gitlab.find_sec_bugs.HTTPONLY_COOKIE-1

unknown
Download Count*
MIT
License

A new cookie is created without the HttpOnly flag set. The HttpOnly flag is a directive to the browser to make sure that the cookie can not be red by malicious script. When a user is the target of a "Cross-Site Scripting", the attacker would benefit greatly from getting the session id for example.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: find_sec_bugs.HTTPONLY_COOKIE-1
    pattern-either:
      - patterns:
          - pattern: |
              javax.servlet.http.Cookie $C = new Cookie(..., ...);
              ...
              (HttpServletResponse $RESP).addCookie($C);
          - pattern-not-inside: |
              javax.servlet.http.Cookie $C = new Cookie(..., ...);
              ...
              $C.setHttpOnly(true);
              ...
              (HttpServletResponse $RESP).addCookie($C);
      - pattern: (javax.servlet.http.Cookie $C).setHttpOnly(false);
    message: >
      A new cookie is created without the HttpOnly flag set. The HttpOnly flag
      is a directive to the

      browser to make sure that the cookie can not be red by malicious script. When a user is the

      target of a "Cross-Site Scripting", the attacker would benefit greatly from getting the session

      id for example.
    languages:
      - java
    severity: WARNING
    metadata:
      category: security
      cwe: "CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag"
      technology:
        - java
      primary_identifier: find_sec_bugs.HTTPONLY_COOKIE-1
      secondary_identifiers:
        - name: Find Security Bugs-HTTPONLY_COOKIE
          type: find_sec_bugs_type
          value: HTTPONLY_COOKIE
      license: MIT