Audit: Found insecure randomness in initialization of sensitive data JS-A1000
Numbers generated by Math.random are not cryptographically secure. When using random numbers in security sensitive contexts, it is recommended to go with cryptographically secure sources of randomness.
Audit: cookie in HTTP response is vulnerable to session-fixation JS-A1008
Tainted data should never be used in a cookie sent via an HTTP response object. This exposes the application to session fixation attacks.
Audit: Query is potentially vulnerable to SQL injection JS-A1009
Using tainted data in an SQL query – such as query parameters or form input supplied by a user – can leave your application vulnerable to SQL injection attacks.
Found potentially unsafe deserialization JS-S1000
Unsafe deserialization can be vulnerable to many attacks such as denial-of-service, access control, and remote code execution (RCE). Applications and APIs will be vulnerable if they deserialize hostile or tampered objects supplied by an attacker.
This can result in two primary types of attacks:
- Object and data structure-related attacks where the attacker modifies application logic or achieves arbitrary remote code execution if there are classes available to the application that can change behavior during or after deserialization.
- Typical data tampering attacks such as access-control-related attacks where existing data structures are used but the content is changed.
It is recommended to avoid using deserialization. To prevent using deserialization, it is always better not to accept serialized data from untrusted sources or to use serialization mediums that only permit primitive data types.
Insecure web security preferences found in Electron JS-S1015
Setting webSecurity property to false, or allowRunningInsecureContent to true in an Electron renderer process like BrowserWindow or BrowserView disables crucial security features. By default, the webSecurity property is always true and the allowRunningInsecureContent property is always false.