CodeSent Rules - Comprehensive API Security & Static Analysis

Medium Critical Step

Name	Severity	Scopes	Tags	Links
JWT/JWS is decoded but not verified in the same flow phase	Critical	Step	Authentication & Authorisation	CWE-347
Request content is stringified	Critical	Step	Data Validation DoS Protection	CWE-20
Sensitive information is in the source code	Critical	Step	Data at Rest	CWE-256 CWE-312
Condition has undefined variables	Medium	Step RouteRule Flow	Code Quality	CWE-570 CWE-571
Error flow variable is set but not checked in request phase	Medium	Step	Error Handling	CWE-390
Masked flow variable is written into unmasked one	Medium	Step	Data at Rest	CWE-532
Private flow variable is written into public one	Medium	Step	Data at Rest	CWE-532