← Legacy view v2 (rp.*)

stormzhang/token-tracker

https://github.com/stormzhang/token-tracker · lang: python · LOC: · source: user_submitted

Quality

58.5

Grade C

Security

96.9

Findings

0 critical · 5 high

Status

completed

May 31, 2026 01:22

medium: 7 high: 5 info: 3 low: 2

Top rules by occurrence

Rule	Severity	Count
`COMP001` [COMP001] High cognitive complexity: Function `load_yfinanc…	low	4
`AGT015` Remote install command pipes network code directly to a she…	medium	2
`MINED050` Stub Only Function	info	2
`MINED001` Bare Except Pass	high	2
`MINED111` Bare except continues silently	medium	1
`CORE_NO_TESTS` No test files found	high	1
`CORE_NO_CI` No CI/CD configuration found	medium	1
`CORE_NO_LICENSE` No LICENSE file	low	1
`AGT016` Codex session log reader may expose prompts or tool-call co…	medium	1
`SEC029` Server-Side Request Forgery (SSRF) — outbound HTTP from use…	high	1

First 17 findings (severity-sorted)

high COMP001 [COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.

src/adapters/codex.py:143 · conf 0.95

[COMP001] High cognitive complexity: Function `_parse_jsonl` has cognitive complexity 30 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested…

high CORE_NO_TESTS No test files found

No test files found

high MINED001 Bare Except Pass CWE-755

src/adapters/claude.py:111 · conf 1.00

[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.

high MINED001 Bare Except Pass CWE-755

src/analyzer/cost.py:66 · conf 1.00

[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.

high SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from user input

src/analyzer/cost.py:80 · conf 1.00

[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…

medium AGT015 Remote install command pipes network code directly to a shell

README_EN.md:63 · conf 0.70

Remote install command pipes network code directly to a shell

medium AGT015 Remote install command pipes network code directly to a shell

README.md:63 · conf 0.70

Remote install command pipes network code directly to a shell

medium AGT016 Codex session log reader may expose prompts or tool-call content

src/adapters/codex.py:9 · conf 0.73

Codex session log reader may expose prompts or tool-call content

medium COMP001 [COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.

src/adapters/claude.py:78 · conf 0.95

[COMP001] High cognitive complexity: Function `_parse_jsonl` has cognitive complexity 20 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested…

medium CORE_NO_CI No CI/CD configuration found

No CI/CD configuration found

medium MINED111 Bare except continues silently

src/analyzer/cost.py:71 · conf 1.00

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

medium SEC014 SSL Verification Disabled

src/analyzer/cost.py:84 · conf 1.00

[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.

low COMP001 [COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.

src/adapters/claude.py:115 · conf 0.95

[COMP001] High cognitive complexity: Function `_parse_assistant_entry` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understan…

low CORE_NO_LICENSE No LICENSE file

No LICENSE file

info COMP001 [COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.

· conf 0.20

[COMP001] High cognitive complexity (and 4 more): Same pattern found in 4 additional files. Review if needed.

info MINED050 Stub Only Function CWE-1188

src/adapters/claude.py:112 · conf 1.00

[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.

info MINED050 Stub Only Function CWE-1188

src/analyzer/cost.py:67 · conf 1.00

[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/51a74ba1-3827-4fd0-8913-2687abfa7d1d/.