CodeSent Rules - Comprehensive API Security & Static Analysis

Low Critical Step

Name	Severity	Scopes	Tags	Links
JWT/JWS is decoded but not verified in the same flow phase	Critical	Step	Authentication & Authorisation	CWE-347
Request content is stringified	Critical	Step	Data Validation DoS Protection	CWE-20
Sensitive information is in the source code	Critical	Step	Data at Rest	CWE-256 CWE-312
Cache lookup variable is overwritten	Low	Step	Code Quality	CWE-472
Overcomplicated or malformed condition	Low	Step RouteRule Flow	Code Quality	CWE-570 CWE-571
Policy errors are not caught	Low	Step	Error Handling	CWE-390
Step operates undefined flow variables	Low	Step	Code Quality	CWE-457