Skip to main content

TypeScript

In this section, you will find a list of the rules associated with the TypeScript language and the security requirements.

MethodSecurity Requirement
TSX_LACK_OF_VALIDATION_EVENT_LISTENER173. Discard unsafe inputs
320. Avoid client-side control enforcement
342. Validate request parameters
TS_CLIENT_STORAGE177. Avoid caching and temporary files
329. Keep client-side storage without sensitive data
TS_CRYPTO_CREDENTIALS145. Protect system cryptographic keys
156. Source code without sensitive information
266. Disable insecure functionalities
TS_DEBUGGER_ENABLED077. Avoid disclosing technical information
078. Disable debugging events
TS_DECODE_INSECURE_JWT_TOKEN173. Discard unsafe inputs
320. Avoid client-side control enforcement
357. Use stateless session tokens
TS_DYNAMIC_X_PATH173. Discard unsafe inputs
TS_HAS_REVERSE_TABNABBING173. Discard unsafe inputs
324. Control redirects
TS_INSECURE_COMPRESSION_ALGORITHM266. Disable insecure functionalities
TS_INSECURE_COOKIE029. Cookies with security attributes
TS_INSECURE_CREATE_CIPHER148. Set minimum size of asymmetric encryption
149. Set minimum size of symmetric encryption
150. Set minimum size for hash functions
181. Transmit data using secure protocols
336. Disable insecure TLS versions
TS_INSECURE_ECDH_KEY148. Set minimum size of asymmetric encryption
149. Set minimum size of symmetric encryption
150. Set minimum size for hash functions
181. Transmit data using secure protocols
336. Disable insecure TLS versions
TS_INSECURE_EC_KEYPAIR148. Set minimum size of asymmetric encryption
149. Set minimum size of symmetric encryption
150. Set minimum size for hash functions
181. Transmit data using secure protocols
336. Disable insecure TLS versions
TS_INSECURE_ENCRYPT148. Set minimum size of asymmetric encryption
149. Set minimum size of symmetric encryption
150. Set minimum size for hash functions
181. Transmit data using secure protocols
336. Disable insecure TLS versions
TS_INSECURE_HASH148. Set minimum size of asymmetric encryption
149. Set minimum size of symmetric encryption
150. Set minimum size for hash functions
181. Transmit data using secure protocols
336. Disable insecure TLS versions
TS_INSECURE_JWT_TOKEN228. Authenticate using standard protocols
TS_INSECURE_LOGGING080. Prevent log modification
173. Discard unsafe inputs
TS_INSECURE_RSA_KEYPAIR148. Set minimum size of asymmetric encryption
149. Set minimum size of symmetric encryption
150. Set minimum size for hash functions
181. Transmit data using secure protocols
336. Disable insecure TLS versions
TS_INSEC_COOKIES029. Cookies with security attributes
TS_INSEC_MSG_AUTH_MECHANISM148. Set minimum size of asymmetric encryption
149. Set minimum size of symmetric encryption
150. Set minimum size for hash functions
181. Transmit data using secure protocols
336. Disable insecure TLS versions
TS_JSON_PARSE_UNVALIDATED_DATA173. Discard unsafe inputs
320. Avoid client-side control enforcement
342. Validate request parameters
TS_JWT_INSEC_SIGN_ALGORITHM148. Set minimum size of asymmetric encryption
149. Set minimum size of symmetric encryption
150. Set minimum size for hash functions
181. Transmit data using secure protocols
336. Disable insecure TLS versions
TS_JWT_INSEC_SIGN_ALGO_ASYNC148. Set minimum size of asymmetric encryption
149. Set minimum size of symmetric encryption
150. Set minimum size for hash functions
181. Transmit data using secure protocols
336. Disable insecure TLS versions
TS_LOCAL_STORAGE_SENS_DATA_ASSIGNMENT173. Discard unsafe inputs
320. Avoid client-side control enforcement
357. Use stateless session tokens
TS_NON_SECURE_CONSTRUCTION_OF_COOKIES030. Avoid object reutilization
TS_PATH_TRAVERSAL173. Discard unsafe inputs
320. Avoid client-side control enforcement
342. Validate request parameters
TS_REGEX_INJECTION072. Set maximum response time
327. Set a rate limit
TS_REMOTE_COMMAND_EXECUTION173. Discard unsafe inputs
265. Restrict access to critical processes
266. Disable insecure functionalities
TS_SALT_IS_HARDCODED266. Disable insecure functionalities
TS_SQL_API_INJECTION169. Use parameterized queries
173. Discard unsafe inputs
TS_SQL_INJECTION169. Use parameterized queries
173. Discard unsafe inputs
TS_UNNECESSARY_IMPORTS158. Use a secure programming language
TS_UNSAFE_HTTP_XSS_PROTECTION062. Define standard configurations
175. Protect pages from clickjacking
266. Disable insecure functionalities
349. Include HTTP security headers
TS_UNSAFE_HTTP_X_FRAME_OPTIONS062. Define standard configurations
175. Protect pages from clickjacking
266. Disable insecure functionalities
349. Include HTTP security headers
TS_UNSAFE_ORIGIN266. Disable insecure functionalities
TS_UNSAFE_XSS_CONTENT029. Cookies with security attributes
173. Discard unsafe inputs
TS_USES_BYPASS_SECURITY_TRUST_URL173. Discard unsafe inputs
TS_USES_DANGEROUSLY_SET_HTML173. Discard unsafe inputs
TS_USES_EVAL266. Disable insecure functionalities
TS_USES_INNERHTML173. Discard unsafe inputs
TS_WEAK_RANDOM223. Uniform distribution in random numbers
224. Use secure cryptographic mechanisms
TS_XML_PARSER173. Discard unsafe inputs
TS_ZIP_SLIP173. Discard unsafe inputs
320. Avoid client-side control enforcement
342. Validate request parameters
TYPESCRIPT_ACCEPTS_ANY_MIME_DEFAULT062. Define standard configurations
266. Disable insecure functionalities
349. Include HTTP security headers
TYPESCRIPT_ACCEPTS_ANY_MIME_METHOD062. Define standard configurations
266. Disable insecure functionalities
349. Include HTTP security headers
Last updated on