JavaScript Security Rules

Reshift Scans your custom JavaScript code for security bugs, below are the security issues Reshift detects.

Security Issue

Severity

CWE

OWASP Top 10

PCI DSS

Command Injection

Critical

78

A1

6.5.1

Indirect Command Injection

Critical

78

A1

6.5.1

Shell Command Injection

Critical

78

A1

6.5.1

SQL Injection

Critical

89

A1

6.5.1

NoSQL Injection

Critical

89

A1

6.5.1

Insecure Code Execution

Critical

94

A1

Insecure Code Execution (Dynamic Method)

Critical

94

A1

Insecure Access to File System

High

22

A5

ZipSlip

High

22

A5

Cross-Site Scripting

High

79

A7

Cross-Site Scripting (Stored)

High

79

A7

Cross-Site Scripting (DOM)

High

79

A7

Potential Backdoor

High

Prototype Pollution

High

400

A1

Prototype Pollution Utility

High

400

A1

Remote Prototype Pollution

High

400

A1

Insecure Deserialization

High

502

A8

XML External Entity Injection

High

611

A4

XML Entity Expansion

High

776

A4

XPath Injection

High

643

A1

6.5.1

Unvalidated Dynamic Method Call

High

754

A1

Sensitive Data Leakage

High

798

A3

6.5.1

Insecure File upload

Hight

912

A6

Insecure Input Validation (URL Scheme)

Moderate

20

Insecure Input Validation (URL Substring)

Moderate

20

Insecure Comparison Check

Moderate

20

Insecure Regex Expression (Anchor)

Moderate

20

Insecure Regex Expression (Character Escape)

Moderate

20

Insecure Input Validation (Incomplete Hostname)

Moderate

20

A5

Command Injection (Use of Cat)

Moderate

78

A1

6.5.1

Cross-Site Scripting (Exception)

Moderate

79

A7

Cross-Site Scripting (Reflected)

Moderate

79

A7

Cross-Site Scripting (DOM)

Moderate

79

A7

Insecure Encoding

Moderate

116

A7

Insecure Input Sanitization

Moderate

116

Insecure Format String

Moderate

134

Sensitive Data Exposure

Moderate

209

A3

Sensitive Data Exposure (Post Message)

Moderate

201

A3

Insecure Logging

Moderate

312

A10

6.5.1

Password in Configuration File

Moderate

313

A6

Insecure Cryptographic Algorithm

Moderate

327

A3

Insecure Random Number Generation

Moderate

338

A3

CORS Misconfiguration

Moderate

346

A6

Cross-Site Request Forgery

Moderate

352

Missing X-Frame Options

Moderate

451

Password in Configuration File

Moderate

506

A6

Client-side URL Redirection

Moderate

601

Server-side URL Redirection

Moderate

601

A2

Host Header Poisoning

Moderate

640

Insecure Regex Expression (Injection)

Moderate

730

A1

Missing Rate Limit

Moderate

770

Security Control Bypass

Moderate

807

A5

Parameter Tampering

Moderate

843

A5

Denial of Service (Infinite Loop)

Moderate

834

Insecure Hashing Algorithm

Moderate

916

A3

Server-Side Request Forgery

Moderate

918

A2