← Legacy view v2 (rp.*)

casdoor/casdoor

https://github.com/casdoor/casdoor · lang: go · LOC: · source: user_submitted

Quality
58.3
Grade C
Security
72.2
Findings
7
0 critical · 0 high
Status
completed
May 15, 2026 13:43
info: 4 medium: 3
Top rules by occurrence
RuleSeverityCount
SEC001 Hardcoded Password critical 4
SEC015 Insecure Randomness for Security medium 3
First 7 findings (severity-sorted)
medium SEC001 Hardcoded Password
object/organization.go:195 · conf 0.30 
[SEC001] Hardcoded Password: Hardcoded password found in source code.
medium SEC001 Hardcoded Password
object/syncer.go:155 · conf 0.30 
[SEC001] Hardcoded Password: Hardcoded password found in source code.
medium SEC001 Hardcoded Password
object/user.go:678 · conf 0.30 
[SEC001] Hardcoded Password: Hardcoded password found in source code.
info SEC001 Hardcoded Password
· conf 0.20 
[SEC001] Hardcoded Password (and 2 more): Same pattern found in 2 additional files. Review if needed.
info SEC015 Insecure Randomness for Security
web/src/EntryListPage.js:38 · conf 0.25 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
info SEC015 Insecure Randomness for Security
web/src/InvitationListPage.js:30 · conf 0.25 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
info SEC015 Insecure Randomness for Security
web/src/Setting.js:1806 · conf 0.25 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/0fd5592b-06d3-4fcb-8fbb-58888b2ad746/.