CodeSent Rules - Comprehensive API Security & Static Analysis

RouteRule AccessControl SpikeArrest

Name	Severity	Scopes	Tags	Links
Bypassing AccessControl policy via True-Client-IP header	Critical	AccessControl	Data Validation	CWE-290
SpikeArrest policy doesn't use any identifier	High	SpikeArrest	DoS Protection	CWE-770
AccessControl allows all IPs	Medium	AccessControl	Data Validation	CWE-290
Condition has undefined variables	Medium	Step RouteRule Flow	Code Quality	CWE-570 CWE-571
Overcomplicated or malformed condition	Low	Step RouteRule Flow	Code Quality	CWE-570 CWE-571