Description

Detects when sensitive information is stored in browser cookies. Storing sensitive data like passwords, tokens or personal information in cookies creates security risks since cookies can be vulnerable to theft through XSS attacks or man-in-the-middle attacks. This check helps prevent exposure of sensitive data through insecure client-side storage.

Detection Strategy

• Analyzes calls to CookieService or similar cookie management code

• Checks if sensitive data types or variables are being stored as cookie values

• Triggers when sensitive information like passwords, tokens, or personal data is saved to cookies

• Examines cookie write operations and the data being stored

• Reviews cookie configuration for proper security settings when handling sensitive data

Vulnerable code example

import { Component, OnInit } from '@angular/core';
import { ActivatedRoute } from '@angular/router';
import { CookieService } from 'ngx-cookie-service';

@Component({
  selector: 'app-login',
  template: ''
})...

✅ Secure code example

import { Component, OnInit } from '@angular/core';
import { ActivatedRoute } from '@angular/router';
import { CookieService } from 'ngx-cookie-service';

@Component({
  selector: 'app-login',
  template: ''
})...