Description

Detects when HTTP cookies are created without required security attributes in C# applications. Cookies missing security flags like Secure, HttpOnly, or SameSite are vulnerable to client-side scripting attacks and session hijacking.

Detection Strategy

• Identifies creation of HttpCookie objects in C# code

• Checks if the cookie object is initialized without security-critical attributes (Secure, HttpOnly, SameSite)

• Reports a vulnerability when a cookie is created with default/insecure settings that could expose it to attacks

• Specifically looks for HttpCookie instantiations that don't set security properties after creation

Vulnerable code example

using System.Net;
using System;

public class CookieExample 
{
    public void CreateInsecureCookie()
    {
        // Vulnerable: Cookie created without HttpOnly flag set...

✅ Secure code example

using System.Net;
using System;

public class CookieExample 
{
    public void CreateSecureCookie()
    {
        // Secure: Cookie with HttpOnly and Secure flags set...