Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SECURITY] Update URLUtils to ensure secure connection #14

Open
jordanpadams opened this issue Aug 20, 2020 · 0 comments
Open

[SECURITY] Update URLUtils to ensure secure connection #14

jordanpadams opened this issue Aug 20, 2020 · 0 comments
Labels
bug Something isn't working icebox open.4.4.0 open.4.4.1 open.4.4.2 s.low security

Comments

@jordanpadams
Copy link
Member

jordanpadams commented Aug 20, 2020
edited
Loading

Vulnerability

If possible always use setSecure to set the 'secure' flag on a cookie before adding it to an HttpServletResponse.

File Warning Line Notes
pds3-product-tools/src/main/java/gov/nasa/arc/pds/tools/util/URLUtils.java 225 Try to set secure before addCookie. ssoCookie.setSecure(true) plain text viewing possible if not set.
pds3-product-tools/src/main/java/gov/nasa/arc/pds/tools/util/URLUtils.java 258 Try to set secure before addCookie. ssoCookie.setSecure(true) plain text viewing possible if not set.
pds3-product-tools/src/main/java/gov/nasa/arc/pds/tools/util/URLUtils.java 316 Try to set secure before addCookie. ssoCookie.setSecure(true) plain text viewing possible if not set.
pds4-jparser/src/main/java/gov/nasa/arc/pds/tools/util/URLUtils.java 195 Try to set secure before addCookie. ssoCookie.setSecure(true) plain text viewing possible if not set.
pds4-jparser/src/main/java/gov/nasa/arc/pds/tools/util/URLUtils.java 228 Try to set secure before addCookie. ssoCookie.setSecure(true) plain text viewing possible if not set.
pds4-jparser/src/main/java/gov/nasa/arc/pds/tools/util/URLUtils.java 286 Try to set secure before addCookie. ssoCookie.setSecure(true) plain text viewing possible if not set.

Software Version

Current
@jordanpadams jordanpadams self-assigned this Aug 20, 2020
@jordanpadams jordanpadams added bug Something isn't working s.low and removed p.could-have labels Jun 24, 2021
@jordanpadams jordanpadams removed their assignment Jun 24, 2021
@jordanpadams jordanpadams mentioned this issue Jun 24, 2021
Closed
@github-project-automation github-project-automation bot moved this to Release Backlog in EN Portfolio Backlog Nov 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working icebox open.4.4.0 open.4.4.1 open.4.4.2 s.low security
Projects
EN Portfolio Backlog
Status: ToDo
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jordanpadams @pdsen-ci