DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
JavaScript

JavaScript

Made by DeepSource
Use Analyzer

Audit: cookie in HTTP response is vulnerable to session-fixation JS-A1008

Security
Critical
 a03 cwe-20 cwe-384 sans top 25 owasp top 10

Tainted data should never be used in a cookie sent via an HTTP response object. This exposes the application to session fixation attacks.

Any data coming from external sources could be used by a malicious user to hijack a valid session. To avoid this vulnerability, use some form of sanitization, or avoid using user data when setting cookies.

If you can guarantee that your code snippet is safe, add a skipcq comment to document the reason. This will also prevent DeepSource from raising this issue.

Bad Practice

app.get("/resource", (req, res) => {
  const cookieValue = "user-query:" + req.query;
  res.setHeader("Set-Cookie", cookieValue);
});

Recommended

app.get("/resource", (req, res) => {
  const cookieValue = "user-query:" + req.query;
  const safeCookieValue = sanitize(cookieValue);
  res.setHeader("Set-Cookie", safeCookieValue);
});

References