logo

Database

Javascript Unsanitized Cookie Value

Description

Detects when cookies are created with unsanitized or untrusted values in JavaScript code. This can lead to security issues like cookie manipulation or injection attacks if malicious values are stored in cookies without proper validation.

Weakness:

280 - Session Fixation

Category: Access Subversion

Detection Strategy

    Look for cookie creation or modification operations in JavaScript code

    Check if the cookie value comes from an untrusted source like user input or external data

    Report a vulnerability when cookie values are set without proper sanitization or value validation

    Common patterns include direct assignment of user-controlled data to document.cookie or similar cookie manipulation functions

Vulnerable code example

function handleRequest(req, res) {
    const userInput = req.query.value;
    
    // Vulnerable: Direct use of unsanitized user input in cookie header
    res.setHeader("Set-Cookie", userInput);

    // Vulnerable: User controlled value used directly in cookie
    res.cookie("sessionId", userInput);...

✅ Secure code example

function handleRequest(req, res) {
    const userInput = req.query.value;
    
    // Sanitize and validate input before setting in header
    const sanitizedValue = encodeURIComponent(userInput);
    
    // Set cookie with secure options and sanitized value
    res.cookie("sessionId", sanitizedValue, {...