Medium

Showing all detectors for the TypeScript language with medium severity.

Integer overflow

An integer overflow might cause security issues when it is used for resource management or execution control.

New function detected

Use of new Function() can be dangerous if used to evaluate dynamic content.

Missing pagination

Missing pagination on a paginated call can lead to inaccurate results.

Override of reserved variable names in a Lambda function

Overriding environment variables that are reserved by AWS Lambda might lead to unexpected behavior.

Insecure CORS policy

Cross-origin resource sharing policies that are too permissive could lead to security vulnerabilities.

Improper input validation

Improper input validation can enable attacks and lead to unwanted behavior.

Avoid nan in comparison

Checks if nan is used is comparison.

Insufficiently protected credentials

An object attribute constructed from a user-provided input should not be passed directly to a method.

Pseudorandom number generators

Using pseudorandom number generators (PRNGs) is security-sensitive.

Catch and swallow exception

Swallowing exceptions, without rethrowing or logging them, can make it hard to understand why your application is failing.

Use {} instead of new Object()

New Object() has been used for object creation instead of {}.

Hardcoded IP address

Hardcoding an IP address can cause security problems.

Untrusted Amazon Machine Images

Improper filtering of Amazon Machine Images (AMIs) can result in loading an untrusted image, which is a potential security vulnerability.

Insecure hashing

Obsolete, broken, or weak hashing algorithms can lead to security vulnerabilities.

Improper Restriction of Operations within the Bounds of a Memory Buffer

An improper buffer read operation might lead to a BufferOverflowException.

Type confusion

Type confusion occurs when an application accesses a resource using a type that is incompatible with its original type.

Data loss in a batch request

A batch request that doesn't check for failed items can lead to loss of data.

Insecure temporary file or directory

Insecure ways of creating temporary files and directories can lead to race conditions, privilege escalation, and other security vulnerabilities.

Check failed records when using kinesis

A batch request that doesn't check for failed records can lead to loss of data.

Least privilege violation

The elevated privilege level should be dropped immediately after the operation is performed.

File extension validation

Checks if the extension of a file uploaded by a user is validated before the file is saved.

Resource leak

Allocated resources are not released properly.

Set SNS Return Subscription ARN

To always return the subscription ARN, set the ReturnSubscriptionArn argument to True.

Insecure object attribute modification

Updating object attributes obtained from external sources is security sensitive.

Unauthenticated Amazon SNS unsubscribe requests might succeed

Failing to set the AuthenticateOnUnsubscribe flag to True when confirming an SNS subscription can lead to unauthenticated cancellations.

Sensitive query string

Do not fetch sensitive information from a GET request.

SNS don't bind subscribe and publish

Do not bind the SNS Publish operation with the SNS Subscribe or Create Topic operation.

Stack trace exposure

Stack traces can be hard to use for debugging.

File and directory information exposure

Allowing hidden files while serving files from a given root directory can cause information leakage.

Lazy Load Module

Checks for lazy module loading.

Improper access control

The software does not restrict or incorrectly restrict access to a resource from an unauthorized actor.

Sensitive data stored unencrypted due to partial encryption

Encryption that is dependent on conditional logic, such as an if...then clause, might cause unencrypted sensitive data to be stored.

AWS client not reused in a Lambda function

Recreating AWS clients in each Lambda function invocation is expensive.