CodeSent Rules - Comprehensive API Security & Static Analysis

AccessControl AssignMessage SpikeArrest

Name	Scopes	Tags	Links
Critical
Bypassing AccessControl policy via True-Client-IP header	AccessControl	Data Validation	CWE-290
High
AssignMessage request parameters pollution	AssignMessage	Data Validation	CWE-20
SpikeArrest policy doesn't use any identifier	SpikeArrest	DoS Protection	CWE-770
Use of weak hash algorithms	AssignMessage HMAC JavaScript	Secure Configuration	CWE-327
Medium
AccessControl allows all IPs	AccessControl	Data Validation	CWE-290