`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add rules 3000-3999 2020-06-30 12:48:39 +02:00			`----`
			`let session = cookieSession({`
			`httpOnly: false,// Sensitive`
			`}); // Sensitive`
			`----`

			`https://www.npmjs.com/package/express-session[express-session] module:`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add rules 3000-3999 2020-06-30 12:48:39 +02:00			`----`
			`const express = require('express'),`
			`const session = require('express-session'),`

			`let app = express()`
			`app.use(session({`
			`cookie:`
			`{`
			`httpOnly: false // Sensitive`
			`}`
			`})),`
			`----`

			`https://www.npmjs.com/package/cookies[cookies] module:`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add rules 3000-3999 2020-06-30 12:48:39 +02:00			`----`
			`let cookies = new Cookies(req, res, { keys: keys });`

			`cookies.set('LastVisit', new Date().toISOString(), {`
			`httpOnly: false // Sensitive`
			`}); // Sensitive`
			`----`

			`https://www.npmjs.com/package/csurf[csurf] module:`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add rules 3000-3999 2020-06-30 12:48:39 +02:00			`----`
			`const cookieParser = require('cookie-parser');`
			`const csrf = require('csurf');`
			`const express = require('express');`

			`let csrfProtection = csrf({ cookie: { httpOnly: false }}); // Sensitive`
			`----`

			`== Compliant Solution`

			`https://www.npmjs.com/package/cookie-session[cookie-session] module:`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add rules 3000-3999 2020-06-30 12:48:39 +02:00			`----`
			`let session = cookieSession({`
			`httpOnly: true,// Compliant`
			`}); // Compliant`
			`----`

			`https://www.npmjs.com/package/express-session[express-session] module:`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add rules 3000-3999 2020-06-30 12:48:39 +02:00			`----`
			`const express = require('express');`
			`const session = require('express-session');`

			`let app = express();`
			`app.use(session({`
			`cookie:`
			`{`
			`httpOnly: true // Compliant`
			`}`
			`}));`
			`----`

			`https://www.npmjs.com/package/cookies[cookies] module:`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add rules 3000-3999 2020-06-30 12:48:39 +02:00			`----`
			`let cookies = new Cookies(req, res, { keys: keys });`

			`cookies.set('LastVisit', new Date().toISOString(), {`
			`httpOnly: true // Compliant`
			`}); // Compliant`
			`----`

			`https://www.npmjs.com/package/csurf[csurf] module:`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add rules 3000-3999 2020-06-30 12:48:39 +02:00			`----`
			`const cookieParser = require('cookie-parser');`
			`const csrf = require('csurf');`
			`const express = require('express');`

			`let csrfProtection = csrf({ cookie: { httpOnly: true }}); // Compliant`
			`----`

			`include::../see.adoc[]`