SonarJS Coverage of OWASP Top Ten

The following table lists the OWASP Top Ten standard items SonarJS is able to detect, and for each of them, the rules providing this coverage.

OWASP IDOWASP TitleImplementing Rules
A3Cross-Site Scripting (XSS) Eval Code should not be dynamically injected and executed
S2819 Cross-document messaging domains should be carefully restricted
A6Sensitive Data Exposure S2228 Console logging should not be used
S3271 Local storage should not be used
S2817 Web SQL databases should not be used
A9Using Components with Known Vulnerabilities S2817 Web SQL databases should not be used

Back to the top