require-code-minification
The rule provides **LLM-optimized error messages** (Compact 2-line format) with actionable security guidance:
Security rule for mobile applications
Error Message Format
The rule provides LLM-optimized error messages (Compact 2-line format) with actionable security guidance:
⚠️ CWE-656 OWASP:A06 CVSS:5.3 | Reliance on Security Through Obscurity detected | MEDIUM
Fix: Review and apply the recommended fix | https://owasp.org/Top10/A06_2021/Message Components
| Component | Purpose | Example |
|---|---|---|
| Risk Standards | Security benchmarks | CWE-656 OWASP:A06 CVSS:5.3 |
| Issue Description | Specific vulnerability | Reliance on Security Through Obscurity detected |
| Severity & Compliance | Impact assessment | MEDIUM |
| Fix Instruction | Actionable remediation | Follow the remediation steps below |
| Technical Truth | Official reference | OWASP Top 10 |
Rule Details
This rule security rule for mobile applications.
OWASP Mobile Top 10: Mobile
CWE: CWE-656
Severity: error
Examples
❌ Incorrect
// Insecure pattern✅ Correct
// Secure patternWhen Not To Use It
This rule should be enabled for all mobile and web applications to ensure security best practices.
Known False Negatives
The following patterns are not detected due to static analysis limitations:
Values from Variables
Why: Values stored in variables are not traced.
// ❌ NOT DETECTED - Value from variable
const value = userInput;
dangerousOperation(value);Mitigation: Validate all user inputs.
Wrapper Functions
Why: Custom wrappers not recognized.
// ❌ NOT DETECTED - Wrapper
myWrapper(userInput); // Uses dangerous API internallyMitigation: Apply rule to wrapper implementations.
Dynamic Invocation
Why: Dynamic calls not analyzed.
// ❌ NOT DETECTED - Dynamic
obj[method](userInput);Mitigation: Avoid dynamic method invocation.
Further Reading
Related Rules
- See other mobile security rules in this plugin
Category: Mobile Security
Type: Problem
Recommended: Yes