hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
4f54bb66b807ee4b22f6be28cfbb71d21b901b10
codeql/ruby/ql/test/query-tests/security/cwe-732/WeakCookieConfiguration.expected
Alex Ford 71c5711eb3 Ruby: add some rb/weak-cookie-configuration tests
2021-12-22 17:47:44 +00:00

6 lines
728 B
Plaintext
Raw Blame History

| app/config/application.rb:14:5:14:50 | call to encrypted_cookie_cipher= | DES is a weak cipher. |
| app/config/application.rb:17:5:17:50 | call to encrypted_cookie_cipher= | AES-256-ECB is a weak cipher. |
| app/config/application.rb:23:5:23:62 | call to use_authenticated_cookie_encryption= | use_authenticated_cookie_encryption=false selects a weaker block mode for authenticated cookies. |
| app/config/application.rb:32:5:32:55 | call to cookies_same_site_protection= | Setting 'SameSite' to 'None' may make an application more vulnerable to CSRF attacks. |
| app/config/application.rb:35:5:35:55 | call to cookies_same_site_protection= | Unsetting 'SameSite' can disable same-site cookie restrictions in some browsers. |
Reference in New Issue View Git Blame Copy Permalink