베타 Shoulder는 베타 버전입니다 — 결과가 가끔 잘못될 수 있습니다. 여러분의 피드백이 다음에 무엇을 고칠지 결정합니다. 피드백 공유

🔷

TypeScript Security

121 규칙

70 CWE 23 critical

TypeScript 보안 취약점

Shoulder는 TypeScript로 구축된 TypeScript 애플리케이션에 특화된 121개의 보안 패턴을 탐지합니다.

프레임워크 커버리지

Express 79 규칙 Fastify 69 규칙 Nodejs 49 규칙 Nextjs 33 규칙 Koa 32 규칙 Nestjs 30 규칙 Hapi 25 규칙 Lambda 6 규칙 Serverless 6 규칙 Prisma 5 규칙 Trpc 5 규칙 Typeorm 5 규칙 Typescript 5 규칙 Graphql 4 규칙 All 3 규칙 Next 3 규칙 Angular 1 규칙 Tests 1 규칙

취약점 카테고리

CWE-20 7 규칙

Improper Input Validation

CWE-200 5 규칙

Exposure of Sensitive Information to an Unauthorized Actor

CWE-704 5 규칙

Incorrect Type Conversion or Cast

CWE-798 5 규칙

Use of Hard-coded Credentials

CWE-89 4 규칙

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-79 3 규칙

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-94 3 규칙

Improper Control of Generation of Code ('Code Injection')

CWE-285 3 규칙

Improper Authorization

CWE-639 3 규칙

Authorization Bypass Through User-Controlled Key

CWE-22 2 규칙

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-209 2 규칙

Generation of Error Message Containing Sensitive Information

CWE-327 2 규칙

Use of a Broken or Risky Cryptographic Algorithm

CWE-400 2 규칙

Uncontrolled Resource Consumption

CWE-502 2 규칙

Deserialization of Untrusted Data

CWE-601 2 규칙

URL Redirection to Untrusted Site ('Open Redirect')

CWE-770 2 규칙

Allocation of Resources Without Limits or Throttling

CWE-915 2 규칙

Improperly Controlled Modification of Dynamically-Determined Object Attributes

CWE-918 2 규칙

Server-Side Request Forgery (SSRF)

CWE-1321 2 규칙

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-74 1 규칙

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

🔷

TypeScript 프로젝트 스캔

Shoulder CLI를 실행하여 TypeScript 고유의 취약점을 찾으세요.

npx @shoulderdev/cli trust . 모든 TypeScript 위협