You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are using Cookies on the project to store the session id of a logged user. Cookies are sanitised since they are flagged as HttpOnly (can't be modified by the user). We use the session id for a second request to get the access level of the user and return the response of the Backend. On this level the Scan is flagging that the input is unsanitised, when I remove the variable coming from the cookies the Security Report does not show this issue anymore.
I am curious about how the Scan is triggering this issue. It appears to be a false positive but I would like to make sure this is the case and for that I would like to understand the logic under this part of the scan.
Command use to create the Security Report:
bearer scan -f html --output report.html .
Expected Behavior
The Scan is able to recognise that the Cookies are sanitised based on the HttpOnly flag
Actual Behavior
The Scan is throwing an Unsanitized user input in HTTP response (XSS) issue.
The text was updated successfully, but these errors were encountered:
Description:
We are using Cookies on the project to store the session id of a logged user. Cookies are sanitised since they are flagged as HttpOnly (can't be modified by the user). We use the session id for a second request to get the access level of the user and return the response of the Backend. On this level the Scan is flagging that the input is unsanitised, when I remove the variable coming from the cookies the Security Report does not show this issue anymore.
I am curious about how the Scan is triggering this issue. It appears to be a false positive but I would like to make sure this is the case and for that I would like to understand the logic under this part of the scan.
Command use to create the Security Report:
bearer scan -f html --output report.html .
Expected Behavior
The Scan is able to recognise that the Cookies are sanitised based on the HttpOnly flag
Actual Behavior
The Scan is throwing an Unsanitized user input in HTTP response (XSS) issue.
The text was updated successfully, but these errors were encountered: