Documentation
Rule Reference
Complete list of built-in security rules.
Injection (CS1xxx)
ID | Name | Severity | Languages |
|---|---|---|---|
CS1001 | SQL Injection via string interpolation | Critical | JS, TS, Py, Java, PHP, Rb |
CS1002 | SQL Injection via concatenation | Critical | All |
CS1010 | Command Injection via exec() | Critical | JS, TS, Py, Go, Rb |
CS1011 | Command Injection via shell=True | Critical | Python |
CS1020 | LDAP Injection | High | Java, PHP |
CS1030 | XML External Entity (XXE) | High | Java, PHP, Py |
CS1040 | Template Injection (SSTI) | High | Py, Rb, PHP, JS |
Cryptographic Failures (CS2xxx)
ID | Name | Severity | Languages |
|---|---|---|---|
CS2001 | Hardcoded password or secret | Critical | All |
CS2010 | Use of MD5 for security purposes | High | All |
CS2011 | Use of SHA-1 for security purposes | High | All |
CS2012 | Use of DES / 3DES cipher | High | All |
CS2020 | Weak random number generator | High | All |
CS2030 | JWT with none algorithm | Critical | JS, TS, Py, Go |
CS2040 | Insecure cookie (missing Secure/HttpOnly) | Medium | JS, TS, Py, Rb, PHP |
XSS (CS3xxx)
ID | Name | Severity | Languages |
|---|---|---|---|
CS3001 | Reflected XSS via user input | High | JS, TS, PHP, Rb |
CS3002 | Stored XSS — unsanitized HTML write | High | JS, TS |
CS3010 | Dangerous use of innerHTML | High | JS, TS |
CS3011 | Dangerous use of dangerouslySetInnerHTML | High | JS, TS (React) |
CS3020 | URL redirect to user-controlled value | Medium | All |
More rules available
This reference lists the most common rules. The full list is available on the CodeSentinel dashboard under Settings → Rules. Custom rules (Team/Enterprise) can be added as YAML rule definitions.