JavaScript 및 TypeScript 규칙
각 규칙에는 다음 정보가 포함됩니다.
Rule Name (규칙 이름): 규칙의 Snyk 이름입니다.
CWE(s): 이 규칙이 다루는 CWE 번호입니다.
Security Categories (보안 범주): 규칙이 속한 OWASP Top 10 (2021 에디션) 범주(있는 경우) 및 SANS 25에 포함되어 있는지 여부입니다.
Autofixable (자동 수정 가능): Snyk Agent Fix로 자동 수정 가능한 보안 규칙입니다. 이 정보는 지원되는 프로그래밍 언어에 대해서만 포함됩니다.
Disabling Strict Contextual escaping (SCE) could provide additional attack surface for Cross-site Scripting (XSS)
CWE-79
Sans Top 25, OWASP:A03
예
Use of a Broken or Risky Cryptographic Algorithm
CWE-327
OWASP:A02
아니요
Clear Text Sensitive Storage
CWE-200, CWE-312
OWASP:A01, OWASP:A04
아니요
Code Injection
CWE-94
Sans Top 25, OWASP:A03
예
Command Injection
CWE-78
Sans Top 25, OWASP:A03
예
Cross-site Scripting (XSS)
CWE-79
Sans Top 25, OWASP:A03
예
Deserialization of Untrusted Data
CWE-502
Sans Top 25, OWASP:A08
아니요
Information Exposure
CWE-200
OWASP:A01
예
Electron Disable Security Warnings
CWE-16
OWASP:A05
아니요
Electron Insecure Web Preferences
CWE-16
OWASP:A05
예
Electron Load Insecure Content
CWE-16
OWASP:A05
예
Use of Externally-Controlled Format String
CWE-134
없음
예
GraphQL Injection
CWE-89
Sans Top 25, OWASP:A03
아니요
Improper Type Validation
CWE-1287
없음
예
Hardcoded Secret
CWE-547
OWASP:A05
예
Cleartext Transmission of Sensitive Information
CWE-319
OWASP:A02
예
Improper Code Sanitization
CWE-94, CWE-79, CWE-116
Sans Top 25, OWASP:A03
아니요
Use of Password Hash With Insufficient Computational Effort
CWE-916
OWASP:A02
예
Use of Insufficiently Random Values
CWE-330
OWASP:A02
아니요
Insecure TLS Configuration
CWE-327
OWASP:A02
예
Insufficient postMessage Validation
CWE-20
Sans Top 25, OWASP:A03
예
Introspection Enabled
CWE-200
OWASP:A01
아니요
Insecure JWT Verification Method
CWE-347
OWASP:A02
아니요
JWT Signature Verification Method Disabled
CWE-347
OWASP:A02
아니요
JWT 'none' Algorithm Supported
CWE-347
OWASP:A02
아니요
Denial of Service (DoS) through Nested GraphQL Queries
CWE-400
없음
예
Unchecked Input for Loop Condition
CWE-400, CWE-606
없음
아니요
Observable Timing Discrepancy (Timing Attack)
CWE-208
없음
아니요
Use of Hardcoded Credentials
CWE-798
Sans Top 25, OWASP:A07
예
Use of Hardcoded Passwords
CWE-798, CWE-259
Sans Top 25, OWASP:A07
예
Allocation of Resources Without Limits or Throttling
CWE-770
없음
예
NoSQL Injection
CWE-943
없음
아니요
Buffer Over-read
CWE-126
없음
아니요
Open Redirect
CWE-601
OWASP:A01
예
Path Traversal
CWE-23
OWASP:A01
예
Prototype Pollution
CWE-1321
없음
아니요
Use dangerouslySetInnerHTML to Explicitly Handle XSS Risks
CWE-79
Sans Top 25, OWASP:A03
예
Weak Password Recovery Mechanism for Forgotten Password
CWE-640
OWASP:A07
아니요
SQL Injection
CWE-89
Sans Top 25, OWASP:A03
예
Server-Side Request Forgery (SSRF)
CWE-918
Sans Top 25, OWASP:A10
아니요
Improper Neutralization of Directives in Statically Saved Code
CWE-96
OWASP:A03
아니요
Origin Validation Error
CWE-942, CWE-346
OWASP:A05, OWASP:A07
예
Permissive Cross-domain Policy
CWE-942
OWASP:A05
예
Improper Restriction of Rendered UI Layers or Frames
CWE-1021
OWASP:A04
아니요
Cryptographic Issues
CWE-310
OWASP:A02
예
Unsafe JQuery Plugin
CWE-79, CWE-116
Sans Top 25, OWASP:A03
아니요
Cross-Site Request Forgery (CSRF)
CWE-352
Sans Top 25, OWASP:A01
예
Sensitive Cookie Without 'HttpOnly' Flag
CWE-1004
OWASP:A05
예
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CWE-614
OWASP:A05
예
XML External Entity (XXE) Injection
CWE-611
OWASP:A05
아니요
XPath Injection
CWE-643
OWASP:A03
아니요
Arbitrary File Write via Archive Extraction (Zip Slip)
CWE-22
Sans Top 25, OWASP:A01
아니요
Regular Expression Denial of Service (ReDoS)
CWE-400
없음
예
Last updated