> For the complete documentation index, see [llms.txt](https://typo.gitbook.io/typo-help-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://typo.gitbook.io/typo-help-docs/engineering-metrics/code-quality-metrics/vulnerability.md).

# Vulnerability

In code reviews, vulnerability issues refer to potential weaknesses in the software that could be exploited by attackers to gain unauthorized access, steal data, or disrupt its functionality.

<div align="left"><figure><img src="/files/NksW1PtyxnGNWMIDWtQQ" alt=""><figcaption></figcaption></figure></div>

These vulnerabilities often arise from mistakes in coding, such as failing to properly validate user input or securely handle sensitive data. Common vulnerability types include injection flaws, where attackers can insert malicious code into the application, and cross-site scripting (XSS), which allows attackers to execute scripts in a user's browser. Other vulnerabilities include insecure authentication mechanisms, where passwords or tokens are not adequately protected, and insecure direct object references, which could allow unauthorized access to restricted resources.

Identifying and addressing these vulnerabilities during code review is essential to enhance the security of the software and protect it from potential threats. By fixing these issues early in the development process, developers can minimize the risk of security breaches and ensure that the software remains safe for users to use.

### **Managing rules for vulnerability-type issues**

You can manage these from the Settings > Code health > Rules.

<div align="left"><figure><img src="/files/vGh29tk3Lxcws7jyiiLz" alt="" width="563"><figcaption></figcaption></figure></div>

You can filter these pre-defined rules based on severity, language, and type.\
Additionally, you have the option to toggle individual rules on and off to mark them as active or inactive.\
Once deactivated, the respective issue will no longer be highlighted during subsequent reviews.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://typo.gitbook.io/typo-help-docs/engineering-metrics/code-quality-metrics/vulnerability.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.