Cookie HttpOnly being reported incorrectly

William_Holmes · September 19, 2019, 11:03am

Version: Community EditionVersion 7.6 (build 21501)
Vulnerability: squid:S3330 “HttpOnly” should be set on cookies

This vulnerability is being reported (in a number of locations), but as you can see from the screenshot, its looks like it has already been addressed.

William_Holmes · October 1, 2019, 9:22am

Should have added were using SonarJava Analyzer (v5.14 - build 18788)

pynicolas · October 1, 2019, 2:03pm

Sorry, I don’t manage to reproduce the issue.
Can you share a more complete example?

Topic		Replies	Views
"HttpOnly" should be set on cookies rules for xml SonarQube Server / Community Build java	4	1229	July 22, 2019
Cookie without HttpOnly flag set sonarqube SonarQube Server / Community Build	3	951	July 26, 2022
Enable HTTP only and Secure flag on Sonar SonarQube Server / Community Build sonarqube	1	96	November 12, 2024
SonarScanner for MsBuild ignores Web.config for S3330(HttpOnly of cookies) Report False-positive / False-negative... csharp , security	4	1007	May 7, 2020
Duplicate cookies set SonarQube Server / Community Build bug-no-category	4	1548	August 11, 2020

Cookie HttpOnly being reported incorrectly

Related topics