Land rapid7#3110, Set-Cookie check for msftidy

wvu · wvu · commit c76c0221ccad · 2014-03-17T04:46:24.000-05:00
diff --git a/tools/msftidy.rb b/tools/msftidy.rb
@@ -465,6 +465,11 @@ def check_lines
       if ln =~ /(?<!\.)datastore\[["'][^"']+["']\]\s*=(?![=~>])/
         error("datastore is modified in code: #{ln}", idx)
       end
+
+      # do not read Set-Cookie header
+      if ln =~ /\[['"]Set-Cookie['"]\]/i
+        warn("Do not read Set-Cookie header directly, use res.get_cookies instead: #{ln}", idx)
+      end
     }
   end
 
