This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Metadata

ID: typescript-express/missing-helmet

Language: TypeScript

Severity: Warning

Category: Security

CWE: 693

Description

Per Express documentation:

Helmet can help protect your app from some well-known web vulnerabilities by setting HTTP headers appropriately.

This rule will check whether you’ve set app.use(helmet()) within the file that you’ve called express()

Non-Compliant Code Examples

import express, { Express, Request, Response } from 'express';

const app: Express = express();

// no `app.use(helmet())` helmet detected in the file

app.get("/foo", (req: Request, res: Response) => res.send("foo"));

app.listen(8000);

Compliant Code Examples

import express, { Express, Request, Response } from 'express';
import helmet from "helmet";

const app: Express = express();

app.use(helmet()); // helmet detected

app.get("/foo", (req: Request, res: Response) => res.send("foo"));

app.listen(8000);
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Integraciones perfectas. Prueba Datadog Code Analysis