CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
  • Join Community
Start Here
  • What is CodeAnt?
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
    • Terraform
    • Typescript
      • Angular
      • Aws-cdk
      • Lang
      • Nestjs
      • Nextjs
      • React
        • Best practice
        • Portability
        • React-create-element-dangerouslysetinnerhtml-prop
        • React-create-element-dangerouslysetinnerhtml-url
        • React-create-element-href-prop
        • React-create-element-href-url
        • React-dangerouslysetinnerhtml-prop
        • React-dangerouslysetinnerhtml-url
        • React-href-prop
        • React-href-url
        • React-refs-prop
        • React-refs-url
        • Security
        • Security
          • Audit
      • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Security

Audit

react-jwt-in-localstorage

Storing JWT tokens in localStorage known to be a bad practice, consider moving your tokens from localStorage to a HTTP cookie.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-922: Insecure Storage of Sensitive Information
OWASP:
- A01:2021 - Broken Access Control

react-unsanitized-method

Detection of HTMLfromnon−constantdefinition.Thiscaninadvertentlyexposeuserstocross−sitescripting(XSS)attacksifthiscomesfromuser−providedinput.IfyouhavetouseHTML from non-constant definition. This can inadvertently expose users to cross-site scripting (XSS) attacks if this comes from user-provided input. If you have to use HTMLfromnon−constantdefinition.Thiscaninadvertentlyexposeuserstocross−sitescripting(XSS)attacksifthiscomesfromuser−providedinput.IfyouhavetouseHTML, consider using a sanitization library such as DOMPurify to sanitize your HTML.
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection

react-dangerouslysetinnerhtml

Detection of dangerouslySetInnerHTML from non-constant definition. This can inadvertently expose users to cross-site scripting (XSS) attacks if this comes from user-provided input. If you have to use dangerouslySetInnerHTML, consider using a sanitization library such as DOMPurify to sanitize your HTML.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection

react-jwt-decoded-property

Property decoded from JWT token without verifying and cannot be trustworthy.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-922: Insecure Storage of Sensitive Information
OWASP:
- A01:2021 - Broken Access Control

react-href-var

Detected a variable used in an anchor tag with the ‘href’ attribute. A malicious actor may be able to input the ‘javascript:’ URI, which could cause cross-site scripting (XSS). It is recommended to disallow ‘javascript:’ URIs within your application.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection

react-unsanitized-property

Detection of HTMLfromnon−constantdefinition.Thiscaninadvertentlyexposeuserstocross−sitescripting(XSS)attacksifthiscomesfromuser−providedinput.IfyouhavetouseHTML from non-constant definition. This can inadvertently expose users to cross-site scripting (XSS) attacks if this comes from user-provided input. If you have to use HTMLfromnon−constantdefinition.Thiscaninadvertentlyexposeuserstocross−sitescripting(XSS)attacksifthiscomesfromuser−providedinput.IfyouhavetouseHTML, consider using a sanitization library such as DOMPurify to sanitize your HTML.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection
SecurityNode rsa weak key
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.