ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S3330/kotlin/rule.adoc
Alban Auzeill 2c306d110e Fix code block ambiguity with old header style 
Ensure blank line before list and clean the one leading space
2020-06-30 17:16:12 +02:00

30 lines
958 B
Plaintext
Raw Blame History

include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
If you create a security-sensitive cookie in your Kotlin code:
----
val c1 = Cookie("admin", "secret")
c1.setHttpOnly(false) // Sensitive: this sensitive cookie is created with the httponly flag set to false and so it can be stolen easily in case of XSS vulnerability
----
By default the https://docs.oracle.com/javaee/6/api/javax/servlet/http/Cookie.html#setHttpOnly(boolean)[<code>HttpOnly</code>] flag is set to _false:_
----
val c2 = Cookie("admin", "secret") // Sensitive: this sensitive cookie is created with the httponly flag not defined (by default set to false) and so it can be stolen easily in case of XSS vulnerability
----
== Compliant Solution
----
val c3 = Cookie("admin", "secret")
c3.setHttpOnly(true) // Compliant: this sensitive cookie is protected against theft (HttpOnly=true)
----
include::../see.adoc[]
Reference in New Issue View Git Blame Copy Permalink