Merge pull request #81 from domwhewell-sage/domwhewell-patch-1

Create cookie cached on disk bcheck

other/tokens/cookie-cached-on-disk.bcheck

@@ -0,0 +1,14 @@
+metadata:
+    language: v1-beta
+    name: "Cookie cached on disk"
+    description: "Checks if cookies are cached on disk"
+    tags: "passive"
+
+given response then
+    if {latest.response} matches "(?i)Set-Cookie:.+(expires=[\w\d\s:,]+;|max-age=\d+;).*" then
+        report issue:
+            severity: info
+            confidence: certain
+            detail: "Cookies are set that have an expires or max-age attribute, these are considered persistent cookies and will be stored on disk by the web browser until the expiration time.  Check to ensure these are not used to maintain the login session as if an authenticated user does not click the logout button and instead closes the browser, the session will resume when the browser is re-opened. If an attacker has access to the filesystem location where the web browser cache is stored the session cookie could be extracted and used to authenticate the attacker to the web application. If it is a shared machine another user could authenticate themselves just by re-opening the browser."
+            remediation: "Session management tokens should make use of non-persistent cookies. This forces the session to disappear from the client if the current web browser is closed. Therefore the expires or max-age attribute should be removed from the session cookie. https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#expire-and-max-age-attributes"
+    end if