105 lines
2.0 KiB
Plaintext
105 lines
2.0 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
https://www.npmjs.com/package/cookie-session[cookie-session] module:
|
|
|
|
----
|
|
let session = cookieSession({
|
|
secure: false,// Sensitive
|
|
}); // Sensitive
|
|
----
|
|
|
|
https://www.npmjs.com/package/express-session[express-session] module:
|
|
|
|
----
|
|
const express = require('express');
|
|
const session = require('express-session');
|
|
|
|
let app = express();
|
|
app.use(session({
|
|
cookie:
|
|
{
|
|
secure: false // Sensitive
|
|
}
|
|
}));
|
|
----
|
|
|
|
https://www.npmjs.com/package/cookies[cookies] module:
|
|
|
|
----
|
|
let cookies = new Cookies(req, res, { keys: keys });
|
|
|
|
cookies.set('LastVisit', new Date().toISOString(), {
|
|
secure: false // Sensitive
|
|
}); // Sensitive
|
|
----
|
|
|
|
https://www.npmjs.com/package/csurf[csurf] module:
|
|
|
|
----
|
|
const cookieParser = require('cookie-parser');
|
|
const csrf = require('csurf');
|
|
const express = require('express');
|
|
|
|
let csrfProtection = csrf({ cookie: { secure: false }}); // Sensitive
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
https://www.npmjs.com/package/cookie-session[cookie-session] module:
|
|
|
|
----
|
|
let session = cookieSession({
|
|
secure: true,// Compliant
|
|
}); // Compliant
|
|
----
|
|
|
|
https://www.npmjs.com/package/express-session[express-session] module:
|
|
|
|
----
|
|
const express = require('express');
|
|
const session = require('express-session');
|
|
|
|
let app = express();
|
|
app.use(session({
|
|
cookie:
|
|
{
|
|
secure: true // Compliant
|
|
}
|
|
}));
|
|
----
|
|
|
|
https://www.npmjs.com/package/cookies[cookies] module:
|
|
|
|
----
|
|
let cookies = new Cookies(req, res, { keys: keys });
|
|
|
|
cookies.set('LastVisit', new Date().toISOString(), {
|
|
secure: true // Compliant
|
|
}); // Compliant
|
|
----
|
|
|
|
https://www.npmjs.com/package/csurf[csurf] module:
|
|
|
|
----
|
|
const cookieParser = require('cookie-parser');
|
|
const csrf = require('csurf');
|
|
const express = require('express');
|
|
|
|
let csrfProtection = csrf({ cookie: { secure: true }}); // Compliant
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|