CodeSent Rules - Comprehensive API Security & Static Analysis

Medium High

Name	Severity	Scopes	Tags	Links
Lack of DefaultFaultRule	Medium	Target Proxy	Error Handling	CWE-390
JSONThreatProtection policy is not applied to a request body with JSON type	High	Flow	Data Validation	CWE-502 CWE-20
Insecure token expiration configuration	Medium	OAuthV2	Secure Configuration	CWE-613
Insecure Quota configuration	High	Step	Code Quality Data Validation	CWE-770
Insecure JSONThreatProtection policy	Medium	JSONThreatProtection	Code Quality Data Validation	CWE-770 CWE-20
Flow doesn't limit HTTP methods correctly	Medium	Flow	Data Validation	CWE-749
Flow accepts requests with any method	Medium	Flow	Data Validation	CWE-749
Flow accepts confidential data as URL parameters	High	Flow PreFlow	Data in Transit	CWE-598
Error flow variable is set but not checked in request phase	Medium	Step	Error Handling	CWE-390
Confidential data is used as a cache key	High	Step	Data at Rest	CWE-256 CWE-312
Condition has undefined variables	Medium	Step RouteRule Flow	Code Quality	CWE-570 CWE-571
Cache is accessed without prior authentication	High	Step	Authentication & Authorisation	CWE-306
Authorization header is not removed before the request is sent to target system	High	Proxy	Data in Transit	CWE-201
AssignMessage request parameters pollution	High	AssignMessage	Data Validation	CWE-20
AccessControl allows all IPs	Medium	AccessControl	Data Validation	CWE-290
API Key is not removed before the request is sent to target system	High	Proxy	Data in Transit	CWE-201