GitLab Advanced SAST rules: JavaScript

  • Tier: Ultimate
  • Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated

Rules used by GitLab Advanced SAST to detect vulnerabilities in JavaScript code.

Rule IDRule descriptionCWEOWASP Top 10
javascript-axios-ssrf-taintServer-side request forgery (SSRF)CWE-918A1:2017, A03:2021
javascript-bent-ssrf-taintServer-side request forgery (SSRF)CWE-918A1:2017, A03:2021
javascript-electron-misconfiguration-allow-http-atomicCleartext Transmission of Sensitive InformationCWE-319A6:2017, A05:2021
javascript-electron-misconfiguration-blink-integration-atomicLeast privilege violationCWE-272A6:2017, A05:2021
javascript-electron-misconfiguration-context-isolation-atomicImproperly controlled modification of object prototype attributes (‘Prototype Pollution’)CWE-1321A6:2017, A05:2021
javascript-electron-misconfiguration-disable-websecurity-atomicOrigin validation errorCWE-346A6:2017, A05:2021
javascript-electron-misconfiguration-experimental-features-atomicLeast privilege violationCWE-272A6:2017, A05:2021
javascript-electron-misconfiguration-nodejs-integration-atomicLeast privilege violationCWE-272A6:2017, A05:2021
javascript-grpc-deserialization-insecure-connection-atomicDeserialization of Untrusted DataCWE-502A8:2017, A08:2021
javascript-handlebars-xss-noescape-taintImproper neutralization of script-related HTML tags in a web page (basic XSS)CWE-80A7:2017, A03:2021
javascript-handlebars-xss-safestring-taintImproper neutralization of input during web page generation (Cross-site Scripting)CWE-79A7:2017, A03:2021
javascript-helmet-misconfiguration-security-feature-disabled-atomicImproperly implemented security check for standardCWE-358A6:2017, A05:2021
javascript-jquery-xss-taintImproper neutralization of input during web page generation (‘Cross-site Scripting’)CWE-79A7:2017, A03:2021
javascript-knex-sqli-taintImproper neutralization of special elements used in an SQL command (SQL Injection)CWE-89A1:2017, A03:2021
javascript-lang-cmdi-dangerous-spawn-shell-taintImproper neutralization of special elements used in an OS command(‘OS Command Injection’)CWE-78A1:2017, A03:2021
javascript-lang-cmdi-detect-child-process-cmdi-taintImproper neutralization of special elements used in an OS command(‘OS Command Injection’)CWE-78A1:2017, A03:2021
javascript-lang-cmdi-detect-dynamic-method-taintImproper usage of user input to execute dynamic method callsCWE-913A1:2017, A03:2021
javascript-lang-cmdi-detect-eval-taintImproper neutralization of directives in dynamically evaluated code (‘Eval Injection’)CWE-95A1:2017, A03:2021
javascript-lang-cmdi-shelljs-os-command-exec-taintImproper neutralization of special elements used in an OS command (‘OS Command Injection’)CWE-78A1:2017, A03:2021
javascript-lang-codei-sandbox-taintImproper control of generation of code (Code Injection)CWE-94A1:2017, A03:2021
javascript-lang-codei-user-taintImproper control of generation of code (‘Code Injection’)CWE-94A1:2017, A03:2021
javascript-lang-codei-vm2-taintImproper control of generation of code (Code Injection)CWE-94A1:2017, A03:2021
javascript-lang-crlfi-header-injection-taintImproper neutralization of CRLF sequences in HTTP headers (‘HTTP Request/Response Splitting’)CWE-113A1:2017, A03:2021
javascript-lang-crypto-hardcoded-jwt-secret-atomicUse of hard-coded credentialsCWE-798A3:2017, A02:2021
javascript-lang-crypto-insecure-random-generator-atomicUse of cryptographically weak pseudo-random number generator (PRNG)CWE-338A3:2017, A02:2021
javascript-lang-crypto-jwt-not-revoked-atomicInsufficiently protected credentialsCWE-522A3:2017, A02:2021
javascript-lang-crypto-md5-atomicUse of weak hashCWE-328A3:2017, A02:2021
javascript-lang-crypto-node-aes-ecb-atomicUse of a broken or risky cryptographic algorithmCWE-327A3:2017, A02:2021
javascript-lang-crypto-node-libcurl-ssl-verification-disable-taintMissing validation of OpenSSL certificateCWE-599A6:2017, A05:2021
javascript-lang-crypto-pseudo-random-bytes-atomicUse of cryptographically weak pseudo-random number generator (PRNG)CWE-338A3:2017, A02:2021
javascript-lang-crypto-sequelize-tls-atomicCleartext transmission of sensitive informationCWE-319A3:2017, A02:2021
javascript-lang-crypto-sequelize-tls-cert-validation-atomicImproper certificate validationCWE-295A3:2017, A02:2021
javascript-lang-crypto-sequelize-weak-tls-atomicSelection of Less-Secure Algorithm During Negotiation (Algorithm Downgrade)CWE-757A3:2017, A02:2021
javascript-lang-crypto-sha1-atomicUse of weak hashCWE-328A3:2017, A02:2021
javascript-lang-crypto-timing-taintObservable timing discrepancyCWE-208A3:2017, A02:2021
javascript-lang-crypto-tls-reject-atomicImproper Certificate ValidationCWE-295A3:2017, A02:2021
javascript-lang-dos-regex-taintIncorrect regular expressionCWE-185A6:2017, A05:2021
javascript-lang-dos-regexp-taintRegular expression with non-literal valueCWE-185A1:2017, A03:2021
javascript-lang-headeri-host-header-injection-taintUse of less trusted sourceCWE-348A1:2017, A03:2021
javascript-lang-js-yaml-deserialization-taintDeserialization of Untrusted DataCWE-502A8:2017, A08:2021
javascript-lang-lfi-require-taintInclusion of Functionality from Untrusted Control SphereCWE-829A1:2017, A03:2021
javascript-lang-misconfiguration-cookie-httpyonly-atomicSensitive cookie without ‘HttpOnly’ flagCWE-1004A6:2017, A05:2021
javascript-lang-misconfiguration-cookie-no-domain-atomicInsufficiently protected credentialsCWE-522A6:2017, A05:2021
javascript-lang-misconfiguration-cookie-no-maxage-atomicInsufficient session expirationCWE-613A6:2017, A05:2021
javascript-lang-misconfiguration-cookie-samesite-atomicSensitive cookie with improper SameSite attributeCWE-1275A6:2017, A05:2021
javascript-lang-misconfiguration-cookie-secure-atomicSensitive cookie in HTTPS session without ‘Secure’ attributeCWE-614A6:2017, A05:2021
javascript-lang-misconfiguration-cookie-session-default-atomicInsufficiently protected credentialsCWE-522A6:2017, A05:2021
javascript-lang-misconfiguration-cookie-session-no-path-atomicInsufficiently protected credentialsCWE-522A6:2017, A05:2021
javascript-lang-misconfiguration-timing-attack-atomicObservable timing discrepancyCWE-208A6:2017, A05:2021
javascript-lang-openredirect-taintURL redirection to untrusted site ‘open redirect’CWE-601A1:2017, A03:2021
javascript-lang-overflow-read-buffer-noassert-atomicOut-of-bounds readCWE-125A6:2017, A05:2021
javascript-lang-overflow-write-buffer-noassert-atomicOut-of-bounds writeCWE-787A6:2017, A05:2021
javascript-lang-pathtraversal-admzip-path-overwrite-atomicImproper limitation of a pathname to a restricted directory (‘Path Traversal’)CWE-22A5:2017, A01:2021
javascript-lang-pathtraversal-join-resolve-taintImproper limitation of a pathname to a restricted directory (‘Path Traversal’)CWE-22A5:2017, A01:2021
javascript-lang-pathtraversal-taintPath traversalCWE-22A5:2017, A01:2021
javascript-lang-pathtraversal-tar-path-overwrite-atomicImproper limitation of a pathname to a restricted directory (‘Path Traversal’)CWE-22A5:2017, A01:2021
javascript-lang-serializetojs-deserialization-taintDeserialization of Untrusted DataCWE-502A8:2017, A08:2021
javascript-lang-sqli-taintImproper neutralization of special elements used in an SQL command (SQL Injection)CWE-89A1:2017, A03:2021
javascript-lang-ssti-compile-taintImproper neutralization of special elements used in a template engineCWE-1336A1:2017, A03:2021
javascript-lang-xpathi-taintImproper neutralization of data within XPath expressions (XPath Injection)CWE-643A1:2017, A03:2021
javascript-lang-xss-disable-mustache-escape-atomicImproper encoding or escaping of outputCWE-116A7:2017, A03:2021
javascript-lang-xss-req-params-to-resp-taintImproper neutralization of input during web page generation (‘Cross-site Scripting’)CWE-79A7:2017, A03:2021
javascript-lang-xss-serialize-atomicImproper neutralization of script-related HTML tags in a web page (basic XSS)CWE-80A7:2017, A03:2021
javascript-lang-xxe-libxmljs-taintImproper restriction of XML external entity reference (‘XXE’)CWE-611A4:2017, A05:2021
javascript-lang-xxe-node-entity-expansion-taintImproper restriction of recursive entity references in DTDs (XML Entity Expansion)CWE-776A4:2017, A05:2021
javascript-lusca-xss-header-atomicImproperly implemented security check for standardCWE-358A6:2017, A05:2021
javascript-mongodb-nosqli-injection-findone-taintImproper neutralization of special elements in data query logicCWE-943A1:2017, A03:2021
javascript-mongodb-nosqli-injection-taintImproper neutralization of special elements in data query logicCWE-943A1:2017, A03:2021
javascript-mustache-xss-markup-escape-atomicImproper neutralization of input during web page generation (XSS)CWE-79A7:2017, A03:2021
javascript-mysql-sqli-taintImproper neutralization of special elements used in an SQL command (SQL Injection)CWE-89A1:2017, A03:2021
javascript-needle-ssrf-taintServer-side request forgery (SSRF)CWE-918A1:2017, A03:2021
javascript-node-codei-vm-taintImproper control of generation of code (Code Injection)CWE-94A1:2017, A03:2021
javascript-node-crypto-aes-noiv-atomicGeneration of weak initialization vector (IV)CWE-1204A3:2017, A02:2021
javascript-node-crypto-jwt-none-alg-atomicUse of a broken or risky cryptographic algorithmCWE-327A3:2017, A02:2021
javascript-node-crypto-weak-crypto-alg-atomicUse of a broken or risky cryptographic algorithmCWE-327A3:2017, A02:2021
javascript-node-csrf-express-cors-atomicOrigin validation errorCWE-346A6:2017, A05:2021
javascript-node-dos-layer7-taintUnchecked input for loop conditionCWE-606A6:2017, A05:2021
javascript-node-dos-new-buffer-atomicAllocation of resources without limits or throttlingCWE-770A9:2017, A06:2021
javascript-node-misconfiguration-express-cors-atomicPermissive cross-domain policy with untrusted domainsCWE-942A6:2017, A05:2021
javascript-node-pathtraversal-express-hbs-lfr-taintPath TraversalCWE-23A5:2017, A01:2021
javascript-node-pathtraversal-express-hbs-lfr-warning-taintRelative path traversalCWE-23A5:2017, A01:2021
javascript-node-pathtraversal-fs-non-literal-taintImproper limitation of a pathname to a restricted directory (‘Path Traversal’)CWE-22A5:2017, A01:2021
javascript-node-serialize-deserialization-taintDeserialization of Untrusted DataCWE-502A8:2017, A08:2021
javascript-node-ssrf-generic-one-taintServer-side request forgery (SSRF)CWE-918A1:2017, A10:2021
javascript-node-ssrf-generic-taintServer-side request forgery (SSRF)CWE-918A1:2017, A03:2021
javascript-pg-sqli-taintImproper neutralization of special elements used in an SQL command (‘SQL Injection’)CWE-89A1:2017, A03:2021
javascript-phantom-ssrf-taintServer-side request forgery (SSRF)CWE-918A1:2017, A03:2021
javascript-playwright-ssrf-taintServer-side request forgery (SSRF)CWE-918A1:2017, A03:2021
javascript-puppeteer-ssrf-evaluate-code-injection-taintDetects potential SSRF and RCE in Puppeteer’s evaluate methodsCWE-94A1:2017, A10:2021
javascript-puppeteer-ssrf-goto-injection-taintDetects potential SSRF in Puppeteer’s page.goto() methodCWE-918A1:2017, A10:2021
javascript-puppeteer-ssrf-taintServer-side request forgery (SSRF)CWE-918A1:2017, A03:2021
javascript-react-xss-dangerouslysetinnerhtml-atomicImproper neutralization of input during web page generation (‘Cross-site Scripting’)CWE-79A7:2017, A03:2021
javascript-sequelize-sqli-taintDetects potential SQL injection vulnerabilities in Sequelize queriesCWE-89A1:2017, A03:2021
javascript-serialize-to-js-deserialization-untrusted-data-taintDetects potential insecure deserialization in serialize-to-js usageCWE-502A8:2017, A08:2021
javascript-squirrelly-xss-autoescape-atomicImproper neutralization of input during web page generation (‘Cross-site Scripting’)CWE-79A7:2017, A03:2021
javascript-urllib-ssrf-taintServer-side request forgery (SSRF)CWE-918A1:2017, A03:2021
javascript-wkhtmltoimage-ssrf-taintServer-side request forgery (SSRF)CWE-918A1:2017, A10:2021
javascript-wkhtmltopdf-ssrf-taintServer-side request forgery (SSRF)CWE-918A1:2017, A10:2021