https://github.com/prisma/prisma ·
lang: typescript ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
SEC022 Database URL With Embedded Credential |
critical | 2 |
SEC015 Insecure Randomness for Security |
medium | 2 |
SEC020 Secret Printed to Logs |
high | 1 |
SEC013 Path Traversal — User Input in File Path |
high | 1 |
SEC022
Database URL With Embedded Credential
packages/cli/src/Init.ts:190
· conf 1.00
[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working c…SEC022
Database URL With Embedded Credential
packages/cli/src/Studio.ts:232
· conf 1.00
[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working c…SEC013
Path Traversal — User Input in File Path
packages/client/src/runtime/highlight/languages/sql.ts:22
· conf 0.80
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.SEC015
Insecure Randomness for Security
helpers/compile/plugins/fill-plugin/fillPlugin.ts:222
· conf 0.25
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC015
Insecure Randomness for Security
packages/client/src/runtime/getPrismaClient.ts:294
· conf 0.25
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC020
Secret Printed to Logs
scripts/ci/publish.ts:484
· conf 0.10
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/710a5863-0760-4529-abf1-96ef657bf6f8/.