CodeSent Rules - Comprehensive API Security & Static Analysis

Low High Step JavaScript

Name	Severity	Scopes	Tags	Links
Cache is accessed without prior authentication	High	Step	Authentication & Authorisation	CWE-306
Confidential data is used as a cache key	High	Step	Data at Rest	CWE-256 CWE-312
Insecure Quota configuration	High	Step	Code Quality Data Validation	CWE-770
Open Redirect	High	Step	Data Validation	CWE-601 CWE-20
Policy sets confidential data in URL parameters	High	Step	Data in Transit	CWE-598
Request content is tainted by user input	High	Step	Data Validation	CWE-20 CWE-116
Target URL is tainted by user input	High	Step	Data Validation	CWE-22 CWE-233 CWE-918 CWE-20
Unsafe regular expression	High	Step	Data Validation	CWE-1333
Unsafe variable is used to define host	High	Step	Data Validation	CWE-20
Use of weak hash algorithms	High	AssignMessage HMAC JavaScript	Secure Configuration	CWE-327
User-controlled data in ServiceCallout	High	Step	Data Validation	CWE-233 CWE-20
Cache lookup variable is overwritten	Low	Step	Code Quality	CWE-472
Overcomplicated or malformed condition	Low	Step RouteRule Flow	Code Quality	CWE-570 CWE-571
Policy errors are not caught	Low	Step	Error Handling	CWE-390
Step operates undefined flow variables	Low	Step	Code Quality	CWE-457