← Legacy view v2 (rp.*)

ermatteo/fc_nails

https://github.com/ermatteo/FC_nails.git · lang: javascript · LOC: · source: user_submitted

Quality
45.3
Grade D+
Security
100.0
Findings
20
0 critical · 4 high
Status
completed
May 25, 2026 17:01
low: 8 high: 4 info: 4 medium: 4
Top rules by occurrence
RuleSeverityCount
AIC003 Duplicated implementation block across source files low 7
MINED056 React Key As Index info 3
CFG006 [CFG006] Missing .gitignore: No .gitignore file. Risk of co… medium 1
MINED058 React Dangerously Set Html info 1
CORE_NO_README No README file found medium 1
CORE_NO_CI No CI/CD configuration found medium 1
SEC046 Client-side open redirect — window.location = server-suppli… medium 1
SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from use… high 1
CORE_NO_TESTS No test files found high 1
CORE_NO_LICENSE No LICENSE file low 1
First 20 findings (severity-sorted)
high CORE_NO_TESTS No test files found 
No test files found
high SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from user input
frontend/src/utils/index.ts:1 · conf 1.00 
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…
high SEC040 innerHTML XSS — template literal with server-supplied data
frontend/src/components/ui/chart.jsx:63 · conf 1.00 
[SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflect…
high SEC128 Async function without await — fire-and-forget Promise (AI mistake)
frontend/src/components/ui/use-toast.jsx:29 · conf 1.00 
[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work comple…
medium CFG006 [CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.
· conf 1.00 
[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.
medium CORE_NO_CI No CI/CD configuration found 
No CI/CD configuration found
medium CORE_NO_README No README file found 
No README file found
medium SEC046 Client-side open redirect — window.location = server-supplied URL
frontend/src/pages/ClientDetail.jsx:64 · conf 1.00 
[SEC046] Client-side open redirect — window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If t…
low AIC003 Duplicated implementation block across source files
frontend/src/components/clients/ClientFormDialog.jsx:145 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
frontend/src/components/inventory/ProductFormDialog.jsx:227 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
frontend/src/components/inventory/ProductFormDialog.jsx:228 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
frontend/src/components/treatments/TreatmentFormDialog.jsx:493 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
frontend/src/pages/Inventory.jsx:358 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
frontend/src/pages/Statistics.jsx:59 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
frontend/src/pages/Treatments.jsx:391 · conf 0.86 
Duplicated implementation block across source files
low CORE_NO_LICENSE No LICENSE file 
No LICENSE file
info MINED056 React Key As Index CWE-682
frontend/src/pages/ClientDetail.jsx:265 · conf 1.00 
[MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re-order.
info MINED056 React Key As Index CWE-682
frontend/src/pages/Clients.jsx:77 · conf 1.00 
[MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re-order.
info MINED056 React Key As Index CWE-682
frontend/src/pages/Dashboard.jsx:114 · conf 1.00 
[MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re-order.
info MINED058 React Dangerously Set Html CWE-79
frontend/src/components/ui/chart.jsx:61 · conf 1.00 
[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data.

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/28579a87-a234-43cc-9bfd-e84e1a59f9b8/.