https://github.com/volcengine/OpenViking ·
lang: python ·
LOC: ·
source: corpus_mined
| Rule | Severity | Count |
|---|---|---|
SEC013 Path Traversal — User Input in File Path |
high | 4 |
SEC016 LLM Prompt Injection — User Input in AI Prompt |
high | 4 |
SEC020 Secret Printed to Logs |
high | 4 |
SEC017 Unbounded Input to LLM/External API |
medium | 2 |
SEC015 Insecure Randomness for Security |
medium | 2 |
SEC012 ZipSlip — Archive Path Traversal |
medium | 1 |
SEC022 Database URL With Embedded Credential |
critical | 1 |
SEC005 Command Injection Risk |
high | 1 |
SEC022
Database URL With Embedded Credential
bot/deploy/docker/langfuse/docker-compose.yml:23
· conf 1.00
[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working c…SEC013
Path Traversal — User Input in File Path
benchmark/locomo/claudecode/import_to_ov.py:421
· conf 0.80
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.SEC013
Path Traversal — User Input in File Path
benchmark/locomo/claudecode/judge.py:123
· conf 0.80
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.SEC013
Path Traversal — User Input in File Path
benchmark/locomo/claudecode/stat_judge_result.py:38
· conf 0.80
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.SEC016
LLM Prompt Injection — User Input in AI Prompt
benchmark/RAG/src/adapters/qasper_adapter.py:379
· conf 0.90
[SEC016] LLM Prompt Injection — User Input in AI Prompt: User-supplied text is interpolated directly into an AI/LLM prompt (e.g. OpenAI, Anthropic, or local model). This is the AI equivalent of SQL i…SEC016
LLM Prompt Injection — User Input in AI Prompt
benchmark/RAG/src/adapters/syllabusqa_adapter.py:464
· conf 0.90
[SEC016] LLM Prompt Injection — User Input in AI Prompt: User-supplied text is interpolated directly into an AI/LLM prompt (e.g. OpenAI, Anthropic, or local model). This is the AI equivalent of SQL i…SEC020
Secret Printed to Logs
openviking_cli/setup_wizard.py:1085
· conf 0.85
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC020
Secret Printed to Logs
openviking/parse/parsers/feishu.py:700
· conf 0.85
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC005
Command Injection Risk
bot/workspace/skills/opencode/opencode_utils.py:16
· conf 0.50
[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.SEC012
ZipSlip — Archive Path Traversal
benchmark/RAG/scripts/download_dataset.py:121
· conf 1.00
[SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.SEC015
Insecure Randomness for Security
benchmark/custom/session_contention_benchmark.py:863
· conf 1.00
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC017
Unbounded Input to LLM/External API
benchmark/RAG/src/adapters/qasper_adapter.py:379
· conf 0.80
[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external AI API (OpenAI, Anthropic, etc.) without any visible length or size validation. This creates two risks: (1) Co…SEC017
Unbounded Input to LLM/External API
benchmark/RAG/src/adapters/syllabusqa_adapter.py:464
· conf 0.80
[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external AI API (OpenAI, Anthropic, etc.) without any visible length or size validation. This creates two risks: (1) Co…SEC020
Secret Printed to Logs
bot/vikingbot/openviking_mount/user_apikey_manager.py:80
· conf 0.45
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC013
Path Traversal — User Input in File Path
[SEC013] Path Traversal — User Input in File Path (and 11 more): Same pattern found in 11 additional files. Review if needed.SEC015
Insecure Randomness for Security
openviking/models/embedder/base.py:605
· conf 0.25
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC016
LLM Prompt Injection — User Input in AI Prompt
[SEC016] LLM Prompt Injection — User Input in AI Prompt (and 1 more): Same pattern found in 1 additional files. Review if needed.SEC016
LLM Prompt Injection — User Input in AI Prompt
benchmark/RAG/src/adapters/financebench_adapter.py:144
· conf 0.10
[SEC016] LLM Prompt Injection — User Input in AI Prompt: User-supplied text is interpolated directly into an AI/LLM prompt (e.g. OpenAI, Anthropic, or local model). This is the AI equivalent of SQL i…SEC020
Secret Printed to Logs
[SEC020] Secret Printed to Logs (and 29 more): Same pattern found in 29 additional files. Review if needed.Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/12056a6a-d5b1-4a95-9bc1-27d844e39785/.