Skip to content
You signed in with another tab or window.
Reload
to refresh your session.
You signed out in another tab or window.
Reload
to refresh your session.
You switched accounts on another tab or window.
Reload
to refresh your session.
Dismiss alert
{{ message }}
github
/
codeql
Public
Notifications
You must be signed in to change notification settings
Fork
1.5k
Star
7.6k
Code
Issues
794
Pull requests
356
Discussions
Actions
Projects
0
Security
Insights
Additional navigation options
Code
Issues
Pull requests
Discussions
Actions
Projects
Security
Insights
Files
main
Breadcrumbs
codeql
/
javascript
/
ql
/
src
/
Security
/
CWE-614
/
ClearTextCookie.ql
Blame
Blame
Latest commit
History
History
21 lines (19 loc) · 646 Bytes
main
Breadcrumbs
codeql
/
javascript
/
ql
/
src
/
Security
/
CWE-614
/
ClearTextCookie.ql
Top
File metadata and controls
Code
Blame
21 lines (19 loc) · 646 Bytes
Raw
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
/**
* @name Clear text transmission of sensitive cookie
* @description Sending sensitive information in a cookie without requring SSL encryption
* can expose the cookie to an attacker.
* @kind problem
* @problem.severity warning
* @security-severity 5.0
* @precision high
* @id js/clear-text-cookie
* @tags security
* external/cwe/cwe-614
* external/cwe/cwe-311
* external/cwe/cwe-312
* external/cwe/cwe-319
*/
import
javascript
from
CookieWrites
::
CookieWrite
cookie
where
cookie
.
isSensitive
(
)
and
not
cookie
.
isSecure
(
)
select
cookie
,
"Sensitive cookie sent without enforcing SSL encryption."
You can’t perform that action at this time.