CodeSent Rules - Comprehensive API Security & Static Analysis

Info Low High

Name	Severity	Scopes	Tags	Links
User-controlled data in ServiceCallout	High	Step	Data Validation	CWE-233 CWE-20
Use of weak hash algorithms	High	AssignMessage HMAC JavaScript	Secure Configuration	CWE-327
Unused flow variables	Info	Step	Code Quality	CWE-563
Unsafe variable is used to define host	High	Step	Data Validation	CWE-20
Unsafe regular expression	High	Step	Data Validation	CWE-1333
Target URL is tainted by user input	High	Step	Data Validation	CWE-22 CWE-233 CWE-918 CWE-20
Step operates undefined flow variables	Low	Step	Code Quality	CWE-457
SpikeArrest policy doesn't use any identifier	High	SpikeArrest	DoS Protection	CWE-770
Sharedflow has not beeing scanned by CodeSent	Low	FlowCallout	Code Quality
Resource is not linked to a policy	Info	Proxy	Code Quality	CWE-561
Request content is tainted by user input	High	Step	Data Validation	CWE-20 CWE-116
Proxy doesn't have default flow	High	Proxy	Code Quality Data Validation	CWE-20
Policy sets confidential data in URL parameters	High	Step	Data in Transit	CWE-598
Policy is not linked to step	Info	Proxy	Code Quality	CWE-561
Policy errors are not caught	Low	Step	Error Handling	CWE-390
Overcomplicated or malformed condition	Low	Step RouteRule Flow	Code Quality	CWE-570 CWE-571
Open Redirect	High	Step	Data Validation	CWE-601 CWE-20
No mask configuration for the proxy	Low	Proxy	Code Quality
No TLS protocol specified in connection definition	High	ServiceCallout MessageLogging Target	Data in Transit	CWE-327
Missing security headers	Low	Proxy	Secure Configuration	CWE-523