JavaScript Security Rules
Reshift Scans your custom JavaScript code for security bugs, below are the security issues Reshift detects.
Security Issue | Severity | CWE | OWASP Top 10 | PCI DSS |
Command Injection | Critical | 78 | A1 | 6.5.1 |
Indirect Command Injection | Critical | 78 | A1 | 6.5.1 |
Shell Command Injection | Critical | 78 | A1 | 6.5.1 |
SQL Injection | Critical | 89 | A1 | 6.5.1 |
NoSQL Injection | Critical | 89 | A1 | 6.5.1 |
Insecure Code Execution | Critical | 94 | A1 | |
Insecure Code Execution (Dynamic Method) | Critical | 94 | A1 | |
Insecure Access to File System | High | 22 | A5 | |
ZipSlip | High | 22 | A5 | |
Cross-Site Scripting | High | 79 | A7 | |
Cross-Site Scripting (Stored) | High | 79 | A7 | |
Cross-Site Scripting (DOM) | High | 79 | A7 | |
Potential Backdoor | High | | | |
Prototype Pollution | High | 400 | A1 | |
Prototype Pollution Utility | High | 400 | A1 | |
Remote Prototype Pollution | High | 400 | A1 | |
Insecure Deserialization | High | 502 | A8 | |
XML External Entity Injection | High | 611 | A4 | |
XML Entity Expansion | High | 776 | A4 | |
XPath Injection | High | 643 | A1 | 6.5.1 |
Unvalidated Dynamic Method Call | High | 754 | A1 | |
Sensitive Data Leakage | High | 798 | A3 | 6.5.1 |
Insecure File upload | Hight | 912 | A6 | |
Insecure Input Validation (URL Scheme) | Moderate | 20 | | |
Insecure Input Validation (URL Substring) | Moderate | 20 | | |
Insecure Comparison Check | Moderate | 20 | | |
Insecure Regex Expression (Anchor) | Moderate | 20 | | |
Insecure Regex Expression (Character Escape) | Moderate | 20 | | |
Insecure Input Validation (Incomplete Hostname) | Moderate | 20 | A5 | |
Command Injection (Use of Cat) | Moderate | 78 | A1 | 6.5.1 |
Cross-Site Scripting (Exception) | Moderate | 79 | A7 | |
Cross-Site Scripting (Reflected) | Moderate | 79 | A7 | |
Cross-Site Scripting (DOM) | Moderate | 79 | A7 | |
Insecure Encoding | Moderate | 116 | A7 | |
Insecure Input Sanitization | Moderate | 116 | | |
Insecure Format String | Moderate | 134 | | |
Sensitive Data Exposure | Moderate | 209 | A3 | |
Sensitive Data Exposure (Post Message) | Moderate | 201 | A3 | |
Insecure Logging | Moderate | 312 | A10 | 6.5.1 |
Password in Configuration File | Moderate | 313 | A6 | |
Insecure Cryptographic Algorithm | Moderate | 327 | A3 | |
Insecure Random Number Generation | Moderate | 338 | A3 | |
CORS Misconfiguration | Moderate | 346 | A6 | |
Cross-Site Request Forgery | Moderate | 352 | | |
Missing X-Frame Options | Moderate | 451 | | |
Password in Configuration File | Moderate | 506 | A6 | |
Client-side URL Redirection | Moderate | 601 | | |
Server-side URL Redirection | Moderate | 601 | A2 | |
Host Header Poisoning | Moderate | 640 | | |
Insecure Regex Expression (Injection) | Moderate | 730 | A1 | |
Missing Rate Limit | Moderate | 770 | | |
Security Control Bypass | Moderate | 807 | A5 | |
Parameter Tampering | Moderate | 843 | A5 | |
Denial of Service (Infinite Loop) | Moderate | 834 | | |
Insecure Hashing Algorithm | Moderate | 916 | A3 | |
Server-Side Request Forgery | Moderate | 918 | A2 | |