nodejs

semgrep

Detected directly writing to a Response object from user-defined input. This bypasses any HTML escaping and may expose your application to a Cross-Site-scripting (XSS) vulnerability. Instead, use 'resp.render()' to render safely escaped HTML.

semgrep

A hard-coded credential was detected. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).

semgrep

Don’t use the default session cookie name Using the default session cookie name can open your app to attacks. The security issue posed is similar to X-Powered-By: a potential attacker can use it to fingerprint the server and target attacks accordingly.

semgrep

Default session middleware settings: `domain` not set. It indicates the domain of the cookie; use it to compare against the domain of the server in which the URL is being requested. If they match, then check the path attribute next.

semgrep

Default session middleware settings: `expires` not set. Use it to set expiration date for persistent cookies.

semgrep

Default session middleware settings: `httpOnly` not set. It ensures the cookie is sent only over HTTP(S), not client JavaScript, helping to protect against cross-site scripting attacks.

semgrep

Default session middleware settings: `path` not set. It indicates the path of the cookie; use it to compare against the request path. If this and domain match, then send the cookie in the request.

semgrep

Default session middleware settings: `secure` not set. It ensures the browser only sends the cookie over HTTPS.

semgrep

No token revoking configured for `express-jwt`. A leaked token could still be used and unable to be revoked. Consider using function as the `isRevoked` option.

semgrep

Possible writing outside of the destination, make sure that the target path is nested in the intended destination

semgrep

Xml Parser is used inside Request Event. Make sure that unverified user data can not reach the XML Parser, as it can result in XML External or Internal Entity (XXE) Processing vulnerabilities

semgrep

User controllable data `$REQ` enters `$RES.render(...)` this can lead to the loading of other HTML/templating pages that they may not be authorized to render. An attacker may attempt to use directory traversal techniques e.g. `../folder/index` to access other HTML pages on the file system. Where possible, do not allow users to define what should be loaded in $RES.render or use an allow list for the existing application.

semgrep

A hard-coded credential was detected. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).

semgrep

If unverified user data can reach the `phantom` methods it can result in Server-Side Request Forgery vulnerabilities

semgrep

If unverified user data can reach the `puppeteer` methods it can result in Server-Side Request Forgery vulnerabilities

semgrep

Make sure that unverified user data can not reach the XML Parser, as it can result in XML External or Internal Entity (XXE) Processing vulnerabilities

semgrep

If an attacker controls the x in require(x) then they can cause code to load that was not intended to run on the server.

semgrep

Make sure that unverified user data can not reach `sandbox`.

semgrep

Checks for setting the environment variable NODE_TLS_REJECT_UNAUTHORIZED to 0, which disables TLS verification. This should only be used for debugging purposes. Setting the option rejectUnauthorized to false bypasses verification against the list of trusted CAs, which also leads to insecure transport. These options lead to vulnerability to MTM attacks, and should not be used.

semgrep

Make sure that unverified user data can not reach the XML Parser, as it can result in XML External or Internal Entity (XXE) Processing vulnerabilities.

semgrep

Found data from an Express or Next web request flowing to `eval`. If this data is user-controllable this can lead to execution of arbitrary system commands in the context of your application process. Avoid `eval` whenever possible.

semgrep

Make sure that unverified user data can not reach `$VM`.

semgrep

Make sure that unverified user data can not reach `vm2`.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Directory listing/indexing is enabled, which may lead to disclosure of sensitive directories and files. It is recommended to disable directory listing unless it is a public resource. If you need directory listing, ensure that sensitive files are inaccessible when querying the resource.

semgrep

The libxml library processes user-input with the `noent` attribute is set to `true` which can lead to being vulnerable to XML External Entities (XXE) type attacks. It is recommended to set `noent` to `false` when using this feature to ensure you are protected.

semgrep

The application redirects to a URL specified by user-supplied input `$REQ` that is not validated. This could redirect users to malicious locations. Consider using an allow-list approach to validate URLs, or warn users they are being redirected to a third-party website.

semgrep

The application processes user-input, this is passed to res.sendFile which can allow an attacker to arbitrarily read files on the system through path traversal. It is recommended to perform input validation in addition to canonicalizing the path. This allows you to validate the path against the intended directory it should be accessing.

semgrep

A hard-coded credential was detected. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).

semgrep

The following request $REQUEST.$METHOD() was found to be crafted from user-input `$REQ` which can lead to Server-Side Request Forgery (SSRF) vulnerabilities. It is recommended where possible to not allow user-input to craft the base request, but to be treated as part of the path or query parameter. When user-input is necessary to craft the request, it is recommeneded to follow OWASP best practices to prevent abuse.

semgrep

The following function call $SER.$FUNC accepts user controlled data which can result in Remote Code Execution (RCE) through Object Deserialization. It is recommended to use secure data processing alternatives such as JSON.parse() and Buffer.from().

semgrep

By letting user input control CORS parameters, there is a risk that software does not properly verify that the source of data or communication is valid. Use literal values for CORS settings.

semgrep

User data from `$REQ` is being compiled into the template, which can lead to a Server Side Template Injection (SSTI) vulnerability.

semgrep

User data flows into the host portion of this manually-constructed HTML. This can introduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. Consider using a sanitization library such as DOMPurify to sanitize the HTML within.

semgrep

Detected user input used to manually construct a SQL string. This is usually bad practice because manual construction could accidentally result in a SQL injection. An attacker could use a SQL injection to steal or modify contents of the database. Instead, use a parameterized query which is available by default in most database engines. Alternatively, consider using an object-relational mapper (ORM) such as Sequelize which will protect your queries.

semgrep

By letting user input control `X-Frame-Options` header, there is a risk that software does not properly verify whether or not a browser should be allowed to render a page in an `iframe`.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Detected SQL statement that is tainted by `$REQ` object. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements. An example of parameterized queries like so: `knex.raw('SELECT $1 from table', [userinput])` can help prevent SQLi.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.