Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-14030

Improve JavaScript / TypeScript analysis - 9 new cryptography-related security rules

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 8.6
    • Component/s: None
    • Labels:
      None
    • Edition:
      Community
    • Production Notes:
      None

      Description

      9 new security rules focusing on detecting cryptography-related security issues:

      • S4426: Cryptographic keys should be robust (Blocker)
      • S5547: Cipher algorithms should be robust (Blocker)
      • S5542: Encryption algorithms should be used with secure mode and padding scheme (Blocker)
      • S5659: JWT should be signed and verified with strong cipher algorithm (Critical)
      • S4830: Server certificates should be verified during SSL⁄TLS connections (Critical)
      • S5527: Server hostnames should be verified during SSL⁄TLS connections (Critical)
      • S4423: Weak SSL and TLS protocols should not be used (Major)
      • S3330: Creating cookies without the “HttpOnly” flag is security-sensitive
      • S2092: Creating cookies without the “secure” flag is security-sensitive

      See: https://community.sonarsource.com/t/javascript-and-typescript-analyzers-detect-cryptography-related-security-issues/33511

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jeremy.davis Jeremy Davis
              Reporter:
              sonarqube.tech SonarQube Technical user
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: