# Next (TypeScript) Security

Security vulnerabilities and detection rules for next framework. 3 rules across 3 CWE categories.

- Total rules: 3
- CWE categories: 3

## CWEs

- **CWE-476**: NULL Pointer Dereference
- **CWE-704**: Incorrect Type Conversion or Cast
- **CWE-843**: Access of Resource Using Incompatible Type ('Type Confusion')

## Rules

- **TypeScript Enum Type Confusion** [MEDIUM]: Comparing enum values with raw strings bypasses type safety and allows authorization
bypass when user input is compared against enum values without proper type checking.
- **Non-Null Assertion Without Null Check** [LOW]: The non-null assertion operator (!) bypasses null/undefined checks at compile time
without runtime safety, causing crashes when values are unexpectedly null.
- **Unsafe 'any' Type in Security-Sensitive Context** [HIGH]: Using 'any' type with untrusted input bypasses TypeScript's type safety, allowing
unvalidated data to flow into security-sensitive operations.