public void Inspect(ResponseAnalysisContext context, CancellationToken cancellationToken) { if (context.Response.Headers.TryGetValue("Set-Cookie", out var setCookies)) { // inspect cookies foreach (var setCookie in setCookies) { // parse name int delimiterIndex = setCookie.IndexOf('='); var name = new StringSegment(setCookie, 0, delimiterIndex); if (!name.Contains("sess", StringComparison.OrdinalIgnoreCase)) { continue; } // parse value int semicolonIndex = setCookie.IndexOf(';', delimiterIndex + 1); var value = new StringSegment(setCookie, delimiterIndex + 1, semicolonIndex != -1 ? semicolonIndex : (setCookie.Length - delimiterIndex - 1)); if (value.Length < MinimumCookieLength) { continue; } // match to query string foreach (var query in context.HttpContext.Request.Query) { foreach (var queryValue in query.Value) { if (value.Contains(queryValue)) { context.ReportDiagnostic(new Diagnostic(Rule, Location.QueryString(query.Key))); return; } } } } } }