47 lines
1003 B
Plaintext
47 lines
1003 B
Plaintext
== How to fix it in Express.js
|
|
|
|
=== Code examples
|
|
|
|
include::../../common/fix/code-rationale.adoc[]
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,javascript,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
import express from "express";
|
|
import cookieParser from "cookie-parser";
|
|
|
|
const app = express();
|
|
app.use(cookieParser());
|
|
|
|
app.get("/checkcookie", (req, res) => {
|
|
if (req.cookies["connect.sid"] === undefined) {
|
|
const cookie = req.query.cookie;
|
|
res.cookie("connect.sid", cookie); // Noncompliant
|
|
}
|
|
|
|
return res.redirect("/welcome");
|
|
});
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
[source,javascript,diff-id=1,diff-type=compliant]
|
|
----
|
|
import express from "express";
|
|
import cookieParser from "cookie-parser";
|
|
|
|
const app = express();
|
|
app.use(cookieParser());
|
|
|
|
app.get("/checkcookie", (req, res) => {
|
|
if (req.cookies["connect.sid"] === undefined) {
|
|
return res.redirect("/getcookie");
|
|
}
|
|
|
|
return res.redirect("/welcome");
|
|
});
|
|
----
|
|
|
|
include::../../common/fix/how-does-this-work.adoc[]
|