https://github.com/automagik-dev/genie.git ·
lang: typescript ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
SEC020 Secret Printed to Logs |
high | 4 |
SEC015 Insecure Randomness for Security |
medium | 4 |
SEC022 Database URL With Embedded Credential |
critical | 2 |
SEC018 AI-Agent Secret Retrieval Command |
high | 1 |
SEC022
Database URL With Embedded Credential
src/genie-commands/install.ts:265
· conf 0.45
[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working c…SEC022
Database URL With Embedded Credential
src/term-commands/db.ts:400
· conf 1.00
[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working c…SEC018
AI-Agent Secret Retrieval Command
src/term-commands/brain.ts:382
· conf 1.00
[SEC018] AI-Agent Secret Retrieval Command: A command that prints or embeds credentials was committed. AI coding agents often add these commands while trying to help with setup or deployment, but the…SEC020
Secret Printed to Logs
src/term-commands/events-admin.ts:55
· conf 0.85
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC020
Secret Printed to Logs
src/term-commands/events-stream.ts:53
· conf 0.85
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC020
Secret Printed to Logs
src/term-commands/events-subscribe.ts:82
· conf 0.85
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC015
Insecure Randomness for Security
[SEC015] Insecure Randomness for Security (and 1 more): Same pattern found in 1 additional files. Review if needed.SEC015
Insecure Randomness for Security
.genie/agents/metrics-updater/tools/generate-charts.py:165
· conf 0.25
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC015
Insecure Randomness for Security
.genie/wishes/hookify-perf-foundation/loadgen-baseline-pss.ts:38
· conf 0.25
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC015
Insecure Randomness for Security
src/term-commands/dispatch.ts:78
· conf 0.25
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC020
Secret Printed to Logs
[SEC020] Secret Printed to Logs (and 7 more): Same pattern found in 7 additional files. Review if needed.Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/103a80cc-1008-419e-88ef-0a61622b93aa/.