Amazon Q
Detector Library
Sign in to Amazon Q
AWS
Documentation
Amazon Q
Detector Library
JSX
Tags
Tag: access-control
Feedback
Q
Detector Library
JSX detectors
(78/78)
Protection mechanism failure
Log injection
Insecure connection using unencrypted protocol
Use of a deprecated method
AWS credentials logged
Improper input validation
Insecure cryptography
Catch and swallow exception
File and directory information exposure
Origins-verified cross-origin communications
SQL injection
Non-literal regular expression
Typeof expression
Batch request with unchecked failures
Pseudorandom number generators
Cryptographic key generator
Server-side request forgery
Sensitive information leak
File injection
String passed to `setInterval` or `setTimeout`
Cross-site request forgery
Usage of an API that is not recommended
Tainted input for Docker API
Cross-site scripting
Weak obfuscation of web requests
Unauthenticated Amazon SNS unsubscribe requests might succeed
Set SNS Return Subscription ARN
XML external entity
Resource leak
Improper access control
Loose file permissions
OS command injection
Client-side KMS reencryption
Insecure CORS policy
Inefficient polling of AWS resource
New function detected
Missing pagination
Avoid nan in comparison
Header injection
Hardcoded credentials
File extension validation
NoSQL injection
Missing Amazon S3 bucket owner condition
Disabled HTML autoescape
Least privilege violation
URL redirection to untrusted site
Insufficiently protected credentials
Insecure hashing
Unsanitized input is run as code
Check failed records when using kinesis
Untrusted Amazon Machine Images
Session fixation
Data loss in a batch request
XPath injection
Deserialization of untrusted object
Invoke super appropriately
Stack trace exposure
Timing attack
LDAP injection
Insecure cookie
Sensitive data stored unencrypted due to partial encryption
Unvalidated expansion of archive files
Integer overflow
SNS don't bind subscribe and publish
Unverified hostname
Improper restriction of rendered UI layers or frames
AWS client not reused in a Lambda function
Path traversal
Override of reserved variable names in a Lambda function
Insecure temporary file or directory
Logging of sensitive information
Hardcoded IP address
Insecure object attribute modification
Numeric truncation error
DNS prefetching
Limit request length
Sendfile injection
Improper certificate validation
Tag: access-control
AWS credentials logged
Logging unencrypted AWS credentials can expose them to an attacker.
Unauthenticated Amazon SNS unsubscribe requests might succeed
Failing to set the
AuthenticateOnUnsubscribe
flag to
True
when confirming an SNS subscription can lead to unauthenticated cancellations.
Loose file permissions
Weak file permissions can lead to privilege escalation.
Session fixation
Session fixation might allow an attacker to steal authenticated session IDs.
Improper restriction of rendered UI layers or frames
The application incorrectly restricts frame objects or UI layers that belong to another application or domain.
Improper certificate validation
Lack of validation of a security certificate can lead to host impersonation and sensitive data leaks.