61 Rules
| ID | Name | Severity |
|---|---|---|
| 1020800 | Avoid jump statements in finally |
medium
|
| 1020802 | Avoid having errors without throwing them |
medium
|
| 1020804 | Avoid using console logging |
medium
|
| 1020806 | Avoid using NaN in comparison |
medium
|
| 1020808 | Avoid using eval() (Typescript) |
critical
|
| 1020810 | Avoid bypassing angular security trust |
high
|
| 1020812 | Avoid invoking super more than once in constructor |
medium
|
| 1020814 | Avoid using web service calls inside a loop |
critical
|
| 1020816 | Avoid using output of the function that does not return anything |
medium
|
| 1020818 | Avoid disabling xsrf check in HttpClientXsrfModule |
critical
|
| 1020820 | Avoid hard-coded passwords (TypeScript) |
critical
|
| 1020822 | Always provide error callbacks when subscribing to HttpClient observables |
medium
|
| 1020824 | Avoid Superclass knowing Subclass (Typescript) |
medium
|
| 1020826 | Avoid hard-coded network resource names (Typescript) |
high
|
| 1020828 | Avoid String concatenation in loops (Typescript) |
medium
|
| 1020830 | Avoid using Angular ElementRef API to manipulate DOM |
medium
|
| 1020832 | Avoid using javascript HTTP request in Angular Application |
critical
|
| 1020834 | Avoid using "<script>" tag into HTML template used by Angular Application |
medium
|
| 1020836 | Avoid exporting namespaces |
medium
|
| 1020838 | Avoid using Rx.observable.fromEvent without having a debouncetime set |
medium
|
| 1020840 | Avoid using ngFor loop without TrackBy option |
medium
|
| 1020848 | Always favour pipable operators in RxJS |
medium
|
| 1020850 | Always handle errors when using ajax with RxJS |
medium
|
| 1020852 | Avoid using "<script>" tag in HTML template used by React.js components (Typescript) |
critical
|
| 1020854 | Avoid using React dangerouslySetInnerHTML (Typescript) |
high
|
| 1020856 | Ensure catching Typescript error in React components |
medium
|
| 1020858 | Avoid empty componentDidCatch blocks (Typescript) |
high
|
| 1020860 | Avoid using setInterval() (TypeScript) |
high
|
| 1020862 | Avoid having cookie with an overly broad domain (TypeScript) |
high
|
| 1020864 | Avoid using unsecured cookie (TypeScript) |
high
|
| 1020866 | Avoid creating cookie with overly broad path (TypeScript) |
high
|
| 1020868 | Avoid creating cookie without setting httpOnly option (TypeScript) |
high
|
| 1020870 | Avoid using setTimeout() (TypeScript) |
high
|
| 1020872 | Always use JSON.parse & JSON.stringify with try/catch block (TypeScript) |
medium
|
| 1020874 | Avoid the lack of error handling in the Node.js callbacks (TypeScript) |
medium
|
| 1020876 | Avoid using nodejs process.exit() (TypeScript) |
medium
|
| 1020880 | Ensure the express X-Powered-By header is disabled (TypeScript) |
high
|
| 1020882 | Ensure the express X-Frame-Options header is setup (TypeScript) |
high
|
| 1020884 | Ensure that browser cannot cache or store a page when using express (TypeScript) |
medium
|
| 1020886 | Avoid using unsecured cookie with express (TypeScript) |
high
|
| 1020888 | Avoid unsecure connection to the express Node.js server (TypeScript) |
high
|
| 1020890 | Ensure that CSRF Protection is enabled when using express (TypeScript) |
critical
|
| 1020892 | Ensure Node.js filesystem are closed (TypeScript) |
medium
|
| 1020894 | Avoid using string concatenation when using nodejs __dirname and __filename variables (TypeScript) |
medium
|
| 1020896 | Avoid using risky cryptographic hash with nodejs (TypeScript) |
critical
|
| 1020898 | Avoid having multiple routes for the same path with Node.js Express App (TypeScript) |
medium
|
| 1020900 | Avoid enabling unsecure Node.js (TypeScript) |
high
|
| 1020902 | Ensure the Content-Security-Policy is activated with express (TypeScript) |
high
|
| 1020904 | Avoid using url.parse() with vulnerable nodejs versions (TypeScript) |
critical
|
| 1020906 | Avoid using TLS library before Node.js 9.11.2 and 10.4.1 (TypeScript) |
critical
|
| 1020908 | Avoid using the file path validation with Node.js 8.5.0 (TypeScript) |
critical
|
| 1020910 | Avoid using path library parsing functions with vulnerable nodejs versions (TypeScript) |
critical
|
| 1020912 | Avoid using HTTP/2 library with vulnerable nodejs versions (TypeScript) |
critical
|
| 1020914 | Avoid using Buffer.fill() and/or Buffer.alloc() with vulnerable nodejs versions (TypeScript) |
critical
|
| 1020916 | Avoid using Buffer library and UCS-2 encoding with vulnerable versions (TypeScript) |
critical
|
| 1020918 | Avoid using Node.js query-mysql third-party (TypeScript) |
critical
|
| 1020920 | Avoid disabling SSL verification in node-curl (TypeScript) |
high
|
| 1020922 | Avoid bypassing self-signed ssl certificate with Node.js (TypeScript) |
high
|
| 1020924 | Avoid using net.Socket object as stream with vulnerable version of Node.js (TypeScript) |
critical
|
| 1020926 | Avoid string interpolations to prevent SQL injections (TypeScript) |
critical
|
| 1020928 | Always unsubscribe events in Angular onDestroy method |
medium
|
