Title

The API must use a static type of system. (Cat II impact)

Discussion

By enforcing strict type checks at compile time, a static type of system ensures that data passed between functions or components is validated against predefined types, reducing the likelihood of unexpected behavior or exploitation. This helps prevent common issues such as SQL injection, buffer overflows, and type-related vulnerabilities, as developers must explicitly define and validate the expected data types. It also improves code clarity, maintainability, and reliability, making it easier to identify and fix security flaws before deployment.

Check Content

Verify the API is using a static type system. 1. Check the source code for the use of strongly typed languages such as TypeScript, Java, C#, or Go, which enforce type definitions at compile time. 2. Look for explicit type annotations in function signatures, variables, and data structures. 3. Review the project's dependencies to see if type-checking tools or frameworks (e.g., TypeScript for JavaScript, MyPy for Python) are used. 4. Check for the presence of static type checking in the build or compilation process, which ensures type correctness before runtime. If the API is not a static type system, this is a finding.

Fix Text

Redesign the API to use a static type of system.

Additional Identifiers

Rule ID: SV-274768r1143806_rule

Vulnerability ID: V-274768

Group Title: SRG-APP-000516

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.