rspec/rules/S2255/description.adoc

Using cookies is security-sensitive. It has led in the past to the following vulnerabilities:

* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11639[CVE-2018-11639]
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6537[CVE-2016-6537]

Attackers can use widely-available tools to read cookies. Any sensitive information they may contain will be exposed.


This rule flags code that writes cookies.
Add rules 2000-2999 2020-06-30 12:48:07 +02:00			`Using cookies is security-sensitive. It has led in the past to the following vulnerabilities:`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add rules 2000-2999 2020-06-30 12:48:07 +02:00			`* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11639[CVE-2018-11639]`
			`* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6537[CVE-2016-6537]`

			`Attackers can use widely-available tools to read cookies. Any sensitive information they may contain will be exposed.`

Force linebreaks 2021-02-02 15:02:10 +01:00
Add rules 2000-2999 2020-06-30 12:48:07 +02:00			`This rule flags code that writes cookies.`