Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-14152

Improve JavaScript analysis - 13 new privacy and http headers security rules

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 8.6
    • Component/s: None
    • Edition:
      Community
    • Production Notes:
      None

      Description

      13 security rules detecting two new type of security issues:

      • privacy-related problems that can lead to data leak:
        • S5604: Using intrusive permissions is security-sensitive
        • S5247: Disabling auto-escaping in template engines is security-sensitive
        • S5725: Disabling resource integrity features is security-sensitive
        • S5743: Allowing browsers to perform DNS prefetching is security-sensitive
        • S5757: Allowing confidential information to be logged is security-sensitive
        • S5759: Forwarding client IP address is security-sensitive
      • missing or disabled HTTP security headers:
        • S5728: Disabling content security policy fetch directives is security-sensitive
        • S5732: Disabling content security policy frame-ancestors directive is security-sensitive
        • S5730: Allowing mixed-content is security-sensitive
        • S5734: Allowing browsers to sniff MIME types is security-sensitive
        • S5736: Disabling strict HTTP no-referrer policy is security-sensitive
        • S5739: Disabling Strict-Transport-Security policy is security-sensitive
        • S5742: Disabling Certificate Transparency monitoring is security-sensitive

      See https://community.sonarsource.com/t/javascript-and-typescript-analyzers-detect-privacy-related-security-issues-and-missing-http-security-headers/34717

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mathieu.suen Mathieu Suen
              Reporter:
              sonarqube.tech SonarQube Technical user
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: