CodeSent Rules - Comprehensive API Security & Static Analysis

Target AssignMessage Proxy

Name	Severity	Scopes	Tags	Links
Use of weak hash algorithms	High	AssignMessage HMAC JavaScript	Secure Configuration	CWE-327
Unreachable RouteRule	Medium	Proxy	Code Quality	CWE-561
Unreachable Flow	Medium	Target Proxy	Code Quality	CWE-561
Unreachable FaultRule	Medium	Target Proxy	Code Quality	CWE-561
Resource is not linked to a policy	Info	Proxy	Code Quality	CWE-561
Proxy doesn't have default flow	High	Proxy	Code Quality Data Validation	CWE-20
Policy is not linked to step	Info	Proxy	Code Quality	CWE-561
No mask configuration for the proxy	Low	Proxy	Code Quality
No TLS protocol specified in connection definition	High	ServiceCallout MessageLogging Target	Data in Transit	CWE-327
No SpikeArrest policy is applied	Medium	Proxy	Code Quality DoS Protection	CWE-770
Missing security headers	Low	Proxy	Secure Configuration	CWE-523
Missing API versioning	Info	Proxy	Secure Configuration	CWE-710
MatchesPath is applied to a static parameter	Medium	Target Proxy	Code Quality Data Validation	CWE-20
Lack of certificate validation	Critical	ServiceCallout MessageLogging Target	Data in Transit	CWE-295
Lack of DefaultFaultRule	Medium	Target Proxy	Error Handling	CWE-390
Connection to the system is not encrypted	Critical	ServiceCallout MessageLogging Target	Data in Transit	CWE-319
Authorization header is not removed before the request is sent to target system	High	Proxy	Data in Transit	CWE-201
AssignMessage request parameters pollution	High	AssignMessage	Data Validation	CWE-20
API Key is not removed before the request is sent to target system	High	Proxy	Data in Transit	CWE-201