I have coded for these three issues and I have used the non compliant code yet sonarlint has found no issues. In console I see ‘SonarLint analysis of project httpsessionlogin2 (34 files processed)…
Found 0 issue(s)’
I am using Eclipse IDE for Enterprise Java and Web Developers Version: 2021-12 (4.22.0) and SonarLint 7.2.1
Below is the code and i have added screenshot of sonar report
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
HttpSession session=request.getSession();
String id=request.getRequestedSessionId();
String value="/";
response.setHeader("Set-Cookie", value); // Noncompliant
Cookie cookie = new Cookie("jsessionid", id); // Noncompliant
response.addCookie(cookie);
String location = request.getParameter("url");
response.setStatus(302);
response.setHeader("Location", location);
response.setContentType("text/html");
PrintWriter out=response.getWriter();
request.getRequestDispatcher("link.html").include(request, response);
}
}
protected void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionFixation().none(); // Noncompliant: the existing session will continue
http.authorizeRequests().antMatchers("/resources/**", "/signup", "/about").permitAll().antMatchers("/admin/**").hasRole("ADMIN").antMatchers("/admin/login").permitAll().antMatchers("/**", "/home").permitAll().antMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')").and().formLogin().loginPage("/login").permitAll().and().logout().permitAll();
}