Files
codeql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.java
2018-08-30 10:48:05 +01:00

16 lines
359 B
Java

public static void test(HttpServletRequest request, HttpServletResponse response) {
{
Cookie cookie = new Cookie("secret", "fakesecret");
// BAD: 'secure' flag not set
response.addCookie(cookie);
}
{
Cookie cookie = new Cookie("secret", "fakesecret");
// GOOD: set 'secure' flag
cookie.setSecure(true);
response.addCookie(cookie);
}
}