89 lines
2.4 KiB
Plaintext
89 lines
2.4 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
// === javax.servlet ===
|
|
import javax.servlet.http.Cookie;
|
|
import javax.servlet.http.HttpServletResponse;
|
|
import javax.servlet.http.HttpServletRequest;
|
|
|
|
public class JavaxServlet {
|
|
void aServiceMethodSettingCookie(HttpServletRequest request, HttpServletResponse response, String acctID) {
|
|
Cookie cookie = new Cookie("userAccountID", acctID); // Sensitive
|
|
response.addCookie(cookie); // Sensitive
|
|
}
|
|
}
|
|
----
|
|
|
|
----
|
|
// === javax.ws ===
|
|
import java.util.Date;
|
|
import javax.ws.rs.core.Cookie;
|
|
import javax.ws.rs.core.NewCookie;
|
|
|
|
class JavaxWs {
|
|
void jaxRsCookie(String comment, int maxAge, boolean secure, Date expiry, boolean httpOnly, String name,
|
|
String value, String path, String domain, int version) {
|
|
Cookie cookie= new Cookie("name", "value"); // Sensitive
|
|
|
|
new NewCookie(cookie); // Sensitive
|
|
new NewCookie(cookie, comment, maxAge, secure); // Sensitive
|
|
new NewCookie(cookie, comment, maxAge, expiry, secure, httpOnly); // Sensitive
|
|
new NewCookie(name, value); // Sensitive
|
|
new NewCookie(name, value, path, domain, version, comment, maxAge, secure); // Sensitive
|
|
new NewCookie(name, value, path, domain, version, comment, maxAge, expiry, secure, httpOnly); // Sensitive
|
|
new NewCookie(name, value, path, domain, comment, maxAge, secure); // Sensitive
|
|
new NewCookie(name, value, path, domain, comment, maxAge, secure, httpOnly); // Sensitive
|
|
}
|
|
}
|
|
----
|
|
|
|
----
|
|
// === java.net ===
|
|
import java.net.HttpCookie;
|
|
|
|
class JavaNet {
|
|
void httpCookie(HttpCookie hc) {
|
|
HttpCookie cookie = new HttpCookie("name", "value"); // Sensitive
|
|
cookie.setValue("value"); // Sensitive
|
|
}
|
|
}
|
|
----
|
|
|
|
----
|
|
// === apache.shiro ===
|
|
import org.apache.shiro.web.servlet.SimpleCookie;
|
|
|
|
class ApacheShiro {
|
|
|
|
void shiroCookie(SimpleCookie cookie) {
|
|
SimpleCookie sc = new SimpleCookie(cookie); // Sensitive
|
|
cookie.setValue("value"); // Sensitive
|
|
}
|
|
}
|
|
----
|
|
|
|
----
|
|
// === Play ===
|
|
import play.mvc.Http.Cookie;
|
|
import play.mvc.Http.CookieBuilder;
|
|
|
|
|
|
class Play {
|
|
void playCookie() {
|
|
CookieBuilder builder = Cookie.builder("name", "value"); // Sensitive
|
|
builder.withName("name")
|
|
.withValue("value") // Sensitive
|
|
.build();
|
|
|
|
}
|
|
}
|
|
----
|
|
|
|
include::../see.adoc[]
|