Skip to content

[javascript] CWE-614: CodeQL query to detect if cookies are sent without the flag secure being set #169

Closed
Closed
[javascript] CWE-614: CodeQL query to detect if cookies are sent without the flag secure being set#169
Labels
All For OneSubmissions to the All for One, One for All bounty
@dellalibera

Description

@dellalibera
dellalibera
opened on Aug 29, 2020

CVE ID(s)

List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database.

  • There is no CVE for this.

Report

Failing to set the secure flag on a cookie can cause it to be sent in clear text. This makes it easier for an attacker to intercept and read the cookie.

Query to detect if the secure flag is set to cookies is available in java query but it is not available in JavaScript query.
This query detects if cookies are sent without the flag secure being set or with the flag secure being set to false.

Link to the merged PR: PR github/codeql#3978

  • Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc). We would love to have you spread the word about the good work you are doing

Result(s)

The query was able to detect the following issues (now fixed):

Issue Fix
ibm-dotcom-library/packages/utilities/src/utilities/ipcinfoCookie/ipcinfoCookie.js#L59 ibm-dotcom-library/packages/utilities/src/utilities/ipcinfoCookie/ipcinfoCookie.js#L72
urly/server/routes/login.js#L32 urly/server/routes/login.js#L54

Metadata

Metadata

Assignees

No one assigned

    Labels

    All For OneSubmissions to the All for One, One for All bounty

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions