AWS logo
Amazon QDetector LibrarySign in to Amazon Q
AWSbreadcrumb dividerDocumentationbreadcrumb dividerAmazon Qbreadcrumb dividerDetector Librarybreadcrumb dividerScalabreadcrumb dividerTagsbreadcrumb dividerTag: injectionFeedbackFeedback icon

Q

Detector Library

Scala detectors (28/28)

Improper Neutralization of Special Elements in Data QueryAvoid Persistent CookiesImproper AuthenticationArgument InjectionInsecure host name verifierInsecure CryptographyTemplate InjectionUntrusted data in http sessionInsecure servlet handlingInsecure connection using unencrypted protocolDeserialization of Untrusted DataInsecure servlet handlingUse of Insufficiently Random ValuesInsecure cookieUse Of RSA AlgorithmPath TraversalURL redirection to untrusted siteImproper Validation Of Array IndexInsufficient Protected CredentialsInsecure jax endpoint usageXML External EntityInsecure CORS policyExternal Access to Files or DirectoriesIncorrect Certificate Hostname VerificationImproper privilege managementCross-site scriptingImproper Certificate ValidationDisabled HTML autoescape

Tag: injection

Template Injection

User input is directly used in rendering or evaluating templates without proper validation or sanitization.

Untrusted data in http session

User input in setAttribute could lead to trust boundary violation.

Path Traversal

Improper input validation, sanitization, and access controls are can lead to path traversal vulnerabilities.

XML External Entity

Objects that parse or handle XML can lead to XML External Entity (XXE) attacks when misconfigured.

Cross-site scripting

Relying on potentially untrusted user inputs when constructing web application outputs can lead to cross-site scripting vulnerabilities.