GoHTTPCookie

net/http.Cookie struct. Missing Secure, HttpOnly, or SameSite flags are security findings for session cookies.

1 sink

Taint flow0 sources → 1 sink

Sinks — dangerous call

.SetCookie()Sets HTTP cookie

Sinks

— dangerous functions taint must not reach

.SetCookie()Sink

Signature

SetCookie(w ResponseWriter, cookie *Cookie)

Sets HTTP cookie. Finding when cookie.Secure or cookie.HttpOnly is false for session cookies.

tracks:1

FQN	Field
net/http.Cookie	fqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

go.mod

// standard library — no go.mod entry required

rule.py

from codepathfinder.go_rule import GoHTTPCookie