Amazon Q
Detector Library
Sign in to Amazon Q
AWS
Documentation
Amazon Q
Detector Library
JavaScript
Tags
Tag: availability
Feedback
Q
Detector Library
JavaScript detectors
(78/78)
Improper access control
Sensitive data stored unencrypted due to partial encryption
Pseudorandom number generators
OS command injection
URL redirection to untrusted site
Integer overflow
Protection mechanism failure
Non-literal regular expression
Tainted input for Docker API
Usage of an API that is not recommended
XML external entity
Server-side request forgery
New function detected
Stack trace exposure
Timing attack
SNS don't bind subscribe and publish
Invoke super appropriately
NoSQL injection
Hardcoded credentials
Insecure cookie
Cross-site scripting
Hardcoded IP address
AWS credentials logged
XPath injection
Data loss in a batch request
Path traversal
Least privilege violation
DNS prefetching
Resource leak
Insufficiently protected credentials
File extension validation
Insecure connection using unencrypted protocol
Cross-site request forgery
Typeof expression
Set SNS Return Subscription ARN
File and directory information exposure
Missing Amazon S3 bucket owner condition
Insecure hashing
Numeric truncation error
Client-side KMS reencryption
AWS client not reused in a Lambda function
LDAP injection
Batch request with unchecked failures
Cryptographic key generator
Unauthenticated Amazon SNS unsubscribe requests might succeed
Unverified hostname
Origins-verified cross-origin communications
Loose file permissions
Unsanitized input is run as code
Missing pagination
Untrusted Amazon Machine Images
Improper certificate validation
Insecure CORS policy
Deserialization of untrusted object
Sensitive information leak
Check failed records when using kinesis
Weak obfuscation of web requests
Catch and swallow exception
Logging of sensitive information
Limit request length
String passed to `setInterval` or `setTimeout`
Log injection
Override of reserved variable names in a Lambda function
Improper restriction of rendered UI layers or frames
Insecure cryptography
Insecure object attribute modification
Session fixation
Avoid nan in comparison
Improper input validation
Disabled HTML autoescape
Use of a deprecated method
Unvalidated expansion of archive files
File injection
Sendfile injection
SQL injection
Header injection
Insecure temporary file or directory
Inefficient polling of AWS resource
Tag: availability
Resource leak
Allocated resources are not released properly.
AWS client not reused in a Lambda function
Recreating AWS clients in each Lambda function invocation is expensive.
Override of reserved variable names in a Lambda function
Overriding environment variables that are reserved by AWS Lambda might lead to unexpected behavior.
Use of a deprecated method
This code uses deprecated methods, which suggests that it has not been recently reviewed or maintained.
Insecure temporary file or directory
Insecure ways of creating temporary files and directories can lead to race conditions, privilege escalation, and other security vulnerabilities.