hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
3e6ac74d734428fe5782ded38050b51db164460c
codeql/javascript/ql/test/query-tests/Security/CWE-614/test_cookie-session.js
edvraa 3aec9c1a41 Cookies without HttpOnly
2021-04-27 16:28:32 +03:00

25 lines
537 B
JavaScript
Raw Blame History

const express = require('express')
const app = express()
const session = require('cookie-session')
const expiryDate = new Date(Date.now() + 60 * 60 * 1000)
app.use(session({
name: 'session',
keys: ['key1', 'key2'],
secure: true, // OK
httpOnly: true,
domain: 'example.com',
path: 'foo/bar',
expires: expiryDate
}))
app.use(session({
name: 'session',
keys: ['key1', 'key2'],
secure: false, // NOT OK
httpOnly: true,
domain: 'example.com',
path: 'foo/bar',
expires: expiryDate
}))
Reference in New Issue View Git Blame Copy Permalink