Critiq Docs
Get started
security.cryptography

Use authenticated encryption for secrets and tokens

Session, cookie, and token encryption should provide integrity protection in the same helper.

#Metadata

Rule ID
ts.security.missing-integrity-check
Severity
high
Confidence
0.9
Languages
javascript, typescript
Presets
recommended, security, strict
Stability
stable
Applies to
block
Tags
cryptography, integrity, rules-catalog, security

#Why it matters

Confidentiality-only encryption leaves secret-bearing values vulnerable to tampering unless the code also applies an integrity check or uses an authenticated mode.

#Remediation

Prefer authenticated encryption such as AES-GCM, or pair non-AEAD encryption with an explicit integrity check in the same helper.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/typescript/ts.security.missing-integrity-check.rule.yaml.

Back to registryOpen rule in repository