https://github.com/Maher-Amara/Fail2BanEntreprise ·
lang: typescript ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
JRN003 Frontend API reference is not matched by discovered backend… |
medium | 15 |
AUC009 [AUC009] Sensitive function route lacks elevated authorizat… |
medium | 10 |
JRN009 Secret-like setting is echoed into a password input value |
high | 3 |
MINED118 Dockerfile FROM not pinned by sha256 digest |
high | 2 |
SEC118 UUIDv1 / UUIDv3 used for security-sensitive identifier |
low | 1 |
DKR007 Docker build context has no .dockerignore |
medium | 1 |
ERR002 [ERR002] Empty Catch Block: Empty catch blocks hide errors. |
medium | 1 |
AUC005 [AUC005] No authorization-focused tests detected: No test f… |
low | 1 |
AUC001 [AUC001] No Repobility access matrix policy found: The repo… |
medium | 1 |
CORE_NO_CI No CI/CD configuration found |
medium | 1 |
CORE_NO_TESTS
No test files found
No test files foundDKR014
Dockerfile copies the entire context without .dockerignore
web/Dockerfile:22
· conf 0.92
Dockerfile copies the entire context without .dockerignoreJRN009
Secret-like setting is echoed into a password input value
web/app/invite/[token]/page.tsx:79
· conf 0.83
Secret-like setting is echoed into a password input valueJRN009
Secret-like setting is echoed into a password input value
web/app/login/page.tsx:84
· conf 0.83
Secret-like setting is echoed into a password input valueJRN009
Secret-like setting is echoed into a password input value
web/app/setup/page.tsx:108
· conf 0.83
Secret-like setting is echoed into a password input valueMINED118
Dockerfile FROM not pinned by sha256 digest
CWE-829
web/Dockerfile:1
· conf 0.90
[MINED118] Dockerfile FROM `node:trixie` not pinned by digest: `FROM node:trixie` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potent…MINED118
Dockerfile FROM not pinned by sha256 digest
CWE-829
web/Dockerfile:30
· conf 0.90
[MINED118] Dockerfile FROM `node:trixie` not pinned by digest: `FROM node:trixie` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potent…AUC001
[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.AUC004
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /plugins/<slug:plugin_slug>/.
web/app/api/unban/route.ts:8
· conf 0.66
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin acc…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
web/app/api/dashboard/route.ts:4
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
web/app/api/intel/route.ts:6
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
web/app/api/me/route.ts:4
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
web/app/api/servers/route.ts:5
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
web/app/api/servers/route.ts:13
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
web/app/api/servers/route.ts:32
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
web/app/api/unban-me/route.ts:5
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
web/app/api/unban-me/route.ts:24
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
web/app/api/whitelist/route.ts:11
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
web/app/api/whitelist/route.ts:25
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…CORE_NO_CI
No CI/CD configuration found
No CI/CD configuration foundDKR003
Dockerfile base image uses the latest tag
docker-compose.yml:41
· conf 0.94
Compose service `cloudflared` image uses the latest tagDKR007
Docker build context has no .dockerignore
.dockerignore
· conf 0.90
Docker build context has no .dockerignoreDKR018
Database dump or local database file is included in Docker build context
.dockerignore
· conf 0.86
Database dump or local database file is included in Docker build contextERR002
[ERR002] Empty Catch Block: Empty catch blocks hide errors.
web/app/login/page.tsx:18
· conf 1.00
[ERR002] Empty Catch Block: Empty catch blocks hide errors.JRN003
Frontend API reference is not matched by discovered backend routes
web/app/invite/[token]/page.tsx:18
· conf 0.74
Frontend API reference is not matched by discovered backend routesJRN003
Frontend API reference is not matched by discovered backend routes
web/app/invite/[token]/page.tsx:32
· conf 0.74
Frontend API reference is not matched by discovered backend routesJRN003
Frontend API reference is not matched by discovered backend routes
web/app/page.tsx:187
· conf 0.74
Frontend API reference is not matched by discovered backend routesJRN003
Frontend API reference is not matched by discovered backend routes
web/app/page.tsx:194
· conf 0.74
Frontend API reference is not matched by discovered backend routesJRN003
Frontend API reference is not matched by discovered backend routes
web/app/page.tsx:199
· conf 0.74
Frontend API reference is not matched by discovered backend routesJRN003
Frontend API reference is not matched by discovered backend routes
web/app/page.tsx:205
· conf 0.74
Frontend API reference is not matched by discovered backend routesJRN003
Frontend API reference is not matched by discovered backend routes
web/app/page.tsx:211
· conf 0.74
Frontend API reference is not matched by discovered backend routesJRN003
Frontend API reference is not matched by discovered backend routes
web/app/page.tsx:220
· conf 0.74
Frontend API reference is not matched by discovered backend routesJRN003
Frontend API reference is not matched by discovered backend routes
web/app/page.tsx:226
· conf 0.74
Frontend API reference is not matched by discovered backend routesJRN003
Frontend API reference is not matched by discovered backend routes
web/app/page.tsx:231
· conf 0.74
Frontend API reference is not matched by discovered backend routesJRN003
Frontend API reference is not matched by discovered backend routes
web/app/profile/page.tsx:18
· conf 0.74
Frontend API reference is not matched by discovered backend routesJRN003
Frontend API reference is not matched by discovered backend routes
web/app/servers/page.tsx:26
· conf 0.74
Frontend API reference is not matched by discovered backend routesJRN003
Frontend API reference is not matched by discovered backend routes
web/app/servers/page.tsx:33
· conf 0.74
Frontend API reference is not matched by discovered backend routesJRN003
Frontend API reference is not matched by discovered backend routes
web/app/servers/page.tsx:39
· conf 0.74
Frontend API reference is not matched by discovered backend routesJRN003
Frontend API reference is not matched by discovered backend routes
web/app/servers/page.tsx:53
· conf 0.74
Frontend API reference is not matched by discovered backend routesAIC003
Duplicated implementation block across source files
web/app/setup/page.tsx:75
· conf 0.86
Duplicated implementation block across source filesAUC005
[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.
[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.CORE_NO_LICENSE
No LICENSE file
No LICENSE fileDKC006
Compose service does not declare a runtime user
docker-compose.yml:13
· conf 0.56
Compose service does not declare a runtime userSEC118
UUIDv1 / UUIDv3 used for security-sensitive identifier
web/proxy.ts:62
· conf 0.10
[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable.Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/22571c91-55ad-4884-818b-d252be90b564/.