1039024 |
FALSE |
Removed false positives for rule "Avoid using unsecured cookie (JEE)" when calling jakarta.servlet.http.Cookie.setAttribute(…), jakarta.servlet.http.HttpServletResponse.addHeader(“Set-Cookie”, …), jakarta.servlet.http.HttpServletResponse.setHeader(“Set-Cookie”, …), javax.servlet.http.HttpServletResponse.addHeader(“Set-Cookie”, …), javax.servlet.http.HttpServletResponse.setHeader(“Set-Cookie”, …). Added support for classes com.google.gwt.user.client.Cookies, jakarta.ws.rs.core.Cookie, jakarta.ws.rs.core.NewCookie, jakarta.servlet.SessionCookieConfig, java.net.HttpCookie, javax.ws.rs.core.Cookie.Cookie, javax.ws.rs.core.NewCookie.NewCookie, javax.servlet.SessionCookieConfig, org.apache.commons.httpclient.Cookie, org.apache.http.impl.cookie.BasicClientCookie. |
1039026 |
FALSE |
Removed false positives for rule "Avoid creating cookie without setting httpOnly option (JEE)" when calling jakarta.servlet.http.Cookie.setAttribute(…), jakarta.servlet.http.HttpServletResponse.addHeader(“Set-Cookie”, …), jakarta.servlet.http.HttpServletResponse.setHeader(“Set-Cookie”, …), javax.servlet.http.HttpServletResponse.addHeader(“Set-Cookie”, …), javax.servlet.http.HttpServletResponse.setHeader(“Set-Cookie”, …). Added support for classes com.google.gwt.user.client.Cookies, jakarta.ws.rs.core.Cookie, jakarta.ws.rs.core.NewCookie, jakarta.servlet.SessionCookieConfig, java.net.HttpCookie, javax.ws.rs.core.Cookie.Cookie, javax.ws.rs.core.NewCookie.NewCookie, javax.servlet.SessionCookieConfig, org.apache.commons.httpclient.Cookie, org.apache.http.impl.cookie.BasicClientCookie. |
1039064 |
FALSE |
Repaired missing violation for rule "Avoid having cookie with an overly broad domain (JEE)" when calling jakarta.servlet.http.Cookie.setAttribute(…), jakarta.servlet.http.HttpServletResponse.addHeader(“Set-Cookie”, …), jakarta.servlet.http.HttpServletResponse.setHeader(“Set-Cookie”, …), javax.servlet.http.HttpServletResponse.addHeader(“Set-Cookie”, …), javax.servlet.http.HttpServletResponse.setHeader(“Set-Cookie”, …). Added support for classes com.google.gwt.user.client.Cookies, jakarta.ws.rs.core.Cookie, jakarta.ws.rs.core.NewCookie, jakarta.servlet.SessionCookieConfig, java.net.HttpCookie, javax.ws.rs.core.Cookie.Cookie, javax.ws.rs.core.NewCookie.NewCookie, javax.servlet.SessionCookieConfig, org.apache.commons.httpclient.Cookie, org.apache.http.impl.cookie.BasicClientCookie. |
1039066 |
FALSE |
Repaired missing violation for rule "Avoid creating cookie with an overly broad path (JEE)" when calling jakarta.servlet.http.Cookie.setAttribute(…), jakarta.servlet.http.HttpServletResponse.addHeader(“Set-Cookie”, …), jakarta.servlet.http.HttpServletResponse.setHeader(“Set-Cookie”, …), javax.servlet.http.HttpServletResponse.addHeader(“Set-Cookie”, …), javax.servlet.http.HttpServletResponse.setHeader(“Set-Cookie”, …). Added support for classes com.google.gwt.user.client.Cookies, jakarta.ws.rs.core.Cookie, jakarta.ws.rs.core.NewCookie, jakarta.servlet.SessionCookieConfig, java.net.HttpCookie, javax.ws.rs.core.Cookie.Cookie, javax.ws.rs.core.NewCookie.NewCookie, javax.servlet.SessionCookieConfig, org.apache.commons.httpclient.Cookie, org.apache.http.impl.cookie.BasicClientCookie. |
1039100 |
TRUE |
Avoid creating cookie without setting SameSite option (JEE) |
1039102 |
TRUE |
Ensure SameSite option is enabled when creating session (JEE) |
1039104 |
TRUE |
Avoid creation of temporary file with insecure permissions (JEE) |
1039106 |
TRUE |
Avoid disabling the automatic HTML escaping for Spring |
1039108 |
TRUE |
Avoid leaving temporary files in directory (JEE) |