Avoid Persistent Cookies High

Persistent cookies pose a security risk as they are vulnerable to attacks due to their long-term storage of user data.

Detector ID

scala/avoid-persistent-cookies@v1.0

Category

Security

Common Weakness Enumeration (CWE)

CWE-539 CWE-614

Tags

Noncompliant example

1def nonCompliant(res: HttpServletResponse, name: String, value: String, secure: Boolean = true, maxAge: Int = 60, httpOnly: Boolean = true): Unit = {
2  val cookie = new Cookie("key", "value")
3  // Noncompliant: Cookie `setSecure` method is set to false.
4  cookie.setSecure(false)
5  cookie.setMaxAge(60)
6  cookie.setHttpOnly(true)
7  res.addCookie(cookie)
8}

Compliant example

1def compliant(res: HttpServletResponse, name: String, value: String, secure: Boolean = true, maxAge: Int = 60, httpOnly: Boolean = true): Unit = {
2  val cookie = new Cookie("key", "value")
3  // Compliant: Cookie `setSecure` method is set to true.
4  cookie.setSecure(true)
5  cookie.setMaxAge(60)
6  cookie.setHttpOnly(true)
7  res.addCookie(cookie)
8}

Q

Detector Library

Scala detectors (28/28)

Avoid Persistent Cookies High

Noncompliant example

Compliant example