Sensitive data stored in a cookie detected.

  • Rule ID: ruby_lang_cookies
  • Languages: ruby
  • Source: cookies.yml

Description

Storing sensitive data in cookies can lead to a data breach. This rule looks for instances where sensitive data is stored in browser cookies.

Remediations

❌ Avoid storing sensitive data in unencrypted cookies messages:

cookies[:user_email] = "john@doe.com"

✅ To ensure cookie data stays safe, use encrypted cookies:

cookies.encrypted[:user_email] = "john@doe.com"

Resources

Associated CWE

OWASP Top 10