rspec/rules/S3331/python/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

For python3:

----
import http.cookies

setCookie = http.cookies.SimpleCookie()
setCookie['restricted_cookie'] = 'cookie_value'
setCookie['restricted_cookie']['domain'] = '.com'   # Sensitive
setCookie['restricted_cookie']['path'] = '/'
----
For flask:

----
from flask import app, make_response, render_template

@app.route('/')
def index():
    http_response = make_response(render_template())
    http_response.set_cookie(
        "restricted_cookie",
        domain='.com',          # Sensitive
        path='/'
    )

    return http_response
----

== Compliant Solution

For python3:

[source,python]
----
import http.cookies

setCookie = http.cookies.SimpleCookie()
setCookie['restricted_cookie'] = 'cookie_value'
setCookie['restricted_cookie']['domain'] = '.sonarsource.com'   # Compliant
setCookie['restricted_cookie']['path'] = '/'
----
For flask:

[source,python]
----
from flask import app, make_response, render_template


@app.route('/')
def index():
    http_response = make_response(render_template())
    http_response.set_cookie(
        "restricted_cookie",
        domain='sonarsource.com',  # Compliant
        path='/'
    )

    return http_response
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

'''
== Comments And Links
(visible only on this page)

=== on 28 Oct 2019, 07:45:20 Alexandre Gigleux wrote:
To be reviewed. "NonCompliant" should be used for "Security Vulnerability" detection not for Security Hotspot. In the "Sensitive Code Examples" section, we should see only "Sensitive".

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]