CodeSent Rules - Comprehensive API Security & Static Analysis

Info High

Name	Scopes	Tags	Links
High
User-controlled data in ServiceCallout	Step	Data Validation	CWE-233 CWE-20
Use of weak hash algorithms	AssignMessage HMAC JavaScript	Secure Configuration	CWE-327
Unsafe variable is used to define host	Step	Data Validation	CWE-20
Unsafe regular expression	Step	Data Validation	CWE-1333
Target URL is tainted by user input	Step	Data Validation	CWE-22 CWE-233 CWE-918 CWE-20
SpikeArrest policy doesn't use any identifier	SpikeArrest	DoS Protection	CWE-770
Request content is tainted by user input	Step	Data Validation	CWE-20 CWE-116
Proxy doesn't have default flow	Proxy	Code Quality Data Validation	CWE-20
Policy sets confidential data in URL parameters	Step	Data in Transit	CWE-598
Open Redirect	Step	Data Validation	CWE-601 CWE-20
No TLS protocol specified in connection definition	ServiceCallout MessageLogging Target	Data in Transit	CWE-327
JSONThreatProtection policy is not applied to a request body with JSON type	Flow	Data Validation	CWE-502 CWE-20
Insecure Quota configuration	Step	Code Quality Data Validation	CWE-770
Flow accepts confidential data as URL parameters	Flow PreFlow	Data in Transit	CWE-598
Confidential data is used as a cache key	Step	Data at Rest	CWE-256 CWE-312
Cache is accessed without prior authentication	Step	Authentication & Authorisation	CWE-306
Info
Unused flow variables	Step	Code Quality	CWE-563
Resource is not linked to a policy	Proxy	Code Quality	CWE-561
Policy is not linked to step	Proxy	Code Quality	CWE-561
Missing API versioning	Proxy	Secure Configuration	CWE-710