CX HttpOnlyCookies @ src/main/java/org/joychou/controller/CRLFInjection.java [master]

**HttpOnlyCookies** issue exists @ **src/main/java/org/joychou/controller/CRLFInjection.java** in branch **master**

*The web application's crlf method creates a cookie cookie, at line 23 of src\main\java\org\joychou\controller\CRLFInjection.java, and returns it in the response. However, the application is not configured to automatically set the cookie with&nbsp;the "httpOnly" attribute, and the code does not explicitly add this to the cookie.*

Severity: Medium

CWE:1004

[Vulnerability details and guidance](https://cwe.mitre.org/data/definitions/1004.html)

[Internal Guidance](https://checkmarx.atlassian.net/wiki/spaces/AS/pages/79462432/Remediation+Guidance)

[Checkmarx](http://WIN-D41IBM498QO/CxWebClient/ViewerMain.aspx?scanid=1000004&projectid=1&pathid=51)

Lines: [27](https://github.com/CxCEC/java-sec-code/blob/master/src/main/java/org/joychou/controller/CRLFInjection.java#L27) 

---
[Code (Line #27):](https://github.com/CxCEC/java-sec-code/blob/master/src/main/java/org/joychou/controller/CRLFInjection.java#L27)
```
        Cookie cookie = new Cookie("test3", author);
```
---


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CX HttpOnlyCookies @ src/main/java/org/joychou/controller/CRLFInjection.java [master] #80

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CX HttpOnlyCookies @ src/main/java/org/joychou/controller/CRLFInjection.java [master] #80

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions