测试版 Shoulder 目前处于测试阶段 — 结果有时可能不正确。您的反馈塑造我们接下来要修复的内容。分享反馈

🟨

JavaScript Security

116 规则

67 CWE 23 critical

JavaScript安全漏洞

Shoulder检测到116个特定于使用JavaScript构建的JavaScript应用程序的安全模式。

框架覆盖

Express 77 规则 Fastify 67 规则 Nodejs 52 规则 Nextjs 33 规则 Koa 33 规则 Hapi 26 规则 Nestjs 26 规则 Lambda 6 规则 Serverless 6 规则 Prisma 5 规则 Trpc 5 规则 Typeorm 5 规则 Graphql 4 规则 All 3 规则 Angular 1 规则 Tests 1 规则

漏洞类别

CWE-20 7 规则

Improper Input Validation

CWE-200 5 规则

Exposure of Sensitive Information to an Unauthorized Actor

CWE-798 5 规则

Use of Hard-coded Credentials

CWE-89 4 规则

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-79 3 规则

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-285 3 规则

Improper Authorization

CWE-639 3 规则

Authorization Bypass Through User-Controlled Key

CWE-22 2 规则

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-94 2 规则

Improper Control of Generation of Code ('Code Injection')

CWE-117 2 规则

Improper Output Neutralization for Logs

CWE-209 2 规则

Generation of Error Message Containing Sensitive Information

CWE-327 2 规则

Use of a Broken or Risky Cryptographic Algorithm

CWE-400 2 规则

Uncontrolled Resource Consumption

CWE-502 2 规则

Deserialization of Untrusted Data

CWE-601 2 规则

URL Redirection to Untrusted Site ('Open Redirect')

CWE-770 2 规则

Allocation of Resources Without Limits or Throttling

CWE-915 2 规则

Improperly Controlled Modification of Dynamically-Determined Object Attributes

CWE-918 2 规则

Server-Side Request Forgery (SSRF)

CWE-1104 2 规则

Use of Unmaintained Third Party Components

CWE-1321 2 规则

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

🟨

扫描您的JavaScript项目

运行Shoulder CLI查找JavaScript特有的漏洞。

npx @shoulderdev/cli trust . 所有JavaScript威胁