JavaScript

JavaScript

FortiCNAPP supports JavaScript across all our integrations and all interfaces involving our scanners.

The following provides a list of CWEs that the SAST scanners detect for JavaScript:

CWE	Weakness Name
CWE-22	Improper Limitation of a Path Name to a Restricted Directory
CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-79	Improper Neutralization of Input During Web Page Generation
CWE-89	Improper Neutralization of Special Elements used in an SQL Command
CWE-95	Improper Neutralization of Directives in Dynamically Evaluated Code
CWE-134	Function Accepts Externally-Controlled Format String
CWE-276	Incorrect Permission Assignment for Critical Resource
CWE-287	Improper Authentication
CWE-295	Improper Certificate Validation
CWE-319	Cleartext Transmission of Sensitive Data
CWE-328	Use of Weak Hash
CWE-338	Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CWE-345	Insufficient Verification of Data Authenticity
CWE-346	Origin Validation Error
CWE-352	Cross-Site Request Forgery (CSRF)
CWE-522	Insufficiently Protected Authentication Credentials
CWE-601	Web Application Accepts URL Redirection to Untrusted Site
CWE-611	Improper Restriction of XML External Entity Reference
CWE-613	Insufficient Session Expiration
CWE-614	Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CWE-1004	Sensitive Cookie Without 'HttpOnly' Flag
CWE-1275	Sensitive Cookie in HTTPS Session Without 'SameSite' Attribute (Not Official, Inferred)