https://github.com/awizemann/scarf ·
lang: swift ·
LOC: ·
source: corpus_mined
| Rule | Severity | Count |
|---|---|---|
SEC020 Secret Printed to Logs |
high | 4 |
SEC022 Database URL With Embedded Credential |
critical | 1 |
SEC006 XSS Risk |
high | 1 |
SEC022
Database URL With Embedded Credential
scarf/Packages/ScarfCore/Sources/ScarfCore/Models/MCPServerPreset.swift:97
· conf 1.00
[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working c…SEC006
XSS Risk
site/widgets.js:180
· conf 0.40
[SEC006] XSS Risk: Direct HTML injection without sanitization.SEC020
Secret Printed to Logs
[SEC020] Secret Printed to Logs (and 4 more): Same pattern found in 4 additional files. Review if needed.SEC020
Secret Printed to Logs
scarf/scarf/Core/Services/ChatNotificationService.swift:88
· conf 0.15
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC020
Secret Printed to Logs
scarf/scarf/Core/Services/ProjectTemplateInstaller.swift:43
· conf 0.15
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC020
Secret Printed to Logs
scarf/scarf/Core/Services/ProjectTemplateUninstaller.swift:156
· conf 0.15
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/3d58ab02-eb7e-473b-be6b-9456a7c00752/.