Amazon Q
Detector Library
Sign in to Amazon Q
AWS
Documentation
Amazon Q
Detector Library
TypeScript
Tags
Tag: data-integrity
Feedback
Q
Detector Library
TypeScript detectors
(104/104)
Integer overflow
AWS insecure transmission CDK
Insecure cookie
AWS credentials logged
SQL injection
Insecure connection using unencrypted protocol
New function detected
Batch request with unchecked failures
Unvalidated expansion of archive files
Missing pagination
XPath injection
Logging of sensitive information
Override of reserved variable names in a Lambda function
Insecure CORS policy
Improper input validation
Hardcoded credentials
Invoke super appropriately
Numeric truncation error
Avoid nan in comparison
Missing check on method output
Insufficiently protected credentials
Improper restriction of rendered UI layers or frames
Pseudorandom number generators
AWS missing encryption CDK
Catch and swallow exception
Header injection
Use {} instead of new Object()
Hardcoded IP address
Untrusted Amazon Machine Images
Weak obfuscation of web requests
File Race Bad
Improper certificate validation
Sendfile injection
Cryptographic key generator
improper input validation cdk
XML external entity
Timing attack
Missing Amazon S3 bucket owner condition
Insecure hashing
Session fixation
Use of Default Credentials CDK
File injection
Improper Restriction of Operations within the Bounds of a Memory Buffer
Limit request length
Log injection
Type confusion
Server side request forgery
aws kmskey encryption cdk
Inefficient polling of AWS resource
Avoid Undefined As Variable Name
Index of method comparison
String passed to `setInterval` or `setTimeout`
Data loss in a batch request
Tainted input for Docker API
Insecure temporary file or directory
Check failed records when using kinesis
AWS api logging disabled cdk
Improper Access Control CDK
Least privilege violation
File extension validation
Resource leak
Set SNS Return Subscription ARN
Insecure object attribute modification
Missing Authentication for Critical Function CDK
Typeof expression
AWS missing encryption of sensitive data cdk
Unauthenticated Amazon SNS unsubscribe requests might succeed
Cross-site request forgery
Client-side KMS reencryption
Insecure cryptography
Deserialization of untrusted object
Clear text credentials
Improper handling of case sensitivity
Unsanitized input is run as code
Protection mechanism failure
Use of a deprecated method
Sensitive information leak
DNS prefetching
Exposure of Sensitive Information CDK
Insecure JWT parsing
Loose file permissions
Missing Authorization CDK
Sensitive query string
Insufficient Logging CDK
OS command injection
NoSQL injection
Unverified hostname
Path traversal
Origins-verified cross-origin communications
LDAP injection
SNS don't bind subscribe and publish
S3 partial encrypt CDK
Non-literal regular expression
Stack trace exposure
File and directory information exposure
Usage of an API that is not recommended
Lazy Load Module
Disabled HTML autoescape
Improper access control
Cross-site scripting
Sensitive data stored unencrypted due to partial encryption
AWS client not reused in a Lambda function
URL redirection to untrusted site
Untrusted data in security decision
Tag: data-integrity
Batch request with unchecked failures
Unchecked failures can lead to data loss.
Missing pagination
Missing pagination on a paginated call can lead to inaccurate results.
Override of reserved variable names in a Lambda function
Overriding environment variables that are reserved by AWS Lambda might lead to unexpected behavior.
Improper restriction of rendered UI layers or frames
The application incorrectly restricts frame objects or UI layers that belong to another application or domain.
Missing Amazon S3 bucket owner condition
Not setting the Amazon S3 bucket owner condition could lead to accidentally using the wrong bucket.
Improper Restriction of Operations within the Bounds of a Memory Buffer
An improper buffer read operation might lead to a
BufferOverflowException
.
Log injection
Using untrusted inputs in a log statement can enable attackers to break the log's format, forge log entries, and bypass log monitors.
Data loss in a batch request
A batch request that doesn't check for failed items can lead to loss of data.