> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cysmiq.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Code security rules

> Coverage by impact and language.

## Overview

Security rules define the code vulnerabilities Cysmiq can detect. This page shows coverage by impact category and language. Secrets scanning is documented separately in [Secrets](/scanning/secrets).

## Impact coverage by language

| Impact                                                                              | JavaScript | TypeScript | Python | Java | Kotlin |  Go | Elixir | Ruby | PHP |  C# |
| :---------------------------------------------------------------------------------- | :--------: | :--------: | :----: | :--: | :----: | :-: | :----: | :--: | :-: | :-: |
| [Execute Commands](/reference/impacts#execute-commands)                             |     Yes    |     Yes    |   Yes  |  Yes |   Yes  | Yes |   Yes  |  Yes | Yes | Yes |
| [Takeover Accounts](/reference/impacts#takeover-accounts)                           |      -     |      -     |    -   |  Yes |   Yes  |  -  |    -   |   -  | Yes | Yes |
| [Gain Access](/reference/impacts#gain-access)                                       |     Yes    |     Yes    |   Yes  |  Yes |   Yes  | Yes |    -   |   -  | Yes | Yes |
| [Access Data](/reference/impacts#access-data)                                       |     Yes    |     Yes    |   Yes  |  Yes |   Yes  | Yes |   Yes  |  Yes | Yes | Yes |
| [Access Files](/reference/impacts#access-files)                                     |     Yes    |     Yes    |   Yes  |  Yes |   Yes  | Yes |   Yes  |  Yes | Yes | Yes |
| [Intercept Traffic](/reference/impacts#intercept-traffic)                           |     Yes    |     Yes    |   Yes  |  Yes |   Yes  | Yes |   Yes  |   -  | Yes | Yes |
| [Insufficient Data Protection](/reference/impacts#insufficient-data-protection)     |     Yes    |     Yes    |   Yes  |  Yes |   Yes  | Yes |    -   |   -  | Yes | Yes |
| [Bypass Cryptographic Controls](/reference/impacts#bypass-cryptographic-controls)   |     Yes    |     Yes    |    -   |  Yes |   Yes  | Yes |    -   |   -  |  -  | Yes |
| [Facilitate Client-side Attacks](/reference/impacts#facilitate-client-side-attacks) |     Yes    |     Yes    |   Yes  |  Yes |   Yes  | Yes |   Yes  |  Yes | Yes | Yes |
| [Access Application State](/reference/impacts#access-application-state)             |      -     |      -     |    -   |   -  |   Yes  | Yes |    -   |   -  | Yes | Yes |
| [Evade Detection](/reference/impacts#evade-detection)                               |      -     |      -     |    -   |  Yes |   Yes  |  -  |    -   |   -  |  -  |  -  |
| [Degrade Performance](/reference/impacts#degrade-performance)                       |     Yes    |     Yes    |    -   |   -  |    -   | Yes |   Yes  |   -  |  -  |  -  |

<Info>
  * `Yes` means at least one rule maps to the impact for that language
  * `-` means no current coverage
  * Coverage includes core language rules plus all library rule packs
  * Obtain Secrets is covered by [secrets scanning](/scanning/secrets) and omitted here
  * See [Impacts](/reference/impacts) for CWE mappings
</Info>

## Library rule packs

Library rule packs add coverage for specific frameworks and libraries beyond core language rules.

<Tabs>
  <Tab title="JavaScript / TypeScript">
    * [Angular](https://angular.io/)
    * [Axios](https://github.com/axios/axios)
    * [Bent](https://github.com/mikeal/bent)
    * [Express](https://expressjs.com/)
    * [Got](https://github.com/sindresorhus/got)
    * [Handlebars](https://handlebarsjs.com/)
    * [js-yaml](https://github.com/nodeca/js-yaml)
    * [Knex](https://knexjs.org/)
    * [Lusca](https://github.com/krakenjs/lusca)
    * [MongoDB](https://github.com/mongodb/node-mongodb-native)
    * [MySQL](https://github.com/mysqljs/mysql)
    * [Needle](https://github.com/tomas/needle)
    * [node-serialize](https://github.com/luin/serialize)
    * [PostgreSQL (pg)](https://github.com/brianc/node-postgres)
    * [React](https://react.dev/)
    * [Request](https://github.com/request/request)
    * [Sequelize](https://sequelize.org/)
    * [serialize-to-js](https://github.com/nickyout/serialize-to-js)
    * [SQLite3](https://github.com/TryGhost/node-sqlite3)
    * [Superagent](https://github.com/ladjs/superagent)
    * [urllib](https://github.com/node-modules/urllib)
  </Tab>

  <Tab title="Python">
    No library-specific rule packs yet.
  </Tab>

  <Tab title="Java">
    * [Commons Email](https://commons.apache.org/proper/commons-email/)
    * [HTTP Client](https://hc.apache.org/httpcomponents-client-5.4.x/)
    * [Spring](https://spring.io/)
    * [Spring Actuator properties](https://spring.io/projects/spring-boot)
    * [Spring Actuator YAML](https://spring.io/projects/spring-boot)
    * [Struts](https://struts.apache.org/)
  </Tab>

  <Tab title="Kotlin">
    * [Android](https://developer.android.com/)
    * [HTTP Client](https://hc.apache.org/httpcomponents-client-5.4.x/)
  </Tab>

  <Tab title="Go">
    * [pg](https://github.com/go-pg/pg)
    * [pgx](https://github.com/jackc/pgx)
  </Tab>

  <Tab title="Elixir">
    * [Phoenix](https://www.phoenixframework.org/)
    * [Plug](https://github.com/elixir-plug/plug)
  </Tab>

  <Tab title="Ruby">
    * [Rails](https://rubyonrails.org/)
  </Tab>

  <Tab title="PHP">
    * [Laravel](https://laravel.com/)
  </Tab>

  <Tab title="C#">
    * [Web.config](https://learn.microsoft.com/aspnet/web-forms/overview/deployment/visual-studio-web-deployment/web-config-transformations)
  </Tab>

  <Tab title="YAML">
    * [GitHub Actions](https://docs.github.com/en/actions) workflow security rules
  </Tab>
</Tabs>
