← Legacy view v2 (rp.*)

taiwo703/api-project

https://github.com/Taiwo703/API-project.git · lang: javascript · LOC: · source: user_submitted

Quality

45.4

Grade D+

Security

94.3

Findings

0 critical · 2 high

Status

completed

May 28, 2026 14:23

medium: 6 high: 2 low: 2 info: 1

Top rules by occurrence

Rule	Severity	Count
`CORE_NO_LICENSE` No LICENSE file	low	1
`AUC005` [AUC005] No authorization-focused tests detected: No test f…	low	1
`AUC001` [AUC001] No Repobility access matrix policy found: The repo…	medium	1
`CFG006` [CFG006] Missing .gitignore: No .gitignore file. Risk of co…	medium	1
`CORE_NO_CI` No CI/CD configuration found	medium	1
`MINED044` Js Console Log Prod	info	1
`AUC002` [AUC002] Low visible authorization coverage in route invent…	medium	1
`WEB003` Public web service has no security.txt	medium	1
`AUC003` [AUC003] Object-level route lacks visible authorization: A …	high	1
`CORE_NO_TESTS` No test files found	high	1

First 11 findings (severity-sorted)

high AUC003 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /plugins/<slug:plugin_slug>/.

app.js:17 · conf 0.70

[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. End…

high CORE_NO_TESTS No test files found

No test files found

medium AUC001 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.

· conf 0.92

[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.

medium AUC002 [AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.

· conf 0.74

[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.

medium CFG006 [CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.

· conf 1.00

[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.

medium CORE_NO_CI No CI/CD configuration found

No CI/CD configuration found

medium SEC034 Log Injection / Log Forging — unsanitized user input in log

app.js:18 · conf 1.00

[SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\n` to forge fake log entries, hide tra…

medium WEB003 Public web service has no security.txt

.well-known/security.txt · conf 0.78

Public web service has no security.txt

low AUC005 [AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.

· conf 0.76

[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.

low CORE_NO_LICENSE No LICENSE file

No LICENSE file

info MINED044 Js Console Log Prod CWE-532

app.js:18 · conf 1.00

[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/4c680485-cbd6-4f92-8a13-181a1478b4a9/.