https://github.com/xr843/fojin.git ·
lang: python ·
LOC: ·
source: corpus_mined
| Rule | Severity | Count |
|---|---|---|
SEC004 SQL Injection Risk |
high | 4 |
SEC013 Path Traversal — User Input in File Path |
high | 4 |
SEC022 Database URL With Embedded Credential |
critical | 3 |
SEC020 Secret Printed to Logs |
high | 2 |
SEC015 Insecure Randomness for Security |
medium | 2 |
SEC006 XSS Risk |
high | 1 |
SEC012 ZipSlip — Archive Path Traversal |
medium | 1 |
SEC014 SSL Verification Disabled |
medium | 1 |
SEC022
Database URL With Embedded Credential
backend/scripts/backfill_person_coords_v2.py:113
· conf 1.00
[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working c…SEC022
Database URL With Embedded Credential
backend/scripts/convert_korean_strict.py:230
· conf 1.00
[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working c…SEC022
Database URL With Embedded Credential
backend/scripts/import_amap_temples_v3.py:7
· conf 1.00
[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working c…SEC004
SQL Injection Risk
backend/alembic/versions/0043_cleanup_candidate_sources.py:119
· conf 1.00
[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection.SEC004
SQL Injection Risk
backend/alembic/versions/0045_add_new_sources_tier1_tier2.py:159
· conf 1.00
[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection.SEC004
SQL Injection Risk
backend/alembic/versions/0048_fix_https_only_and_stale_urls.py:39
· conf 1.00
[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection.SEC013
Path Traversal — User Input in File Path
backend/scripts/enrich_active_in_places.py:185
· conf 0.80
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.SEC013
Path Traversal — User Input in File Path
backend/scripts/import_east_asian_temples.py:38
· conf 0.80
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.SEC013
Path Traversal — User Input in File Path
backend/scripts/import_suttacentral_places.py:66
· conf 0.80
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.SEC012
ZipSlip — Archive Path Traversal
backend/scripts/import_dpd.py:184
· conf 1.00
[SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.SEC014
SSL Verification Disabled
backend/scripts/audit_sources.py:71
· conf 1.00
[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.SEC006
XSS Risk
frontend/src/components/ForceGraph.tsx:117
· conf 0.40
[SEC006] XSS Risk: Direct HTML injection without sanitization.SEC004
SQL Injection Risk
[SEC004] SQL Injection Risk (and 8 more): Same pattern found in 8 additional files. Review if needed.SEC013
Path Traversal — User Input in File Path
[SEC013] Path Traversal — User Input in File Path (and 14 more): Same pattern found in 14 additional files. Review if needed.SEC015
Insecure Randomness for Security
backend/scripts/enrich_dynasty_coords.py:112
· conf 0.15
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC015
Insecure Randomness for Security
backend/scripts/enrich_dynasty_coords_v2.py:158
· conf 0.15
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC020
Secret Printed to Logs
backend/eval/run_eval.py:234
· conf 0.10
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC020
Secret Printed to Logs
backend/scripts/import_ddb.py:43
· conf 0.15
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/42747e40-840f-4f7f-95d6-8422159cbe2e/.