Automate your code reviews! Codacy is 100% free for open source projects. Get started for free!
Last updated: 2018-09-05T11:30:52.576Z
Authentication is present in almost all web applications nowadays.
Everything's ok
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.
You need to enable the following patterns for this category to be verified
Seems like you are using a configuration file for ESLint, please make sure you have the related patterns enabled in your configuration file.
Prohibits express.csrf() middleware before express.methodOverride().
ESLintCryptography is a security technique widely used and there are several cryptographic functions, but not all of them are secure.
You need to enable the following patterns for this category to be verified
Seems like you are using a configuration file for ESLint, please make sure you have the related patterns enabled in your configuration file.
Prohibits potential hot spot string comparisons of passwords, secrets and hashes.
ESLintProhibits crypto.pseudoRandomBytes since it's not cryptographically strong.
ESLintThe Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed.
You need to enable the following patterns for this category to be verified
Seems like you are using a configuration file for ESLint, please make sure you have the related patterns enabled in your configuration file.
Prohibits buffer read / write calls that use noAssert set to true.
ESLintAn attacker may use special paths to access files that should not be accessible.
You need to enable the following patterns for this category to be verified
Seems like you are using a configuration file for ESLint, please make sure you have the related patterns enabled in your configuration file.
Prohibits calls to fs functions that take a non Literal value as the filename parameter.
ESLintSensitive APIs of Firefox OS.
You need to enable the following patterns for this category to be verified
Seems like you are using a configuration file for ESLint, please make sure you have the related patterns enabled in your configuration file.
This function allows reading and modifying camera settings and is only available to higher privileged Firefox OS application.
ESLintThis function is only available to higher privileged Firefox OS applications.
ESLintThis function is only available to higher privileged Firefox OS applications. MozBrowser frames have specific, elevated permissions.
ESLintThis specifies a handler for WAP Push notifications. In general, mozSetMessageHandler allows handling WebActivities. The origin of the activity and its data might be untrusted.
ESLintWriting user specified HTML to the DOM may lead to Cross-Site Scripting
ESLintCheck to make sure message handler validates to protect against malicious cross-origin message.
ESLintThis function is only available to higher privileged Firefox OS applications. It allows managing and revoking apps permissions.
ESLintThis function is only available to higher privileged Firefox OS applications. It allows managing the phone's app.
ESLintThis function allows reading and modifying the phone's contacts. It is only available to higher privileged Firefox OS applications.
ESLintThis function creates new Web Activities and can transfer data from one app to another
ESLintThis function is only available to higher privileged Firefox OS applications. It allows managing the Wifi features of the phone.
ESLintXMLHttpRequests of type system may contact and read data from third party origins
ESLintThis exercises the proximity API to check whether the phone is close to something (i.e. held to the ear).
ESLintThis function is only available to higher privileged Firefox OS applications. It allows access to the phone's settings
ESLintThis function is only available to higher privileged Firefox OS applications. It allows controlling the phone's Voicemail features.
ESLintThis function is only available to higher privileged Firefox OS applications. It allows access to power management features.
ESLintThis function is only available to higher privileged Firefox OS applications and allows setting and editing alarms. Frequent alarms might prevent power saving and drain the battery.
ESLintThis function is only available to higher privileged Firefox OS applications.
ESLintThis function sets a handler for inter app communication messages. In general, mozSetMessageHandler allows handling WebActivities. The origin of the activity and its data might be untrusted.
ESLintThis function is only available to higher privileged Firefox OS applications.
ESLintThis API allows access to datastores that may be used to serve or retrieve data from third party apps
ESLintThis function allows creating connections and communicating with remote servers.
ESLintThis function is only available to higher privileged Firefox OS applications.
ESLintInput not validated may originate SQL Injection attacks for instance.
You need to enable the following patterns for this category to be verified
Seems like you are using a configuration file for ESLint, please make sure you have the related patterns enabled in your configuration file.
Prohibits calls to require with non-literal argument.
ESLintThis function generate notifications from the app. It is only available to higher privileged Firefox OS applications.
ESLintControlling of the first argument to Function(...) results in direct script execution.
ESLintProhibits having disabled Markup escaping in Mustache.
ESLintCalling setInterval with a first argument as string (or string concatenation) with user input may lead to XSS
ESLintUsing execScript with user input leads to Cross Site Scripting (Internet Explorer only)
ESLintESLint_no-unsafe-innerhtml_no-unsafe-innerhtml
ESLintCalling setTimeout with a first argument as string (or string concatenation) with user input may lead to XSS
ESLintThis function creates a DOM from strings. Depending on their source it is likely important to sanitize it before an insertion into the DOM happens
ESLintControlling of the first argument to Function(...) results in direct script execution.
ESLintCalling setImmediate with a first argument as string (or string concatenation) with user input may lead to XSS
ESLintDue to a bug in Firefox, this function may be used as an obfuscated way to call execute scripts from strings (like eval). This may lead to Cross-Site-Scripting.
ESLintStoring sensitive data using this APIs is not safe.
You need to enable the following patterns for this category to be verified
Seems like you are using a configuration file for ESLint, please make sure you have the related patterns enabled in your configuration file.
Consider possible security implications associated with some modules.
Everything's ok
Other language specific security issues.
You need to enable the following patterns for this category to be verified
Seems like you are using a configuration file for ESLint, please make sure you have the related patterns enabled in your configuration file.
Regex can be used in a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach heavy computation situations that cause them to work very slowly (exponentially related to input size).
You need to enable the following patterns for this category to be verified
Seems like you are using a configuration file for ESLint, please make sure you have the related patterns enabled in your configuration file.
Badly configured routes can give unintended access to an attacker.
Everything's ok
A SQL injection attack consists of insertion or 'injection' of a SQL query via the input data from the client to the application.
Everything's ok
Assigning values to private APIs might lead to unexpected behaviour.
You need to enable the following patterns for this category to be verified
Seems like you are using a configuration file for ESLint, please make sure you have the related patterns enabled in your configuration file.
Assignments to the document's location may lead to spoofing and unexpected redirects. It may also lead to script execution, depending on the affected HTML Tag (i.e. object)
ESLintThis function is only available to higher privileged Firefox OS applications.
ESLintAssignments to the document's location may lead to spoofing and unexpected redirects.
ESLintAssignments to the document's location may lead to spoofing and unexpected redirects. Furthermore, it can cause Cross-Site Scripting, when javascipt: URIs are used
ESLintThis function is only available to higher privileged Firefox OS applications.
ESLintAssignments to the document's location may lead to spoofing and unexpected redirects.
ESLintAssignments to the document's location may lead to spoofing and unexpected redirects.
ESLintAssignments to the document's location may lead to spoofing and unexpected redirects.
ESLintUnintended use of AssignmentExpression in If Statement.
ESLintAssignments to the document's location may lead to spoofing and unexpected redirects. Furthermore, it can cause Cross-Site Scripting, when javascipt: URIs are used.
ESLintCheck to make sure message handler validates to protect against malicious cross-origin message.
ESLintXSS enables attackers to inject client-side scripts into web pages viewed by other users.
You need to enable the following patterns for this category to be verified
Seems like you are using a configuration file for ESLint, please make sure you have the related patterns enabled in your configuration file.
Attention popups fill the whole display. URLs pointing to javascript: and data: protocols can lead to XSS. Popups can also confuse and misdirect users.
ESLintWriting user specified HTML to the DOM may lead to Cross-Site Scripting
ESLint