Rules
Rules are ways to detect security risks and vulnerabilities across your codebase and enforce best practices. Bearer CLI's security report allows you to quickly identify rule violations in your code.
The built-in rules aim to keep you protected from the most critical security risks and vulnerabilities of web applications and include corresponding Common Weakness Enumeration (CWE) and OWASP links to help you identify them.
Don't find a rule you are looking for? You can develop a custom rule that allow you to add specific requirements to suit your organization's needs.
-
go_gorilla_insecure_cookie
Missing secure options for cookie detected.
- GO
- CWE-1004
- CWE-614
- A05:2021
-
go_gosec_blocklist_cgi
Use of a Broken or Risky Cryptographic Algorithm
- GO
- CWE-327
- A02:2021
-
go_gosec_blocklist_des
Use of a Broken or Risky Cryptographic Algorithm
- GO
- CWE-327
- A02:2021
-
go_gosec_blocklist_md5
Use of a Broken or Risky Cryptographic Algorithm
- GO
- CWE-327
- A02:2021
-
go_gosec_blocklist_rc4
Use of a Broken or Risky Cryptographic Algorithm
- GO
- CWE-327
- A02:2021
-
go_gosec_blocklist_sha1
Use of a Broken or Risky Cryptographic Algorithm
- GO
- CWE-327
- A02:2021
-
go_gosec_crypto_bad_tls_settings
Use of a broken or risky cryptographic algorithm
- GO
- CWE-327
- A02:2021
-
go_gosec_crypto_insecure_ignore_host_key
Key exchange without entity authentication
- GO
- CWE-322
- A02:2021
-
go_gosec_crypto_weak_crypto
Use of a Broken or Risky Cryptographic Algorithm
- GO
- CWE-327
- A02:2021
-
go_gosec_crypto_weak_key_strength
Inadequate encryption strength
- GO
- CWE-326
- A02:2021
-
go_gosec_crypto_weak_random
Use of cryptographically weak Pseudo-Random Number Generator (PRNG)
- GO
- CWE-338
- A02:2021
-
go_gosec_crypto_weak_tls_version
Use of deprecated TLS version
- GO
- CWE-310
-
go_gosec_file_permissions_file_perm
Incorrect permission assignment for critical resource
- GO
- CWE-732
-
go_gosec_file_permissions_mkdir
Incorrect permission assignment for critical resource
- GO
- CWE-732
-
go_gosec_filesystem_decompression_bomb
Use of a Broken or Risky Cryptographic Algorithm
- GO
- CWE-327
- A02:2021
-
go_gosec_filesystem_dirtraversal
Relative path traversal
- GO
- CWE-327
- A02:2021
-
go_gosec_filesystem_filereadtaint
Improper limitation of a pathname to a restricted directory ('Path Traversal')
- GO
- CWE-327
- A02:2021
-
go_gosec_filesystem_poor_write_permissions
Incorrect default permissions
- GO
- CWE-276
- A01:2021
-
go_gosec_filesystem_tempfile
Incorrect default permissions
- GO
- CWE-378
-
go_gosec_filesystem_ziparchive
Improper limitation of a pathname to a restricted directory ('Path Traversal')
- GO
- CWE-22
- A01:2021
-
go_gosec_http_http_serve
Uncontrolled resource consumption
- GO
- CWE-400
-
go_gosec_http_http_slowloris
Uncontrolled resource consumption (Slowloris)
- GO
- CWE-400
-
go_gosec_injection_ssrf_injection
Server Side Request Forgery (SSRF)
- GO
- CWE-918
- A10:2021
-
go_gosec_injection_subproc_injection
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
- GO
- CWE-95
- A03:2021
-
go_gosec_injection_template_injection
Improper neutralization of input during web page generation ('Cross-site Scripting')
- GO
- CWE-79
- A03:2021
-
go_gosec_leak_pprof_endpoint
Active debug code (pprof enabled)
- GO
- CWE-918
- A10:2021
-
go_gosec_memory_integer_overflow
Integer overflow or wraparound
- GO
- CWE-190
-
go_gosec_memory_math_big_rat
Integer Overflow or Wraparound
- GO
- CWE-190
-
go_gosec_memory_memory_aliasing
Incorrect access of indexable resource ('Range Error')
- GO
- CWE-118
-
go_gosec_network_bind_to_all_interfaces
Exposure of sensitive information to an unauthorized actor
- GO
- CWE-200
- A01:2021
-
go_gosec_secrets_secrets
Use of hard-coded password
- GO
- CWE-798
- A07:2021
-
go_gosec_sql_concat_sqli
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- GO
- CWE-89
- A03:2021
-
go_gosec_subproc_subproc
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
- GO
- CWE-95
- A03:2021
-
go_gosec_unsafe_unsafe
Use of inherently dangerous function (unsafe package)
- GO
- CWE-242
-
go_lang_information_leakage
Possible information leakage detected.
- GO
- CWE-209
- A04:2021
-
go_lang_insecure_cookie
Missing secure options for cookie detected.
- GO
- CWE-1004
- CWE-614
- A05:2021
-
go_lang_logger
Sensitive data in a logger message detected.
- GO
- CWE-209
- CWE-532
- A04:2021
- A09:2021
-
go_lang_weak_hash_md5
Weak hashing library (MD5) detected.
- GO
- CWE-331
- CWE-328
- A02:2021
-
go_lang_weak_hash_sha1
Weak hashing library (SHA1) detected.
- GO
- CWE-331
- CWE-328
- A02:2021
-
go_lang_weak_password_encryption_md5
Weak password encryption algorithm (MD5) used for password detected.
- GO
- CWE-331
- CWE-328
- A02:2021
-
go_lang_weak_password_encryption_sha1
Weak password encryption algorithm (SHA1) used for password detected.
- GO
- CWE-331
- CWE-328
- A02:2021
-
go_lang_xml_external_entity_vulnerability
XML External Entity vulnerability detected.
- GO
- CWE-611
- A05:2021
-
java_lang_cookie_missing_http_only
Missing secure options for cookie detected.
- JAVA
- CWE-614
- A05:2021
-
java_lang_cookie_missing_secure
Missing secure options for cookie detected.
- JAVA
- CWE-614
- A05:2021
-
java_lang_file_permission_others
File permission open to 'other' detected.
- JAVA
- CWE-732
-
java_lang_hardcoded_database_password
Hardcoded database password detected
- JAVA
- CWE-259
- A07:2021
-
java_lang_http_response_splitting
HTTP response splitting vulnerability detected.
- JAVA
- CWE-79
- CWE-113
- A03:2021
-
java_lang_information_leakage
Possible information leakage detected.
- JAVA
- CWE-209
- A04:2021
-
java_lang_insecure_cookie
Missing secure options for cookie detected.
- JAVA
- CWE-614
- A05:2021
-
java_lang_insufficiently_random_values
Insufficiently random value detected.
- JAVA
- CWE-330
- A02:2021
-
java_lang_ldap_injection
LDAP injection threat detected
- JAVA
- CWE-90
- A03:2021
-
java_lang_log_injection
Log injection detected.
- JAVA
- CWE-117
- A09:2021
-
java_lang_logger
Sensitive data in a logger message detected.
- JAVA
- CWE-209
- CWE-532
- A04:2021
- A09:2021
-
java_lang_missing_database_authentication
Missing authentication for database detected
- JAVA
- CWE-306
- A07:2021
-
java_lang_missing_integrity_check
Missing support for integrity check detected.
- JAVA
- CWE-353
- A08:2021
-
java_lang_os_command_injection
Command injection vulnerability detected.
- JAVA
- CWE-78
- A03:2021
-
java_lang_padding_oracle_encryption_vulnerability
Padding Oracle encryption vulnerability detected.
- JAVA
- CWE-327
- A02:2021
-
java_lang_path_traversal
Possible path traversal vulnerability detected
- JAVA
- CWE-22
- A01:2021
-
java_lang_rsa_no_padding
RSA algorithm with no padding detected.
- JAVA
- CWE-327
- CWE-780
- A02:2021
-
java_lang_sqli
Unsanitized user input in SQL query detected.
- JAVA
- CWE-89
- A03:2021
-
java_lang_trust_boundary_violation
Trust boundary violation detected.
- JAVA
- CWE-501
- A04:2021
-
java_lang_weak_encryption_des
Weak encryption algorithm (DES) detected.
- JAVA
- CWE-326
- CWE-327
- A02:2021
-
java_lang_weak_hash_md5
Weak hashing library (MD5) detected
- JAVA
- CWE-327
- A02:2021
-
java_lang_weak_hash_sha1
Weak hashing library (SHA-1) detected
- JAVA
- CWE-327
- A02:2021
-
java_lang_weak_password_encryption_des
Weak encryption algorithm (DES) used for password detected.
- JAVA
- CWE-326
- CWE-327
- CWE-916
- A02:2021
-
java_lang_weak_password_hash_md5
Weak hashing library (MD5) detected
- JAVA
- CWE-327
- CWE-916
- A02:2021
-
java_lang_weak_password_hash_sha1
Weak hashing library (SHA-1) detected
- JAVA
- CWE-327
- CWE-916
- A02:2021
-
java_lang_xpath_injection
XPATH injection threat detected
- JAVA
- CWE-643
- A03:2021
-
java_lang_xss_response_writer
Possible cross site scripting threat detected.
- JAVA
- CWE-79
- A03:2021
-
java_spring_sqli
Unsanitized user input in SQL query detected.
- JAVA
- CWE-89
- A03:2021
-
javascript_express_cross_site_scripting
Cross-site scripting (XSS) vulnerability detected.
- JAVASCRIPT
- CWE-79
- A03:2021
-
javascript_express_default_cookie_config
Cookie with default config detected.
- JAVASCRIPT
- CWE-523
- CWE-522
- A02:2021
- A04:2021
-
javascript_express_default_session_config
Session cookie with default config detected.
- JAVASCRIPT
- CWE-523
- CWE-522
- A02:2021
- A04:2021
-
javascript_express_exposed_dir_listing
Missing access restriction to directory listing detected.
- JAVASCRIPT
- CWE-548
- A01:2021
-
javascript_express_external_file_upload
External control of filename or path detected.
- JAVASCRIPT
- CWE-73
- A04:2021
-
javascript_express_external_resource
Rendering of resources resolved from external name or reference detected.
- JAVASCRIPT
- CWE-706
- A01:2021
-
javascript_express_hardcoded_secret
Hard-coded secret detected.
- JAVASCRIPT
- CWE-798
- A07:2021
-
javascript_express_helmet_missing
Security misconfiguration detected (Helmet missing).
- JAVASCRIPT
- CWE-693
-
javascript_express_https_protocol_missing
Missing https protocol detected.
- JAVASCRIPT
- CWE-693
-
javascript_express_insecure_allow_origin
Insecure Access-Control-Allow-Origin detected.
- JAVASCRIPT
- CWE-346
- A07:2021
-
javascript_express_insecure_cookie
Missing secure options for cookie detected.
- JAVASCRIPT
- CWE-1004
- CWE-614
- A05:2021
-
javascript_express_jwt_not_revoked
Unrevoked JWT detected.
- JAVASCRIPT
- CWE-525
- A04:2021
-
javascript_express_open_redirect
Open redirect detected.
- JAVASCRIPT
- CWE-601
- A01:2021
-
javascript_express_path_traversal
Possible path traversal vulnerability detected.
- JAVASCRIPT
- CWE-22
- A01:2021
-
javascript_express_reduce_fingerprint
Security misconfiguration detected (server fingerprinting).
- JAVASCRIPT
- CWE-693
-
javascript_express_server_side_request_forgery
Risk of server-side request forgery detected.
- JAVASCRIPT
- CWE-918
- A10:2021
-
javascript_express_static_asset_with_session
Static asset with active session detected.
- JAVASCRIPT
- CWE-352
- CWE-668
- A01:2021
-
javascript_express_ui_redress
User Interface (UI) redress vulnerability (clickjacking) detected.
- JAVASCRIPT
- CWE-1021
- A04:2021
-
javascript_express_unsafe_deserialization
Deserialization of untrusted data detected.
- JAVASCRIPT
- CWE-502
- A08:2021
-
javascript_express_xml_external_entity_vulnerability
XML External Entity vulnerability detected.
- JAVASCRIPT
- CWE-611
- A05:2021
-
javascript_lang_dangerous_insert_html
Dangerous dynamic HTML insert detected.
- JAVASCRIPT
- CWE-79
- A03:2021
-
javascript_lang_eval_user_input
Dangerous use of eval with user input detected
- JAVASCRIPT
- CWE-94
- CWE-95
- A03:2021
-
javascript_lang_exception
Sensitive data in a exception message detected.
- JAVASCRIPT
- CWE-210
-
javascript_lang_file_generation
Sensitive data detected as part of a dynamic file generation.
- JAVASCRIPT
- CWE-313
- A04:2021
-
javascript_lang_format_string_using_user_input
User input in format string detected.
- JAVASCRIPT
- CWE-134
-
javascript_lang_hardcoded_secret
Hardcoded secret detected
- JAVASCRIPT
- CWE-798
- A07:2021
-
javascript_lang_http_insecure
Connection with an insecure HTTP communication detected.
- JAVASCRIPT
- CWE-319
- A02:2021
-
javascript_lang_http_url_using_user_input
HTTP communication with user-controlled destination detected.
- JAVASCRIPT
- CWE-918
- A10:2021
-
javascript_lang_import_using_user_input
Loading of resource resolved from external name detected.
- JAVASCRIPT
- CWE-22
- CWE-95
- A01:2021
- A03:2021
-
javascript_lang_jwt
Sensitive data in a JWT detected.
- JAVASCRIPT
- CWE-312
- A04:2021
-
javascript_lang_jwt_hardcoded_secret
Hardcoded JWT secret detected
- JAVASCRIPT
- CWE-798
- A07:2021
-
javascript_lang_jwt_weak_encryption
Weak JWT encryption detected
- JAVASCRIPT
- CWE-327
- A02:2021
-
javascript_lang_logger
Sensitive data in a logger message detected.
- JAVASCRIPT
- CWE-1295
- CWE-532
- A09:2021
-
javascript_lang_manual_html_sanitization
Manual HTML sanitization detected.
- JAVASCRIPT
- CWE-79
- A03:2021
-
javascript_lang_message_handler_origin
Unchecked origin in message handler detected.
- JAVASCRIPT
- CWE-346
- A07:2021
-
javascript_lang_open_redirect
Open redirect detected.
- JAVASCRIPT
- CWE-601
- A01:2021
-
javascript_lang_os_command_injection
OS command injection vulnerability detected.
- JAVASCRIPT
- CWE-78
- A03:2021
-
javascript_lang_post_message_origin
Permissive origin in postMessage detected.
- JAVASCRIPT
- CWE-923
-
javascript_lang_raw_html_using_user_input
Unsanitized user input detected in raw HTML string.
- JAVASCRIPT
- CWE-79
- A03:2021
-
javascript_lang_regex_using_user_input
Regular expression built from user input detected.
- JAVASCRIPT
- CWE-1333
-
javascript_lang_session
Sensitive data stored in HTML local storage detected.
- JAVASCRIPT
- CWE-312
- A04:2021
-
javascript_lang_sql_injection
SQL injection vulnerability detected.
- JAVASCRIPT
- CWE-89
- A03:2021
-
javascript_lang_weak_encryption_des
Weak encryption algorithm (DES) detected.
- JAVASCRIPT
- CWE-327
- A02:2021
-
javascript_lang_weak_encryption_rc4
Weak encryption algorithm (RC4) detected.
- JAVASCRIPT
- CWE-327
- A02:2021
-
javascript_lang_weak_hash_md5
Weak hashing library (MD5) detected.
- JAVASCRIPT
- CWE-327
- CWE-328
- A02:2021
-
javascript_lang_weak_hash_sha1
Weak hashing library (SHA1) detected.
- JAVASCRIPT
- CWE-327
- CWE-328
- A02:2021
-
javascript_lang_weak_password_encryption_des
Weak encryption algorithm (DES) used for password detected.
- JAVASCRIPT
- CWE-327
- A02:2021
-
javascript_lang_weak_password_encryption_rc4
Weak encryption algorithm (RC4) used for password detected.
- JAVASCRIPT
- CWE-327
- A02:2021
-
javascript_lang_weak_password_hash_argon2
Insecure Argon2 type used for password hashing.
- JAVASCRIPT
- CWE-327
- CWE-916
- A02:2021
-
javascript_lang_weak_password_hash_md5
Weak hashing library (MD5) used for password detected.
- JAVASCRIPT
- CWE-327
- CWE-328
- A02:2021
-
javascript_lang_weak_password_hash_sha1
Weak hashing library (SHA1) used for password detected.
- JAVASCRIPT
- CWE-327
- CWE-328
- A02:2021
-
javascript_lang_websocket_insecure
Insecure websocket communication detected.
- JAVASCRIPT
- CWE-319
- A02:2021
-
javascript_react_dangerously_set_inner_html
React's dangerously set inner HTML detected.
- JAVASCRIPT
- CWE-79
- A03:2021
-
javascript_react_google_analytics
Sensitive data sent to Google Analytics detected.
- JAVASCRIPT
- CWE-201
- A01:2021
-
javascript_third_parties_airbrake
Sensitive data sent to Airbrake detected.
- JAVASCRIPT
- CWE-201
- A01:2021
-
javascript_third_parties_algolia
Sensitive data sent to Algolia detected.
- JAVASCRIPT
- CWE-201
- A01:2021
-
javascript_third_parties_bugsnag
Sensitive data sent to Bugsnag detected.
- JAVASCRIPT
- CWE-201
- A01:2021
-
javascript_third_parties_datadog
Sensitive data sent to Datadog detected.
- JAVASCRIPT
- CWE-201
- A01:2021
-
javascript_third_parties_datadog_browser
Sensitive data sent to Datadog detected.
- JAVASCRIPT
- CWE-201
- A01:2021
-
javascript_third_parties_dom_purify
Insecure use of DOMPurify detected.
- JAVASCRIPT
- CWE-79
- A03:2021
-
javascript_third_parties_dynamodb_query_injection
Raw user input in data store query detected.
- JAVASCRIPT
- CWE-89
- A03:2021
-
javascript_third_parties_elasticsearch
Sensitive data sent to ElasticSearch detected.
- JAVASCRIPT
- CWE-201
- A01:2021
-
javascript_third_parties_google_analytics
Sensitive data sent to Google Analytic detected.
- JAVASCRIPT
- CWE-201
- A01:2021
-
javascript_third_parties_google_tag_manager
Sensitive data sent to Google Tag Manager detected.
- JAVASCRIPT
- CWE-201
- A01:2021
-
javascript_third_parties_honeybadger
Sensitive data sent to Honeybadger detected.
- JAVASCRIPT
- CWE-201
- A01:2021
-
javascript_third_parties_new_relic
Sensitive data sent to New Relic detected.
- JAVASCRIPT
- CWE-201
- A01:2021
-
javascript_third_parties_open_telemetry
Sensitive data sent to Open Telemetry detected.
- JAVASCRIPT
- CWE-201
- A01:2021
-
javascript_third_parties_openai
Sensitive data sent to OpenAI detected.
- JAVASCRIPT
- CWE-201
- A01:2021
-
javascript_third_parties_passport_hardcoded_secret
Hardcoded passport secret detected
- JAVASCRIPT
- CWE-798
- A07:2021
-
javascript_third_parties_rollbar
Sensitive data sent to Rollbar detected.
- JAVASCRIPT
- CWE-201
- A01:2021
-
javascript_third_parties_segment
Sensitive data sent to Segment detected.
- JAVASCRIPT
- CWE-201
- A01:2021
-
javascript_third_parties_sentry
Sensitive data sent to Sentry detected.
- JAVASCRIPT
- CWE-201
- A01:2021
-
php_lang_cbc_predictable_iv
Predictable initialization vector detected.
- PHP
- CWE-329
- A02:2021
-
php_lang_cookies
Sensitive data stored in a cookie detected.
- PHP
- CWE-315
- CWE-539
- A04:2021
- A05:2021
-
php_lang_deserialization_of_user_input
User input detected in an unsafe deserialization method.
- PHP
- CWE-502
- A08:2021
-
php_lang_eval_using_user_input
Potential command injection with user input detected.
- PHP
- CWE-94
- CWE-95
- A03:2021
-
php_lang_exception
Sensitive data in a exception message detected.
- PHP
- CWE-210
-
php_lang_exec_using_user_input
Execution of OS command formed with user input detected.
- PHP
- CWE-78
- A03:2021
-
php_lang_file_generation
Sensitive data detected as part of a dynamic file generation.
- PHP
- CWE-532
- CWE-313
- A04:2021
- A09:2021
-
php_lang_format_string_using_user_input
User input in format string detected.
- PHP
- CWE-134
-
php_lang_ftp_using_user_input
Do not use user input with FTP.
- PHP
- CWE-22
- A01:2021
-
php_lang_hardcoded_secret
Hard-coded secret detected.
- PHP
- CWE-798
- A07:2021
-
php_lang_http_insecure
Communication through an insecure HTTP connection detected.
- PHP
- CWE-319
- A02:2021
-
php_lang_http_url_using_sensitive_data
Sensitive data detected in HTTP URL.
- PHP
- CWE-598
- A04:2021
-
php_lang_http_url_using_user_input
HTTP communication with user-controlled destination detected.
- PHP
- CWE-918
- A10:2021
-
php_lang_information_leakage
Possible information leakage detected.
- PHP
- CWE-209
- A04:2021
-
php_lang_insecure_allow_origin
Insecure Access-Control-Allow-Origin detected.
- PHP
- CWE-346
- A07:2021
-
php_lang_insecure_cookie
Missing secure options for cookie detected.
- PHP
- CWE-1004
- CWE-614
- A05:2021
-
php_lang_insecure_ftp
Communication with an insecure FTP server detected.
- PHP
- CWE-319
- A02:2021
-
php_lang_jwt
Sensitive data in a JWT detected.
- PHP
- CWE-315
- A05:2021
-
php_lang_logger
Sensitive data in a logger message detected.
- PHP
- CWE-209
- CWE-532
- A04:2021
- A09:2021
-
php_lang_manual_html_sanitization
Manual HTML sanitization detected.
- PHP
- CWE-79
- A03:2021
-
php_lang_open_redirect
Open redirect detected.
- PHP
- CWE-601
- A01:2021
-
php_lang_path_using_user_input
Do not use user input to form file paths.
- PHP
- CWE-22
- CWE-73
- A01:2021
- A04:2021
-
php_lang_permissive_allow_origin
Permissive Access-Control-Allow-Origin detected.
- PHP
- CWE-346
- A07:2021
-
php_lang_phpinfo
Exposure of Sensitive Information to an Unauthorized Actor.
- PHP
- CWE-200
- A01:2021
-
php_lang_raw_html_using_user_input
Unsanitized user input detected in raw HTML string.
- PHP
- CWE-79
- A03:2021
-
php_lang_raw_output_using_user_input
Unsanitized user input detected in echo.
- PHP
- CWE-79
- A03:2021
-
php_lang_reflection_using_user_input
Use of reflection influenced by user input detected.
- PHP
- CWE-94
- A03:2021
-
php_lang_regex_using_user_input
Regular expression built from user input detected.
- PHP
- CWE-1333
-
php_lang_session_key_using_user_input
User input detected in a session key.
- PHP
- CWE-276
- A01:2021
-
php_lang_sql_injection
Potential SQL injection with user input detected.
- PHP
- CWE-89
- A03:2021
-
php_lang_ssl_verification
Missing SSL certificate verification detected.
- PHP
- CWE-295
- A07:2021
-
php_lang_ui_redress
User Interface (UI) redress vulnerability (clickjacking) detected.
- PHP
- CWE-1021
- A04:2021
-
php_lang_weak_hash_md
Weak hashing library (MDx) detected
- PHP
- CWE-327
- A02:2021
-
php_lang_weak_hash_sha1
Weak hashing library (SHA-1) detected
- PHP
- CWE-327
- A02:2021
-
php_lang_weak_password_hash_md
Weak hashing library (MDx) detected
- PHP
- CWE-327
- CWE-916
- A02:2021
-
php_lang_weak_password_hash_sha1
Weak hashing library (SHA-1) detected
- PHP
- CWE-327
- CWE-916
- A02:2021
-
php_lang_websocket_insecure
Insecure websocket communication detected.
- PHP
- CWE-319
- A02:2021
-
php_lang_xml_external_entity_vulnerability
XML External Entity vulnerability detected.
- PHP
- CWE-611
- A05:2021
-
php_lang_xpath_injection
XPath injection threat detected
- PHP
- CWE-643
- A03:2021
-
php_symfony_cookies
Sensitive data stored in a cookie detected.
- PHP
- CWE-315
- CWE-539
- A04:2021
- A05:2021
-
php_symfony_csrf_protection_disabled
Insecure Cross-Site Request Forgery (CSRF) configuration detected.
- PHP
- CWE-352
- A01:2021
-
php_symfony_insecure_allow_origin
Insecure Access-Control-Allow-Origin detected.
- PHP
- CWE-346
- A07:2021
-
php_symfony_insecure_cookie
Insecure options for cookie detected.
- PHP
- CWE-1004
- CWE-614
- A05:2021
-
php_symfony_insecure_smtp
Communication with an insecure SMTP connection detected.
- PHP
- CWE-319
- A02:2021
-
php_symfony_open_redirect
Open redirect detected.
- PHP
- CWE-601
- A01:2021
-
php_symfony_permissive_allow_origin
Permissive Access-Control-Allow-Origin detected.
- PHP
- CWE-346
- A07:2021
-
php_symfony_permissive_regex_validation
Validation using permissive regular expression detected.
- PHP
- CWE-625
-
php_symfony_session_key_using_user_input
User input detected in a session key.
- PHP
- CWE-276
- A01:2021
-
php_symfony_sql_injection
Potential SQL injection with user input detected.
- PHP
- CWE-89
- A03:2021
-
php_symfony_ui_redress
User Interface (UI) redress vulnerability (clickjacking) detected.
- PHP
- CWE-1021
- A04:2021
-
php_third_parties_airbrake
Sensitive data sent to Airbrake detected.
- PHP
- CWE-201
- A01:2021
-
php_third_parties_algolia
Sensitive data sent to Algolia detected.
- PHP
- CWE-201
- A01:2021
-
php_third_parties_bigquery
Sensitive data sent to BigQuery detected.
- PHP
- CWE-201
- A01:2021
-
php_third_parties_bugsnag
Sensitive data sent to Bugsnag detected.
- PHP
- CWE-201
- A01:2021
-
php_third_parties_clickhouse
Sensitive data sent to ClickHouse detected.
- PHP
- CWE-201
- A01:2021
-
php_third_parties_datadog
Sensitive data sent to Datadog detected.
- PHP
- CWE-201
- A01:2021
-
php_third_parties_elasticsearch
Sensitive data sent to Elasticsearch detected.
- PHP
- CWE-201
- A01:2021
-
php_third_parties_honeybadger
Sensitive data sent to Honeybadger detected.
- PHP
- CWE-201
- A01:2021
-
php_third_parties_logger
Sensitive data in a logger message detected.
- PHP
- CWE-209
- CWE-532
- A04:2021
- A09:2021
-
php_third_parties_new_relic
Sensitive data sent to New Relic detected.
- PHP
- CWE-201
- A01:2021
-
php_third_parties_open_telemetry
Sensitive data sent to Open Telemetry detected.
- PHP
- CWE-201
- A01:2021
-
php_third_parties_rollbar
Sensitive data sent to Rollbar detected.
- PHP
- CWE-201
- A01:2021
-
php_third_parties_scout_apm
Sensitive data sent to Scout APM detected.
- PHP
- CWE-201
- A01:2021
-
php_third_parties_segment
Sensitive data sent to Segment detected..
- PHP
- CWE-201
- A01:2021
-
php_third_parties_sentry
Sensitive data sent to Sentry detected.
- PHP
- CWE-201
- A01:2021
-
python_lang_logger
Sensitive data in a logger message detected.
- PYTHON
- CWE-209
- CWE-532
- A04:2021
- A09:2021
-
python_lang_weak_hash_md5
Weak hashing library (MD5) detected.
- PYTHON
- CWE-331
- CWE-328
- A02:2021
-
python_lang_weak_hash_sha1
Weak hashing library (SHA1) detected.
- PYTHON
- CWE-331
- CWE-328
- A02:2021
-
python_lang_weak_password_encryption_md5
Weak encryption algorithm (MD5) used for password detected.
- PYTHON
- CWE-331
- CWE-328
- A02:2021
-
python_lang_weak_password_encryption_sha1
Weak encryption algorithm (SHA1) used for password detected.
- PYTHON
- CWE-331
- CWE-328
- A02:2021
-
ruby_lang_cookies
Sensitive data stored in a cookie detected.
- RUBY
- CWE-315
- CWE-539
- A04:2021
- A05:2021
-
ruby_lang_deserialization_of_user_input
User input detected in an unsafe deserialization method.
- RUBY
- CWE-502
- A08:2021
-
ruby_lang_eval_linter
Use of eval detected.
- RUBY
- CWE-94
- A03:2021
-
ruby_lang_eval_using_user_input
Potential command injection with user input detected.
- RUBY
- CWE-94
- CWE-95
- A03:2021
-
ruby_lang_exception
Sensitive data in a exception message detected.
- RUBY
- CWE-210
-
ruby_lang_exec_using_user_input
Execution of OS command formed with user input detected.
- RUBY
- CWE-78
- A03:2021
-
ruby_lang_file_generation
Sensitive data detected as part of a dynamic file generation.
- RUBY
- CWE-532
- CWE-313
- A04:2021
- A09:2021
-
ruby_lang_format_string_using_user_input
User input in format string detected.
- RUBY
- CWE-134
-
ruby_lang_ftp_using_user_input
Do not use user input with FTP.
- RUBY
- CWE-22
- A01:2021
-
ruby_lang_hardcoded_secret
Hard-coded secret detected.
- RUBY
- CWE-798
- A07:2021
-
ruby_lang_http_get_params
Sensitive data communicated through GET parameters detected.
- RUBY
- CWE-598
- A04:2021
-
ruby_lang_http_insecure
Communication through an insecure HTTP connection detected.
- RUBY
- CWE-319
- A02:2021
-
ruby_lang_http_url_using_user_input
HTTP communication with user-controlled destination detected.
- RUBY
- CWE-918
- A10:2021
-
ruby_lang_insecure_ftp
Communication with an insecure FTP server detected.
- RUBY
- CWE-319
- A02:2021
-
ruby_lang_jwt
Sensitive data in a JWT detected.
- RUBY
- CWE-315
- A05:2021
-
ruby_lang_logger
Sensitive data in a logger message detected.
- RUBY
- CWE-209
- CWE-532
- A04:2021
- A09:2021
-
ruby_lang_manual_html_sanitization
Manual HTML sanitization detected.
- RUBY
- CWE-79
- A03:2021
-
ruby_lang_path_using_user_input
Unsanitized user input detected in file path.
- RUBY
- CWE-22
- CWE-73
- A01:2021
- A04:2021
-
ruby_lang_raw_html_using_user_input
Unsanitized user input detected in raw HTML string.
- RUBY
- CWE-79
- A03:2021
-
ruby_lang_reflection_using_user_input
Use of reflection influenced by user input detected.
- RUBY
- CWE-94
- A03:2021
-
ruby_lang_regex_using_user_input
Regular expression built from user input detected.
- RUBY
- CWE-1333
-
ruby_lang_ssl_verification
Missing SSL certificate verification detected.
- RUBY
- CWE-295
- A07:2021
-
ruby_lang_weak_encryption_blowfish
Weak encryption library (Blowfish) detected.
- RUBY
- CWE-331
- CWE-326
- A02:2021
-
ruby_lang_weak_encryption_dsa
Weak encryption algorithm (DSA) detected.
- RUBY
- CWE-331
- CWE-326
- A02:2021
-
ruby_lang_weak_encryption_rc4
Weak encryption algorithm (RC4) detected.
- RUBY
- CWE-331
- CWE-326
- A02:2021
-
ruby_lang_weak_encryption_rsa
Weak encryption algorithm (RSA) detected.
- RUBY
- CWE-331
- CWE-326
- A02:2021
-
ruby_lang_weak_hash_dss
Weak hashing library (DSS) detected.
- RUBY
- CWE-331
- CWE-328
- A02:2021
-
ruby_lang_weak_hash_md
Weak hashing library (MD5) detected.
- RUBY
- CWE-331
- CWE-328
- A02:2021
-
ruby_lang_weak_hash_sha
Weak hashing library (SHA) detected.
- RUBY
- CWE-331
- CWE-328
- A02:2021
-
ruby_lang_weak_password_encryption_blowfish
Weak encryption (Blowfish) of a password detected.
- RUBY
- CWE-331
- CWE-326
- CWE-916
- A02:2021
-
ruby_lang_weak_password_encryption_dsa
Weak encryption algorithm (DSA) detected.
- RUBY
- CWE-331
- CWE-326
- CWE-916
- A02:2021
-
ruby_lang_weak_password_encryption_rc4
Weak encryption algorithm (RC4) detected.
- RUBY
- CWE-331
- CWE-326
- CWE-916
- A02:2021
-
ruby_lang_weak_password_encryption_rsa
Weak encryption algorithm (RSA) detected.
- RUBY
- CWE-331
- CWE-326
- CWE-916
- A02:2021
-
ruby_lang_weak_password_hash_dss
Weak password hashing (DSS) detected.
- RUBY
- CWE-331
- CWE-328
- CWE-916
- A02:2021
-
ruby_lang_weak_password_hash_md
Weak password hashing (MD5) detected.
- RUBY
- CWE-331
- CWE-328
- CWE-916
- A02:2021
-
ruby_lang_weak_password_hash_sha
Weak password hashing (SHA) detected.
- RUBY
- CWE-331
- CWE-328
- CWE-916
- A02:2021
-
ruby_lang_websocket_insecure
Insecure websocket communication detected.
- RUBY
- CWE-319
- A02:2021
-
ruby_rails_default_encryption
Missing application-level encryption of sensitive data detected.
- RUBY
- CWE-312
- A04:2021
-
ruby_rails_detailed_exceptions
Detailed error reporting detected.
- RUBY
- CWE-209
- A04:2021
-
ruby_rails_http_verb_confusion
Potential for HTTP verb confusion detected.
- RUBY
- CWE-650
- A04:2021
-
ruby_rails_insecure_communication
Missing force SSL configuration for incoming communication detected.
- RUBY
- CWE-319
- A02:2021
-
ruby_rails_insecure_disabling_of_callback
Insecure disabling of callback detected.
- RUBY
- CWE-284
- A01:2021
-
ruby_rails_insecure_http_password
Insecure HTTP Password.
- RUBY
- CWE-798
- CWE-522
- A04:2021
- A07:2021
-
ruby_rails_insecure_smtp
Communication with an insecure SMTP connection detected.
- RUBY
- CWE-319
- A02:2021
-
ruby_rails_logger
Sensitive data sent to Rails loggers detected.
- RUBY
- CWE-209
- CWE-532
- A04:2021
- A09:2021
-
ruby_rails_open_redirect
Open redirect detected
- RUBY
- CWE-601
- A01:2021
-
ruby_rails_password_length
Password length (< 8) requirement is too short.
- RUBY
- CWE-521
- A07:2021
-
ruby_rails_permissive_parameters
Overly permissive request parameters detected.
- RUBY
- CWE-915
- A08:2021
-
ruby_rails_permissive_regex_validation
Validation using permissive regular expression detected.
- RUBY
- CWE-625
-
ruby_rails_render_using_user_input
Unsanitized user input detected in response.
- RUBY
- CWE-79
- A03:2021
-
ruby_rails_session
Sensitive data stored in a session cookie detected.
- RUBY
- CWE-315
- A05:2021
-
ruby_rails_session_key_using_user_input
User input detected in a session key.
- RUBY
- CWE-276
- A01:2021
-
ruby_rails_session_with_httponly_disabled
Session store with HttpOnly set to false detected.
- RUBY
- CWE-1004
- A05:2021
-
ruby_rails_sql_injection
Unsanitized user input in SQL query detected.
- RUBY
- CWE-89
- A03:2021
-
ruby_rails_unsafe_cookie_serialization_strategy
Unsafe cookie serialization strategy detected.
- RUBY
- CWE-94
- A03:2021
-
ruby_rails_unsafe_mass_assignment
Possibly dangerous permitted parameter key detected.
- RUBY
- CWE-915
- A08:2021
-
ruby_rails_weak_custom_key
Weak model-specific encryption key detected
- RUBY
- CWE-326
- A02:2021
-
ruby_third_parties_airbrake
Sensitive data sent to Airbrake detected.
- RUBY
- CWE-201
- A01:2021
-
ruby_third_parties_algolia
Sensitive data sent to Algolia detected.
- RUBY
- CWE-201
- A01:2021
-
ruby_third_parties_bigquery
Sensitive data sent to BigQuery detected.
- RUBY
- CWE-201
- A01:2021
-
ruby_third_parties_bugsnag
Sensitive data sent to Bugsnag detected.
- RUBY
- CWE-201
- A01:2021
-
ruby_third_parties_clickhouse
Sensitive data sent to ClickHouse detected.
- RUBY
- CWE-201
- A01:2021
-
ruby_third_parties_datadog
Sensitive data sent to Datadog detected.
- RUBY
- CWE-201
- A01:2021
-
ruby_third_parties_elasticsearch
Sensitive data sent to Elasticsearch detected.
- RUBY
- CWE-201
- A01:2021
-
ruby_third_parties_google_analytics
Sensitive data sent to Google Analytics detected.
- RUBY
- CWE-201
- A01:2021
-
ruby_third_parties_google_dataflow
Sensitive data sent to Google Dataflow detected.
- RUBY
- CWE-201
- A01:2021
-
ruby_third_parties_honeybadger
Sensitive data sent to Honeybadger detected.
- RUBY
- CWE-201
- A01:2021
-
ruby_third_parties_new_relic
Sensitive data sent to New Relic detected.
- RUBY
- CWE-201
- A01:2021
-
ruby_third_parties_open_telemetry
Sensitive data sent to Open Telemetry detected.
- RUBY
- CWE-201
- A01:2021
-
ruby_third_parties_rollbar
Sensitive data sent to Rollbar detected.
- RUBY
- CWE-201
- A01:2021
-
ruby_third_parties_scout_apm
Sensitive data sent to Scout APM detected.
- RUBY
- CWE-201
- A01:2021
-
ruby_third_parties_segment
Sensitive data sent to Segment detected..
- RUBY
- CWE-201
- A01:2021
-
ruby_third_parties_sentry
Sensitive data sent to Sentry detected.
- RUBY
- CWE-201
- A01:2021
Ready to take the next step? Learn more about Bearer Cloud.