CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
  • Join Community
Start Here
  • What is CodeAnt?
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
      • Dotnet-core
      • Dotnet
      • Jwt-dotnet
      • Lang
        • Audit
        • Best practice
        • Correctness
        • Security
        • Security
      • Mongo
      • Postgres
      • Razor
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Lang

Security

missing-hsts-header

The HSTS HTTP response security header is missing, allowing interaction and communication to be sent over the insecure HTTP protocol.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-346: Origin Validation Error
OWASP:
- A07:2021 - Identification and Authentication Failures

stacktrace-disclosure

Stacktrace information is displayed in a non-Development environment. Accidentally disclosing sensitive stack trace information in a production environment aids an attacker in reconnaissance and information gathering.
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-209: Generation of Error Message Containing Sensitive Information
OWASP:
- A06:2017 - Security Misconfiguration
- A04:2021 - Insecure Design

open-redirect

A query string parameter may contain a URL value that could cause the web application to redirect the request to a malicious website controlled by an attacker. Make sure to sanitize this parameter sufficiently.
Likelihood: MEDIUM
Confidence: LOW
CWE:
- CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)
OWASP:
- A01:2021 - Broken Access Control
SslcertificatetrustAd
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.