CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
  • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
        • Ajv
        • Angular
        • Apollo
        • Argon2
        • Audit
        • Aws-lambda
        • Axios
        • Bluebird
        • Browser
        • Chrome-remote-interface
        • Crypto
        • Deno
        • Express
          • Direct-response-write-with-header
          • Express-child-process
          • Express-fs-filename
          • Express-sqlite-sqli
          • Mongodb
          • Mysql
          • Needle
          • Open-redirect-deepsemgrep
          • Pg
          • Redos
          • Regexp-redos
          • Request
          • Security
          • Security
            • Audit
            • Audit
            • Injection
          • Session-fixation
        • Fbjs
        • Firebase
        • Grpc
        • Intercom
        • Jose
        • Jquery
        • Jsonwebtoken
        • Jssha
        • Jwt-simple
        • Knex
        • Lang
        • Monaco-editor
        • Mongodb
        • Mongoose
        • Mssql
        • Mysql
        • Node-expat
        • Passport-jwt
        • Pg
        • Phantom
        • Playwright
        • Puppeteer
        • React
        • Sandbox
        • Sax
        • Sequelize
        • Serialize-javascript
        • Shelljs
        • Superagent
        • Thenify
        • Vm2
        • Vue
        • Wkhtmltoimage
        • Wkhtmltopdf
        • Xml2json
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
      • Typescript
      • Yaml
    Security

    Audit

    No token revoking configured for express-jwt. A leaked token could still be used and unable to be revoked. Consider using function as the isRevoked option.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-522: Insufficiently Protected Credentials
    OWASP:
    - A02:2017 - Broken Authentication
    - A04:2021 - Insecure Design

    It looks like ‘UNK′isreadfromuserinputanditisusedtoasaredirect.Ensure′UNK' is read from user input and it is used to as a redirect. Ensure 'UNK′isreadfromuserinputanditisusedtoasaredirect.Ensure′UNK’ is not externally controlled, otherwise this is an open redirect.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)
    OWASP:
    - A01:2021 - Broken Access Control

    Directory listing/indexing is enabled, which may lead to disclosure of sensitive directories and files. It is recommended to disable directory listing unless it is a public resource. If you need directory listing, ensure that sensitive files are inaccessible when querying the resource.
    Likelihood: HIGH
    Confidence: MEDIUM
    CWE:
    - CWE-548: Exposure of Information Through Directory Listing
    OWASP:
    - A06:2017 - Security Misconfiguration
    - A01:2021 - Broken Access Control

    Don’t use the default session cookie name Using the default session cookie name can open your app to attacks. The security issue posed is similar to X-Powered-By: a potential attacker can use it to fingerprint the server and target attacks accordingly.
    Likelihood: HIGH
    Confidence: MEDIUM
    CWE:
    - CWE-522: Insufficiently Protected Credentials
    OWASP:
    - A02:2017 - Broken Authentication
    - A04:2021 - Insecure Design

    Default session middleware settings: secure not set. It ensures the browser only sends the cookie over HTTPS.
    Likelihood: HIGH
    Confidence: MEDIUM
    CWE:
    - CWE-522: Insufficiently Protected Credentials
    OWASP:
    - A02:2017 - Broken Authentication
    - A04:2021 - Insecure Design

    Default session middleware settings: httpOnly not set. It ensures the cookie is sent only over HTTP(S), not client JavaScript, helping to protect against cross-site scripting attacks.
    Likelihood: HIGH
    Confidence: MEDIUM
    CWE:
    - CWE-522: Insufficiently Protected Credentials
    OWASP:
    - A02:2017 - Broken Authentication
    - A04:2021 - Insecure Design

    Default session middleware settings: domain not set. It indicates the domain of the cookie; use it to compare against the domain of the server in which the URL is being requested. If they match, then check the path attribute next.
    Likelihood: HIGH
    Confidence: MEDIUM
    CWE:
    - CWE-522: Insufficiently Protected Credentials
    OWASP:
    - A02:2017 - Broken Authentication
    - A04:2021 - Insecure Design

    Default session middleware settings: path not set. It indicates the path of the cookie; use it to compare against the request path. If this and domain match, then send the cookie in the request.
    Likelihood: HIGH
    Confidence: MEDIUM
    CWE:
    - CWE-522: Insufficiently Protected Credentials
    OWASP:
    - A02:2017 - Broken Authentication
    - A04:2021 - Insecure Design

    Default session middleware settings: expires not set. Use it to set expiration date for persistent cookies.
    Likelihood: HIGH
    Confidence: MEDIUM
    CWE:
    - CWE-522: Insufficiently Protected Credentials
    OWASP:
    - A02:2017 - Broken Authentication
    - A04:2021 - Insecure Design

    The libxml library processes user-input with the noent attribute is set to true which can lead to being vulnerable to XML External Entities (XXE) type attacks. It is recommended to set noent to false when using this feature to ensure you are protected.
    Likelihood: HIGH
    Confidence: HIGH
    CWE:
    - CWE-611: Improper Restriction of XML External Entity Reference
    OWASP:
    - A04:2017 - XML External Entities (XXE)
    - A05:2021 - Security Misconfiguration

    Detected usage of the notevil package, which is unmaintained and has vulnerabilities. Using any sort of eval() functionality can be very dangerous, but if you must, the eval package is an up to date alternative. Be sure that only trusted input reaches an eval() function.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-1104: Use of Unmaintained Third Party Components
    OWASP:
    - A06:2021 - Vulnerable and Outdated Components

    Possible writing outside of the destination, make sure that the target path is nested in the intended destination
    Likelihood: HIGH
    Confidence: MEDIUM
    CWE:
    - CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    The application redirects to a URL specified by user-supplied input $REQ that is not validated. This could redirect users to malicious locations. Consider using an allow-list approach to validate URLs, or warn users they are being redirected to a third-party website.
    Likelihood: HIGH
    Confidence: HIGH
    CWE:
    - CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)
    OWASP:
    - A01:2021 - Broken Access Control

    User controllable data $REQ enters $RES.render(...) this can lead to the loading of other HTML/templating pages that they may not be authorized to render. An attacker may attempt to use directory traversal techniques e.g. ../folder/index to access other HTML pages on the file system. Where possible, do not allow users to define what should be loaded in $RES.render or use an allow list for the existing application.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-706: Use of Incorrectly-Resolved Name or Reference
    OWASP:
    - A01:2021 - Broken Access Control

    The following request REQUEST.REQUEST.REQUEST.METHOD() was found to be crafted from user-input $REQ which can lead to Server-Side Request Forgery (SSRF) vulnerabilities. It is recommended where possible to not allow user-input to craft the base request, but to be treated as part of the path or query parameter. When user-input is necessary to craft the request, it is recommeneded to follow OWASP best practices to prevent abuse.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-918: Server-Side Request Forgery (SSRF)
    OWASP:
    - A10:2021 - Server-Side Request Forgery (SSRF)

    Xml Parser is used inside Request Event. Make sure that unverified user data can not reach the XML Parser, as it can result in XML External or Internal Entity (XXE) Processing vulnerabilities
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-611: Improper Restriction of XML External Entity Reference
    OWASP:
    - A04:2017 - XML External Entities (XXE)
    - A05:2021 - Security Misconfiguration

    A CSRF middleware was not detected in your express application. Ensure you are either using one such as csurf or csrf (see rule references) and/or you are properly doing CSRF validation in your routes with a token or cookies.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-352: Cross-Site Request Forgery (CSRF)
    OWASP:
    - A01:2021 - Broken Access Control

    The following function call SER.SER.SER.FUNC accepts user controlled data which can result in Remote Code Execution (RCE) through Object Deserialization. It is recommended to use secure data processing alternatives such as JSON.parse() and Buffer.from().
    Likelihood: HIGH
    Confidence: HIGH
    CWE:
    - CWE-502: Deserialization of Untrusted Data
    OWASP:
    - A08:2017 - Insecure Deserialization
    - A08:2021 - Software and Data Integrity Failures

    Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it’s prototype. Use literal values for object properties.
    Likelihood: MEDIUM
    Confidence: LOW
    CWE:
    - CWE-522: Insufficiently Protected Credentials
    OWASP:
    - A02:2017 - Broken Authentication
    - A04:2021 - Insecure Design

    A hard-coded credential was detected. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
    Likelihood: HIGH
    Confidence: HIGH
    CWE:
    - CWE-798: Use of Hard-coded Credentials
    OWASP:
    - A07:2021 - Identification and Authentication Failures

    Detected use of parseXml() function with the noent field set to true. This can lead to an XML External Entities (XXE) attack if untrusted data is passed into it.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-611: Improper Restriction of XML External Entity Reference
    OWASP:
    - A04:2017 - XML External Entities (XXE)
    - A05:2021 - Security Misconfiguration

    The application processes user-input, this is passed to res.sendFile which can allow an attacker to arbitrarily read files on the system through path traversal. It is recommended to perform input validation in addition to canonicalizing the path. This allows you to validate the path against the intended directory it should be accessing.
    Likelihood: HIGH
    Confidence: MEDIUM
    CWE:
    - CWE-73: External Control of File Name or Path
    OWASP:
    - A04:2021 - Insecure Design

    SecurityXss
    twitterlinkedin
    Powered by Mintlify