generic-remediation-reports.missing-secure-flag.report.json Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of codemodder-base Show documentation
Show all versions of codemodder-base Show documentation
Base framework for writing codemods in Java
{
"summary" : "Added secure flag to HTTP cookies",
"change": "Added a call to `setSecure()` to make sure the cookie is only transferred over HTTPS traffic",
"reviewGuidanceIJustification" : "This code change may cause issues with the application if any of the places this code runs (in CI, pre-production or in production) are running over plaintext HTTP.",
"references" : [
"https://owasp.org/www-community/controls/SecureCookieAttribute",
"https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies",
"https://cwe.mitre.org/data/definitions/614.html"
]
}