Typescript Unsanitized Cookie Value
Description
Detects when cookies are created with unsanitized or potentially dangerous values in TypeScript code. This can lead to security issues like XSS or cookie injection if user-controlled data is directly used in cookie values without proper sanitization.
Detection Strategy
• Check for cookie creation or assignment operations in TypeScript code
• Identify when cookie values contain user-controlled or unsanitized data
• Report a vulnerability when cookies are constructed using unescaped or unsanitized input values
• Look for direct assignment of variables or expressions to cookie values without sanitization checks
Vulnerable code example
const express = require('express');
const app = express();
function handleRequest(req, res) {
const userInput = req.query.sessionId;
// Vulnerable: Setting cookie without security flags allows interception
res.setHeader("Set-Cookie", userInput);...✅ Secure code example
const express = require('express');
const crypto = require('crypto');
const app = express();
function handleRequest(req, res) {
// Generate a secure session ID instead of using raw user input
const sessionId = crypto.randomBytes(32).toString('hex');
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.