JavaScript Security Rules

Reshift Scans your custom JavaScript code for security bugs, below are the security issues Reshift detects.

​
Security Issue
Severity
CWE
OWASP Top 10
PCI DSS
Command Injection
Critical
78
A1
6.5.1
Indirect Command Injection
Critical
78
A1
6.5.1
Shell Command Injection
Critical 
78
A1
6.5.1
SQL Injection
Critical
89
A1
6.5.1
NoSQL Injection
Critical 
89
A1
6.5.1
Insecure Code Execution
Critical
94
A1
​
Insecure Code Execution (Dynamic Method)
Critical
94
A1
​
Insecure Access to File System
High
22
A5
​
ZipSlip
High
22
A5
​
Cross-Site Scripting
High
79
A7
​
Cross-Site Scripting (Stored)
High
79
A7
​
Cross-Site Scripting (DOM)
High
79
A7
​
Potential Backdoor
High
​
​
​
Prototype Pollution
High
400
A1
​
Prototype Pollution Utility
High
400
A1
​
Remote Prototype Pollution
High
400
A1
​
Insecure Deserialization
High
502
A8
​
XML External Entity Injection
High
611
A4
​
XML Entity Expansion
High
776
A4
​
XPath Injection
High
643
A1
6.5.1
Unvalidated Dynamic Method Call
High
754
A1
​
Sensitive Data Leakage
High
798
A3
6.5.1
Insecure File upload
Hight
912
A6
​
Insecure Input Validation (URL Scheme)
Moderate
20
​
​
Insecure Input Validation (URL Substring)
Moderate
20
​
​
Insecure Comparison Check
Moderate
20
​
​
Insecure Regex Expression (Anchor)
Moderate
20
​
​
Insecure Regex Expression (Character Escape)
Moderate
20
​
​
Insecure Input Validation (Incomplete Hostname)
Moderate
20
A5
​
Command Injection (Use of Cat)
Moderate
78
A1
6.5.1
Cross-Site Scripting (Exception)
Moderate
79
A7
​
Cross-Site Scripting (Reflected)
Moderate
79
A7
​
Cross-Site Scripting (DOM)
Moderate
79
A7
​
Insecure Encoding
Moderate
116
A7
​
Insecure Input Sanitization
Moderate
116
​
​
Insecure Format String
Moderate
134
​
​
Sensitive Data Exposure
Moderate
209
A3
​
Sensitive Data Exposure (Post Message)
Moderate
201
A3
​
Insecure Logging
Moderate
312
A10
6.5.1
Password in Configuration File
Moderate
313
A6
​
Insecure Cryptographic Algorithm
Moderate
327
A3
​
Insecure Random Number Generation
Moderate
338
A3
​
CORS Misconfiguration
Moderate
346
A6
​
Cross-Site Request Forgery
Moderate
352
​
​
Missing X-Frame Options
Moderate
451
​
​
Password in Configuration File
Moderate
506
A6
​
Client-side URL Redirection
Moderate
601
​
​
Server-side URL Redirection
Moderate
601
A2
​
Host Header Poisoning
Moderate
640
​
​
Insecure Regex Expression (Injection)
Moderate
730
A1
​
Missing Rate Limit
Moderate
770
​
​
Security Control Bypass
Moderate
807
A5
​
Parameter Tampering
Moderate
843
A5
​
Denial of Service (Infinite Loop)
Moderate
834
​
​
Insecure Hashing Algorithm
Moderate
916
A3
​
Server-Side Request Forgery
Moderate
918
A2
​

Analysis Engine - Previous

Java Security Rules

Next - Product Features

Code Review Workflow

Last modified 2yr ago

Security Issue	Severity	CWE	OWASP Top 10	PCI DSS
Command Injection	Critical	78	A1	6.5.1
Indirect Command Injection	Critical	78	A1	6.5.1
Shell Command Injection	Critical	78	A1	6.5.1
SQL Injection	Critical	89	A1	6.5.1
NoSQL Injection	Critical	89	A1	6.5.1
Insecure Code Execution	Critical	94	A1
Insecure Code Execution (Dynamic Method)	Critical	94	A1
Insecure Access to File System	High	22	A5
ZipSlip	High	22	A5
Cross-Site Scripting	High	79	A7
Cross-Site Scripting (Stored)	High	79	A7
Cross-Site Scripting (DOM)	High	79	A7
Potential Backdoor	High
Prototype Pollution	High	400	A1
Prototype Pollution Utility	High	400	A1
Remote Prototype Pollution	High	400	A1
Insecure Deserialization	High	502	A8
XML External Entity Injection	High	611	A4
XML Entity Expansion	High	776	A4
XPath Injection	High	643	A1	6.5.1
Unvalidated Dynamic Method Call	High	754	A1
Sensitive Data Leakage	High	798	A3	6.5.1
Insecure File upload	Hight	912	A6
Insecure Input Validation (URL Scheme)	Moderate	20
Insecure Input Validation (URL Substring)	Moderate	20
Insecure Comparison Check	Moderate	20
Insecure Regex Expression (Anchor)	Moderate	20
Insecure Regex Expression (Character Escape)	Moderate	20
Insecure Input Validation (Incomplete Hostname)	Moderate	20	A5
Command Injection (Use of Cat)	Moderate	78	A1	6.5.1
Cross-Site Scripting (Exception)	Moderate	79	A7
Cross-Site Scripting (Reflected)	Moderate	79	A7
Cross-Site Scripting (DOM)	Moderate	79	A7
Insecure Encoding	Moderate	116	A7
Insecure Input Sanitization	Moderate	116
Insecure Format String	Moderate	134
Sensitive Data Exposure	Moderate	209	A3
Sensitive Data Exposure (Post Message)	Moderate	201	A3
Insecure Logging	Moderate	312	A10	6.5.1
Password in Configuration File	Moderate	313	A6
Insecure Cryptographic Algorithm	Moderate	327	A3
Insecure Random Number Generation	Moderate	338	A3
CORS Misconfiguration	Moderate	346	A6
Cross-Site Request Forgery	Moderate	352
Missing X-Frame Options	Moderate	451
Password in Configuration File	Moderate	506	A6
Client-side URL Redirection	Moderate	601
Server-side URL Redirection	Moderate	601	A2
Host Header Poisoning	Moderate	640
Insecure Regex Expression (Injection)	Moderate	730	A1
Missing Rate Limit	Moderate	770
Security Control Bypass	Moderate	807	A5
Parameter Tampering	Moderate	843	A5
Denial of Service (Infinite Loop)	Moderate	834
Insecure Hashing Algorithm	Moderate	916	A3
Server-Side Request Forgery	Moderate	918	A2