Skip to main content
Skip table of contents

TypeScript

Overview

This article covers TypeScript support and vulnerability detection for Mend SAST.

Mend SAST-supported TypeScript File Types

**Note: These extensions are marked as ‘Secondary’ file extensions.
They will only be scanned if at least one file with any of the other ‘Primary’ file extensions is present to identify the language as the relevant language.

File Type

Generation 1

Generation 2

.cts

.html**

.mts

.ts

.tsx

.vue

Mend SAST-supported TypeScript Frameworks

Framework

Generation 1

Generation 2

Angular

ExpressJS

Fastify

Hapi

JQuery

Knockout

Koa.JS

NestJS

Next.js

Node.JS

React

Restify

Vue.js

Mend SAST-supported TypeScript Vulnerability Types

The TypeScript vulnerability types detected by SAST are provided below, organized by CWE ID within each of their identified severities.

TypeScript High-Severity Vulnerability Types

CWE

Vulnerability Type

Generation 1

Generation 2

CWE-22

Path/Directory Traversal

CWE-78

Command Injection

CWE-79

Cross-Site Scripting

CWE-79

DOM Based Cross-Site Scripting

CWE-89

SQL Injection

CWE-94

Code Injection

CWE-134

Use of Externally-Controlled Format String

CWE-346

Origin Validation Error

CWE-502

Deserialization of Untrusted Data

CWE-643

XPath Injection

CWE-918

Server-Side Request Forgery

CWE-943

NoSQL Injection

TypeScript Medium-Severity Vulnerability Types

CWE

Vulnerability Type

Generation 1

Generation 2

CWE-90

LDAP Injection

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-209

Generation of Error Message Containing Sensitive Information

CWE-295

Improper Certificate Validation

CWE-312

Cleartext Storage of Sensitive Information

CWE-319

Cleartext Transmission of Sensitive Information

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

CWE-338

Weak Pseudo-Random

CWE-347

Improper Verification of Cryptographic Signature

CWE-400

Regex Denial of Service (ReDoS)

CWE-611

XML External Entity (XXE) Injection

CWE-676

Miscellaneous Dangerous Functions

CWE-798

Hardcoded Password/Credentials

CWE-1004

Cookie Without 'HttpOnly' Flag

CWE-1333

Regex Denial of Service (ReDoS)

TypeScript Low-Severity Vulnerability Types

CWE

Vulnerability Type

Generation 1

Generation 2

CWE-20

Cookie Injection

CWE-20

Improper Input Validation

CWE-113

HTTP Header Injection

CWE-113

HTTP Response Splitting

CWE-117

Log Forging

CWE-242

Use of Inherently Dangerous Function

CWE-328

Use of Weak Hash

CWE-434

Unrestricted Upload of File with Dangerous Type

CWE-598

Use of GET Request Method With Sensitive Query Strings

CWE-601

Unvalidated/Open Redirect

CWE-614

Sensitive Cookie Without Secure

CWE-776

Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion)

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.