https://github.com/boxlite-ai/boxlite ·
lang: typescript ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
SEC020 Secret Printed to Logs |
high | 4 |
SEC014 SSL Verification Disabled |
medium | 1 |
SEC007 Unsafe Deserialization |
medium | 1 |
SEC007
Unsafe Deserialization
sdks/python/boxlite/orchestration/box_runtime.py:118
· conf 1.00
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.SEC014
SSL Verification Disabled
sdks/python/src/options.rs:103
· conf 1.00
[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.SEC020
Secret Printed to Logs
[SEC020] Secret Printed to Logs (and 2 more): Same pattern found in 2 additional files. Review if needed.SEC020
Secret Printed to Logs
apps/api/src/interceptors/metrics.interceptor.ts:65
· conf 0.15
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC020
Secret Printed to Logs
apps/api/src/user/user.controller.ts:361
· conf 0.15
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC020
Secret Printed to Logs
apps/otel-collector/exporter/exporter.go:107
· conf 0.15
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/1d9af720-bb23-49de-8845-b1b09580a1db/.