CodeSent Rules - Comprehensive API Security & Static Analysis

Flow BasicAuthentication JavaScript JSONThreatProtection OAuthV2

Name	Severity	Scopes	Tags	Links
Flow accepts confidential data as URL parameters	High	Flow PreFlow	Data in Transit	CWE-598
JSONThreatProtection policy is not applied to a request body with JSON type	High	Flow	Data Validation	CWE-502 CWE-20
Use of weak hash algorithms	High	AssignMessage HMAC JavaScript	Secure Configuration	CWE-327
Condition has undefined variables	Medium	Step RouteRule Flow	Code Quality	CWE-570 CWE-571
Flow accepts requests with any method	Medium	Flow	Data Validation	CWE-749
Flow doesn't limit HTTP methods correctly	Medium	Flow	Data Validation	CWE-749
Insecure JSONThreatProtection policy	Medium	JSONThreatProtection	Code Quality Data Validation	CWE-770 CWE-20
Insecure token expiration configuration	Medium	OAuthV2	Secure Configuration	CWE-613
Overcomplicated or malformed condition	Low	Step RouteRule Flow	Code Quality	CWE-570 CWE-571