io.codemodder.codemods.InsecureCookieCodemod.report.json Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of core-codemods Show documentation

Codemods for fixing common errors across many Java projects

There is a newer version: 0.97.3

{
  "summary" : "Added secure flag to HTTP cookies (CodeQL)",
  "change": "Added a call to `setSecure()` to make sure the cookie is only transferred over HTTPS traffic",
  "reviewGuidanceIJustification" : "This code change may cause issues with the application if any of the places this code runs (in CI, pre-production or in production) are running over plaintext HTTP.",
  "references" : [
    "https://codeql.github.com/codeql-query-help/java/java-insecure-cookie/",
    "https://owasp.org/www-community/controls/SecureCookieAttribute",
    "https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies",
    "https://cwe.mitre.org/data/definitions/614.html"
  ]
}