include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

Using Flask:

[source,python,diff-id=11,diff-type=noncompliant]
----
from flask import Response

@app.route('/')
def index():
    response = Response()
    response.set_cookie('key', 'value')  # Sensitive
    return response
----

Using FastAPI:

[source,python,diff-id=21,diff-type=noncompliant]
----
from fastapi import FastAPI, Response

app = FastAPI()

@app.get('/')
async def index(response: Response):
    response.set_cookie('key', 'value')  # Sensitive
    return {"message": "Hello world!"}
----


== Compliant Solution

Using Flask:

[source,python,diff-id=11,diff-type=compliant]
----
from flask import Response

@app.route('/')
def index():
    response = Response()
    response.set_cookie('key', 'value', httponly=True)
    return response
----

Using FastAPI:

[source,python,diff-id=21,diff-type=compliant]
----
from fastapi import FastAPI, Response

app = FastAPI()

@app.get('/')
async def index(response: Response):
    response.set_cookie('key', 'value', httponly=True)
    return {"message": "Hello world!"}
----


include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

'''
== Comments And Links
(visible only on this page)

=== on 28 Oct 2019, 07:43:14 Alexandre Gigleux wrote:
To be reviewed: "Sensitive" comment is missing on the "Sensitive Code Examples" section.

=== on 28 Oct 2019, 15:17:04 Tolun Ardahanli wrote:
Thank you for review. I updated.

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]