NShiftKey-doc logo NShiftKey-doc

checklist of code security check

rule_name
Broken authentication
Buffer overlap
Constant expression result
Directory traversal
Disable character escaping
Divided by zero
File disclosure
Format string manipulation
Improper certificate validation
Improper input validation
Improper privilege management
Information exposure
Insecure cookie
Insecure HTTP security header
Insecure library
Insecure network configuration
Insecure session
Insecure SSL/TLS
Integer overflow
Invalid address assign
Invalid class instantiation
Invalid file handling
Invalid iterator operation
Invalid memory allocation
Invalid memory deallocation
Invalid parameter
Invalid parameter type
Invalid pipe operation
Invalid shift operation
Invalid variable type
Memory leak
Missing initialization
Missing return statement
Null pointer dereference
Out of bounds
Out of variable scope
Potential buffer overflow
Potential command injection
Potential CRLF Injection
Potential CSRF(Cross Site Request Forgery)
Potential JS Security Warning ($sce.trustAsCss)
Potential JS Security Warning ($sce.trustAsHtml)
Potential JS Security Warning ($sce.trustAsJs)
Potential JS Security Warning ($sce.trustAsResourceUrl)
Potential JS Security Warning ($sce.trustAsUrl)
Potential JS Security Warning ($sceDelegate.trustAs($sce.CSS, ..))
Potential JS Security Warning ($sceDelegate.trustAs($sce.HTML, ..))
Potential JS Security Warning ($sceDelegate.trustAs($sce.JS, ..))
Potential JS Security Warning ($sceDelegate.trustAs($sce.RESOURCE_URL, ..))
Potential JS Security Warning ($sceDelegate.trustAs($sce.URL, ..))
Potential JS Security Warning (bypassSecurityTrustHtml)
Potential JS Security Warning (bypassSecurityTrustResourceUrl)
Potential JS Security Warning (bypassSecurityTrustScript)
Potential JS Security Warning (bypassSecurityTrustStyle)
Potential JS Security Warning (bypassSecurityTrustUrl)
Potential JS Security Warning (dangerouslySetInnerHTML)
Potential JS Security Warning (development.js)
Potential JS Security Warning (eval())
Potential JS Security Warning (react-dom.development.js)
Potential JS Security Warning (window.localStorage)
Potential LDAP Injection
Potential misuse of string operation
Potential SQL Injection
Potential SSI(Server-side inclusion) Injection
Potential SSRF(Server-side Request Forgery)
Potential Xpath Injection
Potential XSLT(eXtensible Stylesheet Language Transformations) Injection
Potential XSS(Cross-Site Scripting)
Potential XSS(v-html)
Potential XXE(XML External Entity) Injection
Self Assignment
Send cleartext of sensitive data
Tabnabbing
Use after free
Use after moved
Use of implicit intent
Use of insufficiently random value
Use of self-signed certificate
Use of vulnerable API
Use of vulnerable crypto algorithm
Use of vulnerable crypto parameter
Variable arguments misuse
Zip slip
Bad performance (Scala)
Broken capsulation (Scala)
Compare with unrelated type (Scala)
Constant expression result (Scala)
Dead code (Scala)
Duplication of import (Scala)
Fianl modifier on case (Scala)
Improper compare (Scala)
Improper empty check (Scala)
Improper serialize String (Scala)
Inaccurate calculation result (Scala)
Incorrect format string (Scala)
Incorrect input parameter (Scala)
Invalid regular expression (Scala)
Omitting finalize of superclass (Scala)
Omitting interpolation prefix (Scala)
Out of bounds (Scala)
Pointless type bounds (Scala)
Potential misuse of operation (Scala)
Potential throw exception (Scala)
Redundant feature (Scala)
Repeated case body (Scala)
Scala bad practice (Scala)
Scala duplicated map key (Scala)
Scala duplicated set value (Scala)
Scala var closure (Scala)
Swallowed exception (Scala)
Type shadowing (Scala)
Type unsafe (Scala)
Unintended use of property (Scala)
Unnecessary type conversion (Scala)
Unsafe traversable method (Scala)
Unused parameter (Scala)
Use of deprecated API (Scala)
Use of JavaConversions (Scala)
Use of null (Scala)
Use StripMargin on regular expression (Scala)
Variable shadowing (Scala)

checklist of sensitive data leakage check

rule_name
.npmrc_auth Exposure
.npmrc_password Exposure
API Key Exposure
AWS Key Exposure
Basic Authorization Exposure
Facebook Token Exposure
Filename Exposure
Google Oauth client_secret Exposure
GitHub Token Exposure
Heroku Key Exposure
Identification Number
IP Address Exposure
Password in URL
Potential Key Exposure
Potential Password Exposure
Private Key Exposure
Salt Exposure
Slack Token Exposure
Secret Information Exposure
Twitter Token Exposure