Amazon Q
Detector Library
Sign in to Amazon Q
AWS
Documentation
Amazon Q
Detector Library
JSX
Tags
Tag: configuration
Feedback
Q
Detector Library
JSX detectors
(78/78)
Protection mechanism failure
Log injection
Insecure connection using unencrypted protocol
Use of a deprecated method
AWS credentials logged
Improper input validation
Insecure cryptography
Catch and swallow exception
File and directory information exposure
Origins-verified cross-origin communications
SQL injection
Non-literal regular expression
Typeof expression
Batch request with unchecked failures
Pseudorandom number generators
Cryptographic key generator
Server-side request forgery
Sensitive information leak
File injection
String passed to `setInterval` or `setTimeout`
Cross-site request forgery
Usage of an API that is not recommended
Tainted input for Docker API
Cross-site scripting
Weak obfuscation of web requests
Unauthenticated Amazon SNS unsubscribe requests might succeed
Set SNS Return Subscription ARN
XML external entity
Resource leak
Improper access control
Loose file permissions
OS command injection
Client-side KMS reencryption
Insecure CORS policy
Inefficient polling of AWS resource
New function detected
Missing pagination
Avoid nan in comparison
Header injection
Hardcoded credentials
File extension validation
NoSQL injection
Missing Amazon S3 bucket owner condition
Disabled HTML autoescape
Least privilege violation
URL redirection to untrusted site
Insufficiently protected credentials
Insecure hashing
Unsanitized input is run as code
Check failed records when using kinesis
Untrusted Amazon Machine Images
Session fixation
Data loss in a batch request
XPath injection
Deserialization of untrusted object
Invoke super appropriately
Stack trace exposure
Timing attack
LDAP injection
Insecure cookie
Sensitive data stored unencrypted due to partial encryption
Unvalidated expansion of archive files
Integer overflow
SNS don't bind subscribe and publish
Unverified hostname
Improper restriction of rendered UI layers or frames
AWS client not reused in a Lambda function
Path traversal
Override of reserved variable names in a Lambda function
Insecure temporary file or directory
Logging of sensitive information
Hardcoded IP address
Insecure object attribute modification
Numeric truncation error
DNS prefetching
Limit request length
Sendfile injection
Improper certificate validation
Tag: configuration
Protection mechanism failure
Disabled or incorrectly used protection mechanism can lead to security vulnerabilities.
Server-side request forgery
Insufficient sanitization of potentially untrusted URLs on the server side can allow server requests to unwanted destinations.
Cross-site request forgery
Insecure configuration can lead to a cross-site request forgery (CRSF) vulnerability.
Insecure CORS policy
Cross-origin resource sharing policies that are too permissive could lead to security vulnerabilities.
Session fixation
Session fixation might allow an attacker to steal authenticated session IDs.