Amazon QDetector Library Sign in to Amazon Q

Amazon Q

Detector Library

TypeScript detectors (104/104)

Integer overflow AWS insecure transmission CDK Insecure cookie AWS credentials logged SQL injection Insecure connection using unencrypted protocol New function detected Batch request with unchecked failures Unvalidated expansion of archive files Missing pagination XPath injection Logging of sensitive information Override of reserved variable names in a Lambda function Insecure CORS policy Improper input validation Hardcoded credentials Invoke super appropriately Numeric truncation error Avoid nan in comparison Missing check on method output Insufficiently protected credentials Improper restriction of rendered UI layers or frames Pseudorandom number generators AWS missing encryption CDK Catch and swallow exception Header injection Use {} instead of new Object()Hardcoded IP address Untrusted Amazon Machine Images Weak obfuscation of web requests File Race Bad Improper certificate validation Sendfile injection Cryptographic key generator improper input validation cdk XML external entity Timing attack Missing Amazon S3 bucket owner condition Insecure hashing Session fixation Use of Default Credentials CDK File injection Improper Restriction of Operations within the Bounds of a Memory Buffer Limit request length Log injection Type confusion Server side request forgery aws kmskey encryption cdk Inefficient polling of AWS resource Avoid Undefined As Variable Name Index of method comparison String passed to `setInterval` or `setTimeout`Data loss in a batch request Tainted input for Docker API Insecure temporary file or directory Check failed records when using kinesis AWS api logging disabled cdk Improper Access Control CDK Least privilege violation File extension validation Resource leak Set SNS Return Subscription ARN Insecure object attribute modification Missing Authentication for Critical Function CDK Typeof expression AWS missing encryption of sensitive data cdk Unauthenticated Amazon SNS unsubscribe requests might succeed Cross-site request forgery Client-side KMS reencryption Insecure cryptography Deserialization of untrusted object Clear text credentials Improper handling of case sensitivity Unsanitized input is run as code Protection mechanism failure Use of a deprecated method Sensitive information leak DNS prefetching Exposure of Sensitive Information CDK Insecure JWT parsing Loose file permissions Missing Authorization CDK Sensitive query string Insufficient Logging CDK OS command injection NoSQL injection Unverified hostname Path traversal Origins-verified cross-origin communications LDAP injection SNS don't bind subscribe and publish S3 partial encrypt CDK Non-literal regular expression Stack trace exposure File and directory information exposure Usage of an API that is not recommended Lazy Load Module Disabled HTML autoescape Improper access control Cross-site scripting Sensitive data stored unencrypted due to partial encryption AWS client not reused in a Lambda function URL redirection to untrusted site Untrusted data in security decision

Tag: aws-cdk

AWS insecure transmission CDK

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

AWS missing encryption CDK

The AWS resource is missing appropriate encryption.

improper input validation cdk

Improper input validation can enable attacks and lead to unwanted behavior.

Use of Default Credentials CDK

The product relies on default credentials(including passwords and cryptographic keys) for potentially vital functions.

aws kmskey encryption cdk

Using an AWS KMS key helps follow the standard security advice of granting least privilege to objects generated by the project.

AWS api logging disabled cdk

Api Logging Disabled may lead to unable to access log and does not record the event.

Improper Access Control CDK

The software does not restrict or incorrectly restrict access to a resource from an unauthorized actor.

Missing Authentication for Critical Function CDK

Missing authentication checks can lead to unauthorized access to a resource or performance of an action.

AWS missing encryption of sensitive data cdk

Sensitive or critical information is not encrypted before storage or transmission in the product.

Exposure of Sensitive Information CDK

The product unintentionally grants unauthorized actors access to a resource by placing it in the wrong control sphere.

Missing Authorization CDK

Improper Access Control.

Insufficient Logging CDK

In the case of a security-critical event, the product fails to either log the event or misses crucial details in the logged information.

S3 partial encrypt CDK

An unencrypted bucket could lead to sensitive data exposure.