Skip to content

SONARXML-274 S3330 Detect missing httpOnlyCookies in web.config #372

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tomasz-tylenda-sonarsource merged 9 commits into from
Nov 25, 2025
Merged

SONARXML-274 S3330 Detect missing httpOnlyCookies in web.config #372

tomasz-tylenda-sonarsource merged 9 commits into from
Nov 25, 2025

Conversation

@tomasz-tylenda-sonarsource
Copy link
Contributor

@tomasz-tylenda-sonarsource tomasz-tylenda-sonarsource commented Nov 18, 2025

No description provided.

@hashicorp-vault-sonar-prod
Copy link

hashicorp-vault-sonar-prod bot commented Nov 18, 2025
edited by atlassian bot
Loading

SONARXML-274

@tomasz-tylenda-sonarsource tomasz-tylenda-sonarsource changed the title SONARXML-274 Support web.config in S3330 SONARXML-274 Analyze web.config in S3330 Nov 19, 2025
@tomasz-tylenda-sonarsource tomasz-tylenda-sonarsource changed the title SONARXML-274 Analyze web.config in S3330 SONARXML-274 S3330 Detect missing httpOnlyCookies in web.config Nov 19, 2025
pavel-mikula-sonarsource
pavel-mikula-sonarsource requested changes Nov 21, 2025
View reviewed changes
Copy link
Contributor

@pavel-mikula-sonarsource pavel-mikula-sonarsource left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about the rspec?

@tomasz-tylenda-sonarsource
Copy link
Contributor Author

tomasz-tylenda-sonarsource commented Nov 24, 2025

What about the rspec?

I just sent out https://github.com/SonarSource/rspec/pull/5938. I wanted to go through the implementation first, in case we find something that would affect the RSpec.

@tomasz-tylenda-sonarsource
Copy link
Contributor Author

tomasz-tylenda-sonarsource commented Nov 24, 2025

Thank you for the thorough first round! I have some questions, so I'm assigning it back.

pavel-mikula-sonarsource
pavel-mikula-sonarsource approved these changes Nov 25, 2025
View reviewed changes
Copy link
Contributor

@pavel-mikula-sonarsource pavel-mikula-sonarsource left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, I'd like to see the ^^^^ somewhere

@tomasz-tylenda-sonarsource
Support web.config in S3330
6bdff76
@tomasz-tylenda-sonarsource
trigger CI
2ff032e
@tomasz-tylenda-sonarsource @pavel-mikula-sonarsource
Update sonar-xml-plugin/src/main/java/org/sonar/plugins/xml/checks/se…
14156cf 
…curity/web/HttpOnlyOnCookiesCheck.java


Clarify message

Co-authored-by: Pavel Mikula <57188685+pavel-mikula-sonarsource@users.noreply.github.com>
@tomasz-tylenda-sonarsource @pavel-mikula-sonarsource
Update sonar-xml-plugin/src/main/java/org/sonar/plugins/xml/checks/se…
a571ee3 
…curity/web/HttpOnlyOnCookiesCheck.java


Formatting

Co-authored-by: Pavel Mikula <57188685+pavel-mikula-sonarsource@users.noreply.github.com>
@tomasz-tylenda-sonarsource
Make xpath expressions fields
8b3862c
@tomasz-tylenda-sonarsource
format
52a70ff
@tomasz-tylenda-sonarsource
Add messages in test data
cd09a3e
@tomasz-tylenda-sonarsource
Issue location
ebe0ae6
@tomasz-tylenda-sonarsource
rspec
2d713e2
@tomasz-tylenda-sonarsource
Copy link
Contributor Author

tomasz-tylenda-sonarsource commented Nov 25, 2025

LGTM, I'd like to see the ^^^^ somewhere

I added locations in test files. Given that this PR is needed for other work I will be merging it, but feel free to add comments and I will address them in the follow-up.

I also added RSPEC files, so we do not have to create a separate PR to merge them.

@pavel-mikula-sonarsource
Copy link
Contributor

pavel-mikula-sonarsource commented Nov 25, 2025

Still LGTM. I'm happy to see how the rule will behave

@sonarqube-next
Copy link

sonarqube-next bot commented Nov 25, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
2 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
91.4% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@tomasz-tylenda-sonarsource tomasz-tylenda-sonarsource merged commit 766bf08 into master Nov 25, 2025
17 checks passed
@tomasz-tylenda-sonarsource tomasz-tylenda-sonarsource deleted the tt/S3330-web-config branch November 25, 2025 16:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pavel-mikula-sonarsource pavel-mikula-sonarsource pavel-mikula-sonarsource approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tomasz-tylenda-sonarsource @pavel-mikula-sonarsource