https://github.com/qixing-jk/all-api-hub ·
lang: typescript ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
MINED115 GitHub Action pinned to mutable ref (not 40-char SHA) |
high | 25 |
AIC003 Duplicated implementation block across source files |
low | 15 |
JRN002 Browser storage is used for session token material |
medium | 6 |
COMP001 [COMP001] High cognitive complexity: Function `load_yfinanc… |
low | 4 |
SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from use… |
high | 4 |
MINED054 Ts As Any |
info | 4 |
SEC128 Async function without await — fire-and-forget Promise (AI … |
high | 4 |
MINED045 Ts Non Null Assertion |
info | 4 |
MINED116 GHA pull_request workflow leaks secrets to forks |
critical | 4 |
MINED052 Ts Any Typed |
info | 4 |
MINED116
GHA pull_request workflow leaks secrets to forks
CWE-829
.github/workflows/pr-build.yml:68
· conf 0.90
[MINED116] Workflow uses `secrets.VITE_PUBLIC_POSTHOG_PROJECT_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.V…MINED116
GHA pull_request workflow leaks secrets to forks
CWE-829
.github/workflows/pr-build.yml:69
· conf 0.90
[MINED116] Workflow uses `secrets.VITE_PUBLIC_POSTHOG_HOST` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.VITE_PUBLI…MINED116
GHA pull_request workflow leaks secrets to forks
CWE-829
.github/workflows/test.yml:109
· conf 0.90
[MINED116] Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CODECOV_TOKEN }` lets…MINED116
GHA pull_request workflow leaks secrets to forks
CWE-829
.github/workflows/test.yml:115
· conf 0.90
[MINED116] Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CODECOV_TOKEN }` lets…JRN009
Secret-like setting is echoed into a password input value
src/entrypoints/content/webAiApiCheck/components/ApiCheckModalHost.tsx:1083
· conf 0.83
Secret-like setting is echoed into a password input valueMINED004
Weak Crypto
CWE-327
docs_assistant/afdian_api.py:22
· conf 1.00
[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).MINED009
Floats For Money
CWE-682
docs_assistant/afdian_api.py:119
· conf 1.00
[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal.MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/build-and-publish.yml:52
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/build-and-publish.yml:115
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/build-and-publish.yml:158
· conf 0.90
[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/build-and-publish.yml:169
· conf 0.90
[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/build-and-publish.yml:184
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/build-and-publish.yml:191
· conf 0.90
[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v7`: `uses: actions/download-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/build-and-publish.yml:198
· conf 0.90
[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/build-and-publish.yml:230
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/build-and-publish.yml:237
· conf 0.90
[MINED115] Action `pnpm/action-setup` pinned to mutable ref `@v5`: `uses: pnpm/action-setup@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/build-and-publish.yml:243
· conf 0.90
[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/build-and-publish.yml:254
· conf 0.90
[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v7`: `uses: actions/download-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/e2e-real-site.yml:43
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/e2e-real-site.yml:46
· conf 0.90
[MINED115] Action `pnpm/action-setup` pinned to mutable ref `@v5`: `uses: pnpm/action-setup@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/e2e-real-site.yml:52
· conf 0.90
[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/e2e-real-site.yml:70
· conf 0.90
[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/e2e-real-site.yml:134
· conf 0.90
[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/test.yml:47
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/test.yml:50
· conf 0.90
[MINED115] Action `pnpm/action-setup` pinned to mutable ref `@v5`: `uses: pnpm/action-setup@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/test.yml:56
· conf 0.90
[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/test.yml:85
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/test.yml:88
· conf 0.90
[MINED115] Action `pnpm/action-setup` pinned to mutable ref `@v5`: `uses: pnpm/action-setup@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/test.yml:94
· conf 0.90
[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/test.yml:107
· conf 0.90
[MINED115] Action `codecov/codecov-action` pinned to mutable ref `@v5`: `uses: codecov/codecov-action@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that m…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/test.yml:113
· conf 0.90
[MINED115] Action `codecov/codecov-action` pinned to mutable ref `@v5`: `uses: codecov/codecov-action@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that m…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/test.yml:119
· conf 0.90
[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that…SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
docs_assistant/afdian_api.py:60
· conf 1.00
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
docs_assistant/github_api.py:41
· conf 1.00
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
src/components/AutoCheckinPretriggerCompletionDialog.tsx:28
· conf 1.00
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…SEC083
JS: new RegExp() with non-literal
src/entrypoints/content/shared/copyActionTarget.ts:64
· conf 1.00
[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) — variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0).SEC128
Async function without await — fire-and-forget Promise (AI mistake)
plugins/react-devtools-auto.ts:122
· conf 1.00
[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work comple…SEC128
Async function without await — fire-and-forget Promise (AI mistake)
src/entrypoints/background/contextMenus.ts:137
· conf 1.00
[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work comple…SEC128
Async function without await — fire-and-forget Promise (AI mistake)
src/entrypoints/background/cookieInterceptor.ts:58
· conf 1.00
[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work comple…AUC001
[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.CFG006
[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.
[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
docs_assistant/afdian_api.py:28
· conf 0.95
[COMP001] High cognitive complexity: Function `fetch_afdian_sponsors` has cognitive complexity 20 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand…ERR002
[ERR002] Empty Catch Block: Empty catch blocks hide errors.
src/entrypoints/background/contextMenus.ts:133
· conf 1.00
[ERR002] Empty Catch Block: Empty catch blocks hide errors.ERR002
[ERR002] Empty Catch Block: Empty catch blocks hide errors.
src/entrypoints/content/messageHandlers/utils/cloudflareGuard.ts:26
· conf 1.00
[ERR002] Empty Catch Block: Empty catch blocks hide errors.JRN002
Browser storage is used for session token material
e2e/utils/realSite/sub2api.ts:369
· conf 0.82
Browser storage is used for session token materialJRN002
Browser storage is used for session token material
e2e/utils/realSite/sub2api.ts:381
· conf 0.82
Browser storage is used for session token materialJRN002
Browser storage is used for session token material
e2e/utils/realSite/sub2api.ts:383
· conf 0.82
Browser storage is used for session token materialJRN002
Browser storage is used for session token material
src/entrypoints/content/messageHandlers/handlers/storage.ts:125
· conf 0.82
Browser storage is used for session token materialJRN002
Browser storage is used for session token material
src/entrypoints/content/messageHandlers/handlers/storage.ts:126
· conf 0.82
Browser storage is used for session token materialJRN002
Browser storage is used for session token material
src/entrypoints/content/messageHandlers/handlers/storage.ts:203
· conf 0.82
Browser storage is used for session token materialMINED111
Bare except continues silently
docs_assistant/changelog.py:22
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.WEB003
Public web service has no security.txt
.well-known/security.txt
· conf 0.78
Public web service has no security.txtWEB015
Public web app has no Content Security Policy
index.html
· conf 0.70
Public web app has no Content Security PolicyAIC003
Duplicated implementation block across source files
e2e/scenarios/accountKeyLifecycle.ts:11
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
e2e/scenarios/accountKeyToApiProfile.ts:49
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
e2e/scenarios/accountKeyToApiProfile.ts:97
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
e2e/utils/realSite/sub2api.ts:361
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/components/ClaudeCodeRouterImportDialog.tsx:14
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/components/CliProxyExportDialog.tsx:36
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/components/CliProxyExportDialog.tsx:350
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/components/dialogs/VerifyCliSupportDialog/index.tsx:19
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/components/dialogs/VerifyCliSupportDialog/ToolStatusBadge.tsx:21
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/components/dialogs/VerifyCliSupportDialog/utils.ts:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/components/ui/index.ts:92
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/components/ui/input.tsx:195
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/entrypoints/content/messageHandlers/utils/turnstileGuard.ts:170
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/entrypoints/content/webAiApiCheck/components/ApiCheckConfirmToast.tsx:3
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/entrypoints/popup/components/ThemeToggle/index.tsx:10
· conf 0.86
Duplicated implementation block across source filesCOMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
docs_assistant/afdian_api.py:103
· conf 0.95
[COMP001] High cognitive complexity: Function `classify_sponsors` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — n…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
docs_assistant/changelog.py:107
· conf 0.95
[COMP001] High cognitive complexity: Function `format_releases_markdown` has cognitive complexity 14 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to underst…WEB001
Public web app has no robots.txt
robots.txt
· conf 0.74
Public web app has no robots.txtWEB002
Public web app has no sitemap
sitemap.xml
· conf 0.72
Public web app has no sitemapWEB008
Public docs site has no llms.txt
llms.txt
· conf 0.64
Public docs site has no llms.txtWEB011
Public web app has no humans.txt
humans.txt
· conf 0.50
Public web app has no humans.txtCOMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
[COMP001] High cognitive complexity (and 7 more): Same pattern found in 7 additional files. Review if needed.MINED044
Js Console Log Prod
CWE-532
plugins/react-devtools-auto.ts:99
· conf 1.00
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.MINED044
Js Console Log Prod
CWE-532
scripts/android-dev.js:15
· conf 1.00
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.MINED045
Ts Non Null Assertion
CWE-476
[MINED045] Ts Non Null Assertion (and 6 more): Same pattern found in 6 additional files. Review if needed.MINED045
Ts Non Null Assertion
CWE-476
src/components/ChangelogOnUpdateUiOpenHandler.tsx:39
· conf 1.00
[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.MINED045
Ts Non Null Assertion
CWE-476
src/components/ui/CardItem.tsx:60
· conf 1.00
[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.MINED045
Ts Non Null Assertion
CWE-476
src/components/ui/RepeatableInput.tsx:205
· conf 1.00
[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.MINED047
Emoji In Source
src/constants/ui.ts:97
· conf 1.00
[MINED047] Emoji In Source: Emoji ✅ ❌ 🚀 in code/comments — common AI output unless explicitly requested.MINED052
Ts Any Typed
CWE-704
[MINED052] Ts Any Typed (and 8 more): Same pattern found in 8 additional files. Review if needed.MINED052
Ts Any Typed
CWE-704
src/components/dialogs/ChannelDialog/context/ChannelDialogContext.tsx:40
· conf 1.00
[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.MINED052
Ts Any Typed
CWE-704
src/components/LinkCard.tsx:4
· conf 1.00
[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.MINED052
Ts Any Typed
CWE-704
src/entrypoints/background/contextMenus.ts:27
· conf 1.00
[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.MINED054
Ts As Any
CWE-704
[MINED054] Ts As Any (and 6 more): Same pattern found in 6 additional files. Review if needed.MINED054
Ts As Any
CWE-704
src/components/charts/EChart.tsx:101
· conf 1.00
[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely.MINED054
Ts As Any
CWE-704
src/components/ui/CardItem.tsx:62
· conf 1.00
[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely.MINED054
Ts As Any
CWE-704
src/components/ui/Typography.tsx:85
· conf 1.00
[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely.MINED056
React Key As Index
CWE-682
src/components/FeatureList.tsx:37
· conf 1.00
[MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re-order.MINED067
Python Requests No Timeout
CWE-400
docs_assistant/afdian_api.py:60
· conf 1.00
[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.MINED067
Python Requests No Timeout
CWE-400
docs_assistant/github_api.py:41
· conf 1.00
[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.SEC020
Secret Printed to Logs
docs_assistant/afdian_api.py:31
· conf 0.15
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input (and 8 more): Same pattern found in 8 additional files. Review if needed.SEC078
Python: requests without timeout
docs_assistant/afdian_api.py:60
· conf 0.10
[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-…SEC078
Python: requests without timeout
docs_assistant/github_api.py:41
· conf 0.10
[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-…SEC128
Async function without await — fire-and-forget Promise (AI mistake)
[SEC128] Async function without await — fire-and-forget Promise (AI mistake) (and 3 more): Same pattern found in 3 additional files. Review if needed.Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/521a15e0-f936-43c2-a40a-9973995ae905/.