https://github.com/langflow-ai/openrag ·
lang: python ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
SEC020 Secret Printed to Logs |
high | 4 |
SEC015 Insecure Randomness for Security |
medium | 4 |
SEC002 Hardcoded API Key |
critical | 1 |
SEC017 Unbounded Input to LLM/External API |
medium | 1 |
SEC016 LLM Prompt Injection — User Input in AI Prompt |
high | 1 |
SEC016
LLM Prompt Injection — User Input in AI Prompt
src/services/chat_service.py:334
· conf 0.90
[SEC016] LLM Prompt Injection — User Input in AI Prompt: User-supplied text is interpolated directly into an AI/LLM prompt (e.g. OpenAI, Anthropic, or local model). This is the AI equivalent of SQL i…SEC020
Secret Printed to Logs
frontend/components/cloud-picker/provider-handlers.ts:285
· conf 0.85
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC020
Secret Printed to Logs
frontend/components/cloud-picker/sharepoint-v8-handler.ts:165
· conf 0.85
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC020
Secret Printed to Logs
kubernetes/operator/internal/controller/openrag_controller.go:209
· conf 0.85
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC017
Unbounded Input to LLM/External API
src/services/chat_service.py:334
· conf 0.80
[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external AI API (OpenAI, Anthropic, etc.) without any visible length or size validation. This creates two risks: (1) Co…SEC002
Hardcoded API Key
frontend/app/settings/_components/s3-settings-form.tsx:72
· conf 0.40
[SEC002] Hardcoded API Key: Hardcoded API key found in source code.SEC015
Insecure Randomness for Security
[SEC015] Insecure Randomness for Security (and 2 more): Same pattern found in 2 additional files. Review if needed.SEC015
Insecure Randomness for Security
frontend/components/cloud-picker/sharepoint-v8-handler.ts:141
· conf 0.15
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC015
Insecure Randomness for Security
src/tui/screens/monitor.py:884
· conf 0.25
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC015
Insecure Randomness for Security
src/tui/widgets/waves.py:85
· conf 0.25
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC020
Secret Printed to Logs
[SEC020] Secret Printed to Logs (and 18 more): Same pattern found in 18 additional files. Review if needed.Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/2450297c-75ff-442e-9242-a0e495d24189/.