测试版 Shoulder 目前处于测试阶段 — 结果有时可能不正确。您的反馈塑造我们接下来要修复的内容。分享反馈

🔷

TypeScript Security

121 规则

70 CWE 23 critical

TypeScript安全漏洞

Shoulder检测到121个特定于使用TypeScript构建的TypeScript应用程序的安全模式。

框架覆盖

Express 79 规则 Fastify 69 规则 Nodejs 49 规则 Nextjs 33 规则 Koa 32 规则 Nestjs 30 规则 Hapi 25 规则 Lambda 6 规则 Serverless 6 规则 Prisma 5 规则 Trpc 5 规则 Typeorm 5 规则 Typescript 5 规则 Graphql 4 规则 All 3 规则 Next 3 规则 Angular 1 规则 Tests 1 规则

漏洞类别

CWE-20 7 规则

Improper Input Validation

CWE-200 5 规则

Exposure of Sensitive Information to an Unauthorized Actor

CWE-704 5 规则

Incorrect Type Conversion or Cast

CWE-798 5 规则

Use of Hard-coded Credentials

CWE-89 4 规则

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-79 3 规则

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-94 3 规则

Improper Control of Generation of Code ('Code Injection')

CWE-285 3 规则

Improper Authorization

CWE-639 3 规则

Authorization Bypass Through User-Controlled Key

CWE-22 2 规则

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-209 2 规则

Generation of Error Message Containing Sensitive Information

CWE-327 2 规则

Use of a Broken or Risky Cryptographic Algorithm

CWE-400 2 规则

Uncontrolled Resource Consumption

CWE-502 2 规则

Deserialization of Untrusted Data

CWE-601 2 规则

URL Redirection to Untrusted Site ('Open Redirect')

CWE-770 2 规则

Allocation of Resources Without Limits or Throttling

CWE-915 2 规则

Improperly Controlled Modification of Dynamically-Determined Object Attributes

CWE-918 2 规则

Server-Side Request Forgery (SSRF)

CWE-1321 2 规则

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-74 1 规则

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

🔷

扫描您的TypeScript项目

运行Shoulder CLI查找TypeScript特有的漏洞。

npx @shoulderdev/cli trust . 所有TypeScript威胁