https://github.com/puneetv503-dot/smartdukan-backend.git ·
lang: python ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
MINED124 requirements.txt entry has no version pin |
medium | 5 |
CORE_NO_LICENSE No LICENSE file |
low | 1 |
MINED111 Bare except continues silently |
medium | 1 |
AUC005 [AUC005] No authorization-focused tests detected: No test f… |
low | 1 |
AUC012 [AUC012] FastAPI interactive docs may be exposed by framewo… |
medium | 1 |
AUC001 [AUC001] No Repobility access matrix policy found: The repo… |
medium | 1 |
CFG006 [CFG006] Missing .gitignore: No .gitignore file. Risk of co… |
medium | 1 |
CORE_NO_CI No CI/CD configuration found |
medium | 1 |
AUC002 [AUC002] Low visible authorization coverage in route invent… |
medium | 1 |
WEB003 Public web service has no security.txt |
medium | 1 |
MINED112
FastAPI POST/PUT/DELETE/PATCH endpoint without auth
CWE-306CWE-862
main.py:29
· conf 0.80
[MINED112] FastAPI POST /scan-bill has no auth: Handler `scan_bill` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function bo…SEC135
Auth/permission check missing on AI-generated endpoint
main.py:28
· conf 1.00
[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we…AUC001
[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.AUC002
[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.
[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.AUC012
[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, or publish a reviewed OpenAPI spec with declared security requirements.
[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, p…CFG006
[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.
[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.MINED111
Bare except continues silently
main.py:61
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:1
· conf 0.90
[MINED124] requirements.txt: `fastapi` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats,…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:2
· conf 0.90
[MINED124] requirements.txt: `uvicorn` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats,…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:3
· conf 0.90
[MINED124] requirements.txt: `google-genai` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosq…MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:4
· conf 0.90
[MINED124] requirements.txt: `pillow` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, …MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:5
· conf 0.90
[MINED124] requirements.txt: `python-multipart` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (ty…WEB003
Public web service has no security.txt
.well-known/security.txt
· conf 0.78
Public web service has no security.txtAUC005
[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.
[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.CORE_NO_LICENSE
No LICENSE file
No LICENSE fileCORE_NO_CI
No CI/CD configuration found
No CI/CD configuration foundCORE_NO_TESTS
No test files found
No test files found in a documentation, catalog, or template-heavy repositoryReading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/31db1c59-78ea-4993-99fb-4dadeda5541c/.