Missing Access Restriction on Directory Listing

Overview

Rule ID: javascript_express_exposed_dir_listing
Applicable Languages: Javascript
Weakness ID: CWE-548

Description

Exposing a directory listing without restrictions can lead to unauthorized access to sensitive data or source code. This vulnerability occurs when the file structure of a server or application is made visible to users without proper access control, potentially allowing attackers to exploit the exposed files.

Remediation Guidelines

Restrict access to sensitive directories and files to prevent unauthorized access. Implementing access controls ensures that only authorized users can view or interact with specific file directories.

References

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousLeakage of sensitive information in logger message NextMissing escape of HTML entities in Handlebars template compilation

Last updated 1 year ago

hashtagOverview

hashtagDescription

hashtagRemediation Guidelines

hashtagReferences

hashtagConfiguration

Overview

Description

Remediation Guidelines

References

Configuration