Support
Dashboard
Dashboard

Join Community

Start Here

What is CodeAnt?

Setup

Github
Bitbucket
Gitlab
Azure Devops

Pull Request Review

Features
Customize Review
Quality Gates
Integrations

Scan center

Code Security
Code Quality
Cloud Security
Engineering Productivity

Integrations

Jira
Test Coverage
CI/CD

IDE

Setup
Review
Enhancements

Rule Reference

Compliance
Anti-Patterns
Code Governance
Infrastructure Security Database
Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
  - Aws-lambda
  - Aws-sdk-core
  - Cassandra
  - Excon
  - Faraday
  - Jwt
    - Security
    - Security
      - Audit
  - Lang
  - Mongo
  - Mysql2
  - Octokit
  - Pg
  - Rails
  - Redis
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml

Resources

Open Source
Blogs

Security

Audit

ruby-jwt-decode-without-verify

Detected the decoding of a JWT token without a verify step. JWT tokens must be verified before use, otherwise the token’s integrity is unknown. This means a malicious actor could forge a JWT token with any claims.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-345: Insufficient Verification of Data Authenticity
OWASP:
- A08:2021 - Software and Data Integrity Failures

ruby-jwt-exposed-data

The object is passed strictly to jsonwebtoken.sign(…) Make sure that sensitive information is not exposed through JWT token payload.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-522: Insufficiently Protected Credentials
OWASP:
- A02:2017 - Broken Authentication
- A04:2021 - Insecure Design

Security Security

twitter linkedin

Powered by Mintlify

Assistant

Responses are generated using AI and may contain mistakes.