}
}
}
private void raiseAlert(HttpMessage msg, int id, String cookie) {
Alert alert = new Alert(getPluginId(), Alert.RISK_LOW, Alert.WARNING,
"Cookie set without secure flag");
alert.setDetail(
"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.",
msg.getRequestHeader().getURI().toString(),
cookie, "", "",
"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted tunnel. " +
"Ensure that the secure flag is set for cookies containing such sensitive information.",