Code Quality detectors
Use of new Function()
can be dangerous if used to evaluate dynamic content.
The incorrect use of super()
causes problems.
Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.
Checks if nan is used is comparison.
Missing checks might cause silent failures that are harder to debug.
Swallowing exceptions, without rethrowing or logging them, can make it hard to understand why your application is failing.
New Object() has been used for object creation instead of {}.
Improper input validation can enable attacks and lead to unwanted behavior.
The product relies on default credentials(including passwords and cryptographic keys) for potentially vital functions.
An improper buffer read operation might lead to a BufferOverflowException
.
Custom polling can be inefficient and prone to error. Consider using AWS waiters instead.
Checks if the undefined is used as variable.
indexOf
method should not be compared with values greater than zero.
String passed to setInterval
or setTimeout
can cause the JavaScript engine to evaluate, which can lead to a security risk.
A batch request that doesn't check for failed records can lead to loss of data.
The software does not restrict or incorrectly restrict access to a resource from an unauthorized actor.
Missing authentication checks can lead to unauthorized access to a resource or performance of an action.
The typeof operator should only be compared to valid values.
The product unintentionally grants unauthorized actors access to a resource by placing it in the wrong control sphere.
In the case of a security-critical event, the product fails to either log the event or misses crucial details in the logged information.
Checks for lazy module loading.
Detect switch statements if it has less than three case clauses.