← Legacy view v2 (rp.*)

rcode12/izakaya-tracker

https://github.com/RCode12/izakaya-tracker.git · lang: typescript · LOC: · source: user_submitted

Quality
56.2
Grade C
Security
84.5
Findings
24
0 critical · 4 high
Status
completed
May 27, 2026 13:32
low: 7 medium: 7 info: 6 high: 4
Top rules by occurrence
RuleSeverityCount
MINED047 Emoji In Source info 3
JRN009 Secret-like setting is echoed into a password input value high 2
CORE_NO_LICENSE No LICENSE file low 1
AUC005 [AUC005] No authorization-focused tests detected: No test f… low 1
AUC001 [AUC001] No Repobility access matrix policy found: The repo… medium 1
MINED045 Ts Non Null Assertion info 1
MINED044 Js Console Log Prod info 1
CORE_NO_CI No CI/CD configuration found medium 1
AUC002 [AUC002] Low visible authorization coverage in route invent… medium 1
AUC009 [AUC009] Sensitive function route lacks elevated authorizat… medium 1
First 24 findings (severity-sorted)
high CORE_NO_TESTS No test files found 
No test files found
high JRN009 Secret-like setting is echoed into a password input value
app/(auth)/login/page.tsx:63 · conf 0.83 
Secret-like setting is echoed into a password input value
high JRN009 Secret-like setting is echoed into a password input value
app/(auth)/signup/page.tsx:81 · conf 0.83 
Secret-like setting is echoed into a password input value
high SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from user input
components/visits/TabelogUrlInput.tsx:53 · conf 1.00 
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…
medium AUC001 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
· conf 0.92 
[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
medium AUC002 [AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.
· conf 0.74 
[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.
medium AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
app/api/scrape-tabelog/route.ts:4 · conf 0.68 
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…
medium CORE_NO_CI No CI/CD configuration found 
No CI/CD configuration found
medium JRN003 Frontend API reference is not matched by discovered backend routes
components/visits/TabelogUrlInput.tsx:26 · conf 0.74 
Frontend API reference is not matched by discovered backend routes
medium WEB003 Public web service has no security.txt
.well-known/security.txt · conf 0.78 
Public web service has no security.txt
medium WEB015 Public web app has no Content Security Policy
index.html · conf 0.70 
Public web app has no Content Security Policy
low AIC003 Duplicated implementation block across source files
app/(auth)/signup/page.tsx:61 · conf 0.86 
Duplicated implementation block across source files
low AUC005 [AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.
· conf 0.76 
[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.
low CORE_NO_LICENSE No LICENSE file 
No LICENSE file
low WEB001 Public web app has no robots.txt
robots.txt · conf 0.74 
Public web app has no robots.txt
low WEB002 Public web app has no sitemap
sitemap.xml · conf 0.72 
Public web app has no sitemap
low WEB008 Public docs site has no llms.txt
llms.txt · conf 0.64 
Public docs site has no llms.txt
low WEB011 Public web app has no humans.txt
humans.txt · conf 0.50 
Public web app has no humans.txt
info MINED044 Js Console Log Prod CWE-532
app/api/scrape-tabelog/route.ts:82 · conf 1.00 
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.
info MINED045 Ts Non Null Assertion CWE-476
components/visits/VisitForm.tsx:82 · conf 1.00 
[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.
info MINED047 Emoji In Source
components/dashboard/SpendingTrendChart.tsx:51 · conf 1.00 
[MINED047] Emoji In Source: Emoji ✅ ❌ 🚀 in code/comments — common AI output unless explicitly requested.
info MINED047 Emoji In Source
components/visits/VisitCard.tsx:6 · conf 1.00 
[MINED047] Emoji In Source: Emoji ✅ ❌ 🚀 in code/comments — common AI output unless explicitly requested.
info MINED047 Emoji In Source
components/visits/VisitForm.tsx:187 · conf 1.00 
[MINED047] Emoji In Source: Emoji ✅ ❌ 🚀 in code/comments — common AI output unless explicitly requested.
info MINED056 React Key As Index CWE-682
components/dashboard/GenreBreakdownChart.tsx:60 · conf 1.00 
[MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re-order.

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/0f2b42eb-10ba-43f8-9c77-1b61bea63439/.